urlscan.io logo urlscan.io
SecurityTrails logo

login.firstcitizens.com Open in urlscan Pro
107.162.164.184  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://profile.firstcitizens.com/
Effective URL: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu6...
Submission: On May 02 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 35 HTTP transactions. The main IP is 107.162.164.184, located in United States and belongs to DEFENSE-NET, US. The main domain is login.firstcitizens.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 5th 2022. Valid for: a year.
This is the only time login.firstcitizens.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 54.221.82.242 14618 (AMAZON-AES)
3 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 8 107.162.164.184 55002 (DEFENSE-NET)
2 34.241.198.189 16509 (AMAZON-02)
1 52.51.186.199 16509 (AMAZON-02)
1 1 34.246.19.117 16509 (AMAZON-02)
9 52.222.214.98 16509 (AMAZON-02)
2 108.138.7.41 16509 (AMAZON-02)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
35 9
8    54.221.82.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-82-242.compute-1.amazonaws.com
profile.firstcitizens.com
3    2a02:26f0:480:7a5::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
8    107.162.164.184 (United States)

ASN55002 (DEFENSE-NET, US)
login.firstcitizens.com
2    34.241.198.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-198-189.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.51.186.199 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-186-199.eu-west-1.compute.amazonaws.com
firstcitizens.demdex.net
1    34.246.19.117 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-19-117.eu-west-1.compute.amazonaws.com
cm.everesttech.net
9    52.222.214.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-98.fra56.r.cloudfront.net
ok7static.oktacdn.com
2    108.138.7.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-41.fra56.r.cloudfront.net
login.okta.com
2    2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
Apex Domain
Subdomains		 Transfer
16 firstcitizens.com
profile.firstcitizens.com
login.firstcitizens.com
749 KB
9 oktacdn.com
ok7static.oktacdn.com — Cisco Umbrella Rank: 24557
724 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 277
firstcitizens.demdex.net — Cisco Umbrella Rank: 397605
5 KB
3 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 430
66 KB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 920
27 KB
2 okta.com
login.okta.com — Cisco Umbrella Rank: 7619
97 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1516
517 B
35 7
Domain Requested by
9 ok7static.oktacdn.com login.firstcitizens.com
ok7static.oktacdn.com
8 login.firstcitizens.com 1 redirects profile.firstcitizens.com
login.firstcitizens.com
8 profile.firstcitizens.com profile.firstcitizens.com
3 assets.adobedtm.com profile.firstcitizens.com
assets.adobedtm.com
2 use.typekit.net
2 login.okta.com ok7static.oktacdn.com
login.okta.com
2 dpm.demdex.net assets.adobedtm.com
1 cm.everesttech.net 1 redirects
1 firstcitizens.demdex.net assets.adobedtm.com
35 9

This site contains links to these domains. Also see Links.

Domain
www.firstcitizens.com
profile.firstcitizens.com
Subject Issuer Validity Valid
profile.firstcitizens.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-06-13		 a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-19 -
2023-08-19		 a year crt.sh
login.firstcitizens.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-05 -
2023-12-04		 a year crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-26 -
2023-10-27		 a year crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-03 -
2024-01-02		 a year crt.sh
accounts.okta.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-13 -
2023-07-25		 a year crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh

This page contains 3 frames:

Primary Page: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Frame ID: E2B74D92340E6EFF0936D8AED0908F29
Requests: 31 HTTP requests in this frame

Frame: https://firstcitizens.demdex.net/dest5.html?d_nsid=0
Frame ID: CD46F66B0B235238119CF634885C7AF7
Requests: 1 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 7871E7625D48CEEB921C132C03296BF3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

First Citizens - Anmelden

Page URL History Show full URLs

  1. https://profile.firstcitizens.com/ Page URL
  2. https://login.firstcitizens.com/oauth2/v1/authorize?client_id=0oa5lwbskwRauZ8cE357&code_challenge=PmK6PFxwRR... HTTP 302
    https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/

Page Statistics

35
Requests

94 %
HTTPS

22 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

1667 kB
Transfer

5372 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://profile.firstcitizens.com/ Page URL
  2. https://login.firstcitizens.com/oauth2/v1/authorize?client_id=0oa5lwbskwRauZ8cE357&code_challenge=PmK6PFxwRRXJ__ShCEsdvJjiU-fvSDp85j1gZEB1FpQ&code_challenge_method=S256&nonce=9INkVDL1f1ElHkJ7nywbcQasgWIAzEPyr4rpxpXqRqSMMH33u8hOZs5Z8MZKzHuj&redirect_uri=https%3A%2F%2Fprofile.firstcitizens.com%2Fcallback.html&response_type=code&state=r3jkiL8KHwlGe1BHIVXPezRKUQEJsSBaAqcCXsDc8uAeJxAB3Bb0Zzb6P9y5K83G&scope=openid%20email HTTP 302
    https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://cm.everesttech.net/cm/dd?d_uuid=26212326154978768430188272475927064550 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZFExuQAAAGyGfwMx

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
profile.firstcitizens.com/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
73b2cd9b13daedb9b5fbd2bdc8ea0e60ee380b664b5499d298c95a870bb5dc18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
11894897
content-encoding
gzip
content-length
1116
content-type
text/html;charset=utf-8
date
Tue, 02 May 2023 15:52:24 GMT
etag
"cb8-5efe66dc99fc0-gzip"
last-modified
Thu, 15 Dec 2022 23:44:07 GMT
server
Apache
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-dispatcher
dispatcher1useast1
x-frame-options
SAMEORIGIN
x-vhost
publish
clientlib-spa.css
profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/ 		346 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.css
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
50868aa22f99502c366181db404fe16aec3a6fea8c72cb6c69167f6805550360
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
date
Tue, 02 May 2023 15:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 28 Mar 2023 22:16:57 GMT
server
Apache
age
404822
etag
"567a7-5f7fd37b5c840-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css;charset=utf-8
cache-control
max-age=2592000, public, immutable
accept-ranges
bytes
content-length
41666
launch-a67a725eb68d.min.js
assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/ 		189 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/launch-a67a725eb68d.min.js
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
af3fd759258fd510c1eaca89fb9905b658c40f5ff34ad4686ab25b8181f01585

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
last-modified
Mon, 24 Jan 2022 18:34:34 GMT
server
AkamaiNetStorage
etag
"a76ee0a32fff1ea0d5b7d08b68136d1e:1643049274.635472"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://profile.firstcitizens.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 02 May 2023 16:52:25 GMT
clientlib-spa.js
profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/ 		810 KB
206 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
b115ca5b4699827009f47d6040800be9f41128751d73f80e5a14715f367ca487
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher2useast1
date
Tue, 02 May 2023 15:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 15 Dec 2022 23:26:09 GMT
server
Apache
age
404822
etag
"ca64e-5efe62d88a640-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
max-age=2592000, public, immutable
accept-ranges
bytes
config
profile.firstcitizens.com/spa/profileManager/ 		277 B
399 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/spa/profileManager/config
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
3badcd8c1c3988d934ff82670de691a0ef8599c266e4aa5c734871f840b4ee72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-vhost
publish
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/json
content-length
188
.model.json
profile.firstcitizens.com/ 		117 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/.model.json
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
309bc36d76d7ecbf66bf9547684d1cbbfcd38a3940c0f6d2dff39736d4f8fd16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 15 Dec 2022 23:44:09 GMT
server
Apache
age
11894896
etag
"1d2ee-5efe66de82440-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/json;charset=utf-8
accept-ranges
bytes
content-length
19480
.model.json
profile.firstcitizens.com/ 		117 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/.model.json
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
309bc36d76d7ecbf66bf9547684d1cbbfcd38a3940c0f6d2dff39736d4f8fd16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 15 Dec 2022 23:44:09 GMT
server
Apache
age
11894896
etag
"1d2ee-5efe66de82440-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/json;charset=utf-8
accept-ranges
bytes
content-length
19480
icons.svg
profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-aem/resources/icons/ 		1 MB
246 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-aem/resources/icons/icons.svg
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
10078f6f9f0c199a299e17362a2db7cb61d0da35a3b0292e11e72abff5c146ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 03 Feb 2021 00:12:57 GMT
server
Apache
age
59442
etag
"10688c-5ba6372f8f440-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400, public
accept-ranges
bytes
me
login.firstcitizens.com/api/v1/sessions/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://profile.firstcitizens.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Tue, 02 May 2023 15:52:25 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Via
1.1 dca1-bit9006
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-okta-user-agent-extended,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://profile.firstcitizens.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
frame-ancestors 'self'
content-security-policy-report-only
default-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; connect-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com idx-fcb.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; style-src 'unsafe-inline' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com login.okta.com; img-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' idx-fcb.okta.com login.firstcitizens.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
vary
Origin
x-frame-options
SAMEORIGIN
x-okta-request-id
ZFExuQhA_Pb8AWmL6CDrOQAABu4
x-rate-limit-limit
10000
x-rate-limit-remaining
9999
x-rate-limit-reset
1683042805
x-xss-protection
0
me
login.firstcitizens.com/api/v1/sessions/ 		168 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/api/v1/sessions/me
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
df5a588c6ecf93fcb426efe6dd4c8c78b94dbeac00c33d00a266837a08b578e2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
https://profile.firstcitizens.com/
X-Okta-User-Agent-Extended
okta-auth-js/4.9.2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

x-okta-request-id
ZFExuq5bdmxZEWxQDIoqRQAAC7c
Date
Tue, 02 May 2023 15:52:26 GMT
content-security-policy
frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
599
Strict-Transport-Security
max-age=315360000; includeSubDomains
Via
1.1 dca1-bit9006
content-security-policy-report-only
default-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; connect-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com idx-fcb.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; style-src 'unsafe-inline' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com login.okta.com; img-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' idx-fcb.okta.com login.firstcitizens.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://profile.firstcitizens.com
x-rate-limit-reset
1683042806
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=100
expires
0
HarmoniaSansStd-Regular.woff2
profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-aem/resources/fonts/HarmoniaSansStd/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-aem/resources/fonts/HarmoniaSansStd/HarmoniaSansStd-Regular.woff2
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.82.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-82-242.compute-1.amazonaws.com
Software
Apache /
Resource Hash
3966f3091c7e9c586b259d00f5f9be81420299206ce4e503d7730436809cd200
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.css
Origin
https://profile.firstcitizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-dispatcher
dispatcher2useast1
date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Aug 2020 21:17:45 GMT
server
Apache
age
60080
etag
"4d44-5ac3c04f91040-gzip"
x-vhost
publish
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
cache-control
max-age=86400, public
accept-ranges
bytes
content-length
19803
id
dpm.demdex.net/ 		372 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=E6D235355CF7C1DE0A495EEC%40AdobeOrg&d_nsid=0&ts=1683042745351
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/launch-a67a725eb68d.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.198.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-198-189.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
910e6c647004b4ec08fb0cfd92a7a1a081a549601b28d2d2524ca37668c0342e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://profile.firstcitizens.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v048-0d6340410.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
8ZxGrb7VR68=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://profile.firstcitizens.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
311
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/launch-a67a725eb68d.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
last-modified
Mon, 18 Oct 2021 21:37:16 GMT
server
AkamaiNetStorage
etag
"820eb42f3120ddf65e303b24a8285815:1634593036.305122"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://profile.firstcitizens.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12200
expires
Tue, 02 May 2023 16:52:25 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/launch-a67a725eb68d.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 15:52:25 GMT
content-encoding
gzip
last-modified
Mon, 18 Oct 2021 21:37:16 GMT
server
AkamaiNetStorage
etag
"abbe69e5c8f385f00652c3d0c2bba347:1634593036.557115"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://profile.firstcitizens.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1594
expires
Tue, 02 May 2023 16:52:25 GMT
dest5.html
firstcitizens.demdex.net/ Frame CD46 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://firstcitizens.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/60e0841c6ded/ebad3aca6dec/launch-a67a725eb68d.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.186.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-186-199.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://profile.firstcitizens.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-2-v048-0e3ebe570.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
RiA148wGR1o=
content-encoding
gzip
date
Tue, 2 May 2023 15:52:25 GMT
last-modified
Thu, 27 Apr 2023 14:39:20 GMT
vary
accept-encoding
ibs:dpid=411&dpuuid=ZFExuQAAAGyGfwMx
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=26212326154978768430188272475927064550
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZFExuQAAAGyGfwMx
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZFExuQAAAGyGfwMx
Protocol
HTTP/1.1
Server
34.241.198.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-198-189.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://profile.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v048-086c79cd9.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
jKcqGjfbTTI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZFExuQAAAGyGfwMx
Date
Tue, 02 May 2023 15:52:25 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
openid-configuration
login.firstcitizens.com/.well-known/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://profile.firstcitizens.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://profile.firstcitizens.com
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Type
application/octet-stream
Date
Tue, 02 May 2023 15:52:26 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Vary
Origin
Via
1.1 dca1-bit9006
X-Okta-Request-Id
ZFExughA_Pb8AWmL6CDrSAAABu4
openid-configuration
login.firstcitizens.com/.well-known/ 		2 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/.well-known/openid-configuration
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
06d01d313645c65f8c8bfbcc5db57ca3c097e70ed35248875a9421835ddb48f2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
https://profile.firstcitizens.com/
X-Okta-User-Agent-Extended
okta-auth-js/4.9.2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

X-Okta-Request-Id
ZFExuq5bdmxZEWxQDIoqTgAAC7c
Date
Tue, 02 May 2023 15:52:26 GMT
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
Strict-Transport-Security
max-age=315360000; includeSubDomains
Via
1.1 dca1-bit9006
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
Server
nginx
vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://profile.firstcitizens.com
cache-control
max-age=86400, must-revalidate
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5, max=99
expires
Wed, 03 May 2023 15:52:26 GMT
Primary Request login.htm
login.firstcitizens.com/login/
Redirect Chain
  • https://login.firstcitizens.com/oauth2/v1/authorize?client_id=0oa5lwbskwRauZ8cE357&code_challenge=PmK6PFxwRRXJ__ShCEsdvJjiU-fvSDp85j1gZEB1FpQ&code_challenge_method=S256&nonce=9INkVDL1f1ElHkJ7nywbcQ...
  • https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
34 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Requested by
Host: profile.firstcitizens.com
URL: https://profile.firstcitizens.com/etc.clientlibs/firstcitizens/clientlibs/clientlib-spa.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
92cf8010951d1a2641783d07bfd0cd0edfe660ea3e1284a2fe83774e16b4cf37
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Tue, 02 May 2023 15:52:27 GMT
Keep-Alive
timeout=5, max=97
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 dca1-bit9006
X-Robots-Tag
noindex,nofollow
cache-control
no-cache, no-store
content-language
de
content-security-policy
frame-ancestors 'self'
content-security-policy-report-only
frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-okta-request-id
ZFExu65bdmxZEWxQDIoqWAAAC7c
x-rate-limit-limit
60
x-rate-limit-remaining
59
x-rate-limit-reset
1683042807
x-ua-compatible
IE=edge
x-xss-protection
0

Redirect headers

Connection
Keep-Alive
Content-Length
0
Date
Tue, 02 May 2023 15:52:27 GMT
Keep-Alive
timeout=5, max=98
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Via
1.1 dca1-bit9006
X-Robots-Tag
noindex,nofollow
cache-control
no-cache, no-store
content-language
de
expires
0
location
https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-okta-request-id
ZFExu65bdmxZEWxQDIoqUwAAC7c
x-rate-limit-limit
60
x-rate-limit-remaining
59
x-rate-limit-reset
1683042807
x-xss-protection
0
fcb_common.js
login.firstcitizens.com/js/vendor/lib/ 		297 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
9b7f471e7ae31fc7036557770f5c514489143f736565efa3bab2fc2633336d8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 02 May 2023 15:52:27 GMT
Content-Encoding
gzip
Via
1.1 google, 1.1 dca1-bit10032, 1.1 dca1-bit9006
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
X-Ion-Hop
1
Cache-Control
no-cache, no-store, must-revalidate
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires
0
okta-sign-in.min.js
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/js/ 		2 MB
465 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/js/okta-sign-in.min.js
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
0b520090c2755339976622a005455a76b63a286d73612470bc3eb928728e9bdb
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 22:13:03 GMT
x-amz-meta-sha1sum
d782d3505e7963c921834c909856153a6f9094ae
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1791564
x-cache
Hit from cloudfront
last-modified
Tue, 11 Apr 2023 21:37:08 GMT
server
nginx
etag
W/"9573d2b1565789b75c89890eeaa90e67"
vary
Accept-Encoding
content-type
application/javascript
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
052GRR0CnHj6_eixXPTLYbLPygBZG2GPNzf1JZyaEd7_Bq1hwmCnEw==
expires
Wed, 10 Apr 2024 22:13:03 GMT
okta-sign-in.min.css
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/ 		215 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/okta-sign-in.min.css
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
7406e3ac0309dd8012d6ecedc9ae88d6c89240f53e9ef932024aac9e410db068
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 22:13:04 GMT
x-amz-meta-sha1sum
b77dd0dec8001105dd6abdec62bcbdda7001e2e8
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1791563
x-cache
Hit from cloudfront
last-modified
Tue, 11 Apr 2023 21:36:04 GMT
server
nginx
etag
W/"12753402d34a780c99d4d55fca3215ae"
vary
Accept-Encoding
content-type
text/css
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
WrdGCp8aC4f2I6aSKtPyVkwIX-13XTa3x32Qz4Wo_jkbrw5to4wkXQ==
expires
Wed, 10 Apr 2024 22:13:04 GMT
custom-signin.241e0fb439244dc50c5929c0513a6765.css
ok7static.oktacdn.com/assets/loginpage/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/loginpage/css/custom-signin.241e0fb439244dc50c5929c0513a6765.css
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=UdF3O5zf-rMym_nVFT5o8885aHD9KQCu62TVQMSQHa4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 13:08:03 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1219464
x-cache
Hit from cloudfront
last-modified
Tue, 22 Mar 2022 23:50:55 GMT
server
nginx
etag
W/"241e0fb439244dc50c5929c0513a6765"
vary
Accept-Encoding
content-type
text/css
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
w3HD7oYq6EXRhmfU4bhFruX3QiXUZyqGporIg4hiyioCsOewWjf7ag==
expires
Wed, 17 Apr 2024 13:08:03 GMT
initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
ok7static.oktacdn.com/assets/js/mvc/loginpage/ 		205 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
Requested by
Host:
URL: OktaUtil.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
f5d6a6e7d3648b0830cf9de5ef59d2167e2536885e4174b6ff8af73f6dd80978
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 16 Apr 2023 19:40:44 GMT
x-amz-meta-sha1sum
8d9f54b48d8e525e03f87987c5b3b3de22f15b92
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1368704
x-cache
Hit from cloudfront
last-modified
Tue, 07 Feb 2023 23:48:55 GMT
server
nginx
etag
W/"e3c1ead3b55da6c854c20649a1e437c8"
vary
Accept-Encoding
content-type
application/javascript
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
26ccE2__Vg5EL7c-QIC_EJFF0VbE7ZN6StKtowe7NEb17TukR0tHUQ==
expires
Mon, 15 Apr 2024 19:40:44 GMT
login_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/labels/json/ 		99 KB
100 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/labels/json/login_de.json
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
83d5d52da9b325f7c93caeea6698ff8bf356e7b9ffa9b3aa75c93253380d73df
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept
application/json
Referer
https://login.firstcitizens.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
text/plain

Response headers

date
Tue, 11 Apr 2023 22:36:43 GMT
x-amz-meta-sha1sum
4d7dc3c54269e7e123ff1f8e359661f9075f0180
via
1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA56-P3
age
1790145
x-cache
Hit from cloudfront
content-length
101532
last-modified
Tue, 11 Apr 2023 21:37:13 GMT
server
nginx
etag
"9cfae23e13199a19bc19bca4903e5dd5"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
Q4FHwAijaOGzPTWL0PXhgEL71UMmOLwKOfk_Ygd1KlQ8Asgh49_MPA==
expires
Wed, 10 Apr 2024 22:36:43 GMT
country_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/labels/json/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/labels/json/country_de.json
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept
application/json
Referer
https://login.firstcitizens.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
text/plain

Response headers

date
Tue, 11 Apr 2023 22:36:43 GMT
x-amz-meta-sha1sum
251dd1ccca4c80570aee52db71eed703ac579ad8
via
1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA56-P3
age
1790145
x-cache
Hit from cloudfront
content-length
4805
last-modified
Tue, 11 Apr 2023 21:37:11 GMT
server
nginx
etag
"51bec6463b4f7c5a26ede1fd8ee067f8"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
tkL-uY-Nd4qRNnUsAZZjPadF-zN8kkl8V3Y2KwNyNP7DxDg9HCFaIw==
expires
Wed, 10 Apr 2024 22:36:43 GMT
fs02zsl0j9IgvWGHz357
ok7static.oktacdn.com/fs/bco/1/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok7static.oktacdn.com/fs/bco/1/fs02zsl0j9IgvWGHz357
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/signin/refresh-auth-state/00pE59iZoe_1pfjajcrhV1Vaa0OhGz_VO68a5ygWz8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.firstcitizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 06:59:18 GMT
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
age
1155190
x-cache
Hit from cloudfront
content-length
13298
last-modified
Fri, 28 Feb 2020 20:20:12 GMT
server
nginx
etag
"2af296330f2ce29810cd2c927d225a52"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
WC4Anyd6_O5EBS0G9oFJBThJPgEyv7ph9Pc6fqwQ-O0cs5axDvf_9g==
expires
Thu, 18 Apr 2024 06:59:18 GMT
c474f32e-5db8-438f-8639-41dd5faaf648
https://login.firstcitizens.com/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://login.firstcitizens.com/c474f32e-5db8-438f-8639-41dd5faaf648
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Length
2479
Content-Type
text/javascript
iframe.html
login.okta.com/discovery/ Frame 7871 		451 B
891 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok7static.oktacdn.com
URL: https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-41.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
af9e0ea5cb6a750c1bb914ab4b7fadaeeaabb2812d25eb23b3250d9013e579ba

Request headers

Referer
https://login.firstcitizens.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
45921
Connection
keep-alive
Content-Length
451
Content-Type
text/html
Date
Tue, 02 May 2023 03:07:08 GMT
ETag
"3e03d2d5a28fe4751c15cf6507fc4aeb"
Last-Modified
Thu, 13 Apr 2023 15:39:37 GMT
Server
AmazonS3
Via
1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront)
X-Amz-Cf-Id
hrwBplSoh1Nt7pkiU_dZdNWLCKSANov-3d0OGQ6G8k510F9XI5yrug==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Hit from cloudfront
introspect
login.firstcitizens.com/api/v1/authn/ 		925 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.firstcitizens.com/api/v1/authn/introspect
Requested by
Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
6bb9e4bb37b6f748c5830fc50930c5b2c1d6b80c142146fd39ec90daad3d1d2d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
https://login.firstcitizens.com/signin/refresh-auth-state/00pE59iZoe_1pfjajcrhV1Vaa0OhGz_VO68a5ygWz8
X-Okta-User-Agent-Extended
okta-auth-js/7.0.1 okta-signin-widget-7.5.0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

x-okta-request-id
ZFExvFONBydPPtZ6gb3ZCwAADU4
Date
Tue, 02 May 2023 15:52:28 GMT
content-security-policy
frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
592
Strict-Transport-Security
max-age=315360000; includeSubDomains
Via
1.1 dca1-bit9006
content-security-policy-report-only
default-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; connect-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com idx-fcb.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; style-src 'unsafe-inline' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com login.okta.com; img-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' idx-fcb.okta.com login.firstcitizens.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://login.firstcitizens.com
x-rate-limit-reset
1683042785
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=100
expires
0
l
use.typekit.net/af/0d0f8f/00000000000000007735c199/30/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/0d0f8f/00000000000000007735c199/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
60402dd08f25414ec79ade3f4a96d781a80d503e1e41f529ba12e549f2067829

Request headers

Referer
https://login.firstcitizens.com/
Origin
https://login.firstcitizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 15:52:28 GMT
server
nginx
etag
"d2ee9c1910a413485cb8230e5c2b59ca20f7528e"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
13356
discoveryIframe-580a3123874a0e600803.min.js
login.okta.com/lib/ Frame 7871 		96 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/lib/discoveryIframe-580a3123874a0e600803.min.js
Requested by
Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-41.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ba13ba24e042794e9f5d55e2032aec59b7896bf64d0d125ffc4742834981828

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.okta.com/discovery/iframe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Tue, 02 May 2023 02:19:34 GMT
Via
1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront)
Last-Modified
Thu, 13 Apr 2023 15:39:38 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P6
Age
48775
ETag
"786d615ef5571017953861b98a190f8f"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Content-Length
98190
X-Amz-Cf-Id
lWlVr_NKvoIVoF1YwnOR7tQQ6CqSu4b7rQ2YouINFXvgIidlkPGFzg==
checkbox-sign-in-widget.png
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/img/ui/forms/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/img/ui/forms/checkbox-sign-in-widget.png
Requested by
Host: ok7static.oktacdn.com
URL: https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/okta-sign-in.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 22:13:04 GMT
x-amz-meta-sha1sum
e0bb021ffdf93c68fef44de2a3b08f378b6fb50a
via
1.1 910a343c3141ba3fe805e18bded62490.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA56-P3
age
1791564
x-cache
Hit from cloudfront
content-length
3141
last-modified
Tue, 11 Apr 2023 21:36:06 GMT
server
nginx
etag
"7846b2f8c6d0a7ca69fdd3d3c294e92d"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
rpUgfHsI_v6oZlYW5KOUfwhT8mP2nzZxyNnWoQazbvREUYK-bfIq1Q==
expires
Wed, 10 Apr 2024 22:13:04 GMT
l
use.typekit.net/af/a3941f/00000000000000007735c1a1/30/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/a3941f/00000000000000007735c1a1/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
03ce8da381c7a8f7b37f2722c228f1923109838c7380e826ce34f36557b92105

Request headers

Referer
https://login.firstcitizens.com/
Origin
https://login.firstcitizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 15:52:29 GMT
server
nginx
etag
"e4b3b05932f08149a94d404c4763b0f8583dcc96"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
13684
okticon.woff
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/font/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/font/okticon.woff
Requested by
Host: ok7static.oktacdn.com
URL: https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-98.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.5.0/css/okta-sign-in.min.css
Origin
https://login.firstcitizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 22:13:04 GMT
x-amz-meta-sha1sum
4d706297987d613a4e3f4f23d08c62d16830845d
via
1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
FRA56-P3
age
1791564
x-cache
Hit from cloudfront
content-length
20600
last-modified
Tue, 11 Apr 2023 21:36:05 GMT
server
nginx
etag
"db28723126138387cdf40680e6e0fa5d"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
d9oF0pH9MgSd1-Q0uSzm1MwCWsMJXAT0WGaiPRV4TCml8qdoxGu7jA==
expires
Wed, 10 Apr 2024 22:13:04 GMT
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| regeneratorRuntime function| jQueryCourage object| u2f function| OktaSignIn function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| config function| readCookie function| getClientId function| getClientName string| clientName string| clientId string| primaryauth_title string| remember string| primaryauth_username_tooltip string| needhelp string| help string| brandName string| password_forgot_email_or_username_placeholder string| password_forgot_email_or_username_tooltip string| account_unlock_email_or_username_placeholder string| account_unlock_email_or_username_tooltip string| mfa_backtoFactors string| factor_hotp_description string| enroll_choices_title string| enroll_hotp_restricted string| enroll_choices_description string| enroll_choices_description_generic string| enroll_choices_description_specific string| enroll_choices_description_gracePeriod_bold string| enroll_choices_description_gracePeriod_oneDay_bold string| enroll_sms_setup string| factor_sms_time_warning string| factor_sms string| factor_call string| factor_call_time_warning string| factor_password string| rememberDevice_devicebased string| contact_support string| error_auth_lockedOut string| password_forgot_noFactorsEnabled string| account_unlock_noFactorsEnabled string| errors_E0000119 string| primaryauth_submit string| error_username_required object| oktaSignIn object| OktaLogin object| jQBrowser

12 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 26212326154978768430188272475927064550
.firstcitizens.com/ Name: AMCVS_E6D235355CF7C1DE0A495EEC%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZFExuQAAAGyGfwMx
.dpm.demdex.net/ Name: dpm
Value: 26212326154978768430188272475927064550
.firstcitizens.com/ Name: AMCV_E6D235355CF7C1DE0A495EEC%40AdobeOrg
Value: -2121179033%7CMCIDTS%7C19480%7CMCMID%7C32414439539414798630722671501680307002%7CMCAAMLH-1683647545%7C6%7CMCAAMB-1683647545%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1683049945s%7CNONE%7CMCSYNCSOP%7C411-19487%7CvVersion%7C5.3.0
profile.firstcitizens.com/ Name: okta-oauth-redirect-params
Value: {%22responseType%22:%22code%22%2C%22state%22:%22r3jkiL8KHwlGe1BHIVXPezRKUQEJsSBaAqcCXsDc8uAeJxAB3Bb0Zzb6P9y5K83G%22%2C%22nonce%22:%229INkVDL1f1ElHkJ7nywbcQasgWIAzEPyr4rpxpXqRqSMMH33u8hOZs5Z8MZKzHuj%22%2C%22scopes%22:[%22openid%22%2C%22email%22]%2C%22clientId%22:%220oa5lwbskwRauZ8cE357%22%2C%22urls%22:{%22issuer%22:%22https://login.firstcitizens.com%22%2C%22authorizeUrl%22:%22https://login.firstcitizens.com/oauth2/v1/authorize%22%2C%22userinfoUrl%22:%22https://login.firstcitizens.com/oauth2/v1/userinfo%22%2C%22tokenUrl%22:%22https://login.firstcitizens.com/oauth2/v1/token%22%2C%22revokeUrl%22:%22https://login.firstcitizens.com/oauth2/v1/revoke%22%2C%22logoutUrl%22:%22https://login.firstcitizens.com/oauth2/v1/logout%22}%2C%22ignoreSignature%22:false}
profile.firstcitizens.com/ Name: okta-oauth-nonce
Value: 9INkVDL1f1ElHkJ7nywbcQasgWIAzEPyr4rpxpXqRqSMMH33u8hOZs5Z8MZKzHuj
profile.firstcitizens.com/ Name: okta-oauth-state
Value: r3jkiL8KHwlGe1BHIVXPezRKUQEJsSBaAqcCXsDc8uAeJxAB3Bb0Zzb6P9y5K83G
login.firstcitizens.com/ Name: t
Value: blue-dark
login.firstcitizens.com/ Name: DT
Value: DI1u0UyNpU0QB-mY6mMMgW0BA
login.firstcitizens.com/ Name: JSESSIONID
Value: 403144401EA07D1FA229649DDA7FD544
login.firstcitizens.com/ Name: oktaStateToken
Value: 00pE59iZoe_1pfjajcrhV1Vaa0OhGz_VO68a5ygWz8

3 Console Messages

Source Level URL
Text
network error URL: https://login.firstcitizens.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
rendering warning URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering warning URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cm.everesttech.net
dpm.demdex.net
firstcitizens.demdex.net
login.firstcitizens.com
login.okta.com
ok7static.oktacdn.com
profile.firstcitizens.com
use.typekit.net
107.162.164.184
108.138.7.41
2a02:26f0:3500:16::215:148f
2a02:26f0:480:7a5::1e80
34.241.198.189
34.246.19.117
52.222.214.98
52.51.186.199
54.221.82.242
03ce8da381c7a8f7b37f2722c228f1923109838c7380e826ce34f36557b92105
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a
06d01d313645c65f8c8bfbcc5db57ca3c097e70ed35248875a9421835ddb48f2
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
0b520090c2755339976622a005455a76b63a286d73612470bc3eb928728e9bdb
10078f6f9f0c199a299e17362a2db7cb61d0da35a3b0292e11e72abff5c146ba
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
309bc36d76d7ecbf66bf9547684d1cbbfcd38a3940c0f6d2dff39736d4f8fd16
3966f3091c7e9c586b259d00f5f9be81420299206ce4e503d7730436809cd200
3ba13ba24e042794e9f5d55e2032aec59b7896bf64d0d125ffc4742834981828
3badcd8c1c3988d934ff82670de691a0ef8599c266e4aa5c734871f840b4ee72
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
50868aa22f99502c366181db404fe16aec3a6fea8c72cb6c69167f6805550360
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
60402dd08f25414ec79ade3f4a96d781a80d503e1e41f529ba12e549f2067829
6bb9e4bb37b6f748c5830fc50930c5b2c1d6b80c142146fd39ec90daad3d1d2d
73b2cd9b13daedb9b5fbd2bdc8ea0e60ee380b664b5499d298c95a870bb5dc18
7406e3ac0309dd8012d6ecedc9ae88d6c89240f53e9ef932024aac9e410db068
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
83d5d52da9b325f7c93caeea6698ff8bf356e7b9ffa9b3aa75c93253380d73df
910e6c647004b4ec08fb0cfd92a7a1a081a549601b28d2d2524ca37668c0342e
92cf8010951d1a2641783d07bfd0cd0edfe660ea3e1284a2fe83774e16b4cf37
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c
9b7f471e7ae31fc7036557770f5c514489143f736565efa3bab2fc2633336d8d
af3fd759258fd510c1eaca89fb9905b658c40f5ff34ad4686ab25b8181f01585
af9e0ea5cb6a750c1bb914ab4b7fadaeeaabb2812d25eb23b3250d9013e579ba
b115ca5b4699827009f47d6040800be9f41128751d73f80e5a14715f367ca487
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
df5a588c6ecf93fcb426efe6dd4c8c78b94dbeac00c33d00a266837a08b578e2
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5d6a6e7d3648b0830cf9de5ef59d2167e2536885e4174b6ff8af73f6dd80978