urlscan.io logo urlscan.io
SecurityTrails logo

myaccount.dukefcu.org Open in urlscan Pro
52.189.66.201  Public Scan

Go To Rescan Add Verdict Report
URL: https://myaccount.dukefcu.org/
Submission: On December 12 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 52.189.66.201, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is myaccount.dukefcu.org.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on January 5th 2023. Valid for: a year.
This is the only time myaccount.dukefcu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
19 52.189.66.201 8075 (MICROSOFT...)
19 2
Apex Domain
Subdomains		 Transfer
19 dukefcu.org
myaccount.dukefcu.org
731 KB
19 1
Domain Requested by
19 myaccount.dukefcu.org myaccount.dukefcu.org
19 1

This site contains no links.

Subject Issuer Validity Valid
myaccount.dukefcu.org
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-01-05 -
2024-01-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://myaccount.dukefcu.org/
Frame ID: CF37AFBC6913308BF32DA524214E8123
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login ยท Duke University FCU

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

731 kB
Transfer

1272 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
myaccount.dukefcu.org/ 		84 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
7b4bdcb52ef183cba79fc3f4c11ecd10d0239114c8e475664669819225b2e4ff
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-zrcM4WmGv8KCLxpZDL5fgdZMGW9Ytjz9bRyU+HGyr5I=' 'sha256-HLYoJmGa5La1822Orr8QlgFf4BZc5EA9rfCc8L5QR+8=' 'sha256-G7bKecbZlc34H92m4Oh4bCQpd95tQsKJJ3LlKhBGYAE=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-qEv4LQF+cFpppdYCh3ZN8dCvSHkQfK5UhwZAEMmNpWY=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://myaccount.dukefcu.org; manifest-src 'self'; worker-src 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, no-cache
content-encoding
gzip
content-length
18728
content-security-policy
default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-zrcM4WmGv8KCLxpZDL5fgdZMGW9Ytjz9bRyU+HGyr5I=' 'sha256-HLYoJmGa5La1822Orr8QlgFf4BZc5EA9rfCc8L5QR+8=' 'sha256-G7bKecbZlc34H92m4Oh4bCQpd95tQsKJJ3LlKhBGYAE=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-qEv4LQF+cFpppdYCh3ZN8dCvSHkQfK5UhwZAEMmNpWY=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://myaccount.dukefcu.org; manifest-src 'self'; worker-src 'self';
content-type
text/html
date
Tue, 12 Dec 2023 00:27:19 GMT
etag
W/"4928-yRuvQGf826uJot5Ldd0dimQSwAM"
permissions-policy
document-domain=()
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-sampled
1
x-b3-spanid
1f1bb8c36eda1829
x-b3-traceid
514acc410f2df2613704c6d256f8b4dd
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
standalone-app-d7bc1a18.js
myaccount.dukefcu.org/js/ 		122 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
abff3eae8e9f0d90f6ecc6efe8b68b384f6607559054f3df6159179fc92b68b0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
0cc3b31fdcf43816557b4b0a8e1cd40f
etag
W/"8981-WI6unDusx+WKpKIhoWglXgz6OaM"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
584cf426db3671e8
x-b3-sampled
1
content-length
35201
banno-web-42fe75e4.js
myaccount.dukefcu.org/js/ 		452 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/banno-web-42fe75e4.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
e485cfaf5e5b5b48301d9608858747c0bb25aa068fa784c3aac75a0b16b40c9f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
2543cb4f4c5641c4d00fa9723550c752
etag
W/"181d0-+J1KJ94/acAcUasEtZmEtyYlBi0"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
09954c4f8b27f5a2
x-b3-sampled
1
content-length
98768
duke-university-fcu-logo-f6af081c.png
myaccount.dukefcu.org/images/fi-assets/duke-university-fcu/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myaccount.dukefcu.org/images/fi-assets/duke-university-fcu/duke-university-fcu-logo-f6af081c.png
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
e2aab72e834a12312b2ad4dd4d05ee989c1dfa0b2927c03294e04a7cbc775a7f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://myaccount.dukefcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 11 Dec 2023 20:34:40 GMT
x-b3-traceid
99adc52d0daa2683cdcfbab330e45fe1
etag
W/"4a9d-18c5a96c700"
content-type
image/png
cache-control
public, max-age=31536000
x-b3-spanid
dab6bb71d59bce41
x-b3-sampled
1
accept-ranges
bytes
content-length
19101
client-shared-e8078e73.js
myaccount.dukefcu.org/js/ 		146 B
403 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/client-shared-e8078e73.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
d54bfc2275d3e6ecfa234e27361b89c1ba72e9d7564d6690d45941886d4eac8c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
6413cc927d8edded3c0dca4bc879eb13
etag
W/"7d-LjCOuJPMRosRLYXJ4WmbcdPDXJI"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
c217a922ef267c18
x-b3-sampled
1
content-length
125
214f8ab0-d9d2-11e7-8a39-f6b45746b88a
myaccount.dukefcu.org/a/consumer/api/offline-status/institutions/ 		20 B
241 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/offline-status/institutions/214f8ab0-d9d2-11e7-8a39-f6b45746b88a
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
bdbf1c1b735b09d5cdd6e0d87b5a3db5f5334f23e13dfe29e2ceb3d687e02716
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
bf1093cb1c1e4356f924641872dedbc7
content-type
application/json
x-b3-spanid
5280c691086f2c93
x-b3-sampled
1
content-length
20
x-request-id
499574eb3b7d1cfc9689f10a38280a8a
jha-icon-circle-warning-88696335.js
myaccount.dukefcu.org/js/ 		735 B
654 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/jha-icon-circle-warning-88696335.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
7fe237cd20d9bfdadd621b9dc6be062bfb0878cc561eacb7421922b1271d4184
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
a605c9b5602c6ad9bdf9d8f74db11520
etag
W/"177-9S8rGIb+2i1/mdlD7a2i5ZNkApg"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
d61b5f38aa89359d
x-b3-sampled
1
content-length
375
mixpanel-f9d23bcf.js
myaccount.dukefcu.org/js/ 		52 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/mixpanel-f9d23bcf.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
dce4a470829f2aa05bf19393a5d4bc6cb899e7c1f673251e1e27ef277889b178
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
3e3faae74dd9d55f428f6c62b72dad70
etag
W/"4089-VSkAbBmjsB/gDW3MK8Q03otmYNY"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
919d4410dc6cfb50
x-b3-sampled
1
content-length
16521
bannoweb-background-hero-583b79d6.js
myaccount.dukefcu.org/js/ 		820 B
656 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/bannoweb-background-hero-583b79d6.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
d4c0d9fdc73d960ab69ff278a55c1c3d8f925678c2dba2b560380ad8e2f2b94d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
2af84a3017f560ada1bfb7390fc98773
etag
W/"179-a8qo/HFh5d8IZrqxhbGakO4vOtA"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
597ab1d06b979254
x-b3-sampled
1
content-length
377
validate
myaccount.dukefcu.org/a/consumer/api/auth/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/auth/validate
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-spanid
c2e3cb9c0e95283d
x-b3-sampled
1
x-b3-traceid
26c4b3d53ba132279c4b7102e996809c
content-length
0
x-request-id
e9948866a8691e70c0dff203cf1b4756
duke-university-fcu-background-landscape-9cf3ecdb.png
myaccount.dukefcu.org/images/fi-assets/duke-university-fcu/ 		451 KB
451 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myaccount.dukefcu.org/images/fi-assets/duke-university-fcu/duke-university-fcu-background-landscape-9cf3ecdb.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
dae6ae8b4cd852497125392ee690d3e96a78906a7932b82d7231f88d5eb578dc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://myaccount.dukefcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 11 Dec 2023 20:34:40 GMT
x-b3-traceid
a54672adc8a60d46083f92cbacd376d8
etag
W/"70a42-18c5a96c700"
content-type
image/png
cache-control
public, max-age=31536000
x-b3-spanid
3d361165cef9da62
x-b3-sampled
1
accept-ranges
bytes
content-length
461378
214f8ab0-d9d2-11e7-8a39-f6b45746b88a
myaccount.dukefcu.org/a/consumer/api/institutions/ 		72 KB
72 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/institutions/214f8ab0-d9d2-11e7-8a39-f6b45746b88a
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
ad69897b1c984c93d2b81554804567a3bccf16627976c47cb0455292111b0c21
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
3a7e22b6f19ed7de65fb295c3f874b57
content-type
application/json
x-b3-spanid
45cd222124b97360
x-b3-sampled
1
content-length
73726
x-request-id
72f97ad414bdc067c249dca46b218b2d
jha-icon-form-cf1b8e53.js
myaccount.dukefcu.org/js/ 		1 KB
793 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/jha-icon-form-cf1b8e53.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
b7151393492a763cefcae1d525930b5a1a1cc0c6eb30b6fd8a04daae302151e3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
0813d58b661ba433e1ae911f88f4a81e
etag
W/"202-6IHuXEbSavXo4i/SPi8JkfeD6zA"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
ba52377d77b4e699
x-b3-sampled
1
content-length
514
jha-icon-life-preserver-231f91c2.js
myaccount.dukefcu.org/js/ 		1 KB
906 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/jha-icon-life-preserver-231f91c2.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
501611b5ec807c7cf1e502ce809a150fa83f3b8794eab626d31abf31df04fbbb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
1dd570fc31f791b4ab3fbd0e20d19174
etag
W/"274-BnutOh9d7MaPA4b3Q3fbbtKCNW8"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
959978b3f62724ff
x-b3-sampled
1
content-length
628
time
myaccount.dukefcu.org/a/consumer/api/v0/login/ 		13 B
310 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/v0/login/time
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
6a1a8e42531c7aacec15c87297e97acf26f6cceceb20253ad18c6d0a38bd6050
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
7be0f44e596ad12c40b462c4469faabe
etag
W/"d-5ob1xRq7y9NOsE+Lv03/E/ploAw"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
e822585ab491080e
x-b3-sampled
1
content-length
13
x-request-id
b2ad458a8081e53bfb52622f1cfdfb73
jha-icon-warning-f0aa6a9a.js
myaccount.dukefcu.org/js/ 		898 B
723 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/js/jha-icon-warning-f0aa6a9a.js
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
2f683934d33d6bf14babd20d4c0676d45f5ffa8e307518760c9ad85deee6543f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
content-encoding
br
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
899207d4c8c9a6f722a16cc7900960f4
etag
W/"1be-0UdKS8wTN2txc7cMDiH6imt05ic"
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
x-b3-spanid
591b782f3ab7a4be
x-b3-sampled
1
content-length
446
time
myaccount.dukefcu.org/a/consumer/api/v0/login/ 		13 B
310 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/v0/login/time
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
6abeda7c1cb1f4fa84c6b8a3bf7052b87819862cf56fa2900b030e95ad57b0e0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
638c12459775667356cda3449a841eb6
etag
W/"d-ko19yEJOGLJNdN1QV2QtuTiwBe8"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
8c470b97cd413efd
x-b3-sampled
1
content-length
13
x-request-id
37b5c704350073a4d74c1c406ac2a677
roboto-regular-webfont.woff2
myaccount.dukefcu.org/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/fonts/roboto-regular-webfont.woff2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/
Origin
https://myaccount.dukefcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 11 Dec 2023 17:48:55 GMT
x-b3-traceid
eebb7ecfad95e12f143d78ae3c41690b
etag
W/"3bf0-18c59ff0758"
content-type
font/woff2
cache-control
public, no-cache
x-b3-spanid
5d8ad56fd4f1537f
x-b3-sampled
1
accept-ranges
bytes
content-length
15344
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
image/gif
start
myaccount.dukefcu.org/a/consumer/api/login/assertion/ 		158 B
458 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://myaccount.dukefcu.org/a/consumer/api/login/assertion/start
Requested by
Host: myaccount.dukefcu.org
URL: https://myaccount.dukefcu.org/js/standalone-app-d7bc1a18.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.189.66.201 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
online.banno-production.com
Software
/
Resource Hash
7bb6aa286f1dcd93190435e9131aa530ebf74ab9d74fc5382d7997a9c1fcc4a3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://myaccount.dukefcu.org/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Tue, 12 Dec 2023 00:27:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-b3-traceid
b60330828f171c30920daf56d93fdb88
etag
W/"9e-2tGGLURx9sECeUl+g2pQYEnltRs"
content-type
application/json; charset=utf-8
cache-control
private, no-store, no-cache
x-b3-spanid
d63b16232179180f
x-b3-sampled
1
content-length
158
x-request-id
25f57365b4ed65d35753073b736da4a7

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| imprt_ object| banno object| ShadyCSS string| mitekWorkerPath object| litHtmlVersions function| JSCompiler_renameProperty object| litElementVersions function| l9a function| qTb function| pS function| lv function| pbb function| sRc function| rtc function| iwc function| gRc function| fnc function| ewc function| wPc function| v function| olc function| oWa function| dn function| ga function| kfb function| m3b function| yn function| o5b function| t8b function| m6b function| mpa function| mUb function| lAc function| dSb function| cSc function| txc function| bm function| xyc function| j5b function| qxc function| tTa function| oZ function| iia function| yZ function| pLa function| nDa function| fSc function| mZ function| a0a function| sga function| nE function| mda function| mg function| u0a function| gxa function| od function| jsc function| qS function| pCc function| oUa function| bnb function| j6b function| fLb function| hvb function| pnc

2 Cookies

Domain/Path Name / Value
myaccount.dukefcu.org/ Name: deviceId
Value: online-b4a49fc5-a71a-4464-b10f-0058108bd83d
myaccount.dukefcu.org/ Name: mp_5ad87dc510a720035bac28b0d20a2df5_mixpanel
Value: %7B%22distinct_id%22%3A%20%22%24device%3A18c5b6bce3060d-0d9f50c8b77512-1e393178-1d4c00-18c5b6bce3060d%22%2C%22%24device_id%22%3A%20%2218c5b6bce3060d-0d9f50c8b77512-1e393178-1d4c00-18c5b6bce3060d%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22institutionId%22%3A%20%22214f8ab0-d9d2-11e7-8a39-f6b45746b88a%22%2C%22institutionName%22%3A%20%22Duke%20University%20FCU%22%2C%22userAgent%22%3A%20%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.71%20Safari%2F537.36%22%7D

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
network error URL: https://myaccount.dukefcu.org/a/consumer/api/auth/validate
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'unsafe-inline' 'sha256-5tglEW0Vs+Qd9vtRZ++NKLr08Vk0yoF/jPR+mbB5eq8=' 'sha256-wyuUAa+a967T1T6WNseoupM6GGreJ7AugW1DgkH8rQI=' 'sha256-zrcM4WmGv8KCLxpZDL5fgdZMGW9Ytjz9bRyU+HGyr5I=' 'sha256-HLYoJmGa5La1822Orr8QlgFf4BZc5EA9rfCc8L5QR+8=' 'sha256-G7bKecbZlc34H92m4Oh4bCQpd95tQsKJJ3LlKhBGYAE=' 'sha256-ildUzQ5UsadChij+sqp2CK8DE6fAqU4NwegKKfap0rs=' 'sha256-qEv4LQF+cFpppdYCh3ZN8dCvSHkQfK5UhwZAEMmNpWY=' 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://banno.com https://*.banno.com https://*.googleusercontent.com https://banno-assets-production.s3.amazonaws.com https://banno-sentry-production.s3.amazonaws.com; media-src 'self' mediastream:; frame-src 'self' https://*.mybankhq.com https://*.billpaysite.com https://*.banno.com https://geezeo-tiles.s3.amazonaws.com https://*.geezeo.com https://orcasnet-investments.banno-plugins-uat.com https://connect2.finicity.com https://businessbillpay-e.com/ https://*.businessbillpay-e.com/ https://apim.autobooks.co; child-src 'self'; font-src https: data:; frame-ancestors 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com wss://myaccount.dukefcu.org; manifest-src 'self'; worker-src 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN