![](/screenshots/96d1b31c-97fe-46fc-9ce6-0b83ddedbf7c.png)
login.firstcitizens.com
Open in
urlscan Pro
107.162.164.184
Public Scan
Submission: On January 12 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Global CA G2 on March 13th 2020. Valid for: 2 years.
This is the only time login.firstcitizens.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 107.162.164.184 107.162.164.184 | 55002 (DEFENSE-NET) (DEFENSE-NET) | |
9 | 13.225.80.107 13.225.80.107 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.225.80.68 13.225.80.68 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e024 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
15 | 5 |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-107.fra2.r.cloudfront.net
ok7static.oktacdn.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-68.fra2.r.cloudfront.net
login.okta.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
oktacdn.com
ok7static.oktacdn.com — Cisco Umbrella Rank: 11214 |
789 KB |
2 |
typekit.net
use.typekit.net — Cisco Umbrella Rank: 455 |
27 KB |
2 |
okta.com
login.okta.com — Cisco Umbrella Rank: 6578 |
97 KB |
2 |
firstcitizens.com
login.firstcitizens.com — Cisco Umbrella Rank: 460109 |
112 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
9 | ok7static.oktacdn.com |
login.firstcitizens.com
ok7static.oktacdn.com |
2 | use.typekit.net | |
2 | login.okta.com |
ok7static.oktacdn.com
login.okta.com |
2 | login.firstcitizens.com |
login.firstcitizens.com
|
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.firstcitizens.com |
profile.firstcitizens.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.firstcitizens.com DigiCert Global CA G2 |
2020-03-13 - 2022-03-14 |
2 years | crt.sh |
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-22 - 2023-01-22 |
a year | crt.sh |
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-24 - 2022-07-25 |
a year | crt.sh |
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-08-16 - 2022-08-16 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.firstcitizens.com/
Frame ID: E8B41992DE408EEE4AB68D6822181F0B
Requests: 14 HTTP requests in this frame
Frame:
https://login.okta.com/discovery/iframe.html
Frame ID: 48825762B2F89C62FF80E068F4113411
Requests: 2 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Privacy & Security
Search URL Search Domain Scan URL
Title: Profile Manager
Search URL Search Domain Scan URL
Title: Hilfe
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
login.firstcitizens.com/ |
32 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fcb_common.js
login.firstcitizens.com/js/vendor/lib/ |
174 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.js
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/js/ |
2 MB 505 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.css
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/css/ |
211 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom-signin.bb8f4ce4363dd17160adb27f2ab5f478.css
ok7static.oktacdn.com/assets/loginpage/css/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
initLoginPage.pack.103f0a08c8f9401f5a348e6d81b34c6a.js
ok7static.oktacdn.com/assets/js/mvc/loginpage/ |
396 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/labels/json/ |
94 KB 94 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
country_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/labels/json/ |
5 KB 5 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs02zsl0j9IgvWGHz357
ok7static.oktacdn.com/fs/bco/1/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.html
login.okta.com/discovery/ Frame 4882 |
546 B 985 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox-sign-in-widget.png
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/img/ui/forms/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/0d0f8f/00000000000000007735c199/30/ |
13 KB 13 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/a3941f/00000000000000007735c1a1/30/ |
13 KB 14 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okticon.woff
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.0/font/ |
20 KB 21 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discoveryIframe-82e613074a3700abe11a.min.js
login.okta.com/lib/ Frame 4882 |
96 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
433 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onsecuritypolicyviolation object| onslotchange object| regeneratorRuntime function| setImmediate function| clearImmediate object| Backbone function| jQueryCourage object| u2f function| OktaSignIn function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| config function| readCookie function| getClientId function| getClientName undefined| clientName undefined| clientId string| primaryauth_title string| remember string| primaryauth_username_tooltip string| needhelp string| help string| brandName string| password_forgot_email_or_username_placeholder string| password_forgot_email_or_username_tooltip string| account_unlock_email_or_username_placeholder string| account_unlock_email_or_username_tooltip string| mfa_backtoFactors string| factor_hotp_description string| enroll_choices_title string| enroll_hotp_restricted string| enroll_choices_description string| enroll_choices_description_generic string| enroll_choices_description_specific string| enroll_choices_description_gracePeriod_bold string| enroll_choices_description_gracePeriod_oneDay_bold string| enroll_sms_setup string| factor_sms_time_warning string| factor_sms string| factor_password string| rememberDevice_devicebased string| contact_support string| error_auth_lockedOut string| password_forgot_noFactorsEnabled string| account_unlock_noFactorsEnabled string| errors_E0000119 string| primaryauth_submit string| error_username_required object| oktaSignIn object| OktaLogin object| jQBrowser3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.firstcitizens.com/ | Name: JSESSIONID Value: 92C27EAAA241387245E90A514E65C99E |
|
login.firstcitizens.com/ | Name: t Value: blue-dark |
|
login.firstcitizens.com/ | Name: DT Value: DI0cwXcee1GQK-IphOVAg3pxw |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=315360000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.firstcitizens.com
login.okta.com
ok7static.oktacdn.com
use.typekit.net
107.162.164.184
13.225.80.107
13.225.80.68
2a02:26f0:f7::5c7b:e024
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
38f8eb122e4cd7106a24918dba446a8a803acecc0bc915572ed4b68f335d1550
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
441a34cb0dac43ef893f596889e81ba3fa45cb47aa294ff22706b30ce96b004a
6ad0ad11086d50749bb41cf96cf712c1e61f458b4f6844f36f4ba21960417250
7612fcfc467dea4bb744745f7c8b3cb26f1b73e76df53ff527f322a4b3a32a3b
765024756b73bba60951ceade73fb2dd7c7e1a91afb0f864ae032ee7a449f2aa
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
86eed6f83ac95cd25a4481bfc6310a47da2169cd9da74ef4579f25cbfb75ad52
8f25bee7c185d918f1d55f844f64b5cd372a4743caeb63c2abd413e5f42a4949
9088ba84bd8facb1ae216959655256308143f85f3608acb93880347b60f9a620
95af40bfcbde1f391bc4d85f4e142759d1b099cbb2176acfccfd72d601c542f9
c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
f657760e6c3c19d5c1a694d921f8d6aaf0880f163b00bfa2a4dd07191f522da5
fd3d0f0faeb38cf968d6784040ba41894862bccc5dcda99308a643ea5ee33962