urlscan.io logo urlscan.io
SecurityTrails logo

login.americannational.com Open in urlscan Pro
170.76.144.77  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portal.americannational.com/
Effective URL: https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%...
Submission: On January 04 via manual from PH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 170.76.144.77, located in United States and belongs to CENTURYLINK-LEGACY-LVLT-203, US. The main domain is login.americannational.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 10th 2022. Valid for: a year.
This is the only time login.americannational.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 170.76.144.96 203 (CENTURYLI...)
2 170.76.144.77 203 (CENTURYLI...)
4 3
Apex Domain
Subdomains		 Transfer
4 americannational.com
portal.americannational.com
login.americannational.com
31 KB
4 1
Domain Requested by
2 login.americannational.com portal.americannational.com
login.americannational.com
2 portal.americannational.com 1 redirects portal.americannational.com
4 2

This site contains no links.

Subject Issuer Validity Valid
*.americanNational.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-10 -
2023-11-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%20email%20phone&state=qJqCG5uUN5GjdklRLpyTvP6Dc7QZbc6O0Ncuf0N4YM_1672814054106&redirect_uri=https%3A%2F%2Fportal.americannational.com%3A10042%2Fwps%2Foidcclient%2FProdRealm
Frame ID: FEAB9AF15FFA0A8E71F69F0E11531EE2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Error

Page URL History Show full URLs

  1. http://portal.americannational.com/ HTTP 308
    http://portal.americannational.com/wps/myportal/pingAuth Page URL
  2. https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%... Page URL

Page Statistics

4
Requests

50 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

31 kB
Transfer

173 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portal.americannational.com/ HTTP 308
    http://portal.americannational.com/wps/myportal/pingAuth Page URL
  2. https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%20email%20phone&state=qJqCG5uUN5GjdklRLpyTvP6Dc7QZbc6O0Ncuf0N4YM_1672814054106&redirect_uri=https%3A%2F%2Fportal.americannational.com%3A10042%2Fwps%2Foidcclient%2FProdRealm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://portal.americannational.com/ HTTP 308
  • http://portal.americannational.com/wps/myportal/pingAuth

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
pingAuth
portal.americannational.com/wps/myportal/
Redirect Chain
  • http://portal.americannational.com/
  • http://portal.americannational.com/wps/myportal/pingAuth
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://portal.americannational.com/wps/myportal/pingAuth
Protocol
HTTP/1.1
Server
170.76.144.96 , United States, ASN203 (CENTURYLINK-LEGACY-LVLT-203, US),
Reverse DNS
Software
/ Servlet/3.0
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src *; script-src 'unsafe-inline' 'unsafe-eval' https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com http://*.angularjs.org https://*.inmoment.com https://*.youtube.com https://*.dnanico1.aniconet.com https://*.vtimg.com https://*.ytimg.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; object-src * blob: data: ;
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*.americannational.com
Cache-Control
no-cache="set-cookie, set-cookie2"
Connection
Keep-Alive
Content-Language
en-US
Content-Security-Policy
default-src *; script-src 'unsafe-inline' 'unsafe-eval' https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com http://*.angularjs.org https://*.inmoment.com https://*.youtube.com https://*.dnanico1.aniconet.com https://*.vtimg.com https://*.ytimg.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; object-src * blob: data: ;
Content-Type
text/html;charset=ISO-8859-1
Date
Wed, 04 Jan 2023 06:34:14 GMT
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive
timeout=10, max=100
Server-Timing
dtSInfo;desc="0", dtRpid;desc="591123439"
Transfer-Encoding
chunked
X-OneAgent-JS-Injection
true
X-Powered-By
Servlet/3.0
X-XSS-Protection
1; mode=block
X-ruxit-JS-Agent
true

Redirect headers

Cache-Control
no-cache
Connection
close
Location
/wps/myportal/pingAuth
Pragma
no-cache
ruxitagentjs_ICA2NVfqru_10255221104040649.js
portal.americannational.com/ 		0
0
Primary Request authorization.oauth2
login.americannational.com/as/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%20email%20phone&state=qJqCG5uUN5GjdklRLpyTvP6Dc7QZbc6O0Ncuf0N4YM_1672814054106&redirect_uri=https%3A%2F%2Fportal.americannational.com%3A10042%2Fwps%2Foidcclient%2FProdRealm
Requested by
Host: portal.americannational.com
URL: http://portal.americannational.com/wps/myportal/pingAuth
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.76.144.77 , United States, ASN203 (CENTURYLINK-LEGACY-LVLT-203, US),
Reverse DNS
pearl.anico.com
Software
/
Resource Hash
1a02418e65f5f6fd32aefa26c470ad68499d8548b83562b1a970e43111869143
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://portal.americannational.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
must-revalidate,no-cache,no-store
Content-Length
1451
Content-Type
text/html;charset=utf-8
Pragma
no-cache
Referrer-Policy
origin
Server-Timing
dtRpid;desc="1202850673", dtSInfo;desc="0"
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-OneAgent-JS-Injection
true
main.css
login.americannational.com/assets/css/ 		170 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.americannational.com/assets/css/main.css
Requested by
Host: login.americannational.com
URL: https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%20email%20phone&state=qJqCG5uUN5GjdklRLpyTvP6Dc7QZbc6O0Ncuf0N4YM_1672814054106&redirect_uri=https%3A%2F%2Fportal.americannational.com%3A10042%2Fwps%2Foidcclient%2FProdRealm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
170.76.144.77 , United States, ASN203 (CENTURYLINK-LEGACY-LVLT-203, US),
Reverse DNS
pearl.anico.com
Software
/
Resource Hash
2a65f71ed29d712ed3ad8e7f674ab3f32877c269f04215008dc328fda9cd7779
Security Headers
Name Value
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.americannational.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 06:34:14 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
Referrer-Policy
origin
Last-Modified
Thu, 20 Oct 2022 05:15:14 GMT
Content-Encoding
gzip
ntCoent-Length
174330
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
X-OneAgent-JS-Injection
true
Cache-Control
max-age=0, must-revalidate

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
portal.americannational.com
URL
http://portal.americannational.com/ruxitagentjs_ICA2NVfqru_10255221104040649.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

2 Cookies

Domain/Path Name / Value
.americannational.com/ Name: dtCookie
Value: v_4_srv_8_sn_971C42B7F4861BBB94B48A9DE5698D46_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1
login.americannational.com/ Name: PF
Value: PYOAWVqX99QG7j7tgAHLNK

3 Console Messages

Source Level URL
Text
network error URL: http://portal.americannational.com/wps/myportal/pingAuth
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
security error URL: http://portal.americannational.com/wps/myportal/pingAuth
Message:
Refused to load the script 'http://portal.americannational.com/ruxitagentjs_ICA2NVfqru_10255221104040649.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com http://*.angularjs.org https://*.inmoment.com https://*.youtube.com https://*.dnanico1.aniconet.com https://*.vtimg.com https://*.ytimg.com https://*.anicoweb.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://login.americannational.com/as/authorization.oauth2?response_type=code&client_id=ProdRealm&scope=openid%20profile%20address%20email%20phone&state=qJqCG5uUN5GjdklRLpyTvP6Dc7QZbc6O0Ncuf0N4YM_1672814054106&redirect_uri=https%3A%2F%2Fportal.americannational.com%3A10042%2Fwps%2Foidcclient%2FProdRealm
Message:
Failed to load resource: the server responded with a status of 400 (Invalid redirect_uri)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *; script-src 'unsafe-inline' 'unsafe-eval' https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com http://*.angularjs.org https://*.inmoment.com https://*.youtube.com https://*.dnanico1.aniconet.com https://*.vtimg.com https://*.ytimg.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; object-src * blob: data: ;
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.americannational.com
portal.americannational.com
portal.americannational.com
170.76.144.77
170.76.144.96
1a02418e65f5f6fd32aefa26c470ad68499d8548b83562b1a970e43111869143
2a65f71ed29d712ed3ad8e7f674ab3f32877c269f04215008dc328fda9cd7779