![](/screenshots/c83f2b7e-8b03-497b-9a8f-e5bc8ed5ed2e.png)
login.firstcitizens.com
Open in
urlscan Pro
107.162.164.184
Public Scan
Effective URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2P...
Submission: On July 14 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 5th 2022. Valid for: a year.
This is the only time login.firstcitizens.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 3.234.42.151 3.234.42.151 | 14618 (AMAZON-AES) (AMAZON-AES) | |
6 | 107.162.164.184 107.162.164.184 | 55002 (DEFENSE-NET) (DEFENSE-NET) | |
7 | 99.86.91.75 99.86.91.75 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.138.7.85 108.138.7.85 | () () | |
27 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-42-151.compute-1.amazonaws.com
ppp.firstcitizens.com |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-91-75.cdg50.r.cloudfront.net
ok7static.oktacdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
firstcitizens.com
1 redirects
ppp.firstcitizens.com login.firstcitizens.com — Cisco Umbrella Rank: 389369 |
665 KB |
7 |
oktacdn.com
ok7static.oktacdn.com — Cisco Umbrella Rank: 11880 |
706 KB |
1 |
okta.com
login.okta.com |
|
27 | 3 |
Domain | Requested by | |
---|---|---|
11 | ppp.firstcitizens.com |
1 redirects
ppp.firstcitizens.com
|
7 | ok7static.oktacdn.com |
login.firstcitizens.com
|
6 | login.firstcitizens.com |
ppp.firstcitizens.com
login.firstcitizens.com |
1 | login.okta.com |
ok7static.oktacdn.com
login.okta.com |
27 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ppp.firstcitizens.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-29 - 2023-08-01 |
a year | crt.sh |
login.firstcitizens.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-12-05 - 2023-12-04 |
a year | crt.sh |
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-01-03 - 2024-01-02 |
a year | crt.sh |
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-13 - 2023-07-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email
Frame ID: DA4531283C73B17EAE63B5BB8C73AEE3
Requests: 24 HTTP requests in this frame
Frame:
https://login.okta.com/discovery/iframe.html
Frame ID: 54303F1E891609A15D993AD1EFDA5374
Requests: 2 HTTP requests in this frame
Screenshot
![](/screenshots/c83f2b7e-8b03-497b-9a8f-e5bc8ed5ed2e.png)
Page URL History Show full URLs
- https://ppp.firstcitizens.com/ Page URL
- https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=Cx... Page URL
Detected technologies
Detected patterns
- /etc\.clientlibs/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ppp.firstcitizens.com/ Page URL
- https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://ppp.firstcitizens.com/content/firstcitizens-ppp/en/app.oktaconfigs.json HTTP 301
- https://ppp.firstcitizens.com/app.oktaconfigs.json
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ppp.firstcitizens.com/ |
153 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.wcm.components.commons.datalayer.v1.js
ppp.firstcitizens.com/etc.clientlibs/core/wcm/components/commons/datalayer/v1/clientlibs/ |
38 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-base.js
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ |
217 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
responsive.css
ppp.firstcitizens.com/libs/wcm/foundation/components/page/ |
121 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-site.css
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ |
139 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.20210322.png
ppp.firstcitizens.com/content/dam/firstcitizens/images/logos/fcb-logo-horiz-web-2020@2x.png.transform/image-scaled-2x-to-1x/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlibs.css
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/components/structure/footer/ |
689 B 604 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-site.js
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ |
77 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-app.js
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.oktaconfigs.json
ppp.firstcitizens.com/ Redirect Chain
|
139 B 437 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
openid-configuration
login.firstcitizens.com/oauth2/default/.well-known/ Frame |
0 0 |
Preflight
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
openid-configuration
login.firstcitizens.com/oauth2/default/.well-known/ |
2 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authorize
login.firstcitizens.com/oauth2/default/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.firstcitizens.com/oauth2/default/v1/ |
35 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fcb_common.js
login.firstcitizens.com/js/vendor/lib/ |
296 KB 170 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fcb_common.js
login.firstcitizens.com/js/vendor/lib/ |
296 KB 170 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fcb_common.js
login.firstcitizens.com/js/vendor/lib/ |
296 KB 170 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.js
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/js/ |
2 MB 467 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.css
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/css/ |
215 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom-signin.241e0fb439244dc50c5929c0513a6765.css
ok7static.oktacdn.com/assets/loginpage/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
initLoginPage.pack.d05a8c2e6bdf6d212b92af4d6b9cfefe.js
ok7static.oktacdn.com/assets/js/mvc/loginpage/ |
204 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/ |
103 KB 104 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
country_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/ |
5 KB 5 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs0tffl89trLqtBlQ357
ok7static.oktacdn.com/fs/bco/1/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
c9a72696-5e0a-4855-9440-dec31ff9f0d8
https://login.firstcitizens.com/ |
2 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.html
login.okta.com/discovery/ Frame 5430 |
451 B 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
discoveryIframe-88dc7396afa19c320b05.min.js
login.okta.com/lib/ Frame 5430 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.firstcitizens.com
- URL
- https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=57GzrmyOxcz2XUEMXpft31xsOlzaT7cwVOHwsT6wMlA&code_challenge_method=S256&nonce=vkRq7kyCwyyN7BvC9nTxvp4ps8VXESzIcUXcQZ8Wi9L82bnJT0RYhjAZtO9u6VlE&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=5PNVcfM9PLHU0IO2ckBJShdp79eDLbkhDLNuHc8MhR62gjfkCDXyaAP62taKB2eH&scope=openid%20email
- Domain
- login.okta.com
- URL
- https://login.okta.com/lib/discoveryIframe-88dc7396afa19c320b05.min.js
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ppp.firstcitizens.com/ | Name: okta-oauth-redirect-params Value: {%22responseType%22:%22code%22%2C%22state%22:%22CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a%22%2C%22nonce%22:%22QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC%22%2C%22scopes%22:[%22openid%22%2C%22email%22]%2C%22clientId%22:%220oachrrry6ENRDR9R357%22%2C%22urls%22:{%22issuer%22:%22https://login.firstcitizens.com/oauth2/default%22%2C%22authorizeUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/authorize%22%2C%22userinfoUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/userinfo%22%2C%22tokenUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/token%22%2C%22revokeUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/revoke%22%2C%22logoutUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/logout%22}%2C%22ignoreSignature%22:false} |
|
ppp.firstcitizens.com/ | Name: okta-oauth-nonce Value: QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC |
|
ppp.firstcitizens.com/ | Name: okta-oauth-state Value: CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a |
|
login.firstcitizens.com/ | Name: JSESSIONID Value: 8DF62EDED5FFA67B7F4AFD021EE284B1 |
|
login.firstcitizens.com/ | Name: t Value: blue-dark |
|
login.firstcitizens.com/ | Name: DT Value: DI17ovaddlKRBO7ibVaQtBHAA |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.firstcitizens.com
login.okta.com
ok7static.oktacdn.com
ppp.firstcitizens.com
login.firstcitizens.com
login.okta.com
107.162.164.184
108.138.7.85
3.234.42.151
99.86.91.75
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
0cc260dc377d51bbdbbae0b7e24e829e982785f048b2f35bbab2669ebae9f09e
150e3af7522cf663064b4127226e57af9d52e2572c721d6056339cbbb9d9e515
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
2a4bcef9eba769028479159a2390663e9a28d44192adae3aa9c1913620715612
33c0beff7c479c8f68edcbe532ad542fbef0e527490d1583c2541f9f0db41048
634a54ea4b23520bfbd940e1ddddf8400362569dab488ff512255d9b0e059bf1
8b7fa92cc38ea079f9e54b371b8636661fc53b427d04197b3f3f5a578b5fe955
a05f9106414813eccc556dfcb5f5fc13d1c099c8f1b1f5013b41d6803926ab9d
a603c6a79c5cf5e715574bba94c7faf13f8c62953f59f3df48b2d408923341e0
a8ee557df40e2e7088010a1d9f89406130b81fe9b8a81f855c82cc52604c8467
b6de4c56745448a1a68eeac5122b9cbe5358c8a1c5b244e0a386f668ec5d4ce0
b767e9b55ba43a99ebd587d3824669be6112257249182b14d7e1025e3ef1d2a8
b926d89f9a405a38640ca6eb4f32aa8107d11c17a6dd7c9627eb0f98f6323fcb
b9cc046e72acb925e799602c95b5d571321378cdf23f7e3870c71ef27fbed489
bb7b04fe7a146c5260e3f1a82db4c675c3d41f53f0fe4fb7517840cef54f2b0b
c9862256ca2730b88b92a0a04dab85955d83484cc0c574b153b3395be7afdcf3
cfbab9108004617f9c8dd002e970dacb65d2d8eead0093ed34b1baf8b7c6d62d
d5b594b26052a51638ae365f3b1f9a2d351a06492c416c924a10e19b2da5fa2b
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
ea8d801deb6776d5aaf273dfbc42d503fdaaa6f51c8934d0961e3f2a1ba13ceb