login.firstcitizens.com Open in urlscan Pro
107.162.164.184 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ppp.firstcitizens.com/
Effective URL:
https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2P...
Submission: On July 14 via automatic, source certstream-suspicious (July 14th 2023, 3:50:23 pm UTC) — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 27 HTTP transactions. The main IP is 107.162.164.184, located in United States and belongs to DEFENSE-NET, US. The main domain is login.firstcitizens.com. The Cisco Umbrella rank of the primary domain is 389369.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 5th 2022. Valid for: a year.

This is the only time login.firstcitizens.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	3.234.42.151 3.234.42.151	14618 (AMAZON-AES) (AMAZON-AES)
6	107.162.164.184 107.162.164.184	55002 (DEFENSE-NET) (DEFENSE-NET)
7	99.86.91.75 99.86.91.75	16509 (AMAZON-02) (AMAZON-02)
1	108.138.7.85 108.138.7.85	() ()
27	5

11 3.234.42.151 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-42-151.compute-1.amazonaws.com

ppp.firstcitizens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 107.162.164.184 (United States)

ASN55002 (DEFENSE-NET, US)

login.firstcitizens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 99.86.91.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-91-75.cdg50.r.cloudfront.net

ok7static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.85 (None, )

ASN- ()

login.okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	firstcitizens.com 1 redirects ppp.firstcitizens.com login.firstcitizens.com — Cisco Umbrella Rank: 389369	665 KB
7	oktacdn.com ok7static.oktacdn.com — Cisco Umbrella Rank: 11880	706 KB
1	okta.com login.okta.com
27	3

	Domain	Requested by
11	ppp.firstcitizens.com	1 redirects ppp.firstcitizens.com
7	ok7static.oktacdn.com	login.firstcitizens.com
6	login.firstcitizens.com	ppp.firstcitizens.com login.firstcitizens.com
1	login.okta.com	ok7static.oktacdn.com login.okta.com
27	4

This site contains no links.

Subject Issuer	Validity	Valid
ppp.firstcitizens.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-29` - `2023-08-01`	a year	crt.sh
login.firstcitizens.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-05` - `2023-12-04`	a year	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-01-02`	a year	crt.sh
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-13` - `2023-07-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email
Frame ID: DA4531283C73B17EAE63B5BB8C73AEE3
Requests: 24 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 54303F1E891609A15D993AD1EFDA5374
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ppp.firstcitizens.com/ Page URL
https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=Cx... Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Page Statistics

27
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

1371 kB
Transfer

3899 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ppp.firstcitizens.com/ Page URL
https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://ppp.firstcitizens.com/content/firstcitizens-ppp/en/app.oktaconfigs.json HTTP 301
https://ppp.firstcitizens.com/app.oktaconfigs.json

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
ppp.firstcitizens.com/ 153 KB
19 KB 798ms
204ms Document
text/html 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b926d89f9a405a38640ca6eb4f32aa8107d11c17a6dd7c9627eb0f98f6323fcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 53454233
content-encoding: gzip
content-length: 19399
content-type: text/html;charset=utf-8
date: Fri, 14 Jul 2023 15:50:17 GMT
etag: "26281-5cfd69f2c8800-gzip"
last-modified: Tue, 02 Nov 2021 23:26:24 GMT
server: Apache
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish-ppp

GET
H2 200 core.wcm.components.commons.datalayer.v1.js Show response
ppp.firstcitizens.com/etc.clientlibs/core/wcm/components/commons/datalayer/v1/clientlibs/ 38 KB
13 KB 111ms
109ms Script
application/javascript 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/core/wcm/components/commons/datalayer/v1/clientlibs/core.wcm.components.commons.datalayer.v1.js

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

a8ee557df40e2e7088010a1d9f89406130b81fe9b8a81f855c82cc52604c8467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 09 Jan 2023 23:09:28 GMT
server: Apache
age: 2021613
etag: "99a2-5f1dcdbe6fa00-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
content-length: 13370

GET
H2 200 clientlib-base.js Show response
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ 217 KB
64 KB 209ms
207ms Script
application/javascript 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-base.js

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b767e9b55ba43a99ebd587d3824669be6112257249182b14d7e1025e3ef1d2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 22:26:38 GMT
server: Apache
age: 2021613
etag: "36371-5cfd5c96e8380-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
accept-ranges: bytes

GET
H2 200 responsive.css
ppp.firstcitizens.com/libs/wcm/foundation/components/page/ 121 KB
7 KB 109ms
107ms Stylesheet
text/css 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/libs/wcm/foundation/components/page/responsive.css

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

a603c6a79c5cf5e715574bba94c7faf13f8c62953f59f3df48b2d408923341e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 06:34:05 GMT
server: Apache
age: 44317249
etag: "1e4c7-593fbc59c9140-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
accept-ranges: bytes
content-length: 6946

GET
H2 200 clientlib-site.css
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ 139 KB
11 KB 309ms
308ms Stylesheet
text/css 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-site.css

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b9cc046e72acb925e799602c95b5d571321378cdf23f7e3870c71ef27fbed489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 21:36:38 GMT
server: Apache
age: 2021613
etag: "22b5e-5e16f33122580-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
accept-ranges: bytes
content-length: 10742

GET
H2 200 image.20210322.png
ppp.firstcitizens.com/content/dam/firstcitizens/images/logos/fcb-logo-horiz-web-2020@2x.png.transform/image-scaled-2x-to-1x/ 6 KB
6 KB 308ms
307ms Image
image/png 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ppp.firstcitizens.com/content/dam/firstcitizens/images/logos/fcb-logo-horiz-web-2020@2x.png.transform/image-scaled-2x-to-1x/image.20210322.png

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b6de4c56745448a1a68eeac5122b9cbe5358c8a1c5b244e0a386f668ec5d4ce0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 Jul 2023 20:09:28 GMT
server: Apache
age: 762050
etag: "18fd-5ffc2fa156e00"
x-vhost: publish-ppp
x-frame-options: SAMEORIGIN
content-type: image/png
accept-ranges: bytes
content-length: 6397

GET
H2 200 clientlibs.css
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/components/structure/footer/ 689 B
604 B 207ms
206ms Stylesheet
text/css 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/components/structure/footer/clientlibs.css

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

33c0beff7c479c8f68edcbe532ad542fbef0e527490d1583c2541f9f0db41048

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 22:26:38 GMT
server: Apache
age: 2021613
etag: "2b1-5cfd5c96e8380-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
accept-ranges: bytes
content-length: 300

GET
H2 200 clientlib-site.js Show response
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ 77 KB
13 KB 110ms
109ms Script
application/javascript 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-site.js

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0cc260dc377d51bbdbbae0b7e24e829e982785f048b2f35bbab2669ebae9f09e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 22:20:03 GMT
server: Apache
age: 2021613
etag: "133e7-5cfd5b1e34ac0-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
content-length: 13175

GET
H2 200 clientlib-app.js Show response
ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/ 8 KB
3 KB 109ms
108ms Script
application/javascript 3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-app.js

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

c9862256ca2730b88b92a0a04dab85955d83484cc0c574b153b3395be7afdcf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 22:26:38 GMT
server: Apache
age: 2021613
etag: "1efa-5cfd5c96e8380-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
accept-ranges: bytes
content-length: 2527

GET
H2

200

app.oktaconfigs.json Show response
ppp.firstcitizens.com/
Redirect Chain

https://ppp.firstcitizens.com/content/firstcitizens-ppp/en/app.oktaconfigs.json
https://ppp.firstcitizens.com/app.oktaconfigs.json

139 B
437 B

107ms
107ms

XHR
application/json

3.234.42.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ppp.firstcitizens.com/app.oktaconfigs.json

Protocol

Server

3.234.42.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-234-42-151.compute-1.amazonaws.com

Software

Apache /

Resource Hash

a05f9106414813eccc556dfcb5f5fc13d1c099c8f1b1f5013b41d6803926ab9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ppp.firstcitizens.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Fri, 14 Jul 2023 15:50:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Feb 2022 14:56:12 GMT
server: Apache
age: 44326446
etag: "8b-5d823d9bc3b00-gzip"
x-vhost: publish-ppp
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/json;charset=utf-8
accept-ranges: bytes
content-length: 128

Redirect headers

location: https://ppp.firstcitizens.com/app.oktaconfigs.json
date: Fri, 14 Jul 2023 15:50:18 GMT
server: Apache
content-length: 258
content-type: text/html; charset=iso-8859-1

OPTIONS
H/1.1 200
OK openid-configuration
login.firstcitizens.com/oauth2/default/.well-known/ Frame 0
0 748ms
366ms Preflight
application/octet-stream 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.firstcitizens.com/oauth2/default/.well-known/openid-configuration

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-okta-user-agent-extended
Access-Control-Request-Method: GET
Origin: https://ppp.firstcitizens.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: https://ppp.firstcitizens.com
Access-Control-Max-Age: 3600
Connection: Keep-Alive
Content-Length: 0
Content-Type: application/octet-stream
Date: Fri, 14 Jul 2023 15:50:19 GMT
Keep-Alive: timeout=5, max=100
Server: nginx
Strict-Transport-Security: max-age=315360000; includeSubDomains
Vary: Origin
Via: 1.1 dca1-bit20007
X-Okta-Request-Id: ZLFuu0UmPCXBtQ43v5YLIAAAAeY

GET
H/1.1 200
OK openid-configuration Show response
login.firstcitizens.com/oauth2/default/.well-known/ 2 KB
4 KB 688ms
395ms XHR
application/json 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.firstcitizens.com/oauth2/default/.well-known/openid-configuration

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-base.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

nginx /

Resource Hash

cfbab9108004617f9c8dd002e970dacb65d2d8eead0093ed34b1baf8b7c6d62d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept: application/json
Referer: https://ppp.firstcitizens.com/
x-okta-user-agent-extended: okta-auth-js/4.5.0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: application/json

Response headers

X-Okta-Request-Id: ZLFuvC82roqmYXIsOnQfngAADcA
Date: Fri, 14 Jul 2023 15:50:20 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
Strict-Transport-Security: max-age=315360000; includeSubDomains
Via: 1.1 dca1-bit20007
content-security-policy-report-only: default-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; connect-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com idx-fcb.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com; style-src 'unsafe-inline' 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' idx-fcb.okta.com idx-fcb-admin.okta.com login.firstcitizens.com login.okta.com; img-src 'self' idx-fcb.okta.com login.firstcitizens.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' idx-fcb.okta.com login.firstcitizens.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
p3p: CP="HONK"
Connection: Keep-Alive
x-xss-protection: 0
Server: nginx
vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://ppp.firstcitizens.com
cache-control: max-age=86400, must-revalidate
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=5, max=100
expires: Sat, 15 Jul 2023 15:50:20 GMT

GET authorize
login.firstcitizens.com/oauth2/default/v1/ 0
0

GET
H/1.1 200
OK Primary Request authorize Show response
login.firstcitizens.com/oauth2/default/v1/ 35 KB
13 KB 792ms
589ms Document
text/html 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email

Requested by

Host: ppp.firstcitizens.com
URL: https://ppp.firstcitizens.com/etc.clientlibs/fcb-ppp/clientlibs/clientlib-base.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

nginx /

Resource Hash

d5b594b26052a51638ae365f3b1f9a2d351a06492c416c924a10e19b2da5fa2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ppp.firstcitizens.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Fri, 14 Jul 2023 15:50:21 GMT
Keep-Alive: timeout=5, max=100
Server: nginx
Strict-Transport-Security: max-age=315360000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 dca1-bit20007
X-Robots-Tag: noindex,nofollow
cache-control: no-cache, no-store
content-language: de
expires: 0
p3p: CP="HONK"
pragma: no-cache
referrer-policy: no-referrer
x-content-type-options: nosniff
x-okta-request-id: ZLFuvQnAAYLhkwkw02DuSgAAC3M
x-rate-limit-limit: 60
x-rate-limit-remaining: 58
x-rate-limit-reset: 1689349880
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H/1.1 200
OK fcb_common.js Show response
login.firstcitizens.com/js/vendor/lib/ 296 KB
170 KB 128ms
127ms Script
application/javascript 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js?cache
Requested by: Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software: /
Resource Hash: 8b7fa92cc38ea079f9e54b371b8636661fc53b427d04197b3f3f5a578b5fe955

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 14 Jul 2023 15:50:21 GMT
Content-Encoding: gzip
Via: 1.1 google, 1.1 dca1-bit20007
Content-Type: application/javascript; charset=UTF-8
X-Ion-Hop: 1
Cache-Control: no-cache, no-store, must-revalidate
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: 0

GET
H/1.1 200
OK fcb_common.js Show response
login.firstcitizens.com/js/vendor/lib/ 296 KB
170 KB 315ms
125ms Script
application/javascript 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js?async
Requested by: Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software: /
Resource Hash: 2a4bcef9eba769028479159a2390663e9a28d44192adae3aa9c1913620715612

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 14 Jul 2023 15:50:21 GMT
Content-Encoding: gzip
Via: 1.1 google, 1.1 dca1-bit20007
Content-Type: application/javascript; charset=UTF-8
X-Ion-Hop: 1
Cache-Control: no-cache, no-store, must-revalidate
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: 0

GET
H/1.1 200
OK fcb_common.js Show response
login.firstcitizens.com/js/vendor/lib/ 296 KB
170 KB 312ms
126ms Script
application/javascript 107.162.164.184
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js
Requested by: Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.162.164.184 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software: /
Resource Hash: 634a54ea4b23520bfbd940e1ddddf8400362569dab488ff512255d9b0e059bf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 14 Jul 2023 15:50:21 GMT
Content-Encoding: gzip
Via: 1.1 google, 1.1 dca1-bit20007
Content-Type: application/javascript; charset=UTF-8
X-Ion-Hop: 1
Cache-Control: no-cache, no-store, must-revalidate
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: 0

GET
H2 200 okta-sign-in.min.js Show response
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/js/ 2 MB
467 KB 104ms
24ms Script
application/javascript 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/js/okta-sign-in.min.js

Requested by

Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=CxcZo4e89802lKuPE3ME2PgluiAaHXGCYj2fsSMWpRM&code_challenge_method=S256&nonce=QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a&scope=openid%20email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

150e3af7522cf663064b4127226e57af9d52e2572c721d6056339cbbb9d9e515

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 22:19:59 GMT
x-amz-meta-sha1sum: 6ec31233f86db84bdd10b97f6a2ef17c3076e0ae
content-encoding: gzip
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 864513e6b3297533e2977136d5580c3c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C1
age: 1445422
x-cache: Hit from cloudfront
last-modified: Tue, 27 Jun 2023 21:19:35 GMT
server: nginx
etag: W/"9d06e814794c7fe76871bb558d89b0bf"
vary: Accept-Encoding
content-type: application/javascript
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: iDQP0OwaqT_YYnr2yZM84KXUZUFOtl6Cacc32c6DacGSOT-_rvLRdA==
expires: Wed, 26 Jun 2024 22:19:59 GMT

GET
H2 200 okta-sign-in.min.css
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/css/ 215 KB
37 KB 167ms
87ms Stylesheet
text/css 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/css/okta-sign-in.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

ea8d801deb6776d5aaf273dfbc42d503fdaaa6f51c8934d0961e3f2a1ba13ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 22:19:59 GMT
x-amz-meta-sha1sum: 2db57e5601a30c7780b40f552a00caa8b9d2793b
content-encoding: gzip
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 864513e6b3297533e2977136d5580c3c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C1
age: 1445422
x-cache: Hit from cloudfront
last-modified: Tue, 27 Jun 2023 21:18:30 GMT
server: nginx
etag: W/"3f2139d29624833001c9b781419b2fa3"
vary: Accept-Encoding
content-type: text/css
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: ej0TAhZV77L2wx5jLY1o3WQBLFiOGG4xQLzlavf_pJNhMjfOFET0xg==
expires: Wed, 26 Jun 2024 22:19:59 GMT

GET
H2 200 custom-signin.241e0fb439244dc50c5929c0513a6765.css
ok7static.oktacdn.com/assets/loginpage/css/ 2 KB
1 KB 166ms
86ms Stylesheet
text/css 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/loginpage/css/custom-signin.241e0fb439244dc50c5929c0513a6765.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
via: 1.1 864513e6b3297533e2977136d5580c3c.cloudfront.net (CloudFront)
date: Sat, 08 Jul 2023 18:48:13 GMT
x-amz-cf-pop: CDG50-C1
age: 507728
x-cache: Hit from cloudfront
last-modified: Tue, 22 Mar 2022 23:50:55 GMT
server: nginx
etag: W/"241e0fb439244dc50c5929c0513a6765"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: RSyL5cdsEEuTl3xn5qJsqy7t4z_peSKpSzWvV889taAWnCvR9DPy3Q==
expires: Sun, 07 Jul 2024 18:48:13 GMT

GET
H2 200 initLoginPage.pack.d05a8c2e6bdf6d212b92af4d6b9cfefe.js Show response
ok7static.oktacdn.com/assets/js/mvc/loginpage/ 204 KB
77 KB 33ms
33ms Script
application/javascript 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.d05a8c2e6bdf6d212b92af4d6b9cfefe.js

Requested by

Host:
URL: OktaUtil.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

bb7b04fe7a146c5260e3f1a82db4c675c3d41f53f0fe4fb7517840cef54f2b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:21:15 GMT
x-amz-meta-sha1sum: 34f075e4d0f6b20eb712a2053d423869bb60771b
content-encoding: gzip
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 864513e6b3297533e2977136d5580c3c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C1
age: 235747
x-cache: Hit from cloudfront
last-modified: Tue, 11 Jul 2023 21:19:33 GMT
server: nginx
etag: W/"d05a8c2e6bdf6d212b92af4d6b9cfefe"
vary: Accept-Encoding
content-type: application/javascript
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: n6HvM4mO1VfYRJdbIIlhrA0XwuYTyTIueYBTsf85lXle_aTCO2ojNg==
expires: Wed, 10 Jul 2024 22:21:15 GMT

GET
H2 200 login_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/ 103 KB
104 KB 62ms
20ms XHR
application/json 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/login_de.json

Requested by

Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js?cache

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 27 Jun 2023 22:31:35 GMT
x-amz-meta-sha1sum: 7be92d7e00372904617ad68b5d887c2d9af54d55
via: 1.1 58efcae4bc8b2ca09d46ef20409fc8e4.cloudfront.net (CloudFront)
strict-transport-security: max-age=315360000; includeSubDomains
x-amz-cf-pop: CDG50-C1
age: 1444727
x-cache: Hit from cloudfront
content-length: 105803
last-modified: Tue, 27 Jun 2023 21:19:41 GMT
server: nginx
etag: "5113b5bf31794d80bb6707d023e46d76"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: 2N2xd025c29lhz5yUw2dp6WHWQ6HnESvPy3PsR8yssNWlHszPNuKXA==
expires: Wed, 26 Jun 2024 22:31:35 GMT

GET
H2 200 country_de.json
ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/ 5 KB
5 KB 62ms
21ms XHR
application/json 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok7static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.7.2/labels/json/country_de.json

Requested by

Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js?cache

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 27 Jun 2023 22:31:35 GMT
x-amz-meta-sha1sum: 251dd1ccca4c80570aee52db71eed703ac579ad8
via: 1.1 58efcae4bc8b2ca09d46ef20409fc8e4.cloudfront.net (CloudFront)
strict-transport-security: max-age=315360000; includeSubDomains
x-amz-cf-pop: CDG50-C1
age: 1444727
x-cache: Hit from cloudfront
content-length: 4805
last-modified: Tue, 27 Jun 2023 21:19:39 GMT
server: nginx
etag: "51bec6463b4f7c5a26ede1fd8ee067f8"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: v2-HXGJw60ajXTOFdtb2yj_UyDyFwXYtUu6HnNV5mFwhNBUB1floJw==
expires: Wed, 26 Jun 2024 22:31:35 GMT

GET
H2 200 fs0tffl89trLqtBlQ357
ok7static.oktacdn.com/fs/bco/1/ 13 KB
14 KB 35ms
33ms Image
image/png 99.86.91.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok7static.oktacdn.com/fs/bco/1/fs0tffl89trLqtBlQ357

Requested by

Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/signin/refresh-auth-state/00kChV8n6qeSC9Aas1LQ0CEIunJYDDsy0BQ-61fx-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.91.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-91-75.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 06:21:44 GMT
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 864513e6b3297533e2977136d5580c3c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C1
age: 984518
x-cache: Hit from cloudfront
content-length: 13298
last-modified: Sat, 24 Jun 2023 03:52:29 GMT
server: nginx
etag: "2af296330f2ce29810cd2c927d225a52"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: OOV92anz1q5h-5CDMwCuKhHKDDFx46UKEMMNxxVDHc6zo_OZQ0WJ7w==
expires: Tue, 02 Jul 2024 06:21:44 GMT

GET
BLOB 200
OK c9a72696-5e0a-4855-9440-dec31ff9f0d8
https://login.firstcitizens.com/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://login.firstcitizens.com/c9a72696-5e0a-4855-9440-dec31ff9f0d8
Requested by: Host: login.firstcitizens.com
URL: https://login.firstcitizens.com/signin/refresh-auth-state/00kChV8n6qeSC9Aas1LQ0CEIunJYDDsy0BQ-61fx-3
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 2479
Content-Type: text/javascript

GET
H/1.1 200
OK iframe.html
login.okta.com/discovery/ Frame 5430 451 B
0 62ms
10ms Document
text/html 108.138.7.85

General

Check archive.org

Show headers Download Go to

Full URL

https://login.okta.com/discovery/iframe.html

Requested by

Host: ok7static.oktacdn.com
URL: https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.d05a8c2e6bdf6d212b92af4d6b9cfefe.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.85 -, , ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 59935
Connection: keep-alive
Content-Length: 451
Content-Type: text/html
Date: Fri, 14 Jul 2023 07:36:13 GMT
ETag: "f8b177440411e7269b647ae1012388bb"
Last-Modified: Thu, 01 Jun 2023 17:31:02 GMT
Server: AmazonS3
Strict-Transport-Security: max-age=31536000; includeSubDomains
Via: 1.1 57eb57a4c7d431365ab5b2e18c495bf4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3n-9IRPDmyZ8_RSpxsaZNctfpforhFFeobuxoFerHfeCXWm4ko3nsQ==
X-Amz-Cf-Pop: FRA56-P6
X-Cache: Hit from cloudfront

GET discoveryIframe-88dc7396afa19c320b05.min.js
login.okta.com/lib/ Frame 5430 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.firstcitizens.com
URL: https://login.firstcitizens.com/oauth2/default/v1/authorize?client_id=0oachrrry6ENRDR9R357&code_challenge=57GzrmyOxcz2XUEMXpft31xsOlzaT7cwVOHwsT6wMlA&code_challenge_method=S256&nonce=vkRq7kyCwyyN7BvC9nTxvp4ps8VXESzIcUXcQZ8Wi9L82bnJT0RYhjAZtO9u6VlE&redirect_uri=https%3A%2F%2Fppp.firstcitizens.com&response_type=code&state=5PNVcfM9PLHU0IO2ckBJShdp79eDLbkhDLNuHc8MhR62gjfkCDXyaAP62taKB2eH&scope=openid%20email

Domain: login.okta.com
URL: https://login.okta.com/lib/discoveryIframe-88dc7396afa19c320b05.min.js

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ppp.firstcitizens.com/	1969-12-31 23:59:59	Name: okta-oauth-redirect-params Value: {%22responseType%22:%22code%22%2C%22state%22:%22CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a%22%2C%22nonce%22:%22QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC%22%2C%22scopes%22:[%22openid%22%2C%22email%22]%2C%22clientId%22:%220oachrrry6ENRDR9R357%22%2C%22urls%22:{%22issuer%22:%22https://login.firstcitizens.com/oauth2/default%22%2C%22authorizeUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/authorize%22%2C%22userinfoUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/userinfo%22%2C%22tokenUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/token%22%2C%22revokeUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/revoke%22%2C%22logoutUrl%22:%22https://login.firstcitizens.com/oauth2/default/v1/logout%22}%2C%22ignoreSignature%22:false}
ppp.firstcitizens.com/	1969-12-31 23:59:59	Name: okta-oauth-nonce Value: QC9pYOIZ4KskcB6kpBPXzcdr4WAhOVvDRVGi4Lq5QkYY1ig9hEsAKdigBQuC4DIC
ppp.firstcitizens.com/	1969-12-31 23:59:59	Name: okta-oauth-state Value: CsYnarKoUKlAJt0H45FDNR1ANpcoFRueUS1co57qltWVYs0aZZE2bdoi2Aa5Ff0a
login.firstcitizens.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 8DF62EDED5FFA67B7F4AFD021EE284B1
login.firstcitizens.com/	1969-12-31 23:59:59	Name: t Value: blue-dark
login.firstcitizens.com/	1970-01-20 22:51:49	Name: DT Value: DI17ovaddlKRBO7ibVaQtBHAA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://login.firstcitizens.com/js/vendor/lib/fcb_common.js?cache Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.firstcitizens.com
login.okta.com
ok7static.oktacdn.com
ppp.firstcitizens.com
login.firstcitizens.com
login.okta.com
107.162.164.184
108.138.7.85
3.234.42.151
99.86.91.75
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
0cc260dc377d51bbdbbae0b7e24e829e982785f048b2f35bbab2669ebae9f09e
150e3af7522cf663064b4127226e57af9d52e2572c721d6056339cbbb9d9e515
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
2a4bcef9eba769028479159a2390663e9a28d44192adae3aa9c1913620715612
33c0beff7c479c8f68edcbe532ad542fbef0e527490d1583c2541f9f0db41048
634a54ea4b23520bfbd940e1ddddf8400362569dab488ff512255d9b0e059bf1
8b7fa92cc38ea079f9e54b371b8636661fc53b427d04197b3f3f5a578b5fe955
a05f9106414813eccc556dfcb5f5fc13d1c099c8f1b1f5013b41d6803926ab9d
a603c6a79c5cf5e715574bba94c7faf13f8c62953f59f3df48b2d408923341e0
a8ee557df40e2e7088010a1d9f89406130b81fe9b8a81f855c82cc52604c8467
b6de4c56745448a1a68eeac5122b9cbe5358c8a1c5b244e0a386f668ec5d4ce0
b767e9b55ba43a99ebd587d3824669be6112257249182b14d7e1025e3ef1d2a8
b926d89f9a405a38640ca6eb4f32aa8107d11c17a6dd7c9627eb0f98f6323fcb
b9cc046e72acb925e799602c95b5d571321378cdf23f7e3870c71ef27fbed489
bb7b04fe7a146c5260e3f1a82db4c675c3d41f53f0fe4fb7517840cef54f2b0b
c9862256ca2730b88b92a0a04dab85955d83484cc0c574b153b3395be7afdcf3
cfbab9108004617f9c8dd002e970dacb65d2d8eead0093ed34b1baf8b7c6d62d
d5b594b26052a51638ae365f3b1f9a2d351a06492c416c924a10e19b2da5fa2b
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
ea8d801deb6776d5aaf273dfbc42d503fdaaa6f51c8934d0961e3f2a1ba13ceb

login.firstcitizens.com Open in urlscan Pro 107.162.164.184 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

85 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

1 Countries

1371 kBTransfer

3899 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

6 Cookies

1 Console Messages

Security Headers

Indicators

login.firstcitizens.com Open in urlscan Pro
107.162.164.184 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

1371 kB
Transfer

3899 kB
Size

6
Cookies

27 HTTP transactions
0 data transactions