myapps.firstcitizens.com Open in urlscan Pro
54.189.255.225  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://firstcitizens.csod.com/samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx Page URL
2. https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	samldefault.aspx Show response firstcitizens.csod.com/	3 KB 2 KB	266ms 205ms	Document text/html	23.32.242.198 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://firstcitizens.csod.com/samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.32.242.198 , Netherlands, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS a23-32-242-198.deploy.static.akamaitechnologies.com Software / Resource Hash 080365e62bf4195760b4440c9b6fcb79b50dac2f030dd80a6fb782689ba33532 Request headers :method GET :authority firstcitizens.csod.com :scheme https :path /samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 content-type text/html; charset=utf-8 expires -1 server x-robots-tag noindex true_route /samldefault.aspx true_status Ok correlation_id 38cd78b4-0b49-4e0d-96f8-5d3c5c3f4c4c s-n ECWT3008 p3p CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD" pics-label (pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0)) vary Accept-Encoding content-encoding gzip date Wed, 20 May 2020 15:34:00 GMT content-length 1979 set-cookie ASP.NET_SessionId=yierio1fadexveupvjd2moyy; path=/; secure; HttpOnly; SameSite=None cache-control no-cache pragma no-cache
POST H/1.1	200 OK	Primary Request Cookie set saml Show response myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/	19 KB 9 KB	921ms 254ms	Document text/html	54.189.255.225 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Requested by Host: firstcitizens.csod.com URL: https://firstcitizens.csod.com/samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.189.255.225 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ok7-crtrs.okta.com Software nginx / Resource Hash d11b1294b9a5b700c494f718dbb24bb1dbe5de7eae2fd145f99bfca71d122c20 Security Headers Name Value Strict-Transport-Security max-age=315360000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block; report=https://okta.report-uri.com/r/d/xss/enforce Request headers Host myapps.firstcitizens.com Connection keep-alive Content-Length 2478 Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 Origin https://firstcitizens.csod.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://firstcitizens.csod.com/samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 Origin https://firstcitizens.csod.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://firstcitizens.csod.com/samldefault.aspx?ouid=3&ReturnUrl=https%3a%2f%2ffirstcitizens.csod.com%2fEPM%2fscheduler%2fTaskReview.aspx Response headers Date Wed, 20 May 2020 15:34:00 GMT Server nginx Content-Type text/html;charset=utf-8 Vary Accept-Encoding X-Okta-Request-Id XsVN6A8VvubxoPGIZHF89QAABbI X-XSS-Protection 1; mode=block; report=https://okta.report-uri.com/r/d/xss/enforce P3P CP="HONK" Cache-Control no-cache, no-store Pragma no-cache Expires 0 X-Frame-Options SAMEORIGIN X-Content-Type-Options nosniff X-UA-Compatible IE=edge Content-Language en Strict-Transport-Security max-age=315360000 X-Robots-Tag none Content-Encoding gzip Set-Cookie ADRUM_BTa="R:137|g:6e855e3a-f6d5-4ad4-8c29-e224302e3b80"; Version=1; Max-Age=30; Expires=Wed, 20-May-2020 15:34:30 GMT; Path=/ ADRUM_BTa="R:137|g:6e855e3a-f6d5-4ad4-8c29-e224302e3b80|n:Okta_6d5b1e30-d05a-4894-a37b-81b5f6c60e0e"; Version=1; Max-Age=30; Expires=Wed, 20-May-2020 15:34:30 GMT; Path=/ ADRUM_BT1="R:137|i:14033"; Version=1; Max-Age=30; Expires=Wed, 20-May-2020 15:34:30 GMT; Path=/ ADRUM_BT1="R:137|i:14033|e:73"; Version=1; Max-Age=30; Expires=Wed, 20-May-2020 15:34:30 GMT; Path=/ sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ JSESSIONID=A8B11C69C4B657891C7731F7F6C26B5A; Path=/; Secure; HttpOnly t=default; Path=/ DT=DI0KfzCza3VSuauWCfuPhMbqA; Expires=Fri, 20-May-2022 15:34:00 GMT; Path=/; Secure Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked
GET H2	200	okta-login-page.min.300274e501342a0eed40af91c36bd800.css ok7static.oktacdn.com/assets/loginpage/css/	183 KB 36 KB	103ms 34ms	Stylesheet text/css	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ok7static.oktacdn.com/assets/loginpage/css/okta-login-page.min.300274e501342a0eed40af91c36bd800.css Requested by Host: myapps.firstcitizens.com URL: https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash 7acb74802564297178ae0f7e2c14b0717fc5a83bc673b40a60bac29665722f0a Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 23:27:58 GMT content-encoding gzip vary Accept-Encoding age 662763 x-cache Hit from cloudfront status 200 access-control-allow-origin * last-modified Tue, 12 May 2020 23:07:43 GMT server nginx etag W/"300274e501342a0eed40af91c36bd800" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" via 1.1 4efecb7b2ace4b001ec9b1d536dcfc43.cloudfront.net (CloudFront) cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-pop HAM50-C1 content-type text/css x-amz-cf-id _LcYOxl3m6U_jEtK9z51dQHcILbJQ4zqG2ZQr4fTtMbSPUTC95WRTg== expires Wed, 12 May 2021 23:27:58 GMT
GET H2	200	fs02yxdpkjXiq5BNk357 ok7static.oktacdn.com/fs/bco/4/	10 KB 11 KB	880ms 811ms	Image image/png	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ok7static.oktacdn.com/fs/bco/4/fs02yxdpkjXiq5BNk357 Requested by Host: myapps.firstcitizens.com URL: https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash c8e4449c64a6f5842a0d010cb9515293649684b8ea9d56a3c10be663cf932da9 Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 20 May 2020 15:34:01 GMT via 1.1 4efecb7b2ace4b001ec9b1d536dcfc43.cloudfront.net (CloudFront) x-amz-cf-pop HAM50-C1 x-cache Miss from cloudfront status 200 content-length 10134 last-modified Wed, 26 Feb 2020 21:36:24 GMT server nginx etag "5467f0ff931c77ea53f851d87d6bd281" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" access-control-allow-origin * cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 accept-ranges bytes content-type image/png x-amz-cf-id RpOK95oKcGwzrn3i6cC17f67_LxOY0xL0hYlH9QLSIhQuSKAKCTE-w== expires Thu, 20 May 2021 15:34:01 GMT
GET H2	200	initLoginPage.pack.4b2dc317e39814fe9436b18b933b58c2.js Show response ok7static.oktacdn.com/assets/js/mvc/loginpage/	1 MB 406 KB	83ms 36ms	Script application/javascript	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.4b2dc317e39814fe9436b18b933b58c2.js Requested by Host: myapps.firstcitizens.com URL: https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash e871b3e9f84aa7f3c32128fc00ca3a7392dd8b74614a3f77fc6ebde3f0e4c064 Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Origin https://myapps.firstcitizens.com Response headers date Tue, 19 May 2020 23:32:52 GMT content-encoding gzip vary Accept-Encoding age 57669 x-cache Hit from cloudfront status 200 access-control-allow-origin * last-modified Tue, 19 May 2020 22:56:32 GMT server nginx etag W/"4b2dc317e39814fe9436b18b933b58c2" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" via 1.1 bf65a83733ea7a81d9100310d3bbbfb8.cloudfront.net (CloudFront) cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-pop HAM50-C1 content-type application/javascript x-amz-cf-id 2ncOTpSNslLji76GleBSGr7TOSh_PXIN5AoNLYXybCpcdx3icEYgIQ== expires Wed, 19 May 2021 23:32:52 GMT
GET H/1.1	200 OK	iframe.html login.okta.com/discovery/ Frame 3DF4	0 0	98ms 23ms	Document text/html	54.230.183.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.okta.com/discovery/iframe.html Requested by Host: ok7static.oktacdn.com URL: https://ok7static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.4b2dc317e39814fe9436b18b933b58c2.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.183.120 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-54-230-183-120.ham50.r.cloudfront.net Software AmazonS3 / Resource Hash Request headers Host login.okta.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Response headers Content-Type text/html Content-Length 546 Connection keep-alive Last-Modified Thu, 09 Jan 2020 20:55:35 GMT Server AmazonS3 Date Wed, 20 May 2020 03:14:31 GMT ETag "ba966ef1e20f80a6bc3f7ca5b8a9e168" X-Cache Hit from cloudfront Via 1.1 ef32d25cab1f0dec4c6ff87f7986fe03.cloudfront.net (CloudFront) X-Amz-Cf-Pop HAM50-C3 X-Amz-Cf-Id cIcg0u4c0uQjVX30AUq3zo0-mIOqjy99GAxqRhqajMsqMJC4vQb9XQ== Age 44521
GET H2	200	fs01l8j4saNcMEdk0357 ok7static.oktacdn.com/fs/bco/1/	13 KB 14 KB	51ms 50ms	Image image/png	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ok7static.oktacdn.com/fs/bco/1/fs01l8j4saNcMEdk0357 Requested by Host: myapps.firstcitizens.com URL: https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash 081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98 Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 19 May 2020 13:29:32 GMT via 1.1 4efecb7b2ace4b001ec9b1d536dcfc43.cloudfront.net (CloudFront) age 93869 x-cache Hit from cloudfront status 200 content-length 13298 last-modified Tue, 15 Oct 2019 20:34:49 GMT server nginx etag "2af296330f2ce29810cd2c927d225a52" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" access-control-allow-origin * cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-pop HAM50-C1 accept-ranges bytes content-type image/png x-amz-cf-id rC9A8UUJ0XoTketB6ygZYdmWtavg6M76DORyNnhjx3NO07nQsip0WQ== expires Wed, 19 May 2021 13:29:32 GMT
GET H2	200	checkbox-sign-in-widget.7846b2f8c6d0a7ca69fdd3d3c294e92d.png ok7static.oktacdn.com/assets/loginpage/img/ui/forms/	3 KB 4 KB	24ms 23ms	Image image/png	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ok7static.oktacdn.com/assets/loginpage/img/ui/forms/checkbox-sign-in-widget.7846b2f8c6d0a7ca69fdd3d3c294e92d.png Requested by Host: myapps.firstcitizens.com URL: https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash 40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665 Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers Referer https://ok7static.oktacdn.com/assets/loginpage/css/okta-login-page.min.300274e501342a0eed40af91c36bd800.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 03 May 2020 01:42:03 GMT via 1.1 4efecb7b2ace4b001ec9b1d536dcfc43.cloudfront.net (CloudFront) age 1518718 x-cache Hit from cloudfront status 200 content-length 3141 last-modified Tue, 18 Dec 2018 21:10:16 GMT server nginx etag "7846b2f8c6d0a7ca69fdd3d3c294e92d" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" access-control-allow-origin * cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-pop HAM50-C1 accept-ranges bytes content-type image/png x-amz-cf-id gdzAcZ57dSpwRPqUfLMz5FiX61YueVyWNI5qStZ9zfc_xCCOOAiUKw== expires Mon, 03 May 2021 01:42:03 GMT
GET H2	200	fs01lj1fcjvqPZiQv357 ok7static.oktacdn.com/fs/bco/7/	64 KB 65 KB	49ms 49ms	Image image/jpeg	52.222.182.59 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ok7static.oktacdn.com/fs/bco/7/fs01lj1fcjvqPZiQv357 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.222.182.59 Seattle, United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-182-59.ham50.r.cloudfront.net Software nginx / Resource Hash 7c0ca6e51793e0c6d86cb7bd5bf1a9e38fab64ef33234a69862f67df2cb945de Security Headers Name Value Strict-Transport-Security max-age=315360000 Request headers Referer https://myapps.firstcitizens.com/app/firstcitizensbank_cornerstonelearninggateway_1/exk2xtwjsxFtFqFQi357/sso/saml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 12 May 2020 16:00:17 GMT via 1.1 4efecb7b2ace4b001ec9b1d536dcfc43.cloudfront.net (CloudFront) age 689624 x-cache Hit from cloudfront status 200 content-length 65840 last-modified Wed, 16 Oct 2019 16:27:56 GMT server nginx etag "4c4b337e27dce38dc6f6da0f7dcec718" strict-transport-security max-age=315360000 public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" access-control-allow-origin * cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-pop HAM50-C1 accept-ranges bytes content-type image/jpeg x-amz-cf-id qIzgZ7wMYmiQk3JVxbfzsOJCEIX9hZ0cB5dryWQq8t9ftLALIISRrg== expires Wed, 12 May 2021 16:00:17 GMT

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| okta function| runLoginPage object| OktaLogin object| jQBrowser object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| Backbone function| jQueryCourage

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			myapps.firstcitizens.com/	1969-12-31 23:59:59	Name: t Value: default
			myapps.firstcitizens.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: A8B11C69C4B657891C7731F7F6C26B5A
			myapps.firstcitizens.com/	1970-01-20 03:11:00	Name: DT Value: DI0KfzCza3VSuauWCfuPhMbqA
			myapps.firstcitizens.com/	1970-01-19 09:39:48	Name: ADRUM_BT1 Value: "R:137|i:14033|e:73"
			myapps.firstcitizens.com/	1970-01-19 09:39:48	Name: ADRUM_BTa Value: "R:137|g:6e855e3a-f6d5-4ad4-8c29-e224302e3b80|n:Okta_6d5b1e30-d05a-4894-a37b-81b5f6c60e0e"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firstcitizens.csod.com
login.okta.com
myapps.firstcitizens.com
ok7static.oktacdn.com
23.32.242.198
52.222.182.59
54.189.255.225
54.230.183.120
080365e62bf4195760b4440c9b6fcb79b50dac2f030dd80a6fb782689ba33532
081f903294a159671406244f9cb89945a499c7515921af1eb1faa4be13d69c98
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
7acb74802564297178ae0f7e2c14b0717fc5a83bc673b40a60bac29665722f0a
7c0ca6e51793e0c6d86cb7bd5bf1a9e38fab64ef33234a69862f67df2cb945de
c8e4449c64a6f5842a0d010cb9515293649684b8ea9d56a3c10be663cf932da9
d11b1294b9a5b700c494f718dbb24bb1dbe5de7eae2fd145f99bfca71d122c20
e871b3e9f84aa7f3c32128fc00ca3a7392dd8b74614a3f77fc6ebde3f0e4c064