partners1stcu.org Open in urlscan Pro
67.227.180.62 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Submission: On January 04 via manual (January 4th 2024, 2:52:45 pm UTC) from US — Scanned from DE

Summary HTTP 33 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 33 HTTP transactions. The main IP is 67.227.180.62, located in United States and belongs to LIQUIDWEB, US. The main domain is partners1stcu.org. The Cisco Umbrella rank of the primary domain is 612899.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on September 13th 2023. Valid for: a year.

This is the only time partners1stcu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	67.227.180.62 67.227.180.62	32244 (LIQUIDWEB) (LIQUIDWEB)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	2600:9000:21c... 2600:9000:21c7:1000:17:4c3f:1b80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	52.217.230.160 52.217.230.160	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e6:... 2606:4700:e6::ac40:c01b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::ac43:b9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	2600:9000:202... 2600:9000:2022:2a00:0:99b9:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.159.68.202 18.159.68.202	16509 (AMAZON-02) (AMAZON-02)
1	52.3.14.134 52.3.14.134	14618 (AMAZON-AES) (AMAZON-AES)
33	16

5 67.227.180.62 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: webhost2.avtecmedia.com

partners1stcu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21c7:1000:17:4c3f:1b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.glia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.230.160 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e6::ac40:c01b (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:b9b (United States)

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2022:2a00:0:99b9:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

libs.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.68.202 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-68-202.eu-central-1.compute.amazonaws.com

84727.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.14.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-14-134.compute-1.amazonaws.com

client-logger.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	salemove.com libs.salemove.com — Cisco Umbrella Rank: 36273 client-logger.salemove.com — Cisco Umbrella Rank: 24109	406 KB
5	partners1stcu.org partners1stcu.org — Cisco Umbrella Rank: 612899	118 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101 region1.google-analytics.com — Cisco Umbrella Rank: 1695	21 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 5839	29 KB
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 6951 cdn.acsbapp.com — Cisco Umbrella Rank: 7547	90 KB
2	gstatic.com fonts.gstatic.com	97 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	89 KB
2	glia.com api.glia.com — Cisco Umbrella Rank: 26252	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	151 KB
1	siteimproveanalytics.io 84727.global.siteimproveanalytics.io	475 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8778	9 KB
1	amazonaws.com s3.us-east-1.amazonaws.com	195 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	3 KB
33	14

	Domain	Requested by
6	libs.salemove.com	api.glia.com libs.salemove.com
5	partners1stcu.org	partners1stcu.org
3	static.addtoany.com	partners1stcu.org static.addtoany.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	partners1stcu.org www.google-analytics.com
2	connect.facebook.net	partners1stcu.org connect.facebook.net
2	api.glia.com	partners1stcu.org api.glia.com
2	www.googletagmanager.com	partners1stcu.org
1	client-logger.salemove.com	libs.salemove.com
1	cdn.acsbapp.com	acsbapp.com
1	84727.global.siteimproveanalytics.io	partners1stcu.org
1	www.facebook.com	partners1stcu.org
1	acsbapp.com	partners1stcu.org
1	siteimproveanalytics.com	partners1stcu.org
1	region1.google-analytics.com	www.googletagmanager.com
1	s3.us-east-1.amazonaws.com	partners1stcu.org
1	fonts.googleapis.com	partners1stcu.org
33	17

This site contains links to these domains. Also see Links.

Domain
accessibe.com
m.partners1stcu.org
o.partners1stcu.org
partners1stcu.everfi-next.net
www.addtoany.com
www.facebook.com
twitter.com
www.linkedin.com
www.hud.gov
www.mycreditunion.gov
www.co-opfs.org

Subject Issuer	Validity	Valid
partners1stcu.org ZeroSSL RSA Domain Secure Site CA	`2023-09-13` - `2024-09-12`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.glia.com Amazon RSA 2048 M01	`2023-06-18` - `2024-07-15`	a year	crt.sh
static.addtoany.com E1	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-13` - `2024-01-11`	3 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-10`	9 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
siteimproveanalytics.com GTS CA 1P5	`2023-12-27` - `2024-03-26`	3 months	crt.sh
acsbapp.com GTS CA 1P5	`2023-12-26` - `2024-03-25`	3 months	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M03	`2023-10-26` - `2024-11-23`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Frame ID: 7E9B21A9BB7CD6758C5327CA75B23337
Requests: 32 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: C7CBF15278B4329E5100977E1C4A1626
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postcard Scam: Mortgage Notice | Partners 1st Federal Credit Unionmagnifying-glassshareGroupGroup

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

33
Requests

100 %
HTTPS

75 %
IPv6

14
Domains

17
Subdomains

16
IPs

2
Countries

1229 kB
Transfer

3563 kB
Size

9
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://accessibe.com/blog/knowledgebase/screen-reader-guide
Title: Accessibility Screen-Reader Guide, Feedback, and Issue Reporting

Search URL Search Domain Scan URL

URL: https://m.partners1stcu.org/DirectAccessUI/Index?Flag=1
Title: Make a Payment

Search URL Search Domain Scan URL

URL: https://o.partners1stcu.org/index.htm
Title: AccountLogin

Search URL Search Domain Scan URL

URL: https://partners1stcu.everfi-next.net/welcome/financialeducation-achieve
Title: Learn More About Money

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&title=Postcard%20Scam%3A%20Mortgage%20Notice%20%7C%20Partners%201st%20Federal%20Credit%20Union
Title: share Share This

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Partners1st

Search URL Search Domain Scan URL

URL: https://twitter.com/partners1st

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/partners-1st-federal-credit-union

Search URL Search Domain Scan URL

URL: https://www.hud.gov/program_offices/fair_housing_equal_opp
Title: Group

Search URL Search Domain Scan URL

URL: https://www.mycreditunion.gov/share-insurance
Title: Group

Search URL Search Domain Scan URL

URL: https://www.co-opfs.org/Solutions/Engage/CO-OP-Shared-Branch

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request postcard-scam-mortgage-notice Show response
partners1stcu.org/report-fraud/recent-scams/ 267 KB
81 KB 586ms
296ms Document
text/html 67.227.180.62
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.227.180.62 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: webhost2.avtecmedia.com
Software: Apache / Craft CMS
Resource Hash: 2145ed662e3dd4fef471a0c650fb15bad6f8b434ea54ab40b899c5ff8e77c2b2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=600
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 04 Jan 2024 14:52:39 GMT
Expires: Thu, 04 Jan 2024 15:02:39 GMT
Keep-Alive: timeout=2, max=500
Link: <https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice>; rel='canonical'
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Transfer-Encoding: chunked
Vary: Accept-Encoding,User-Agent
X-Powered-By: Craft CMS
X-Robots-Tag: all

GET
H2 200 css2
fonts.googleapis.com/ 46 KB
3 KB 126ms
75ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e5bc9e669b9bc6631d7c12bf04e76e30b8d9c772fccf54c045cd3ef25d9c4cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 14:52:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Jan 2024 14:52:40 GMT

GET
H/1.1 200
OK app.css
partners1stcu.org/dist/css/ 99 KB
15 KB 409ms
144ms Stylesheet
text/css 67.227.180.62
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://partners1stcu.org/dist/css/app.css?id=97fc6ee2cebf04545e53
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.227.180.62 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: webhost2.avtecmedia.com
Software: Apache /
Resource Hash: fbbe0608ed226a1e1800a7c56caaa3e46ff933e33994cca3ef342e30dc7ebee8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 14:52:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 13:52:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=499
Content-Length: 14506
Expires: Sat, 03 Feb 2024 14:52:40 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
91 KB 95ms
43ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CJ92GHSQB0

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

029736f12614963e2ce49c3f1e6663bcd1420c350be07eb0f0aab459bf827ed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93069
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Jan 2024 14:52:40 GMT

GET
H/1.1 200
OK fontfaceobserver.js Show response
partners1stcu.org/dist/js/ 5 KB
2 KB 137ms
137ms Script
application/javascript 67.227.180.62
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://partners1stcu.org/dist/js/fontfaceobserver.js?id=db4885ca3ce0993415d6
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.227.180.62 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: webhost2.avtecmedia.com
Software: Apache /
Resource Hash: 36a30fb5c65b7a386b45debbc89bd8b8c1dd7a87eda439acabeb0bfb621b14ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 14:52:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 13:52:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=498
Content-Length: 1948
Expires: Sat, 03 Feb 2024 14:52:40 GMT

GET
H/1.1 200
OK app.js Show response
partners1stcu.org/dist/js/ 58 KB
20 KB 149ms
144ms Script
application/javascript 67.227.180.62
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://partners1stcu.org/dist/js/app.js?id=0c1c26f5586aa32c297e
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.227.180.62 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: webhost2.avtecmedia.com
Software: Apache /
Resource Hash: c311236dc340eafeaf1e99934cf8705d37020bfc6287625af455977dea1825b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 14:52:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 13:52:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=500
Content-Length: 19652
Expires: Sat, 03 Feb 2024 14:52:40 GMT

GET
H2 200 salemove_integration.js Show response
api.glia.com/ 9 KB
9 KB 156ms
28ms Script
application/javascript 2600:9000:21c7:1000:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/salemove_integration.js

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c7:1000:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98c4f278eda9ece02de780ade87040aded5a31e7a4f62779e6b138ea75a1fab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
date: Thu, 04 Jan 2024 14:51:39 GMT
via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
last-modified: Wed, 03 Jan 2024 10:57:46 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 65
x-amz-server-side-encryption: AES256
etag: "f8d4588f3f471377a4aa0e43effd9b27"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 8885
x-amz-cf-id: _AstFoNhD6C2IuhXkEuPdtOFWpT2bu-UY2D9F1yKuBX67fjENMc96w==

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 95ms
33ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54a41a067d6b8c3c9d9161cbcd63ef437b70029f56e12ad443d247c199d3054b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14516
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"1360f39ce298a46ab4d839930011f62c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aezwKfzQfC4t5UWp5jkA9P%2FYQNR0Do6ZVn6yCGBNI0U4KtVEUZjN7hok%2BLPA0XmaJHqh%2FAeOtraGuQt%2FWSuA3E4%2BL5302mXK8ETeB71ujlYX6N8pJLfk%2BDub90kkTXOrwBz5Jsvt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 84044e800a12bb8f-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 167 KB
60 KB 38ms
36ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K9CCKKQ

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e2051f5e04e70c8b9d3c759ee8196dac0c0601b6893dc96f2461bb74a54bd85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61543
x-xss-protection: 0
last-modified: Thu, 04 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jan 2024 14:52:40 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 67ms
23ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jan 2024 14:52:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: eh2uLKSvDZUY1xu1o+51Y0QDlpO1e+M9ZExc9vg3+Hd7nOwrO8ECetA1MA4w5NrIwsfHlDTZn3pbfLiVECo3Mg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 75ms
22ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 04 Jan 2024 13:48:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3863
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 04 Jan 2024 15:48:17 GMT

GET
H/1.1 200
OK banner-squares.svg
partners1stcu.org/dist/svgs/ 2 KB
772 B 247ms
136ms Image
image/svg+xml 67.227.180.62
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners1stcu.org/dist/svgs/banner-squares.svg
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/dist/css/app.css?id=97fc6ee2cebf04545e53
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 67.227.180.62 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: webhost2.avtecmedia.com
Software: Apache /
Resource Hash: dcb385c05d927d627aa1bea39a2505d6464e43d9cc809c12782e671d44f1e7e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/dist/css/app.css?id=97fc6ee2cebf04545e53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 14:52:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 13:52:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Cache-Control: max-age=172800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=500
Content-Length: 397
Expires: Sat, 06 Jan 2024 14:52:40 GMT

GET
H/1.1 200
OK Business-Account-Review.jpg
s3.us-east-1.amazonaws.com/assets.partners1stcu.org/uploads/Pages/Business/_2240xAUTO_crop_center-center_none/ 195 KB
195 KB 446ms
205ms Image
image/jpeg 52.217.230.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-1.amazonaws.com/assets.partners1stcu.org/uploads/Pages/Business/_2240xAUTO_crop_center-center_none/Business-Account-Review.jpg
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.230.160 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0803da19b49452eea39d7d7286194f83aadcfdbe9a5e7d7908f1e6fa483ed664

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Thu, 04 Jan 2024 14:52:41 GMT
x-amz-version-id: hmRw6UP9FdDW.D7tkIA9NZKeCkp8mqOX
Last-Modified: Mon, 06 Mar 2023 13:01:42 GMT
Server: AmazonS3
x-amz-request-id: 15TQQ8G8ZWBZQ6NX
ETag: "188895762bb71e2f3191bef52016ec91"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Length: 199437
x-amz-id-2: j8721LE4QRl5JN6mbvJDrgGehhJTwQt9XZft+V2lD3d28RhhpcCTPoEklWf4TrW7oOsgS0bH74o=

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 79ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-CJ92GHSQB0&gtm=45je3bt0v9103668771z89103668817&_p=1704379960402&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=628498285.1704379960&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704379960&sct=1&seg=0&dl=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&dt=Postcard%20Scam%3A%20Mortgage%20Notice%20%7C%20Partners%201st%20Federal%20Credit%20Union&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1077
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CJ92GHSQB0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 14:52:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://partners1stcu.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
209 B 30ms
29ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1510478289&t=pageview&_s=1&dl=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&ul=en-us&de=UTF-8&dt=Postcard%20Scam%3A%20Mortgage%20Notice%20%7C%20Partners%201st%20Federal%20Credit%20Union&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAEABAAAAACAAI~&jid=2078563179&gjid=1427464169&cid=628498285.1704379960&tid=G-CJ92GHSQB0&_gid=469643109.1704379960&_r=1&_slc=1&z=931445707

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Jan 2024 14:52:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://partners1stcu.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 469511686890868 Show response
connect.facebook.net/signals/config/ 130 KB
34 KB 90ms
89ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/469511686890868?v=2.9.138&r=stable&domain=partners1stcu.org

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e36b67394224da1ca83124ddf67ee4cf2defd97f44b4f58fe1433f61316924a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Jan 2024 14:52:40 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: XEkdgTWcUiUlgXVp8FhcnyOcW8E0TNamgjX9ETY7vtzSxS4SVyW3S/E9o9XwMP7qondheoYBQBygg3z5mrWmPg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 73ms
22ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://partners1stcu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 06:01:29 GMT
x-content-type-options: nosniff
age: 31871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 06:01:29 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v40/ 49 KB
49 KB 96ms
45ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://partners1stcu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 06:36:28 GMT
x-content-type-options: nosniff
age: 29772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50296
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:10:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 06:36:28 GMT

GET
H2 200 siteanalyze_84727.js Show response
siteimproveanalytics.com/js/ 26 KB
9 KB 120ms
46ms Script
application/javascript 2606:4700:e6::ac40:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_84727.js
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c01b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72bad2126bc4327b3b21b982565564a990669164984eede02a97a7ec62df0dd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: CWQ5NKY1702GSDEZ
age: 286
alt-svc: h3=":443"; ma=86400
content-length: 8959
x-amz-id-2: jvIHfy+v+157LEd24obPqvWhKaF7xrduV2FVisedyjOTJBAza/MOpFYO/CHhC0sBsjgqAtAgH0g=
last-modified: Wed, 07 Jun 2023 19:16:52 GMT
server: cloudflare
etag: "012a5f70704daf3b232133ceeb3b05ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzecv51XWYrBk%2BQX7YX5snQU9lUQICQaRrcjkIpQsvpW8Rjne0WemC4Wzz8hetCJNQYefCHZk9CndY%2F0E85fObvxhtAi0FaBQnMOvz6L3LTldNzyoWskAny2gHc1WHu%2F7%2FYYiMvz7bzFvY8S1Odx%2FXauPRLhoD8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 84044e81fa9a6fd5-CDG

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 293 KB
89 KB 199ms
145ms Script
application/javascript 2606:4700:10::ac43:b9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9e1a2d665b18f3721a26080f2d15c7de8db3e71a8d802a0c88e0aee6a34862a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ABPtcPohuAJIXSgUB4Hys1g-Agc3K-OcS3soaQzuGpPor6aibkOkF3AxxOT-f_uabjQ_Gzmel9lvNwBYhw
x-goog-storage-class: STANDARD
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Thu, 04 Jan 2024 13:53:03 GMT
server: cloudflare
etag: W/"9a4c40df3ed59b996f0ccab5bfb6cc27"
vary: Accept-Encoding
x-goog-generation: 1704376383106975
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ju+pfw==, md5=mkxA3z7Vm5lvDMq1v7bMJw==
access-control-expose-headers: *
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 300129
cf-ray: 84044e81ccac37fb-FRA
expires: Fri, 03 Jan 2025 14:52:40 GMT

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame C7CB 677 B
745 B 34ms
33ms Document
text/html 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 18178
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 84044e817b7bbb8f-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 04 Jan 2024 14:52:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCc2Z%2Fcdqzcy%2BxIa7O%2FivcNJedawEMZ5FaE34vIC81dG3L73EuIfojbHw9Yb4XJ0%2BC%2Bx1vCa2pEf44%2FXY8sJLgKk4%2FP2O%2BXLSyU%2BeBMR2%2FQDvtRlmz11DUtSy2h8Bi8T%2BzZ7g65xea5OFt6FVicDU3Q8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.0lg1QMGN.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 88ms
44ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.0lg1QMGN.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c03fc7c2991c6ff541ec79af79825f54c15ab7bbea66f5a0c6635300de5e2ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Origin: https://partners1stcu.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"f7a2848ba5154bff921586a6e44f406d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVACvuA0FQ7TNpLuREwKaHJdldMjThChuhaeN5zKVAmJH8iZMQ1TGWPqikdH1I%2Bt%2Fo844biiKicJAW3yR4HiteXGzw1e4sBm2F6H7fvDdAllXdrFmaGf%2FjLQyFy9fMpYfrUaBWhy%2FETecsbHbCdbIsLK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 84044e81be1818f3-FRA

POST
H2 200 visitor_config Show response
api.glia.com/ 10 KB
11 KB 137ms
137ms XHR
application/json 2600:9000:21c7:1000:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/visitor_config?referrer=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&

Requested by

Host: api.glia.com
URL: https://api.glia.com/salemove_integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c7:1000:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

855f23e2416aebea699aee5fff944fb9e405d3f6bcfca46d900611161786f35d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront
content-length: 10090
access-control-max-age: 7200
access-control-allow-methods: ["GET, POST, PUT, PATCH, OPTIONS, HEAD, DELETE"]
content-type: application/json
access-control-allow-origin: https://partners1stcu.org
access-control-expose-headers
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
vary: Origin
x-site-visitor-config: true
access-control-allow-headers: Content-Type, Accept, Authorization
x-amz-cf-id: uGIXsr9uqvTNLncO8r51lZjVOOqvZN0YfMvPzlowjSuHCFgn5h4WMg==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 70ms
23ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=469511686890868&ev=PageView&dl=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&rl=&if=false&ts=1704379960636&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1704379960635.365139124&ler=empty&it=1704379960527&coo=false&rqm=GET

Requested by

Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 04 Jan 2024 14:52:40 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 bootstrapper-9495c26fc.js Show response
libs.salemove.com/visitor/ 636 KB
166 KB 153ms
44ms Script
application/javascript 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Requested by

Host: api.glia.com
URL: https://api.glia.com/salemove_integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c7a85dc6dd6ba5b2aa0aee70d383364a3dab49566a85838538dbefb84f8f0962

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 13:04:46 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 697675
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 27 Dec 2023 12:43:35 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:fbe646232516bdb40b2a762d6f6d091f
etag: W/"fbe646232516bdb40b2a762d6f6d091f"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 5YSV6nkn-QMHweP4avwfZUDZUVJGzXlqBDdceyY4og8cLxc3L7Hkpw==

GET
H2 200 image.aspx
84727.global.siteimproveanalytics.io/ 34 B
475 B 154ms
23ms Image
image/gif 18.159.68.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://84727.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fpartners1stcu.org%2Freport-fraud%2Frecent-scams%2Fpostcard-scam-mortgage-notice&title=Postcard%20Scam%3A%20Mortgage%20Notice%20%7C%20Partners%201st%20Federal%20Credit%20Union&res=1600x1200&accountid=84727&rt=1320&prev=e17f78a6-664f-f285-b1fd-9354b7e73200&luid=ce784ad6-178d-9563-5f6d-a31a91ef2b11&rnd=99302
Requested by: Host: partners1stcu.org
URL: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.68.202 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-68-202.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 04 Jan 2024 14:52:40 GMT
cache-control: max-age=0
content-length: 34
expires: Thu, 04 Jan 2024 14:52:40 UTC

GET
H2 200 config.json Show response
cdn.acsbapp.com/config/partners1stcu.org/ 163 B
713 B 196ms
147ms Fetch
application/json 2606:4700:10::ac43:b9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acsbapp.com/config/partners1stcu.org/config.json
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7132d24727a49b799457a63369ea663f132e8a73a387282e19bc61b99223fc11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 14:52:40 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ABPtcPrhYqLVa1IKvb5slrZ1Y3ohIzminHRb_k6EDUvrRF81usaNIAjatsnkpcdSe2OCNULqRSs4OPgXjA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 05 Dec 2023 13:39:17 GMT
server: cloudflare
etag: W/"c184fc5e704742fb7926d85444cb8fa6"
vary: Accept-Encoding
x-goog-hash: crc32c=MP04pQ==, md5=wYT8XnBHQvt5JthURMuPpg==
x-goog-generation: 1701783557352748
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 163
cf-ray: 84044e836fb74db6-FRA
expires: Fri, 03 Jan 2025 14:52:40 GMT

GET
H2 200 webcomponents_es5-9495c26fc.js Show response
libs.salemove.com/visitor/ 936 B
1 KB 38ms
38ms Script
application/javascript 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/webcomponents_es5-9495c26fc.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 13:04:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 697674
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 936
last-modified: Wed, 27 Dec 2023 12:43:36 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:f86098c5208655efb405300993461936
etag: "f86098c5208655efb405300993461936"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: bqYwFx1eCxoVQL3wy6M0n2MnstXFNqlDT9p-VLuH8_yvtusFl8PhOQ==

GET
H2 200 visitor-app.4ba6d1fb-0bd64a96.min.js Show response
libs.salemove.com/ 686 KB
198 KB 46ms
45ms Script
application/javascript 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.4ba6d1fb-0bd64a96.min.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1ccac5450892818feaeb8574c8e20bc6813decc9dad15b647f9881f259c747e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 09:20:08 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 19954
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 04 Jan 2024 08:46:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:e4ef4c31b3325738f65135fbb8b276cb
etag: W/"e4ef4c31b3325738f65135fbb8b276cb"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: fVTiJ5iWFhgQ1LwTXStN4dCrtWcU4CwMnilNCamlDKsGpOHQjQJ8hA==

GET
H2 200 visitor-app.4ba6d1fb-0bd64a96.default.css
libs.salemove.com/ 206 KB
31 KB 40ms
40ms Stylesheet
text/css 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.4ba6d1fb-0bd64a96.default.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 09:20:08 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 19954
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 04 Jan 2024 08:46:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:593e94f08cd3472f4bd4420fc198b2a7
etag: W/"593e94f08cd3472f4bd4420fc198b2a7"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: FOejxLuu7FhDwg_UzzGl3_kBa1sCw8UhbdHmCEdNl2AHgA7mGKbtyQ==

GET
H2 200 gva-custom-chat-renderer.1944c65.js Show response
libs.salemove.com/ 23 KB
8 KB 80ms
79ms Script
application/javascript 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.1944c65.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4de1e4e94729ce929801e7c715eda145616022bf710725fedd75341575963d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:53:02 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 665980
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 27 Dec 2023 20:22:26 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:204546f89ba38129ede1d80f35aace1c
etag: W/"204546f89ba38129ede1d80f35aace1c"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: SD6e2ygiNtzeZMWjL5A4WcDypvrkb9sRpzrim6jOWH7JVCuNUg-AFA==

GET
H2 200 gva-custom-chat-renderer.1944c65.css
libs.salemove.com/ 8 KB
2 KB 80ms
80ms Stylesheet
text/css 2600:9000:2022:2a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.1944c65.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2022:2a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

209b30289a4367d767e9e4bc98c4a1ad08a00e9b1e665f00dbad5741802b5e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 21:53:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 2e4c2344cd099ed266066e71273e3540.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-C1
age: 665979
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 27 Dec 2023 20:22:26 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:91913bc6898ba7a92c9a2edee76e2042
etag: W/"91913bc6898ba7a92c9a2edee76e2042"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: vI93Ks-3EsyrQ98C_XYIIrW8fXMBPPuzjW0srIwkj1EKVDL8b5-BdA==

POST
H/1.1 204
No Content /
client-logger.salemove.com/ 0
0 554ms
258ms Fetch 52.3.14.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://client-logger.salemove.com/

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-9495c26fc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.3.14.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-14-134.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://partners1stcu.org/report-fraud/recent-scams/postcard-scam-mortgage-notice
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000
date: Thu, 04 Jan 2024 14:52:44 GMT
server: envoy
vary: Origin
access-control-max-age: 7200
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
x-envoy-upstream-service-time: 2

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.partners1stcu.org/	1970-01-21 03:02:19	Name: _ga_CJ92GHSQB0 Value: GS1.1.1704379960.1.0.1704379960.0.0.0
.partners1stcu.org/	1970-01-21 03:02:19	Name: _ga Value: GA1.2.628498285.1704379960
.partners1stcu.org/	1970-01-20 17:27:46	Name: _gid Value: GA1.2.469643109.1704379960
.partners1stcu.org/	1970-01-20 17:26:20	Name: _gat Value: 1
.partners1stcu.org/	1970-01-20 19:35:55	Name: _fbp Value: fb.1.1704379960635.365139124
partners1stcu.org/	1970-01-21 02:11:55	Name: fontsLoaded Value: true
api.glia.com/	1970-01-21 02:11:55	Name: visitor_session Value: eyJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDQzNzk5NjAsInZpc2l0b3JfaWQiOiI5ZWZiOGQ0Ni1mMGM0LTQxMWItYjkzMS04NzI2MGJjOWVjOTUiLCJpc3MiOiJHbGlhIFNpdGUgVmlzaXRvciBDb25maWciLCJraWQiOiI5MzE3Y2FmYi1kM2I1LTRiZTUtYjhiZC1lZDdiOGExZTZkZTgifQ.EU4JzoTLzNecOSc31mW97YpTcPsQKxwhHkRrB3DFbmhtFQGh5V67dNMBcwFT_bgCQwD34nOR7OBEq4zqcmrNKw
.partners1stcu.org/	1970-01-21 03:02:19	Name: nmstat Value: e17f78a6-664f-f285-b1fd-9354b7e73200
84727.global.siteimproveanalytics.io/	1970-01-20 17:36:24	Name: AWSALBCORS Value: lzWboKQKLDL5oRtijhCCgasDqbD0kiZN65lAjricOwGfcEIdAhGJNmSzwxWxYKnkVNBrCr9ZGGojiBjSIcCYLWn0Q2kHNBowv4NyqmsnRPYMKXdx/BukiODR84Bc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

84727.global.siteimproveanalytics.io
acsbapp.com
api.glia.com
cdn.acsbapp.com
client-logger.salemove.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
libs.salemove.com
partners1stcu.org
region1.google-analytics.com
s3.us-east-1.amazonaws.com
siteimproveanalytics.com
static.addtoany.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
18.159.68.202
2001:4860:4802:32::36
2600:9000:2022:2a00:0:99b9:cd80:93a1
2600:9000:21c7:1000:17:4c3f:1b80:93a1
2606:4700:10::ac43:2794
2606:4700:10::ac43:b9b
2606:4700:e6::ac40:c01b
2a00:1450:4001:812::2003
2a00:1450:4001:813::2008
2a00:1450:4001:82a::200e
2a00:1450:4001:831::200a
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
52.217.230.160
52.3.14.134
67.227.180.62
029736f12614963e2ce49c3f1e6663bcd1420c350be07eb0f0aab459bf827ed7
0803da19b49452eea39d7d7286194f83aadcfdbe9a5e7d7908f1e6fa483ed664
0d8601a776b7dc777cd23bc42392d05a43df0d6402328e8913b58811083b513d
0e5bc9e669b9bc6631d7c12bf04e76e30b8d9c772fccf54c045cd3ef25d9c4cd
1ccac5450892818feaeb8574c8e20bc6813decc9dad15b647f9881f259c747e5
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
209b30289a4367d767e9e4bc98c4a1ad08a00e9b1e665f00dbad5741802b5e11
2145ed662e3dd4fef471a0c650fb15bad6f8b434ea54ab40b899c5ff8e77c2b2
36a30fb5c65b7a386b45debbc89bd8b8c1dd7a87eda439acabeb0bfb621b14ed
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e2051f5e04e70c8b9d3c759ee8196dac0c0601b6893dc96f2461bb74a54bd85
4de1e4e94729ce929801e7c715eda145616022bf710725fedd75341575963d9f
54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52
54a41a067d6b8c3c9d9161cbcd63ef437b70029f56e12ad443d247c199d3054b
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
7132d24727a49b799457a63369ea663f132e8a73a387282e19bc61b99223fc11
72bad2126bc4327b3b21b982565564a990669164984eede02a97a7ec62df0dd6
832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db
855f23e2416aebea699aee5fff944fb9e405d3f6bcfca46d900611161786f35d
98c4f278eda9ece02de780ade87040aded5a31e7a4f62779e6b138ea75a1fab5
a9e1a2d665b18f3721a26080f2d15c7de8db3e71a8d802a0c88e0aee6a34862a
c03fc7c2991c6ff541ec79af79825f54c15ab7bbea66f5a0c6635300de5e2ffd
c311236dc340eafeaf1e99934cf8705d37020bfc6287625af455977dea1825b5
c7a85dc6dd6ba5b2aa0aee70d383364a3dab49566a85838538dbefb84f8f0962
dcb385c05d927d627aa1bea39a2505d6464e43d9cc809c12782e671d44f1e7e0
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e36b67394224da1ca83124ddf67ee4cf2defd97f44b4f58fe1433f61316924a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fbbe0608ed226a1e1800a7c56caaa3e46ff933e33994cca3ef342e30dc7ebee8

partners1stcu.org Open in urlscan Pro 67.227.180.62 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

33 Requests

100 %HTTPS

75 %IPv6

14 Domains

17 Subdomains

16 IPs

2 Countries

1229 kBTransfer

3563 kBSize

9 Cookies

12 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

partners1stcu.org Open in urlscan Pro
67.227.180.62 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

100 %
HTTPS

75 %
IPv6

14
Domains

17
Subdomains

16
IPs

2
Countries

1229 kB
Transfer

3563 kB
Size

9
Cookies

33 HTTP transactions
0 data transactions