urlscan.io logo urlscan.io
SecurityTrails logo

mycardrewards.bfsfcu.org Open in urlscan Pro
3.217.197.93  Public Scan

Go To Rescan Add Verdict Report
URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Submission: On March 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 22 HTTP transactions. The main IP is 3.217.197.93, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is mycardrewards.bfsfcu.org.
TLS certificate: Issued by R3 on March 12th 2024. Valid for: 3 months.
This is the only time mycardrewards.bfsfcu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 3.217.197.93 14618 (AMAZON-AES)
12 2600:9000:235... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
22 4
Apex Domain
Subdomains		 Transfer
12 augeofi.com
services.augeofi.com
224 KB
5 bfsfcu.org
mycardrewards.bfsfcu.org
11 MB
2 dreampoints.com
img.dreampoints.com — Cisco Umbrella Rank: 956337
38 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
21 KB
22 4
Domain Requested by
12 services.augeofi.com mycardrewards.bfsfcu.org
5 mycardrewards.bfsfcu.org mycardrewards.bfsfcu.org
2 img.dreampoints.com
2 www.google-analytics.com mycardrewards.bfsfcu.org
www.google-analytics.com
22 4

This site contains links to these domains. Also see Links.

Domain
bfsfcu.org
Subject Issuer Validity Valid
mycardrewards.bfsfcu.org
R3		 2024-03-12 -
2024-06-10		 3 months crt.sh
services.augeofi.com
Amazon RSA 2048 M03		 2024-03-04 -
2025-04-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
img.dreampoints.com
R3		 2024-01-29 -
2024-04-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Frame ID: EE2098423C069E10CF1A967D616D4C1E
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PWPRedeem

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

22
Requests

95 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

11749 kB
Transfer

11762 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pay-with-points-processing.php
mycardrewards.bfsfcu.org// 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
018ae146d54dad689c7ac4f4197bb124f387b6ab47512bb5096fb17c49c5faec
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
1649
Content-Security-Policy
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Content-Type
text/html; charset=UTF-8
Date
Fri, 22 Mar 2024 13:57:22 GMT
Expect-CT
max-age=0
Keep-Alive
timeout=5, max=100
Referrer-Policy
no-referrer
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload max-age=15552000; includeSubDomains
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
expires
0
last-modified
Wed, 20 Mar 2024 01:31:13 GMT
pragma
no-cache
serverutctime
Fri, 22 Mar 2024 13:57:22 GMT
surrogate-control
no-store
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
runtime.c49147f0eb5adb3f92f7.js
mycardrewards.bfsfcu.org/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/runtime.c49147f0eb5adb3f92f7.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
82d57f67ab0814e294462e2fe5effee559d78fd73289214f0b5a9802ed6e3900
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:22 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
x-content-type-options
nosniff
Content-Security-Policy
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
X-Permitted-Cross-Domain-Policies
none
surrogate-control
no-store
X-DNS-Prefetch-Control
off
Connection
Keep-Alive
Content-Length
6263
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
Referrer-Policy
no-referrer
serverutctime
Fri, 22 Mar 2024 13:57:22 GMT
Server
Apache
last-modified
Tue, 12 Mar 2024 19:48:13 GMT
Expect-CT
max-age=0
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
X-Download-Options
noopen
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=99
expires
0
polyfills.js
mycardrewards.bfsfcu.org/ 		386 KB
387 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/polyfills.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
8c98fbb31aff6e7bcbb78ef6d98a2ac16ea9f1f3f349b29c2e4d78a0776daf73
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:22 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
x-content-type-options
nosniff
Content-Security-Policy
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
X-Permitted-Cross-Domain-Policies
none
surrogate-control
no-store
X-DNS-Prefetch-Control
off
Connection
Keep-Alive
Content-Length
395382
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
Referrer-Policy
no-referrer
serverutctime
Fri, 22 Mar 2024 13:57:22 GMT
Server
Apache
last-modified
Tue, 12 Mar 2024 19:48:13 GMT
Expect-CT
max-age=0
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
X-Download-Options
noopen
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=98
expires
0
main.js
mycardrewards.bfsfcu.org/ 		11 MB
11 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/main.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
66dd2eb8d0b598f1352e442dd9063ead13e7a80084449f0f6e735f64d335231a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:23 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
x-content-type-options
nosniff
Content-Security-Policy
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
X-Permitted-Cross-Domain-Policies
none
surrogate-control
no-store
X-DNS-Prefetch-Control
off
Connection
Keep-Alive
Content-Length
11326421
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
Referrer-Policy
no-referrer
serverutctime
Fri, 22 Mar 2024 13:57:23 GMT
Server
Apache
last-modified
Tue, 12 Mar 2024 19:48:13 GMT
Expect-CT
max-age=0
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
X-Download-Options
noopen
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
expires
0
url
services.augeofi.com/phoenix/v1/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/url?location=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
96d22eaf5e2fe4b8d1ec1c6f512d82e4611278ee6c38bb0417924c4683aa2c6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:26 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
1121
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:26.071933Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
0s72qx_Omrq-gl8Rgp2_DlwKGabQF2ueyiJa4PmwsZAaDNDmTIU9QQ==
expires
0
docs
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		101 KB
102 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/docs
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6a80f8532bf6bc67e55c582f5a32434098fd532c17ac533fc4cc70be94a7e286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:26 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
103046
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:26.541043Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
69CMjEL7KmfZfjoucS2UtHLFcPa_eAW83szvV4VEDg1WCmr7A-T3HQ==
expires
0
emailengagement
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/ 		306 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/emailengagement
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5942ccf5ef8fb4f9e246ccec1eabd9b4fce8a464a9e8244eb916ef39f6aeae95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:26 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
306
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:26.388160Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
Xn2LNy_k87EpS3zshLgtwm1P4UfNXNmVs05ZZ-YvF4BRLGpY2NLfIg==
expires
0
BKFD-BKFD
services.augeofi.com/phoenix/v1/branding/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/branding/BKFD-BKFD
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
48ef1ced1c86acc62c37b8ac65b01ebdd3ebc10fdd0ec338ccdec70235af14ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:26 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
1655
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:26.389655Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
FhgSROKul2t17QID-zP4adCqT3IDJJnUfiuatNFjASAjwVr9GuGXkw==
expires
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 22 Mar 2024 13:38:42 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1124
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 22 Mar 2024 15:38:42 GMT
BKFD-BKFD
services.augeofi.com/phoenix/v1/program/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c174521c9a552011f773215f5e4db058e6472861456e57e8fa04c32441dea601
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
1641
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.130921Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
o-ZFqXxVT7lqGHo4Z2qRiyT9bgslgzA3ziXBKHksuKrlpCvwGtxPrA==
expires
0
shopandearn
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/ 		263 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/shopandearn
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bffac6c6ac8cbab28b4b181bb241aac7a78ec2500b27103cec72fba9d947c660
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
263
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.130684Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
S2IjG5fBgyYsDVPuAnNerQMLNAIdMQab6kB5jaBxJ4X83ls0ZXu_VA==
expires
0
homepage
services.augeofi.com/phoenix/v1/branding/BKFD-BKFD/pages/ 		767 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/branding/BKFD-BKFD/pages/homepage
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a3dd0b6fb241d36709af2160ba7a8f18ecb26fa2659a72d9c5ff4ba16b7991af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
767
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.138913Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
rtOxcQ73XONN15j85-PRwBp8TpfqeP41qcMurxnxxozup_JYlMcmng==
expires
0
docs
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		101 KB
102 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/docs
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6a80f8532bf6bc67e55c582f5a32434098fd532c17ac533fc4cc70be94a7e286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
103046
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.314242Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
LidK6gP1ECjErp0H0Kud8_jAQrkY4ZYxCyDrQXM2wKiVmbdtrKCFrQ==
expires
0
collect
www.google-analytics.com/j/ 		0
0
cashback
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/ 		995 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/cashback
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
817546ecc6460bd95e59b6eaef6339c415fde9843077350f00a633f2f2a6abb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
995
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.436364Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
OSuTsvtJskUavR_gaXcDm_NzV4cmFGCQwTh72FyK2HloqCKxl2B5Vg==
expires
0
sitemap
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/sitemap
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bce12dcb6261c204f79742e54aa7ac812730b656ad86a1ee5ef6da6a4fa83b8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 22 Mar 2024 13:57:27 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
4455
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:27.830524Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
0_SN2eOp9DluLsh_6jPQZboEwz4BgpOa3z0nd90VAE1sawQZURwYkA==
expires
0
collect
www.google-analytics.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1856617472&t=pageview&_s=2&dl=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&dp=%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&ul=en-us&de=UTF-8&dt=DreamPoints&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAACAAI~&jid=&gjid=&cid=1546448672.1711115847&tid=UA-195640804-1&_gid=854904946.1711115847&z=1082949490
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Mar 2024 02:52:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
39868
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
redeembymessageid
services.augeofi.com/phoenix/v1/pwpredemption/ 		778 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/pwpredemption/redeembymessageid
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b7c71e57fe8f12b9727c9a2f6ff7acc601f86fc07f3601fa60c60bc20fff1afc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Fri, 22 Mar 2024 13:57:28 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 2809edb23da5b1de8a640a251efb8608.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
content-length
778
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2024-03-22T13:57:28.587163Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
MTeAs3aptdsY_dALw1BtHA_8vRb2M0Oz-nMWXMJoc5AFkNaDAyK21w==
expires
0
redeembymessageid
services.augeofi.com/phoenix/v1/pwpredemption/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/pwpredemption/redeembymessageid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:cc00:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://mycardrewards.bfsfcu.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin
https://mycardrewards.bfsfcu.org
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length
0
date
Fri, 22 Mar 2024 13:57:28 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 172c1df55a41f1a1b144f3711399cfc4.cloudfront.net (CloudFront)
x-amz-cf-id
Dz4aGabSh6Th8YiSBPkFhYiw8VvFWOhoWTn4PiX32mE5pV6g1W413w==
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
1622728429c9870c5.png
img.dreampoints.com/drmp/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/1622728429c9870c5.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
cc13d0d44fd6a68d3016a678ea71b06bc1c06aabfaef95e973ef55a9e9255780
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Jun 2021 13:53:49 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17276
X-XSS-Protection
1; mode=block
16227284310c5bbe0.png
img.dreampoints.com/drmp/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/16227284310c5bbe0.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7c869f1d34921aae059d492230ba086e7b1798fc89e6816035b597703a597e80
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Jun 2021 13:53:51 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21291
X-XSS-Protection
1; mode=block
black.png
mycardrewards.bfsfcu.org/assets/buttons/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/buttons/black.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
8052b3b7caab4686319847f21aaa639efe035a57371ca64759bf894971319123
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 13:57:28 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload, max-age=15552000; includeSubDomains
x-content-type-options
nosniff
Content-Security-Policy
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
X-Permitted-Cross-Domain-Policies
none
surrogate-control
no-store
X-DNS-Prefetch-Control
off
Connection
Keep-Alive
Content-Length
4772
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
Referrer-Policy
no-referrer
serverutctime
Fri, 22 Mar 2024 13:57:28 GMT
Server
Apache
last-modified
Tue, 12 Mar 2024 19:48:13 GMT
Expect-CT
max-age=0
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
X-Download-Options
noopen
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=99
expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1856617472&t=pageview&_s=1&dl=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&dp=%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&ul=en-us&de=UTF-8&dt=DreamPoints&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1950710093&gjid=1771223270&cid=1546448672.1711115847&tid=UA-195640804-1&_gid=854904946.1711115847&_r=1&_slc=1&z=967348501

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _process$env$DOMAIN_HOSTS string| _process$env$BASE_URL string| _process$env$SERVICE_URL string| _process$env$SERVICE_PROVIDER string| _process$env$ENABLE_EXPERIMENTAL_FEATURES object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.bfsfcu.org/ Name: _ga
Value: GA1.2.1546448672.1711115847
.bfsfcu.org/ Name: _gid
Value: GA1.2.854904946.1711115847
.bfsfcu.org/ Name: _gat
Value: 1
services.augeofi.com/ Name: AWSALBCORS
Value: 7GR8pI7h4UunyrXLcpg3GZjqX1tUxE1XmvD2N/Db0s9atEBIPmUP0QHFm5Fi064IbuiLjd5XCpNLfp5ItmhLc2mbV2nE9TAwws6kwZY8489uP2zcnF0AMwagTOJL

22 Console Messages

Source Level URL
Text
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://www.google-analytics.com/analytics.js(Line 35)
Message:
Refused to connect to 'https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1856617472&t=pageview&_s=1&dl=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&dp=%2F%2Fpay-with-points-processing.php%3Faction%3Dredeem%26messageId%3D1cb3e3b6-9d95-4670-8df7-797ffe2835e9&ul=en-us&de=UTF-8&dt=DreamPoints&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1950710093&gjid=1771223270&cid=1546448672.1711115847&tid=UA-195640804-1&_gid=854904946.1711115847&_r=1&_slc=1&z=967348501' because it violates the following Content Security Policy directive: "default-src 'self' *.augeofi.net *.augeofi.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org//pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org/pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://mycardrewards.bfsfcu.org/pay-with-points-processing.php?action=redeem&messageId=1cb3e3b6-9d95-4670-8df7-797ffe2835e9
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com
Strict-Transport-Security max-age=63072000; includeSubdomains; preload max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.dreampoints.com
mycardrewards.bfsfcu.org
services.augeofi.com
www.google-analytics.com
www.google-analytics.com
2600:9000:2359:cc00:e:c588:bc80:93a1
2a00:1450:4001:809::200e
3.217.197.93
018ae146d54dad689c7ac4f4197bb124f387b6ab47512bb5096fb17c49c5faec
48ef1ced1c86acc62c37b8ac65b01ebdd3ebc10fdd0ec338ccdec70235af14ea
5942ccf5ef8fb4f9e246ccec1eabd9b4fce8a464a9e8244eb916ef39f6aeae95
66dd2eb8d0b598f1352e442dd9063ead13e7a80084449f0f6e735f64d335231a
6a80f8532bf6bc67e55c582f5a32434098fd532c17ac533fc4cc70be94a7e286
7c869f1d34921aae059d492230ba086e7b1798fc89e6816035b597703a597e80
8052b3b7caab4686319847f21aaa639efe035a57371ca64759bf894971319123
817546ecc6460bd95e59b6eaef6339c415fde9843077350f00a633f2f2a6abb9
82d57f67ab0814e294462e2fe5effee559d78fd73289214f0b5a9802ed6e3900
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8c98fbb31aff6e7bcbb78ef6d98a2ac16ea9f1f3f349b29c2e4d78a0776daf73
96d22eaf5e2fe4b8d1ec1c6f512d82e4611278ee6c38bb0417924c4683aa2c6a
a3dd0b6fb241d36709af2160ba7a8f18ecb26fa2659a72d9c5ff4ba16b7991af
b7c71e57fe8f12b9727c9a2f6ff7acc601f86fc07f3601fa60c60bc20fff1afc
bce12dcb6261c204f79742e54aa7ac812730b656ad86a1ee5ef6da6a4fa83b8d
bffac6c6ac8cbab28b4b181bb241aac7a78ec2500b27103cec72fba9d947c660
c174521c9a552011f773215f5e4db058e6472861456e57e8fa04c32441dea601
cc13d0d44fd6a68d3016a678ea71b06bc1c06aabfaef95e973ef55a9e9255780
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd