urlscan.io logo urlscan.io
SecurityTrails logo

mycardrewards.bfsfcu.org Open in urlscan Pro
3.217.197.93  Public Scan

Go To Rescan Add Verdict Report
URL: https://mycardrewards.bfsfcu.org/
Submission: On December 19 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 27 HTTP transactions. The main IP is 3.217.197.93, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is mycardrewards.bfsfcu.org.
TLS certificate: Issued by R3 on November 13th 2023. Valid for: 3 months.
This is the only time mycardrewards.bfsfcu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

14    3.217.197.93 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-197-93.compute-1.amazonaws.com
mycardrewards.bfsfcu.org
img.dreampoints.com
9    2600:9000:211e:5800:e:c588:bc80:93a1 (United States)

ASN16509 (AMAZON-02, US)
services.augeofi.com
2    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
9 augeofi.com
services.augeofi.com
220 KB
9 bfsfcu.org
mycardrewards.bfsfcu.org
12 MB
5 dreampoints.com
img.dreampoints.com — Cisco Umbrella Rank: 522680
954 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2189
21 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
81 KB
27 5
Domain Requested by
9 services.augeofi.com mycardrewards.bfsfcu.org
9 mycardrewards.bfsfcu.org mycardrewards.bfsfcu.org
5 img.dreampoints.com
2 www.google-analytics.com mycardrewards.bfsfcu.org
www.google-analytics.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
27 6

This site contains links to these domains. Also see Links.

Domain
bfsfcu.org
Subject Issuer Validity Valid
mycardrewards.bfsfcu.org
R3		 2023-11-13 -
2024-02-11		 3 months crt.sh
services.augeofi.com
Amazon RSA 2048 M02		 2023-04-04 -
2024-05-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
img.dreampoints.com
R3		 2023-11-30 -
2024-02-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mycardrewards.bfsfcu.org/
Frame ID: 9D6DACA43584C0AD2D1145497E80D96F
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HomeSearchSearchClearearn-iconopen mobile menuSearchSearchClearearn-iconexpand-iconforward-arrowforward-arrowCash BackCash BackMerchandiseMerchandiseGiftCardsGiftCardsTravelTravelExperiencesExperiencesDonationsDonationsReal-Time RewardsReal-Time RewardsReal Time Rewards-forward-arrowGift Cards-forward-arrowGift Cards-forward-arrowMerchandise-forward-arrowfooter-forward-arrowclose-header-menu-icon

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

27
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

13620 kB
Transfer

13780 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
mycardrewards.bfsfcu.org/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
018ae146d54dad689c7ac4f4197bb124f387b6ab47512bb5096fb17c49c5faec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
1649
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Dec 2023 18:57:39 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-XSS-Protection
1; mode=block
accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
expires
0
last-modified
Wed, 13 Dec 2023 02:33:28 GMT
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:39 GMT
surrogate-control
no-store
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
runtime.c49147f0eb5adb3f92f7.js
mycardrewards.bfsfcu.org/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/runtime.c49147f0eb5adb3f92f7.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
82d57f67ab0814e294462e2fe5effee559d78fd73289214f0b5a9802ed6e3900
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://mycardrewards.bfsfcu.org/
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:39 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
6263
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:39 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=99
expires
0
polyfills.js
mycardrewards.bfsfcu.org/ 		386 KB
387 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/polyfills.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
8c98fbb31aff6e7bcbb78ef6d98a2ac16ea9f1f3f349b29c2e4d78a0776daf73
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://mycardrewards.bfsfcu.org/
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
395382
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:40 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=98
expires
0
main.js
mycardrewards.bfsfcu.org/ 		11 MB
11 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycardrewards.bfsfcu.org/main.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bd0eadabfe97b3dc8518a0ec8e777f7aef17b9883134507dcfb0121c069f08aa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://mycardrewards.bfsfcu.org/
Origin
https://mycardrewards.bfsfcu.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
11307337
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:40 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
expires
0
url
services.augeofi.com/phoenix/v1/ 		1019 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/url?location=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e8bca206f21e253f54c6713b1d684d5a18972d87d73abd6c3e8667c37df0fec4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:47 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
1019
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:47.510494Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
xnM-26ouDGpBmnZeC1kjPOBM9efBwfYl7m5cuIM0BxN1VO7M68SzoA==
expires
0
docs
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		100 KB
101 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/docs
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
3a51544a1441d5a19520a7638fed86fec1b3034a76a41c53ae6e775d623f8db0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:47 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
102804
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:47.984719Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
BkK8NYEYX1nCy7q93G6sGikL6fO0nI4NdhXZonNHn0tMQ1Y4-fGEEw==
expires
0
emailengagement
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/ 		307 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/emailengagement
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2f3083eb89a1756d1978aa2575635c652e421054c12d88373f5e3d6fe9e66c8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:47 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
307
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:47.837854Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
9yxI7obSb7YCWr0TLhgaXtMJi-WBIYSFGa0OD5kGVOpVw0f56KmlXQ==
expires
0
BKFD-BKFD
services.augeofi.com/phoenix/v1/branding/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/branding/BKFD-BKFD
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
cb68aae5caef3d3f134704297558e6bd155c10704dd54acde3cb74b734919d31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:47 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
1634
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:47.837898Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
aCcLqWSLBg2Evd3-T7SBKh3qY217kpMO55iizghjMcOSGv_tHWqKOg==
expires
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 19 Dec 2023 17:48:14 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4174
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 19 Dec 2023 19:48:14 GMT
BKFD-BKFD
services.augeofi.com/phoenix/v1/program/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
1e125d54039179fce7cb37ea621f125bcad89f79e929f4f5f426801b7b4d3dd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
1642
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:48.692827Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
nFs9Il_OMAb5KMtHZxZlAVEO0WIUR5SZ2xFRCULsptprn135SSy2mA==
expires
0
shopandearn
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/ 		274 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/feature/shopandearn
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d7c10e5eb98f370eaa36de0ab67db4cae10ec7d53450c9601ec4bcc7c2df261f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
274
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:48.687445Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
D5IoIBnnBq2l3Z3IvzSWcgoys3-as9Vf-yUiFAntJPsY7YO8MYdf8g==
expires
0
sitemap
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/sitemap
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bce12dcb6261c204f79742e54aa7ac812730b656ad86a1ee5ef6da6a4fa83b8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
4455
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:48.594756Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
CMpmY1sgtSzcc4xFfm9Y6ZFDYFABV56u-BIzXpgSaZT4_pdJtXUBRQ==
expires
0
homepage
services.augeofi.com/phoenix/v1/branding/BKFD-BKFD/pages/ 		861 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/branding/BKFD-BKFD/pages/homepage
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
eaf2bcae1f3272b07531a06e91dc6273f33f314bb7e5a0daf92847b6da492d98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
861
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:48.693227Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
d82_gvMapjQHKcHWSrcicB0DUFxhL8-102TUp4bEO2OL6QKfkD84YQ==
expires
0
docs
services.augeofi.com/phoenix/v1/program/BKFD-BKFD/ 		100 KB
101 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.augeofi.com/phoenix/v1/program/BKFD-BKFD/docs
Requested by
Host: mycardrewards.bfsfcu.org
URL: https://mycardrewards.bfsfcu.org/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:5800:e:c588:bc80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
3a51544a1441d5a19520a7638fed86fec1b3034a76a41c53ae6e775d623f8db0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
102804
x-xss-protection
1; mode=block
pragma
no-cache
serverutctime
2023-12-19T18:57:48.744482Z
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
JR3yvg8pjOPMhC57l7ovy0bb-7p3GiCW9-0HFEf1V9IsfW_xI3O1Qg==
expires
0
collect
www.google-analytics.com/j/ 		15 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1850301730&t=pageview&_s=1&dl=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F&dp=%2F&ul=en-us&de=UTF-8&dt=DreamPoints&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=2044130257&gjid=1145859495&cid=186059927.1703012269&tid=UA-195640804-1&_gid=1953041887.1703012269&_r=1&_slc=1&z=1595964978
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e5a933cd2877821029cab2e241e2b2e7598da0b79afe358656730bc4cf8abfd9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://mycardrewards.bfsfcu.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Dec 2023 18:57:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		228 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NPT2X9YCHN&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1f80ead8e318d1930a539b45627db466c883dc35f39809e60ba5151271d77dc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 18:57:48 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82999
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 19 Dec 2023 18:57:48 GMT
collect
region1.google-analytics.com/g/ 		0
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-NPT2X9YCHN&gtm=45je3bt0v9133782943&_p=1703012268601&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=186059927.1703012269&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fmycardrewards.bfsfcu.org%2F&dp=%2F&dt=DreamPoints&sid=1703012268&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=9501
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPT2X9YCHN&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Dec 2023 18:57:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://mycardrewards.bfsfcu.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1622728429c9870c5.png
img.dreampoints.com/drmp/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/1622728429c9870c5.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
cc13d0d44fd6a68d3016a678ea71b06bc1c06aabfaef95e973ef55a9e9255780
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Jun 2021 13:53:49 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17276
X-XSS-Protection
1; mode=block
16227284310c5bbe0.png
img.dreampoints.com/drmp/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/16227284310c5bbe0.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7c869f1d34921aae059d492230ba086e7b1798fc89e6816035b597703a597e80
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Jun 2021 13:53:51 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21291
X-XSS-Protection
1; mode=block
black.png
mycardrewards.bfsfcu.org/assets/buttons/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/buttons/black.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
8052b3b7caab4686319847f21aaa639efe035a57371ca64759bf894971319123
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
4772
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:49 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=99
expires
0
fuel.png
mycardrewards.bfsfcu.org/assets/ 		160 KB
160 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/fuel.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
779777e2ae9edc6d9e07aa22ca569e20f0069aba9d0543c93ab43416b01c9e60
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
163590
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:49 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
expires
0
dining.png
mycardrewards.bfsfcu.org/assets/ 		200 KB
200 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/dining.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
fdaef0a7a862e2821ef713d31cf45fb6fe2f551f80b79096cdd7505d361ed511
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
204503
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:49 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=98
expires
0
retail.png
mycardrewards.bfsfcu.org/assets/ 		209 KB
209 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/retail.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
d9eb56ff97cbbbf9fa8c9cd56fce0a8e0ec5e02bf4d816e0bcd548d954e0b853
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
213661
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:49 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
expires
0
apple.png
mycardrewards.bfsfcu.org/assets/ 		328 KB
329 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycardrewards.bfsfcu.org/assets/apple.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
2426b3f27fd852511870c9e21b66bedcc88fb50c6ed6b470901a302aa28efb8c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
surrogate-control
no-store
Connection
Keep-Alive
Content-Length
336296
X-XSS-Protection
1; mode=block, 1; mode=block
pragma
no-cache
serverutctime
Tue, 19 Dec 2023 18:57:49 GMT
Server
Apache
last-modified
Wed, 06 Dec 2023 21:00:59 GMT
x-frame-options
DENY
vary
Origin
Content-Type
image/png
access-control-allow-origin
*
cache-control
no-store, max-age=0, must-revalidate
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
expires
0
1629990603e275159.jpg
img.dreampoints.com/drmp/ 		266 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/1629990603e275159.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
658a0a261754600b49cf0b8681a14ec28f5d44b74226d20fdb9dba79605c1753
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 26 Aug 2021 15:10:03 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
272157
X-XSS-Protection
1; mode=block
16299906046fa5313.jpg
img.dreampoints.com/drmp/ 		431 KB
432 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/16299906046fa5313.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
d9700e17462f56c0f79bab7aca8f46edf4adfec10ab9abcb84d368b2515e39ce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 26 Aug 2021 15:10:04 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
441488
X-XSS-Protection
1; mode=block
1629990601963477c.jpg
img.dreampoints.com/drmp/ 		218 KB
218 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.dreampoints.com/drmp/1629990601963477c.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.197.93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-197-93.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7243d903a3fb37f12bc5350703b3d00b29b28879c403d62e1190e3b477ed8a26
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycardrewards.bfsfcu.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Tue, 19 Dec 2023 18:57:49 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 26 Aug 2021 15:10:01 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
223084
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| _process$env$DOMAIN_HOSTS string| _process$env$BASE_URL string| _process$env$SERVICE_URL string| _process$env$SERVICE_PROVIDER string| _process$env$ENABLE_EXPERIMENTAL_FEATURES object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager

5 Cookies

Domain/Path Name / Value
.bfsfcu.org/ Name: _ga
Value: GA1.2.186059927.1703012269
.bfsfcu.org/ Name: _gid
Value: GA1.2.1953041887.1703012269
.bfsfcu.org/ Name: _gat
Value: 1
services.augeofi.com/ Name: AWSALBCORS
Value: Bi8VRSDe0qvLXapHJzCQhBDcOa1ATKEvAQowsWKVckuUwNPVAsgEgN8KpQdE8a6v5Kg/4jmpwY8zzFSVSCo+iUBfFHUA1G64PZzxluxtcuPE/55Rh90HlNiOyZRe
.bfsfcu.org/ Name: _ga_NPT2X9YCHN
Value: GS1.2.1703012268.1.0.1703012268.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.dreampoints.com
mycardrewards.bfsfcu.org
region1.google-analytics.com
services.augeofi.com
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::36
2600:9000:211e:5800:e:c588:bc80:93a1
2a00:1450:4001:803::200e
2a00:1450:4001:82a::2008
3.217.197.93
018ae146d54dad689c7ac4f4197bb124f387b6ab47512bb5096fb17c49c5faec
1e125d54039179fce7cb37ea621f125bcad89f79e929f4f5f426801b7b4d3dd6
1f80ead8e318d1930a539b45627db466c883dc35f39809e60ba5151271d77dc1
2426b3f27fd852511870c9e21b66bedcc88fb50c6ed6b470901a302aa28efb8c
2f3083eb89a1756d1978aa2575635c652e421054c12d88373f5e3d6fe9e66c8c
3a51544a1441d5a19520a7638fed86fec1b3034a76a41c53ae6e775d623f8db0
658a0a261754600b49cf0b8681a14ec28f5d44b74226d20fdb9dba79605c1753
7243d903a3fb37f12bc5350703b3d00b29b28879c403d62e1190e3b477ed8a26
779777e2ae9edc6d9e07aa22ca569e20f0069aba9d0543c93ab43416b01c9e60
7c869f1d34921aae059d492230ba086e7b1798fc89e6816035b597703a597e80
8052b3b7caab4686319847f21aaa639efe035a57371ca64759bf894971319123
82d57f67ab0814e294462e2fe5effee559d78fd73289214f0b5a9802ed6e3900
8c98fbb31aff6e7bcbb78ef6d98a2ac16ea9f1f3f349b29c2e4d78a0776daf73
bce12dcb6261c204f79742e54aa7ac812730b656ad86a1ee5ef6da6a4fa83b8d
bd0eadabfe97b3dc8518a0ec8e777f7aef17b9883134507dcfb0121c069f08aa
cb68aae5caef3d3f134704297558e6bd155c10704dd54acde3cb74b734919d31
cc13d0d44fd6a68d3016a678ea71b06bc1c06aabfaef95e973ef55a9e9255780
d7c10e5eb98f370eaa36de0ab67db4cae10ec7d53450c9601ec4bcc7c2df261f
d9700e17462f56c0f79bab7aca8f46edf4adfec10ab9abcb84d368b2515e39ce
d9eb56ff97cbbbf9fa8c9cd56fce0a8e0ec5e02bf4d816e0bcd548d954e0b853
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5a933cd2877821029cab2e241e2b2e7598da0b79afe358656730bc4cf8abfd9
e8bca206f21e253f54c6713b1d684d5a18972d87d73abd6c3e8667c37df0fec4
eaf2bcae1f3272b07531a06e91dc6273f33f314bb7e5a0daf92847b6da492d98
fdaef0a7a862e2821ef713d31cf45fb6fe2f551f80b79096cdd7505d361ed511