government public service

government

English

LSKey-c$CookieConsentPolicy

renderCtx

CookieConsentPolicy

The domain name 'ucportal.acf.gov' uses the United States government-restricted top-level domain (.gov), featuring subdomain 'ucportal'. Count 3 characters in 'acf' holding 1 vowel versus two consonants. Word splitting yields one word: acf. Median word length comes out to three characters. No strong language cues emerged from the frequency lists.

html/19/d8/19d83d6c-5db4-49a2-b64c-d7b5b0df49cb.html.gz

upgrade-insecure-requests
frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce

frame-src *.force.com https://player.vimeo.com 'self' *.youtube.co.uk https://sfdc-link-preview.hk.salesforce.com https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com *.cybersource.com *.youtube.es *.adis.ws *.youtube.ie https://www.youtube.com *.cloudinary.com https://pay.google.com *.vimeo.com *.youtube.jp bcove.video *.youtube.fr https://player.cloudinary.com https://sfdc-link-preview-staging.sfdc.sh https://s1.adis.ws *.forceusercontent.com *.brightcove.net *.youtube.com *.youtube.nl https://service.force.com/embeddedservice/ https://fast.wistia.net *.quip.com *.arkoselabs.com *.youtube-nocookie.com https://www.paypal.com https://appiniummastertrial.secure.force.com https://play.vidyard.com https://*.c.forceusercontent.com/lightningmaps/ *.youtube.com.br *.salesforce-experience.com *.salesforceliveagent.com https://scormanywhere.secure.force.com https://demo.arcade.software https://checkoutshopper-live.adyen.com/ https://uctableau.acf.hhs.gov *.sfdcfc.net *.youtube.ca https://location.force.com *.vidyard.com https://www.gstatic.com/recaptcha/ https://players.brightcove.net https://*.c.forceusercontent.com https://cdn.embedly.com https://www.google.com/recaptcha/ https://js.stripe.com/ https://www.sandbox.paypal.com *.wistia.net *.salesforce.com https://oasis-acf.file.force.com https://usa9020.sfdc-pu91w7.salesforce.com *.youtube.pl; report-to sfdc-csp-ep; report-uri https://oasis-acf.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dt00000004XPO&networkId=0DM3d00000001Th&type=communities

application/x-www-form-urlencoded; charset=UTF-8

attachment; filename="ACFLogo_Condensed_Blue.png"; filename*=utf-8''ACFLogo_Condensed_Blue.png

upgrade-insecure-requests, frame-ancestors 'self'

f2776579fc50d5ef934789939f7b446f16bc5b3df85cc68ed5b697bc168665ae

93a40174981d44cb357cca4585deab2db5c651034f4ae018dce567f354860585

b3c8afb6cb2bbe54e1cd6f643fb2286d505382b8f6b576a78a916652b19169d1

3c5020f0af9698b4cf7d14450398c1eaaca41ab3ef21d8097327c65acc6909a3

175c2d43ecef27396b3a6d5aad7f99a765cc4dae22679b231481b0dbd4409ee3

cf133d1257301cb73eaebe7f5314039add04d0ad99e0bfedcdb9114fa25a9ddc

625cd51641dcaa91bb42737d5388797ffbd2eb668dc1363d25b99c757b2217a9

c1dca8fd74f2d9cbd32c869f1f240cd20a8d02f4e7478d98d134a9682a99931f

04c3dd41396f2c0a5e2f159c43b2a0d47a03e260416a64017430f7b430d28d2a

25296dab808c2d46c06e7acd43645cd3dbc721bcfa3a9fe1a07422e90db9463d

c08efff42d75b6f72042fdb8a72d2414e444878548b593a76287904ae29ca9ed

01cb738fb99259c209dae97df383e96e5609114bfd0bed97cef8115fe299589e

52b48dfd9dab95970af264a5320eb3f0c8023d224415f178bc4bedcc332f2099

81d14fadacdbd71c7d3861383b84637bfc90b3cca25bc24e3f12e0d9b2a1d66c

HHS Vulnerability Disclosure Policy Disclaimers

default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-UAGKL5ILgTj7c4lGcaVslOkEjxmkUU4d' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ blob:; img-src 'self' data: blob: https://oasis-acf.my.salesforce.com https://oasis-acf.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://*.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://usa9020.sfdc-pu91w7.salesforce.com/icons/ https://orr-uc-apps.acf.hhs.gov https://uc-pre-prod.acf.gov https://uctableau.acf.hhs.gov; media-src 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://usa9020.sfdc-pu91w7.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://js.stripe.com/ https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com https://*.c.forceusercontent.com/lightningmaps/ https://*.c.forceusercontent.com https://location.force.com https://oasis-acf.file.force.com https://uctableau.acf.hhs.gov https://demo.arcade.software; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://oasis-acf.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://payments.salesforce.com/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://js.stripe.com/ https://www.google.com/recaptcha/ https://*.api.salesforce.com https://o11y.sfproxy-core2.sfdc-pu91w7.svc.sfdcfc.net/ui-telemetry https://uctableau.acf.hhs.gov https://demo.arcade.software

initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, minimal-ui

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

img-src *.force.com slack-imgs-mil-dev.com 'self' *.slack.com https://www.paypal.com https://usa9020.sfdc-pu91w7.salesforce.com/icons/ https://img.youtube.com https://payments.salesforce.com/icons/ https://login.salesforce.com/icons/ *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://www.gstatic.com https://uctableau.acf.hhs.gov *.slack-edge-gov.com *.my-salesforce.com slack-imgs-gov-dev.com *.slack-edge.com *.cloudinary.com https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://uc-pre-prod.acf.gov slack-mil-dev.com https://www.gstatic.com/recaptcha/ blob: https://oasis-acf.my.salesforce.com https://www.google.com/recaptcha/ *.slack-edge.mil https://www.sandbox.paypal.com https://orr-uc-apps.acf.hhs.gov https://i.vimeocdn.com slack-imgs.com slack-gov-dev.com *.sfdcstatic.com *.salesforce.com *.twimg.com https://oasis-acf.file.force.com https://*.adyen.com slack-imgs.mil data:; report-to sfdc-csp-ep; report-uri https://oasis-acf.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00Dt00000004XPO&networkId=0DM3d00000001Th&type=communities

hhs.gov

acf.gov

Amazon EC2 Abuse

IP Management

Amazon AWS Network Operations

Amazon Data Services Northern Virginia

Amazon EC2 Network Operations

AMAZON-OSU

(function _ls() {
		function errLoadAuraFwScript(){
        var u=new URL(location.href);
        u.searchParams.get("aura.lcdn")==="0"||(u.searchParams.set("aura.lcdn",0),location.assign(u.search));
    }
			function script(url,co,onerror){
				var s=document.createElement("script"),a;
				s.fetchPriority="high";
				co&&(s.crossOrigin="anonymous");
				s.async=!0;
				s.src=url;
				s.addEventListener("error",onerror);
				(a=document.getElementsByTagName("script")[0])?a.parentNode.insertBefore(s,a):(document.head||document.body||document.documentElement).appendChild(s)
			}
		
	})();


        (function() {
            
            document.documentElement.classList.add('slds-no-wcag');
        }());
    


        // keep this variable here, because users do window.picassoSPA in order to check if in PSSC.
        var picassoSPA = {};
        var comm__attrVariationKey = "11FxOYiYfpMxmANj4kGJzg";
    


(function () {
// lwcRuntimeFlags initialization
if (!window.lwcRuntimeFlags) {
	Object.defineProperty(window, 'lwcRuntimeFlags', { value: Object.create(null) });
}
Object.assign(lwcRuntimeFlags, {"E

;(function(){window.Aura=window.Aura||{};window.Aura.beforeFrameworkInit=Aura.beforeFrameworkInit||[];var init=function init(){/*
 * This code is for Internal Salesforce use only, and subject to change without notice.
 * Customers shouldn't reference this file in any web pages.
 */
var ContentAssetGlobalValueProvider=function(a,b){this.orgId=a;this.contentDomainUrl=b};ContentAssetGlobalValueProvider.prototype.merge=function(){};ContentAssetGlobalValueProvider.prototype.isStorable=function(){return!1};ContentAssetGlobalValueProvider.prototype.get=function(a){var b="";if(!a||0===a.length)return null;b=a+"?oid\x3d"+this.orgId+"\x26";a="/file-asset/"+b;var b=$A.get("$SfdcSite.pathPrefix"),c=$A.get("$Absolute.url");return b?[c||b||"",a].join(""):[this.contentDomainUrl||"",a].join("")};

//# sourceMappingURL=/javascript/1543290307000/ui-sfdc-javascript-impl/source/ContentAssetGVP.js.map

$A.addValueProvider('$ContentAsset', new ContentAssetGlobalValueProvider('00Dt00000004XPO',''))
};window.Aura.frameworkJsReady?init():window.Aura.beforeFrameworkInit.push(init);init=function init(){/*
 * This code is for Internal Salesforce use only, and subject to change without notice.
 * Customers shouldn't reference this file in any web pages.
 */
var RecordGlobalValueProvider=function(a,b,c,d,e){this._cmp=null;this.configs={refresh:1E3*a,expiration:1E3*b,maxSize:c,version:d,previousVersion:e,minSaveToStorageInterval:3E3,expirationMobile:2628E6};Object.freeze(this.configs)};RecordGlobalValueProvider.prototype.getValues=function(){return{}};RecordGlobalValueProvider.prototype.merge=function(a){$A.util.isEmpty(a)||(this._createCmp(),this._cmp.helper.recordLib.records._receiveFrom$RecordGvp(a))};
RecordGlobalValueProvider.prototype.get=function(a,b){if("configs"===a)return this.configs;this._requestFromServer(a)};RecordGlobalValueProvider.prototype._requestFromServer=function(a){if(this._createCmp()){var b=this._cmp.get("c.getRecord");b.setParams({recordDescriptor:a});b.setCallback(this,$A.getCallback(function(b){"INCOMPLETE"===b.getState()&&this._cmp.helper.handleIncomplete.call(this._cmp.helper,a)}));$A.enqueueAction(b);$A.run(function(){},"RecordGlobalValueProvider._requestFromServer")}};
RecordGlobalValueProvider.prototype._createCmp=function(){this._cmp||(this._cmp=$A.createComponentFromConfig({descriptor:"markup://force:recordGlobalValueProvider",attributes:null}));return!$A.util.isUndefinedOrNull(this._cmp)};

//# sourceMappingURL=/javascript/1672207910000/ui-sfdc-javascript-impl/source/RecordGVP.js.map

$A.addValueProvider('$Record', new RecordGlobalValueProvider(30, 1800, 5120, '66.0', '65.0'))};window.Aura.frameworkJsReady?init():window.Aura.beforeFrameworkInit.push(init);}());


    window.addEventListener("load",function onload(){
        if(!window.Aura["frameworkJsReady"]){}
    })
    

Requests	IP Address	Location	AS Autonomous System
20	3.231.76.67	Ashburn, Virginia, United States	AS14618Amazon.com, Inc.
20	182.30.36.72	Columbus, Ohio, United States	AS8987Amazon Data Services Ireland Ltd
40	2	-	-

Security Scan Report: ucportal.acf.gov

Summary

AI Security Verdict

Moderate Risk

Risk Factors

Safety Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies5

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History