urlscan.io logo urlscan.io
SecurityTrails logo

www.aexp-static.com Open in urlscan Pro
104.111.250.201  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.aexp-static.com/
Submission: On August 22 via api from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 104.111.250.201, located in Netherlands and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.aexp-static.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on August 8th 2018. Valid for: 2 years.
This is the only time www.aexp-static.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 104.111.250.201 16625 (AKAMAI-AS)
1 35.156.179.129 16509 (AMAZON-02)
3 104.111.252.27 16625 (AKAMAI-AS)
11 4
Domain Requested by
5 www.aexp-static.com www.aexp-static.com
nexus.ensighten.com
3 service.maxymiser.net nexus.ensighten.com
service.maxymiser.net
1 nexus.ensighten.com www.aexp-static.com
nexus.ensighten.com
11 3

This site contains no links.

Subject Issuer Validity Valid
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2018-08-08 -
2020-07-23		 2 years crt.sh
nexus.ensighten.com
DigiCert SHA2 Secure Server CA		 2018-10-17 -
2020-01-05		 a year crt.sh
*.maxymiser.net
DigiCert SHA2 Secure Server CA		 2019-01-15 -
2020-04-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.aexp-static.com/
Frame ID: 2721347032ECA8F100141F15E7544815
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /IBM_HTTP_Server(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/nexus\.ensighten\.com\//i

Page Statistics

11
Requests

82 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

75 kB
Transfer

317 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.aexp-static.com/ 		47 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
843bd22c9c044a548e9a40d7064b0ad26d8ad999ef9d48c5ef752c8d67e9730b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN SAMEORIGIN

Request headers

:method
GET
:authority
www.aexp-static.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
404
server
IBM_HTTP_Server
x-frame-options
SAMEORIGIN SAMEORIGIN
strict-transport-security
max-age=15552000;
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-origin
*
timing-allow-origin
*
content-length
10168
content-type
text/html
date
Thu, 22 Aug 2019 19:47:10 GMT
set-cookie
SaneID=185.156.175.188, 2.16.187.6-1566503230070766; Path=/; expires=Sun, 25-Aug-24 19:47:10 GMT; domain=.americanexpress.com
error.min.css
www.aexp-static.com/homepage/us/css/ 		3 KB
923 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/homepage/us/css/error.min.css?4ca64690ff7a087f100869dec6f79ad7
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
8321395a0717e4cf8abf44e4e571bfad4fe435c4dbee40c58b3485b8c3ea64a9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN, SAMEORIGIN

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 05 Feb 2018 23:08:48 GMT
server
IBM_HTTP_Server
status
200
date
Thu, 22 Aug 2019 19:47:10 GMT
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=864000
accept-ranges
bytes
timing-allow-origin
*
content-length
687
Bootstrap.js
nexus.ensighten.com/amex/amexhead/ 		79 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.156.179.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-156-179-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a899dacd1488678ae15d0676b4e2fb4059c4d9312e99ed740289d184cacf7a32

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 22 Aug 2019 19:47:13 GMT
content-encoding
gzip
last-modified
Thu, 22 Aug 2019 06:01:43 GMT
server
nginx
etag
W/"5d5e2fc7-13be7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
inav_responsive.css
www.aexp-static.com/nav/ngn/css/ 		93 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
last-modified
Wed, 11 Apr 2018 19:54:17 GMT
server
IBM_HTTP_Server
status
200
date
Thu, 22 Aug 2019 19:47:10 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
timing-allow-origin
*
content-length
11740
clear.gif
www.aexp-static.com/nav/ngn/img/ 		43 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/clear.gif
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:23:00 GMT
server
IBM_HTTP_Server
date
Thu, 22 Aug 2019 19:47:10 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
43
logo_bluebox-55x54.svg
www.aexp-static.com/nav/ngn/img/ 		9 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/logo_bluebox-55x54.svg
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
9bedfbcc3e602d182e232daca408a303b96620908e515e31743c2b431d416d74
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
last-modified
Tue, 10 Apr 2018 19:15:17 GMT
server
IBM_HTTP_Server
status
200
date
Thu, 22 Aug 2019 19:47:10 GMT
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=29030400
accept-ranges
bytes
timing-allow-origin
*
content-length
3267
mmcore.js
service.maxymiser.net/cdn/americanexpress/js/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.maxymiser.net/cdn/americanexpress/js/mmcore.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.252.27 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-252-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
41292f536012bf093b1afc052a1127323d52e5d92dc6c9c88191e298fe84aa71

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.aexp-static.com/
Origin
https://www.aexp-static.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 22 Aug 2019 19:47:31 GMT
content-encoding
gzip
last-modified
Wed, 10 Oct 2018 23:37:13 GMT
server
Apache
status
200
etag
"370896ec73215bacb1c51a5182e2cf14:1539214633"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=1800
accept-ranges
bytes
content-length
6194
visitorAPI-NonAAM.js
www.aexp-static.com/api/axpi/omniture/ 		0
0
serverComponent.php
nexus.ensighten.com/amex/amexhead/ 		0
0
/
service.maxymiser.net/cg/v5us/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.maxymiser.net/cg/v5us/?fv=dmn%3Damericanexpress.com%3Bref%3D%3Burl%3Dhttps%253A%252F%252Fwww.aexp-static.com%252F%3Bscrw%3D1600%3Bscrh%3D1200%3Bclrd%3D24%3Bcok%3D1&lver=1.13&jsncl=mmRequestCallbacks%5B1%5D&ri=1&lto=120&jrt=f
Requested by
Host: service.maxymiser.net
URL: https://service.maxymiser.net/cdn/americanexpress/js/mmcore.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.252.27 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-252-27.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b0973becf41ece532a761a6520138955690f8a7b3a81a2726f341cff3d71d1a5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Thu, 22 Aug 2019 19:47:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
08/22/2019 19:47:35
server
nginx
x-node
fravwcgus04, fravllb01
vary
Accept-Encoding
p3p
CP="DEV IND NOI OTC OUR PSA PSD"
status
200
cache-control
no-store, no-cache, must-revalidate,post-check=0, pre-check=0
content-type
text/javascript; charset=utf-8
content-length
2694
expires
Sun, 06 Jan 1980 01:00:00 GMT
mmpackage-1.14.js
service.maxymiser.net/platform/us/api/ 		60 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.maxymiser.net/platform/us/api/mmpackage-1.14.js
Requested by
Host: service.maxymiser.net
URL: https://service.maxymiser.net/cdn/americanexpress/js/mmcore.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.252.27 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-252-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e1d7ba21683b4ad63d8e34d198d95a8641005f73a0c38768c648b3a42dce408a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.aexp-static.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 22 Aug 2019 19:47:35 GMT
content-encoding
gzip
last-modified
Wed, 05 Sep 2018 09:44:40 GMT
server
Apache
etag
"a683d9aeef75e750d201d9849d05eb6c:1536735589"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
19649

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.aexp-static.com
URL
https://www.aexp-static.com/api/axpi/omniture/visitorAPI-NonAAM.js
Domain
nexus.ensighten.com
URL
https://nexus.ensighten.com/amex/amexhead/serverComponent.php?r=9.718652020059725&ClientID=218&PageID=https%3A%2F%2Fwww.aexp-static.com%2F

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ensBootstraps object| amexhead object| mmLocalAttr object| mmRequestCallbacks object| mmsystem undefined| mmInitCallback function| deproxy

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: https://service.maxymiser.net/cdn/americanexpress/js/mmcore.js(Line 5)
Message:
TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN SAMEORIGIN