bmw.customer.charging-inclusive.com Open in urlscan Pro
18.194.77.151 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bmw.customer.charging-inclusive.com/
Submission: On November 27 via api (November 27th 2024, 3:21:46 pm UTC) from US — Scanned from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 18.194.77.151, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is bmw.customer.charging-inclusive.com.
TLS certificate: Issued by R11 on November 27th 2024. Valid for: 3 months.

This is the only time bmw.customer.charging-inclusive.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
13	18.194.77.151 18.194.77.151		16509 (AMAZON-02) (AMAZON-02)
18	2

13 18.194.77.151 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

bmw.customer.charging-inclusive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bmw.charging-inclusive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	charging-inclusive.com bmw.customer.charging-inclusive.com bmw.charging-inclusive.com	3 MB
18	1

	Domain	Requested by
8	bmw.customer.charging-inclusive.com	bmw.customer.charging-inclusive.com
5	bmw.charging-inclusive.com	bmw.customer.charging-inclusive.com
18	2

This site contains no links.

Subject Issuer	Validity	Valid
bmw.customer.charging-inclusive.com R11	`2024-11-27` - `2025-02-25`	3 months	crt.sh
bmw.charging-inclusive.com R11	`2024-11-22` - `2025-02-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bmw.customer.charging-inclusive.com/
Frame ID: 3CF1DDD5A478A1D41FB71998694C2B92
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Electric 360 Customer Portal

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

18
Requests

72 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

3008 kB
Transfer

3001 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
bmw.customer.charging-inclusive.com/ 644 B
1 KB 726ms
228ms Document
text/html 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

9cc08748e44c0c80f4526ab49161f3a523503f29bd5bdc7d7fe2789ae3642506

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-length: 644
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/html
date: Wed, 27 Nov 2024 15:21:35 GMT
etag: "67442084-284"
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 main.1e3dfdd1.js Show response
bmw.customer.charging-inclusive.com/static/js/ 1 MB
1 MB 684ms
683ms Script
application/javascript 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/js/main.1e3dfdd1.js

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

2aec37f71e35d854bbcf1b966b5b22d993e5b44426086892c74d7aca17075d06

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://bmw.customer.charging-inclusive.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-151b4e"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:35 GMT
accept-ranges: bytes
content-length: 1383246
date: Wed, 27 Nov 2024 15:21:35 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 main.cc209bd6.css
bmw.customer.charging-inclusive.com/static/css/ 1 MB
1 MB 229ms
229ms Stylesheet
text/css 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

c1717e4a40acfbfbb5aeddb16dab0fbe47b599fc3e6792249eb50696b41d0ade

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://bmw.customer.charging-inclusive.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-16a747"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:35 GMT
accept-ranges: bytes
content-length: 1484615
date: Wed, 27 Nov 2024 15:21:35 GMT
x-xss-protection: 1; mode=block
content-type: text/css
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 BMWTypeNext-Bold.c2402df69acc179f1a6c.woff2
bmw.customer.charging-inclusive.com/static/media/ 51 KB
51 KB 224ms
223ms Font
font/woff2 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Bold.c2402df69acc179f1a6c.woff2

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e45da139c9201d3eea5b6732c910151702cbe7075a5bfdcf18ec7acae229b0c2

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://bmw.customer.charging-inclusive.com
Referer: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-ca24"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:41 GMT
accept-ranges: bytes
content-length: 51748
date: Wed, 27 Nov 2024 15:21:41 GMT
x-xss-protection: 1; mode=block
content-type: font/woff2
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 BMWTypeNext-Regular.4bf59e9de221e84b5bb9.woff2
bmw.customer.charging-inclusive.com/static/media/ 51 KB
51 KB 227ms
226ms Font
font/woff2 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Regular.4bf59e9de221e84b5bb9.woff2

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0a7f12c7ab651998680f40ffe002a19c9048056c719742d27fffee4011c8f76f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://bmw.customer.charging-inclusive.com
Referer: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-cac4"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:41 GMT
accept-ranges: bytes
content-length: 51908
date: Wed, 27 Nov 2024 15:21:41 GMT
x-xss-protection: 1; mode=block
content-type: font/woff2
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 BMWTypeNext-Light.38c3595a65a56616ae14.woff2
bmw.customer.charging-inclusive.com/static/media/ 47 KB
48 KB 453ms
452ms Font
font/woff2 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Light.38c3595a65a56616ae14.woff2

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

130de76740ccbf038262e80b50a2fd1e7a1451fee8f04529f1cccfd86bd440e4

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://bmw.customer.charging-inclusive.com
Referer: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-bcfc"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:41 GMT
accept-ranges: bytes
content-length: 48380
date: Wed, 27 Nov 2024 15:21:41 GMT
x-xss-protection: 1; mode=block
content-type: font/woff2
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

OPTIONS
H2 403 translation
bmw.charging-inclusive.com/api/private/customer/ 0
0 797ms
226ms Preflight
text/plain 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.charging-inclusive.com/api/private/customer/translation?locale=de-de

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://bmw.customer.charging-inclusive.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 25
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/plain; charset=utf-8
date: Wed, 27 Nov 2024 15:21:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: a49244a10347cad15e40dc0a126350ac
x-xss-protection: 1; mode=block

GET translation
bmw.charging-inclusive.com/api/private/customer/ 0
0

GET models
bmw.charging-inclusive.com/api/private/customer/ 0
0

GET configuration
bmw.charging-inclusive.com/api/private/customer/ 0
0

OPTIONS
H2 403 models
bmw.charging-inclusive.com/api/private/customer/ 0
0 797ms
227ms Preflight
text/plain 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://bmw.customer.charging-inclusive.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 25
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/plain; charset=utf-8
date: Wed, 27 Nov 2024 15:21:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 01ec835c7faad7f32a9544334392bc81
x-xss-protection: 1; mode=block

OPTIONS
H2 403 configuration
bmw.charging-inclusive.com/api/private/customer/ 0
0 800ms
231ms Preflight
text/plain 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.charging-inclusive.com/api/private/customer/configuration?country_code=de

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://bmw.customer.charging-inclusive.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 25
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/plain; charset=utf-8
date: Wed, 27 Nov 2024 15:21:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: d8ff749cf81e6724d61de87088b931b1
x-xss-protection: 1; mode=block

OPTIONS
H2 403 models
bmw.charging-inclusive.com/api/private/customer/ 0
0 784ms
232ms Preflight
text/plain 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://bmw.customer.charging-inclusive.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 25
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/plain; charset=utf-8
date: Wed, 27 Nov 2024 15:21:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: ef0aa9c20ae16d67f8d42fa7106420f6
x-xss-protection: 1; mode=block

OPTIONS
H2 403 uptime
bmw.charging-inclusive.com/api/public/test/ 0
0 775ms
224ms Preflight
text/plain 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.charging-inclusive.com/api/public/test/uptime

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://bmw.customer.charging-inclusive.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-length: 25
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src https://bmw.charging-inclusive.com/ https://int.bmw.charging-inclusive.com/ https://test.bmw.charging-inclusive.com/ https://e2e.bmw.charging-inclusive.com/ https://mini.charging-inclusive.com/ https://int.mini.charging-inclusive.com/ https://test.mini.charging-inclusive.com/ https://e2e.mini.charging-inclusive.com/ https://rolls-royce.charging-inclusive.com/ https://int.rolls-royce.charging-inclusive.com/ https://test.rolls-royce.charging-inclusive.com/ https://e2e.rolls-royce.charging-inclusive.com/; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
content-type: text/plain; charset=utf-8
date: Wed, 27 Nov 2024 15:21:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 32c704a05224413d3e61c1909b52a245
x-xss-protection: 1; mode=block

GET models
bmw.charging-inclusive.com/api/private/customer/ 0
0

GET uptime
bmw.charging-inclusive.com/api/public/test/ 0
0

GET
H2 200 fontello.b8458aa9eaf3c745d252.woff
bmw.customer.charging-inclusive.com/static/media/ 28 KB
29 KB 223ms
221ms Font
font/woff 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/static/media/fontello.b8458aa9eaf3c745d252.woff

Requested by

Host: bmw.customer.charging-inclusive.com
URL: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

65665b9e24f7d4555d8f6c876ff37c8d67d1fa22a6bc4123d76c099053acd70b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://bmw.customer.charging-inclusive.com
Referer: https://bmw.customer.charging-inclusive.com/static/css/main.cc209bd6.css

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "67442084-7064"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:42 GMT
accept-ranges: bytes
content-length: 28772
date: Wed, 27 Nov 2024 15:21:42 GMT
x-xss-protection: 1; mode=block
content-type: font/woff
last-modified: Mon, 25 Nov 2024 07:00:20 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 bmw.png
bmw.customer.charging-inclusive.com/ 23 KB
24 KB 228ms
227ms Other
image/png 18.194.77.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmw.customer.charging-inclusive.com/bmw.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.194.77.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-194-77-151.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e7f9d3e96918fa965b793e4488de6aab0cfebfef759ccd04b11b8f4c55cc7f70

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://bmw.customer.charging-inclusive.com/selectproduct

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
cache-control: max-age=604800
etag: "6744204e-5c95"
x-content-type-options: nosniff
expires: Wed, 04 Dec 2024 15:21:43 GMT
accept-ranges: bytes
content-length: 23701
date: Wed, 27 Nov 2024 15:21:43 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Mon, 25 Nov 2024 06:59:26 GMT
x-frame-options: SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bmw.charging-inclusive.com
URL: https://bmw.charging-inclusive.com/api/private/customer/translation?locale=de-de

Domain: bmw.charging-inclusive.com
URL: https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de

Domain: bmw.charging-inclusive.com
URL: https://bmw.charging-inclusive.com/api/private/customer/configuration?country_code=de

Domain: bmw.charging-inclusive.com
URL: https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de

Domain: bmw.charging-inclusive.com
URL: https://bmw.charging-inclusive.com/api/public/test/uptime

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
intervention	info	URL: https://bmw.customer.charging-inclusive.com/ Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Bold.c2402df69acc179f1a6c.woff2
intervention	info	URL: https://bmw.customer.charging-inclusive.com/ Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Regular.4bf59e9de221e84b5bb9.woff2
intervention	info	URL: https://bmw.customer.charging-inclusive.com/ Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://bmw.customer.charging-inclusive.com/static/media/BMWTypeNext-Light.38c3595a65a56616ae14.woff2
intervention	info	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://bmw.customer.charging-inclusive.com/static/media/fontello.b8458aa9eaf3c745d252.woff
javascript	error	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Access to fetch at 'https://bmw.charging-inclusive.com/api/public/test/uptime' from origin 'https://bmw.customer.charging-inclusive.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bmw.charging-inclusive.com/api/public/test/uptime Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Access to fetch at 'https://bmw.charging-inclusive.com/api/private/customer/translation?locale=de-de' from origin 'https://bmw.customer.charging-inclusive.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bmw.charging-inclusive.com/api/private/customer/translation?locale=de-de Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Access to fetch at 'https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de' from origin 'https://bmw.customer.charging-inclusive.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Access to fetch at 'https://bmw.charging-inclusive.com/api/private/customer/configuration?country_code=de' from origin 'https://bmw.customer.charging-inclusive.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bmw.charging-inclusive.com/api/private/customer/configuration?country_code=de Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://bmw.customer.charging-inclusive.com/selectproduct Message: Access to fetch at 'https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de' from origin 'https://bmw.customer.charging-inclusive.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://bmw.charging-inclusive.com/api/private/customer/models?locale=de-de Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self'; frame-ancestors 'self'; object-src 'none'; img-src 'self' data: https: ; font-src 'self' data: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src https: ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bmw.charging-inclusive.com
bmw.customer.charging-inclusive.com
bmw.charging-inclusive.com
18.194.77.151
0a7f12c7ab651998680f40ffe002a19c9048056c719742d27fffee4011c8f76f
130de76740ccbf038262e80b50a2fd1e7a1451fee8f04529f1cccfd86bd440e4
2aec37f71e35d854bbcf1b966b5b22d993e5b44426086892c74d7aca17075d06
65665b9e24f7d4555d8f6c876ff37c8d67d1fa22a6bc4123d76c099053acd70b
9cc08748e44c0c80f4526ab49161f3a523503f29bd5bdc7d7fe2789ae3642506
c1717e4a40acfbfbb5aeddb16dab0fbe47b599fc3e6792249eb50696b41d0ade
e45da139c9201d3eea5b6732c910151702cbe7075a5bfdcf18ec7acae229b0c2
e7f9d3e96918fa965b793e4488de6aab0cfebfef759ccd04b11b8f4c55cc7f70

bmw.customer.charging-inclusive.com Open in urlscan Pro 18.194.77.151 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

72 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

3008 kBTransfer

3001 kBSize

0 Cookies

0 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

14 Console Messages

Security Headers

Indicators

bmw.customer.charging-inclusive.com Open in urlscan Pro
18.194.77.151 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

72 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

3008 kB
Transfer

3001 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions