urlscan.io logo urlscan.io
SecurityTrails logo

accounts-staging-dev.americanexpress.com Open in urlscan Pro
139.71.65.148  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://accounts-staging-dev.americanexpress.com/
Effective URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Submission: On September 04 via automatic, source certstream-suspicious — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 4 domains to perform 42 HTTP transactions. The main IP is 139.71.65.148, located in United States and belongs to AMERICAN-EXPRESS, US. The main domain is accounts-staging-dev.americanexpress.com.
TLS certificate: Issued by DigiCert EV RSA CA G2 on April 1st 2024. Valid for: a year.
This is the only time accounts-staging-dev.americanexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 139.71.65.148 6307 (AMERICAN-...)
14 139.71.66.22 6307 (AMERICAN-...)
4 23.212.203.180 16625 (AKAMAI-AS)
2 139.71.64.72 6307 (AMERICAN-...)
8 139.71.49.215 6307 (AMERICAN-...)
1 95.100.68.84 16625 (AKAMAI-AS)
2 139.71.178.129 6307 (AMERICAN-...)
1 139.71.64.155 6307 (AMERICAN-...)
1 139.71.178.26 6307 (AMERICAN-...)
1 44.197.233.91 14618 (AMAZON-AES)
3 35.186.194.58 15169 (GOOGLE)
1 35.201.112.186 396982 (GOOGLE-CL...)
42 13
2    139.71.65.148 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: accountsstaginguplift-deveusw1-vip.americanexpress.com
accounts-staging-dev.americanexpress.com
14    139.71.66.22 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: cdaas-dev1.americanexpress.com
cdaas-dev.americanexpress.com
4    23.212.203.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-203-180.deploy.static.akamaitechnologies.com
www.aexp-static.com
2    139.71.64.72 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: xpdp-deveusw1-vip.americanexpress.com
one-xp-dev.americanexpress.com
8    139.71.49.215 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: one-functions-r2.americanexpress.com
functions.americanexpress.com
1    95.100.68.84 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-68-84.deploy.static.akamaitechnologies.com
www.americanexpress.com
2    139.71.178.129 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: functionsc-dev-vip.americanexpress.com
functions-dev.americanexpress.com
1    139.71.64.155 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: ewpinterent-deveusw1-vip.americanexpress.com
apigw-dev.americanexpress.com
1    139.71.178.26 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: accountsuplift-deveusw1-vip.americanexpress.com
accounts-dev.americanexpress.com
1    44.197.233.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-233-91.compute-1.amazonaws.com
heapanalytics.com
3    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
1    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
Apex Domain
Subdomains		 Transfer
31 americanexpress.com
accounts-staging-dev.americanexpress.com
cdaas-dev.americanexpress.com — Cisco Umbrella Rank: 560468
one-xp-dev.americanexpress.com
functions.americanexpress.com — Cisco Umbrella Rank: 28049
www.americanexpress.com — Cisco Umbrella Rank: 18485
iwmapapi-dev.americanexpress.com Failed
functions-dev.americanexpress.com
apigw-dev.americanexpress.com Failed
accounts-dev.americanexpress.com
643 KB
4 fullstory.com
rs.fullstory.com — Cisco Umbrella Rank: 4041
edge.fullstory.com — Cisco Umbrella Rank: 4178
4 KB
4 aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 17513
269 KB
1 heapanalytics.com
heapanalytics.com — Cisco Umbrella Rank: 4304
261 B
42 4
Domain Requested by
14 cdaas-dev.americanexpress.com accounts-staging-dev.americanexpress.com
cdaas-dev.americanexpress.com
8 functions.americanexpress.com cdaas-dev.americanexpress.com
4 www.aexp-static.com accounts-staging-dev.americanexpress.com
cdaas-dev.americanexpress.com
www.aexp-static.com
3 rs.fullstory.com www.aexp-static.com
2 functions-dev.americanexpress.com cdaas-dev.americanexpress.com
2 one-xp-dev.americanexpress.com cdaas-dev.americanexpress.com
2 accounts-staging-dev.americanexpress.com 1 redirects
1 edge.fullstory.com www.aexp-static.com
1 heapanalytics.com
1 accounts-dev.americanexpress.com www.aexp-static.com
1 apigw-dev.americanexpress.com cdaas-dev.americanexpress.com
1 www.americanexpress.com
0 iwmapapi-dev.americanexpress.com Failed cdaas-dev.americanexpress.com
42 13

This site contains links to these domains. Also see Links.

Domain
www.americanexpress.com
Subject Issuer Validity Valid
iaas.600001023.E341724.americanexpress.com
DigiCert EV RSA CA G2		 2024-04-01 -
2025-03-31		 a year crt.sh
cdaas-dev.americanexpress.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-24 -
2025-07-23		 a year crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-06 -
2025-03-06		 a year crt.sh
xpdp-deveusw1.americanexpress.com
DigiCert EV RSA CA G2		 2024-07-04 -
2025-07-03		 a year crt.sh
functions.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2024-08-08 -
2025-08-08		 a year crt.sh
www.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2024-07-08 -
2025-07-05		 a year crt.sh
functionsc-dev.americanexpress.com
DigiCert EV RSA CA G2		 2024-08-08 -
2025-08-07		 a year crt.sh
ewpinterent-deveusw1.americanexpress.com
DigiCert EV RSA CA G2		 2024-07-15 -
2025-07-14		 a year crt.sh
accountsuplift-deveusw1.americanexpress.com
DigiCert EV RSA CA G2		 2024-09-03 -
2025-09-02		 a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02		 2023-11-09 -
2024-12-08		 a year crt.sh
rs.fullstory.com
WR3		 2024-08-25 -
2024-11-23		 3 months crt.sh
edge.fullstory.com
WR3		 2024-08-24 -
2024-11-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Frame ID: F5D675AC9EABDAC0376360DC52E95B9A
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

American Express - Business Checking Account

Page URL History Show full URLs

  1. https://accounts-staging-dev.americanexpress.com/ HTTP 302
    https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • aexp-static\.com
Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Page Statistics

42
Requests

93 %
HTTPS

0 %
IPv6

4
Domains

13
Subdomains

13
IPs

2
Countries

913 kB
Transfer

3707 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://accounts-staging-dev.americanexpress.com/ HTTP 302
    https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request checking
accounts-staging-dev.americanexpress.com/en-us/banking/business/
Redirect Chain
  • https://accounts-staging-dev.americanexpress.com/
  • https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
31 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.65.148 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
accountsstaginguplift-deveusw1-vip.americanexpress.com
Software
/
Resource Hash
91042b037da575a65dd19f6ecfe26de465aeb9f90011b557660083958040a9e7
Security Headers
Name Value
Content-Security-Policy report-uri https://accounts-dev.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-36ab70ea-bfc3-4e6b-a21a-9e15aa71588e' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Transfer-Encoding
chunked
cache-control
no-store
content-encoding
gzip
content-security-policy
report-uri https://accounts-dev.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-36ab70ea-bfc3-4e6b-a21a-9e15aa71588e' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
content-type
text/html; charset=utf-8
date
Wed, 04 Sep 2024 04:18:40 GMT
etag
W/"7cc1-MwajAUQ1antUxhoMpL/+osE6QcI"
one-app-version
5.25.0-61e4465e
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
26
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store
content-length
108
content-security-policy
report-uri https://accounts-dev.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-3f11c436-fc14-4987-a6ac-b4942cb3500c' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
content-type
text/html; charset=utf-8
date
Wed, 04 Sep 2024 04:18:40 GMT
location
/en-us/banking/business/checking
one-app-version
5.25.0-61e4465e
pragma
no-cache
referrer-policy
same-origin
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept, Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
17
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
app~vendors.js
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 		470 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
b3404d578aac9a2f533e50fe62ca0a021f95c64c567079bb3fc2c20ccc9cd7cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 10 Jun 2024 15:22:12 GMT
ETag
W/"66671a24-7597a"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
runtime.js
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/runtime.js
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
f1c2fda9627351e28491ab6832e1b716b32ddd416da7e2715f62140721866f91
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 10 Jun 2024 15:22:12 GMT
ETag
W/"66671a24-3e70"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
vendors.js
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 		174 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/vendors.js
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
45e6f3e6847536e5fb63d629bed17ffb329fe44699356518657491a69d74e869
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 10 Jun 2024 15:22:12 GMT
ETag
W/"66671a24-2b640"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
it-IT.js
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/i18n/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/i18n/it-IT.js
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
85ec7bc12991ea417f83be7da59f274dd6a75c782c7df7d98ea636a7c35234d0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 10 Jun 2024 15:22:12 GMT
ETag
W/"66671a24-ca7"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
banking-root.browser.js
cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/ 		1 MB
268 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/banking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
4a8356754939790a28510c4a22ab32cb6cb78b961ea6280d8250ce9cdd31d040
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 03 Sep 2024 16:32:52 GMT
ETag
W/"66d73a34-149403"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
banking-business-checking-root.browser.js
www.aexp-static.com/cdaas/one-app/modules/banking-business-checking-root/8.0.0/ 		353 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one-app/modules/banking-business-checking-root/8.0.0/banking-business-checking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c34f1dbc70ed8d45005ee237dc900be6296b7a2d92dc164c899d060727f42499

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 04:18:40 GMT
content-encoding
gzip
last-modified
Fri, 23 Aug 2024 17:59:25 GMT
etag
W/"66c8cdfd-58321"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
102611
app.js
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 		137 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js
Requested by
Host: accounts-staging-dev.americanexpress.com
URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
0259245f15c129a1bb6cae4e940200ccde42cd4a7a12e8d182580578446506c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:41 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 10 Jun 2024 15:22:12 GMT
ETag
W/"66671a24-22390"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
find
one-xp-dev.americanexpress.com/variant/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://one-xp-dev.americanexpress.com/variant/find
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
xpdp-deveusw1-vip.americanexpress.com
Software
BigIP /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://accounts-staging-dev.americanexpress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Connection
Keep-Alive
Content-Length
0
Server
BigIP
integration.json
cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/it-it/ 		548 B
866 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/it-it/integration.json
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:43 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
text/html
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Transfer-Encoding
chunked
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
ReadScriptRegistry.v1
functions.americanexpress.com/ 		460 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/banking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
5d4539ddd8b5a7246db9f94f5729434219bc6e56917e88514074804fcccd72bc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:43 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
321
ReadScriptRegistry.v1
functions.americanexpress.com/ 		478 B
419 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=dxt-script-supplier-helper&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/banking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
9299c1150aa7419d5ee9b0c7fc6b657c9c0856db430113a9a52b944098dfc66a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:43 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
318
find
one-xp-dev.americanexpress.com/variant/ 		5 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://one-xp-dev.americanexpress.com/variant/find
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
xpdp-deveusw1-vip.americanexpress.com
Software
/
Resource Hash
627f9cd237caf40b0db50bf791150cc3a28579fdd5d84e9bb614c450b9256571
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 04 Sep 2024 04:18:45 GMT
content-security-policy
default-src 'none'; frame-ancestors 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
x-permitted-cross-domain-policies
none
allow
GET, POST, PUT, DELETE, OPTIONS
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-max-age
86400
access-control-allow-credentials
true
x-envoy-upstream-service-time
20
Transfer-Encoding
chunked
access-control-allow-headers
Content-Type, User-Agent, Origin, Accept
dls.min.css
www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.5/package/dist/6.25.5/styles/ 		363 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.5/package/dist/6.25.5/styles/dls.min.css
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/vendors.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2d2cfcc47345381bde80f32bc27d4906b685d5c12496eaba777253b1ca004959

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 04:18:43 GMT
content-encoding
gzip
last-modified
Wed, 15 Nov 2023 18:35:16 GMT
etag
W/"65550f64-5aceb"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
text/css
access-control-allow-origin
https://global.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
48882
integration.json
cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/en-us/ 		83 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/en-us/integration.json
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
703c25da4a3aba8cd089a0ff0efda4922df2af07548e0eface29b8ee320cdda6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:43 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 03 Sep 2024 16:31:47 GMT
ETag
W/"66d739f3-53"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/json
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
UCM.js
cdaas-dev.americanexpress.com/cdaas/user-consent-management/ucm/v1.13.11/ 		239 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/user-consent-management/ucm/v1.13.11/UCM.js
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/banking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
18ad13dff046526d0285a26e103800c9384b6e6147b8b4926c5721a751738262
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 27 Aug 2024 18:56:18 GMT
ETag
W/"66ce2152-3bbff"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
dxt-script-supplier-helper.js
cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/ 		66 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/banking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
125d89a6d9fd7d4e95d1e150229656cbdd262de74c5e593022e049431bf3bfc4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 03 Sep 2024 15:45:39 GMT
ETag
W/"66d72f23-108d9"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
ReadScriptRegistry.v1
functions.americanexpress.com/ 		456 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=datapoint-script&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
d8b5294e4010a97f58c17c7ad00d0ae7bab498cd31ccb55224a33daa753c1082
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
313
ReadScriptRegistry.v1
functions.americanexpress.com/ 		484 B
436 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-stream-data-handler&version=%5E0.1.1&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
1d7a776ef78d8a908a5728e2eff0480d87fc48e0f400a2c0d1f53e8fa1f1ed7e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
335
ReadScriptRegistry.v1
functions.americanexpress.com/ 		449 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-identity-session&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
c40f844f94e9209e353c3eaba37ad243bdf5c14842ca00052fa2419e34f940ca
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
315
ReadScriptRegistry.v1
functions.americanexpress.com/ 		460 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=adobe&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
99e75e9555d693e4064295694cf9c973af0a7744702772aea32e4c57fcb53c92
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
327
ReadScriptRegistry.v1
functions.americanexpress.com/ 		449 B
430 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=clicktochat&version=%5E1.0.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
4612abd23d5f87f691062c69639f238c309dd61f5c36c1e4642f602afb97df9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
329
ReadScriptRegistry.v1
functions.americanexpress.com/ 		455 B
425 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=dynatrace&version=%5E1.5.0&environment=e1&cache=1725423
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.49.215 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions-r2.americanexpress.com
Software
/
Resource Hash
ddd79962efcf672e4795a70c4cc78e243cc85242811237926e7a44ed46ee85c7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 04:18:44 GMT
access-control-max-age
86400
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
access-control-allow-headers
one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type
content-length
324
oneStream.js
cdaas-dev.americanexpress.com/cdaas/dxt-vendor-shared-scripts/one-stream-data-handler/v0.1.7/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/cdaas/dxt-vendor-shared-scripts/one-stream-data-handler/v0.1.7/oneStream.js
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
f83cd624a8bee00c962128fefe1df4f7750f91d3914260472f55b86effe4ce4c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 20 Aug 2024 16:20:42 GMT
ETag
W/"66c4c25a-935"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
timeout.js
cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/timeout.js
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
bebe5dd098851f81065ecda1ff68d2f3af8eb3885273fe66336125bf8ee07445
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Wed, 28 Aug 2024 14:02:30 GMT
ETag
W/"66cf2df6-98c2"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
chatTaggingBootStrap.js
cdaas-dev.americanexpress.com/one/axp-chat-bootstrap/1.5.2/ 		82 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas-dev.americanexpress.com/one/axp-chat-bootstrap/1.5.2/chatTaggingBootStrap.js
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
c8534563cb0a643d8a3080fd9a5245c15854f61bc3d27d7edbe11e2020ad9a7f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:44 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Content-Encoding
br
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Tue, 26 Mar 2024 14:19:55 GMT
ETag
W/"6602d98b-14944"
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Allow-Origin
https://accounts-staging-dev.americanexpress.com
Cache-Control
max-age=31536000, must-revalidate
Access-Control-Allow-Credentials
true
X-Frame-Options
DENY
Timing-Allow-Origin
*
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
favicon.ico
www.americanexpress.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.americanexpress.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.68.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-68-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Wed, 04 Sep 2024 04:18:45 GMT
last-modified
Fri, 07 Jun 2019 04:05:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
x-cnection
close
accept-ranges
bytes
content-length
1381
beacon
iwmapapi-dev.americanexpress.com/ 		0
0
beacon
iwmapapi-dev.americanexpress.com/ 		0
0
UpdateUserSession.v1
functions-dev.americanexpress.com/ 		228 B
577 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions-dev.americanexpress.com/UpdateUserSession.v1
Requested by
Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/timeout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.178.129 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functionsc-dev-vip.americanexpress.com
Software
/
Resource Hash
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b

Request headers

one-data-correlation-id
eabf315f-4c2e-47bc-9ed4-f6aa7aa8eaa1
Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 04 Sep 2024 04:18:46 GMT
content-encoding
gzip
vary
origin
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-max-age
86400
access-control-allow-credentials
true
x-envoy-upstream-service-time
38
access-control-allow-headers
accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary
content-length
199
info.filled.svg
cdaas-dev.americanexpress.com/one/universal-session-manager-assets/ 		361 B
962 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdaas-dev.americanexpress.com/one/universal-session-manager-assets/info.filled.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas-dev1.americanexpress.com
Software
/
Resource Hash
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Wed, 04 Sep 2024 04:18:45 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Last-Modified
Tue, 25 Apr 2023 16:27:29 GMT
Content-Encoding
br
ETag
W/"6447ff71-169"
Vary
Origin
X-Frame-Options
DENY
Content-Type
image/svg+xml
Transfer-Encoding
chunked
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
UpdateUserSession.v1
functions-dev.americanexpress.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://functions-dev.americanexpress.com/UpdateUserSession.v1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.178.129 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functionsc-dev-vip.americanexpress.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,one-data-correlation-id
Access-Control-Request-Method
POST
Origin
https://accounts-staging-dev.americanexpress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary
access-control-allow-methods
POST,OPTIONS,GET
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-max-age
86400
content-length
0
date
Wed, 04 Sep 2024 04:18:45 GMT
x-envoy-upstream-service-time
23
inquiry_results
apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/ 		0
0
inquiry_results
apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/inquiry_results
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.64.155 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
ewpinterent-deveusw1-vip.americanexpress.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,one-data-correlation-id
Access-Control-Request-Method
POST
Origin
https://accounts-staging-dev.americanexpress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-length
0
date
Wed, 04 Sep 2024 04:18:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
43
full-story.js
www.aexp-static.com/cdaas/banking/business-checking/assets/ 		263 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/banking/business-checking/assets/full-story.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one-app/modules/banking-business-checking-root/8.0.0/banking-business-checking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9ebee46eca18876c7d599bf20bd8f65c9d947350847e1aa7088cedef3d0af160

Request headers

Referer
Origin
https://accounts-staging-dev.americanexpress.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 04:18:45 GMT
content-encoding
gzip
last-modified
Fri, 06 Jan 2023 22:19:54 GMT
etag
W/"63b89e8a-41bf3"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
heap-4051235984.js
www.aexp-static.com/cdaas/banking/business-checking/assets/ 		128 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/banking/business-checking/assets/heap-4051235984.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one-app/modules/banking-business-checking-root/8.0.0/banking-business-checking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
592e73452a01abf467a83ad718e46254eba1f20e8a4ec150200ef887a48a469d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 04:18:45 GMT
content-encoding
gzip
last-modified
Thu, 16 Feb 2023 19:45:28 GMT
etag
W/"63ee87d8-201cc"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
42100
csp-violation
accounts-dev.americanexpress.com/_/report/security/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts-dev.americanexpress.com/_/report/security/csp-violation
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/banking/business-checking/assets/heap-4051235984.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.178.26 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
accountsuplift-deveusw1-vip.americanexpress.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy report-uri https://accountsuplift-deveusw1.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-378c9a1b-7b41-428f-b539-29fe94c3f12d' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 04 Sep 2024 04:18:46 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
report-uri https://accountsuplift-deveusw1.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-378c9a1b-7b41-428f-b539-29fe94c3f12d' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
x-download-options
noopen
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-envoy-upstream-service-time
13
one-app-version
5.25.0-61e4465e
x-xss-protection
1; mode=block
h
heapanalytics.com/ 		37 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=4051235984&u=5836449538369816&v=2320800822341313&s=4317691695381365&b=web&tv=4.0&z=0&h=%2Fen-us%2Fbanking%2Fbusiness%2Fchecking&d=accounts-staging-dev.americanexpress.com&t=American%20Express%20-%20Business%20Checking%20Account&ts=1725423525742&st=1725423525745
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.197.233.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-233-91.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 04:18:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
page
rs.fullstory.com/rec/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/banking/business-checking/assets/full-story.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
15b6436e1097911ce0f67bdd71a8de82d7f68f081d356c076284230ed9218b55

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 04 Sep 2024 04:18:46 GMT
content-encoding
gzip
via
1.1 google
content-type
application/json; charset=utf-8
access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1497
web
edge.fullstory.com/s/settings/tOv/v1/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/tOv/v1/web
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/banking/business-checking/assets/full-story.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
473c3ae1da2c56f12ae61b864ed0c39e68503534cb4a6a97fff9f2fd299109aa

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 04:18:46 GMT
content-encoding
gzip
x-guploader-uploadid
AD-8ljsKmoYzrZXtFwg9OpJdORAKXPEMqVs4dKzk4Z8_fFNVfRhkrem2o-Hv_uYogpXnbeIKACU
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1428
last-modified
Wed, 04 Sep 2024 04:17:37 GMT
server
UploadServer
etag
"2669ae7fd8324ddd20e4901d42560567"
x-goog-generation
1725423457592899
content-type
application/json
access-control-allow-origin
*
x-goog-hash
crc32c=4uEUHQ==, md5=Jmmuf9gyTd0g5JAdQlYFZw==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1428
accept-ranges
bytes
expires
Wed, 04 Sep 2024 04:33:46 GMT
v2
rs.fullstory.com/rec/bundle/ 		29 B
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=tOv&UserId=dc50d43e-be39-4e5e-85d6-f11a113b9a39&SessionId=c698ed54-65f8-4396-8b51-0fdf2f29b894&PageId=7faedd6d-32ff-4747-9360-e9b034e61cd3&Seq=1&PageStart=1725423526536&PrevBundleTime=0&LastActivity=6&IsNewSession=true
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/banking/business-checking/assets/full-story.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
47d5d1283eee9932c3424a49b55f4c6e84ec97d32e169ecd5da87fc296d6fdfe

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
date
Wed, 04 Sep 2024 04:18:46 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
v2
rs.fullstory.com/rec/bundle/ 		29 B
79 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=tOv&UserId=dc50d43e-be39-4e5e-85d6-f11a113b9a39&SessionId=c698ed54-65f8-4396-8b51-0fdf2f29b894&PageId=7faedd6d-32ff-4747-9360-e9b034e61cd3&Seq=2&PageStart=1725423526536&PrevBundleTime=1725423526648&LastActivity=4865&IsNewSession=true
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/banking/business-checking/assets/full-story.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
cca83b0e03f33698bdae467613617f05c9df95a32bf9b994e8d8f30c651e9640

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://accounts-staging-dev.americanexpress.com
date
Wed, 04 Sep 2024 04:18:51 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
iwmapapi-dev.americanexpress.com
URL
https://iwmapapi-dev.americanexpress.com/beacon
Domain
iwmapapi-dev.americanexpress.com
URL
https://iwmapapi-dev.americanexpress.com/beacon
Domain
apigw-dev.americanexpress.com
URL
https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/inquiry_results

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| __webpack_public_path__ object| __CLIENT_HOLOCRON_MODULE_MAP__ string| __holocron_module_bundle_type__ object| __pwa_metadata__ string| __render_mode__ object| webpackJsonp function| clearImmediate function| setImmediate object| regeneratorRuntime object| React object| PropTypes object| OneAppRouter function| CreateSharedReactContext object| Redux object| Immutable object| ReactDOM object| ReactRedux object| Reselect object| Holocron object| OneAppDucks object| HolocronModuleRoute object| ReactHelmet object| __REACT_INTL_CONTEXT__ function| getTenantRootModule string| rootModuleName object| webpackJsonpholocronModule_banking_business_checking_root string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| IntlPolyfill object| _axpScriptSupplier string| UCMPageLocale object| axpScriptSupplier object| digitalDataHandlers object| EuCookieConsentHandlers object| clickToChatData object| scriptConfig object| DataManager object| scriptSupplierPrivacySingleton object| UserConsentManagementConsentChecking object| oneStreamData object| AmexSession object| timeout object| CHAT_URLS object| chat string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS boolean| _fs_initialized object| heap string| _fs_loaded function| _fs_shutdown

9 Cookies

Domain/Path Name / Value
cdaas-dev.americanexpress.com/one/universal-session-manager-assets Name: Path
Value: /
.americanexpress.com/ Name: agent-id
Value: 7983075541725423525243222
one-xp-dev.americanexpress.com/ Name: TS0139a03f
Value: 0130e1357587b8fef14481fd715b911d3cb3b7c59395ff3c73ac6a0d4e26d84af5afbf8ecd697f7cd0ceadfe588a72779da2f82b3c
.americanexpress.com/ Name: TS0114bdae
Value: 0130e1357587b8fef14481fd715b911d3cb3b7c59395ff3c73ac6a0d4e26d84af5afbf8ecd697f7cd0ceadfe588a72779da2f82b3c
.americanexpress.com/ Name: _hp2_id.4051235984
Value: %7B%22userId%22%3A%225836449538369816%22%2C%22pageviewId%22%3A%222320800822341313%22%2C%22sessionId%22%3A%224317691695381365%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
cdaas-dev.americanexpress.com/ Name: TS0139a03f
Value: 018b11f77a9adc260f2894958194f3f1c405abd0d995d022d1882cf53c46ae37867891342fdd2cb1c57467078ebebdf3a7e0a5b0b0
.americanexpress.com/ Name: _hp2_ses_props.4051235984
Value: %7B%22ts%22%3A1725423525742%2C%22d%22%3A%22accounts-staging-dev.americanexpress.com%22%2C%22h%22%3A%22%2Fen-us%2Fbanking%2Fbusiness%2Fchecking%22%7D
.americanexpress.com/ Name: fs_lua
Value: 1.1725423526535
.americanexpress.com/ Name: fs_uid
Value: #tOv#dc50d43e-be39-4e5e-85d6-f11a113b9a39:c698ed54-65f8-4396-8b51-0fdf2f29b894:1725423526535::1#/1756959525

4 Console Messages

Source Level URL
Text
network error URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/banking-root/0.0.0-develop.gitf9ab405.build60/it-it/integration.json
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: https://accounts-staging-dev.americanexpress.com/en-us/banking/business/checking
Message:
Access to XMLHttpRequest at 'https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/inquiry_results' from origin 'https://accounts-staging-dev.americanexpress.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/tagging/inquiry_results
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://functions-dev.americanexpress.com/UpdateUserSession.v1
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri https://accounts-dev.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com wss://*.americanexpress.com *.aexp-static.com blob: fonts.gstatic.com; script-src 'nonce-36ab70ea-bfc3-4e6b-a21a-9e15aa71588e' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com c.evidon.com assets.adobedtm.com maps.googleapis.com webgwy.neustar.biz staging.cdn-net.com www.cdn-path.com nexus.ensighten.com ct.contentsquare.net contentsquare.com t.contentsquare.net app.contentsquare.com; img-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com data: c.evidon.com mver.agkn.com siteintercept.qualtrics.com ct.pinterest.com/v3/ s.amazon-adsystem.com sp.analytics.yahoo.com www.facebook.com www.googleadservices.com/pagead/conversion/ www.google.com/pagead/1p-conversion/ ad.doubleclick.net ca1.qualtrics.com s.pinimg.com adservice.google.com googleads.g.doubleclick.net ep.bankrate.com www.bankrate.com www.depositaccounts.com products.gobankingrates.com www.gobankingrates.com www.nextinsure.com www.orjg.net www.pretected.com i.pretected.com maps.googleapis.com maps.gstatic.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net heapanalytics.com sprout-cdn.kabbage.com alb.reddit.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com dpm.demdex.net siteintercept.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.americanexpress.com wss://*.americanexpress.com rs.fullstory.com edge.fullstory.com cdn.optimizely.com logx.optimizely.com cdn.segment.com api.segment.io; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors *.americanexpress.com *.aexp.com; frame-src blob: *.yodlee.com *.americanexpress.com *.aexp.com staging.cdn-net.com www.cdn-path.com; child-src blob: *.americanexpress.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts-dev.americanexpress.com
accounts-staging-dev.americanexpress.com
apigw-dev.americanexpress.com
cdaas-dev.americanexpress.com
edge.fullstory.com
functions-dev.americanexpress.com
functions.americanexpress.com
heapanalytics.com
iwmapapi-dev.americanexpress.com
one-xp-dev.americanexpress.com
rs.fullstory.com
www.aexp-static.com
www.americanexpress.com
apigw-dev.americanexpress.com
iwmapapi-dev.americanexpress.com
139.71.178.129
139.71.178.26
139.71.49.215
139.71.64.155
139.71.64.72
139.71.65.148
139.71.66.22
23.212.203.180
35.186.194.58
35.201.112.186
44.197.233.91
95.100.68.84
0259245f15c129a1bb6cae4e940200ccde42cd4a7a12e8d182580578446506c0
125d89a6d9fd7d4e95d1e150229656cbdd262de74c5e593022e049431bf3bfc4
15b6436e1097911ce0f67bdd71a8de82d7f68f081d356c076284230ed9218b55
18ad13dff046526d0285a26e103800c9384b6e6147b8b4926c5721a751738262
1d7a776ef78d8a908a5728e2eff0480d87fc48e0f400a2c0d1f53e8fa1f1ed7e
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
2d2cfcc47345381bde80f32bc27d4906b685d5c12496eaba777253b1ca004959
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b
45e6f3e6847536e5fb63d629bed17ffb329fe44699356518657491a69d74e869
4612abd23d5f87f691062c69639f238c309dd61f5c36c1e4642f602afb97df9c
473c3ae1da2c56f12ae61b864ed0c39e68503534cb4a6a97fff9f2fd299109aa
47d5d1283eee9932c3424a49b55f4c6e84ec97d32e169ecd5da87fc296d6fdfe
4a8356754939790a28510c4a22ab32cb6cb78b961ea6280d8250ce9cdd31d040
592e73452a01abf467a83ad718e46254eba1f20e8a4ec150200ef887a48a469d
5d4539ddd8b5a7246db9f94f5729434219bc6e56917e88514074804fcccd72bc
627f9cd237caf40b0db50bf791150cc3a28579fdd5d84e9bb614c450b9256571
703c25da4a3aba8cd089a0ff0efda4922df2af07548e0eface29b8ee320cdda6
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640
85ec7bc12991ea417f83be7da59f274dd6a75c782c7df7d98ea636a7c35234d0
91042b037da575a65dd19f6ecfe26de465aeb9f90011b557660083958040a9e7
9299c1150aa7419d5ee9b0c7fc6b657c9c0856db430113a9a52b944098dfc66a
99e75e9555d693e4064295694cf9c973af0a7744702772aea32e4c57fcb53c92
9ebee46eca18876c7d599bf20bd8f65c9d947350847e1aa7088cedef3d0af160
b3404d578aac9a2f533e50fe62ca0a021f95c64c567079bb3fc2c20ccc9cd7cf
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bebe5dd098851f81065ecda1ff68d2f3af8eb3885273fe66336125bf8ee07445
c34f1dbc70ed8d45005ee237dc900be6296b7a2d92dc164c899d060727f42499
c40f844f94e9209e353c3eaba37ad243bdf5c14842ca00052fa2419e34f940ca
c8534563cb0a643d8a3080fd9a5245c15854f61bc3d27d7edbe11e2020ad9a7f
cca83b0e03f33698bdae467613617f05c9df95a32bf9b994e8d8f30c651e9640
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d8b5294e4010a97f58c17c7ad00d0ae7bab498cd31ccb55224a33daa753c1082
ddd79962efcf672e4795a70c4cc78e243cc85242811237926e7a44ed46ee85c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1c2fda9627351e28491ab6832e1b716b32ddd416da7e2715f62140721866f91
f83cd624a8bee00c962128fefe1df4f7750f91d3914260472f55b86effe4ce4c