⬇ Download as HTML File

Nissan North America — Infrastructure Technology Matrix

nissanusa.com  |  TYO: 7201  |  Analysis Date: June 30, 2026

Secure Gap Partial ℹ Info CF Opportunity
At-a-Glance — Who Runs What 3 NISSAN PROPERTIES ALREADY ON CLOUDFLARE
DNS
UltraDNS (Vercara)
4 NS · est. ~2010–2012
CDN
Akamai
Helios platform · edgekey.net
WAF
Akamai
Blocks XSS/SQLi/traversal
Bot Management
Akamai
Bot Manager · _abck cookies
API Security
None
GraphQL exposed in cert SANs
Network DDoS
ISP-only (AT&T & Verizon)
AS2386 · 15+ /24 blocks · no IPv6
Email Security
Amazon SES
Transactional only · DMARC reject
Identity / SSO
Not Detected
No Okta / Azure AD / Entra visible
Dealer Ops
Epsilon Interactive
Publicis Groupe · dealers + service
Existing CF Footprint
Cloudflare
nissanev.com · store · parts
Competitor Intel
Hyundai/Kia/Genesis on CF
Entire Hyundai Motor Group
Platform / CMS
Helios (Custom)
Built on Akamai · shared w/ Infiniti
Core Infrastructure
UltraDNS (Vercara)Managed DNS
Category
Managed DNS
Nameservers
4 UltraDNS NS
edns2.ultradns.biz / .com / .net / .org
DNSSEC
Not Enabled
CAA Records
None Published
IPv6 (AAAA)
None native — only via Akamai CNAME chain
Wildcard
Yes → 11.9.0.1 (sinkhole catch-all)
Est. Activation
~2010–2012   Medium
CF Opportunity: 1-click DNSSEC, CAA mgmt, native IPv6, fastest DNS globally
AkamaiCDN (Helios Platform)
Category
Content Delivery Network
Coverage
www, owners, build, test, es, zh, cpo
Via edgekey.net / edgesuite.net CNAME
Platform
Helios — custom CMS built on Akamai
Shared w/ infinitiusa.com
Caching
Active page-caching via x-helios-akamai-content-class
Gaps
dealers, service, careers, parts, store — NOT on Akamai CDN
Header Leaks
x-helios-cdn-vendor, akamai-grn, server-timing exposed
Est. Activation
~2015–2017   Medium
CF Opportunity: Unified CDN across ALL subdomains, header stripping, faster TTFB
AkamaiWAF
Category
Web Application Firewall
XSS Test
HTTP 403 — Blocked
SQLi Test
HTTP 403 — Blocked
Path Traversal
HTTP 403 — Blocked
Coverage
Akamai-fronted sites only
dealers, service, dev, qa = NO WAF
Missing Headers
CSP, Referrer-Policy, Permissions-Policy
Est. Activation
~2015–2017   Medium
CF Opportunity: Managed WAF rulesets, ALL-subdomain coverage, Managed Headers
AkamaiBot Manager
Category
Bot Management
Status
Active on www
Cookies
_abck (behavioral fingerprint)
bm_sz (session tracking)
Also on CF
parts.nissanusa.com
cf-mitigated: challenge (Cloudflare Bot Mgmt)
Gaps
dealers, service — NO bot protection
High-value scraping targets
Est. Activation
~2018–2020   Medium
Confidence
High
CF Opportunity: CF Bot Mgmt already active on parts — extend to all subdomains
None DetectedAPI Security / Gateway
Category
API Security
API Gateway
None detected
GraphQL
graphql.nissanusa.com exposed in SSL cert SANs
CSP Header
Missing on www (present on parts via CF)
Permissions-Policy
Missing on www (present on parts via CF)
Geo Leak
Akamai Edgescape headers leak visitor lat/long/ZIP in responses
Confidence
High
CF Opportunity: API Shield for GraphQL, Transform Rules, API Gateway
Hosting, Network & Certificates
Epsilon InteractiveDealer & Service Hosting
Category
Managed Hosting (Publicis Groupe)
ASN
AS19137 (Epsilon Interactive)
IPs
159.127.187.180 (dealers)
159.127.198.18 (service)
WAF/CDN
NONE — zero edge protection
Bot Mgmt
None detected
Est. Activation
~2016–2018   Medium
CF Opportunity: Unprotected dealer/service sites — easy quick win
Nissan Motor Co.On-Prem Network (AS2386)
Category
Self-Managed Network
ASN
AS2386 (Nissan Motor Co., Ltd.)
IP Blocks
108.160.33-39.0/24 (Corporate)
12.x.x.x /24s (Legacy AT&T)
74.174.40.0/21
(15+ prefixes total)
Transit
AT&T, Verizon, Comcast, Leaseweb
IPv6
Zero IPv6 announced
DDoS
None — ISP transit only
CF Opportunity: Magic Transit for 15+ /24 blocks + IPv6
Let's Encrypt R12SSL/TLS Certificates
Category
Certificate Management
Issuer
Let's Encrypt R12 (ISRG Root X1)
90-day auto-rotation via ACME
Subject CN
ms-prd-nna.use.mediaserver.heliosnissan.net
SANs
42+ domains on single cert
Includes UAT, staging, campaigns
Shared With
infinitiusa.com, heliosnissan.net, heliosinfiniti.net, campaign domains
Confidence
High
CF Opportunity: Per-hostname certs, Advanced Certificate Manager
123.Net (Michigan ISP) Dev/QA Hosting
Category
Budget Regional ISP
ASN
AS12129 (123.Net, Inc.)
IPs
216.109.198.119 (dev)
216.109.198.106 (qa)
WAF/CDN
NONE — fully exposed
Risk
HIGH — public dev/qa, no auth
Confidence
High
CF Opportunity: IMMEDIATE — CF Access to gate dev/qa behind identity
Kyndryl (ex-IBM)Careers Hosting
Category
Managed Services
ASN
AS2140 (Kyndryl / IBM legacy)
IP
129.33.74.83 (careers)
Origin
IBM spinoff (Nov 2021) — legacy contract
WAF/CDN
Separate security posture
Confidence
Medium
CF Opportunity: Proxy in front of Kyndryl for WAF + perf
Email, Identity & Security
Amazon SESTransactional Email
Category
Transactional Email
MX
No MX records — not used for inbound
SPF
Soft fail (~all) — should be -all
DMARC
p=reject (strongest)
rua/ruf → 250ok (Validity)
DKIM
No discoverable selectors
Est. Activation
~2020   Medium
CF Opportunity: CF Email Security — complement transactional stack
nissan.com ZERO EMAIL SECURITY
Category
Brand Domain Email
MX
None
SPF
None
DMARC
NONE — freely spoofable
Risk
CRITICAL — anyone can email as @nissan.com
CF Opportunity: URGENT — brand impersonation protection
Not DetectedIdentity / SSO
Category
Identity & Access
Okta
nissan.okta.com → 404
Azure AD
No _msoid / autodiscover
Assessment
Likely on internal domains (nissanmotor.com Japan) or custom SSO
Confidence
Medium
CF Opportunity: CF Access — identity-aware proxy for all properties
SalesforceCommerce Cloud (store)
Category
E-Commerce Platform
Subdomain
store.nissanusa.com → siteforce.com
CDN
Cloudflare — server: cloudflare
HSTS
max-age=63072000 (longer than www!)
Note
CF inherited from Salesforce — Nissan IT may not know
Confidence
High
RevPartsParts E-Commerce
Category
Aftermarket Parts Platform
Subdomain
parts.nissanusa.com → shop.revparts.net
CDN/WAF
Cloudflare — cf-mitigated: challenge
Bot Mgmt
CF Bot Management ACTIVE
Headers
Full CSP, Permissions-Policy, Referrer-Policy
BETTER than www.nissanusa.com!
Confidence
High
Talking point: CF-fronted parts has BETTER headers than Akamai-fronted www
Tech Stack, SaaS & Third-Party Services
Amazon Web ServicesSES + nissan.com hosting
Evidence
amazonses TXT records (x2)
nissan.com → AWS Global Accelerator
Purpose
Transactional email + nissan.com hosting
Confidence
Confirmed
GoogleAnalytics / Search Console
Evidence
google-site-verification TXT (x2)
Purpose
Search Console, Analytics, possibly Workspace
Confidence
Confirmed
AtlassianJira / Confluence
Evidence
atlassian-domain-verification TXT
Purpose
Project management, wiki
Confidence
Confirmed
Meta / FacebookBusiness Manager
Evidence
facebook-domain-verification TXT
Purpose
Ad accounts, pixel, domain verification
Confidence
Confirmed
BlueskySocial Media
Evidence
did:plc:dsy3repwddwiewptorjnel4f TXT
Purpose
Bluesky social account verification
Confidence
Confirmed
GitHub Pagesnissanev.com hosting
Evidence
x-github-request-id header on nissanev.com
Purpose
EV brand site origin behind Cloudflare
Confidence
Confirmed
Subsidiaries & Sister Domains
nissan.comBrand Domain
DNS
GoDaddy (domaincontrol.com)
Hosting
AWS Global Accelerator
13.248.243.5 / 76.223.105.230
Email
No MX, SPF, DMARC
On CF?
No
Risk
Most valuable domain on GoDaddy DNS with zero email protection
CF Opportunity: DNS consolidation + email security — urgent governance fix
infinitiusa.comLuxury Brand (Infiniti)
DNS
UltraDNS (same as nissanusa.com)
CDN
Akamai (shared Helios platform)
SSL
Shares SSL cert with nissanusa.com
On CF?
No
Note
Deeply coupled to Nissan infra — a Nissan win brings Infiniti
nissanev.com EV Brand (ON CLOUDFLARE)
DNS
Cloudflare (kai/sara NS)
CDN
Cloudflare — 104.21.54.62
Origin
GitHub Pages
On CF?
YES — DIRECT ADOPTION
Note
Someone at Nissan (or EV agency) actively chose Cloudflare
Key fact: Proves direct CF adoption exists in Nissan ecosystem
nismo.comRacing / Performance
DNS
MarkMonitor (brand protection)
Hosting
Vercel (76.76.21.21)
On CF?
No
Note
Modern platform (Vercel) = willingness to try new vendors
Other Sister DomainsGlobal Portfolio
nissan-global.com
Akamai DNS + CDN (Corporate/IR)
infiniti.com
MarkMonitor → AWS
nissanmotor.com
Self-managed Japan DNS (nissan.ne.jp)
nissanconnect.com
UltraDNS → Direct IP (206.132.22.46)
nissan-durability.com
Akamai DNS + CDN (campaign)
nissanlabs.com
Akamai DNS + CDN (campaign)
DNS Sprawl
6+ different DNS providers across portfolio
Legacy Infrastructure & Shadow IT
dev.nissanusa.comDev Server — 123.Net ISP
Risk
HIGH
IP
216.109.198.119 (AS12129)
Issue
Public dev server on budget Michigan ISP — no WAF, no CDN, no auth layer
Action
CF Access — immediate quick win
graphql.nissanusa.comExposed API Endpoint
Risk
HIGH
Evidence
Discoverable via SSL cert SAN list + cert transparency logs
Issue
GraphQL APIs vulnerable to introspection, batch query abuse, deep nesting attacks
Action
CF API Shield + API Gateway
UAT in Prod CertPre-Production Exposure
Risk
HIGH
SANs
uat2-en.nissanusa.com
uat2-es.nissanusa.com
en-us-dark-prod.nissanusa.com
es-us-dark-prod.nissanusa.com
zh-us-dark-prod.nissanusa.com
Issue
Pre-production URLs on production certificate — discoverable by attackers
Geo Header LeaksAkamai Edgescape
Risk
MEDIUM
Headers
x-akamai-edgescape-country
x-akamai-edgescape-region/city
x-akamai-edgescape-lat/long
x-akamai-edgescape-zip
Issue
Visitor geolocation (lat/long/ZIP) returned in every HTTP response — CCPA risk
Action
CF doesn't leak geo data in responses
leaf.nissanusa.comLegacy Orphan
Risk
MEDIUM
IP
64.93.73.172 (AS18919 smartTrade)
Issue
Legacy Nissan Leaf page on unrelated financial trading company's IP — likely orphaned
Action
Governance review — decommission or migrate
Competitive Landscape
Hyundaihyundaiusa.com — ON CLOUDFLARE
DNS
Name.com
CDN/WAF
Cloudflare
Segment
Direct mass-market competitor
Note
Nissan's #1 competitive threat runs Cloudflare
Kiakia.com — ON CLOUDFLARE
DNS
Hyundai Motor (shared infra)
CDN/WAF
Cloudflare
Segment
Hyundai Motor Group brand
Note
Second brand in Hyundai portfolio on CF
Genesisgenesis.com — ON CLOUDFLARE
DNS
Hyundai Motor (shared infra)
CDN/WAF
Cloudflare
Segment
Luxury brand (competes with Infiniti)
Note
All 3 Hyundai Motor Group brands on CF
Toyota / HondaLegacy Infrastructure
Toyota
UltraDNS + self-managed NS
AWS CloudFront CDN
Honda
Self-managed (amerhonda.com)
Akamai CDN
On CF?
Neither on Cloudflare
Note
Japanese OEMs all on legacy stacks — Nissan most fragmented
Ford / GM / VWUS & European OEMs
Ford
Self-managed DNS · Akamai CDN
Chevrolet (GM)
Self-managed DNS (nsx*.gm.com)
VW
Self-managed DNS · Akamai CDN
Subaru
AWS Route53 · No CDN detected
Mitsubishi
CSC DNS · nginx + Varnish
On CF?
None on Cloudflare
Top 5 Cloudflare Sales Entry Points
1. Zero Trust for Dev/QACloudflare Access
Problem
dev.nissanusa.com and qa.nissanusa.com are publicly accessible on a budget Michigan ISP with zero authentication
Solution
Cloudflare Access — gate behind identity-aware proxy in minutes
Timeline
Q3 2026 — Immediate
Effort
Low — no infrastructure changes needed
Talking Point
"Your dev and QA environments are publicly accessible right now with no login required. We can fix that today."
2. Email Securitynissan.com DMARC Gap
Problem
nissan.com has ZERO email authentication — no SPF, no DMARC. Anyone can send email as @nissan.com
Solution
Cloudflare Email Security — brand impersonation protection
Timeline
Q3-Q4 2026
Effort
Medium — requires DNS coordination with GoDaddy (nissan.com)
Talking Point
"We found that anyone can impersonate @nissan.com email right now — there's no DMARC policy."
3. API ShieldGraphQL Protection
Problem
graphql.nissanusa.com discovered in SSL cert SANs — no API gateway protecting it
Solution
Cloudflare API Shield + API Gateway — schema validation, rate limiting
Timeline
Q4 2026
Effort
Medium — requires API team engagement
Talking Point
"Your GraphQL endpoint is discoverable via certificate transparency logs."
4. Expand CF Footprintdealers + service subdomains
Problem
dealers.nissanusa.com and service.nissanusa.com (Epsilon) have zero WAF or bot protection
Existing
store + parts already on CF — proven path
Timeline
Q1 2027
Effort
Medium — Epsilon/Publicis coordination
Talking Point
"Your parts site on Cloudflare has better security headers than your main site on Akamai."
5. DNS + CDN MigrationReplace UltraDNS + Akamai
Problem
6+ DNS providers, fragmented CDN, no DNSSEC, no CAA, no IPv6
Competitor
Hyundai, Kia, Genesis — all 3 on Cloudflare
Timeline
2027-2028 (at contract renewal)
Effort
High — Helios platform coupling, multi-team alignment
Talking Point
"Your biggest competitor runs all 3 brands on Cloudflare. You're already on CF for 3 properties."