LeakIX - Host api.dev.waterworks.com

Domain api.dev.waterworks.com

United States

AMAZON-02

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 18.217.133.29
Domain: api.dev.waterworks.com
Port: 443
URL: https://api.dev.waterworks.com

First seen 2025-10-30 13:39
Last seen 2026-01-23 05:01
Open for 84 days

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2dbb5e0b0029887341363718760c0d0301c654c3f

GraphQL introspection enabled at /graphql/api
Types: 628 (by kind: ENUM: 46, INPUT_OBJECT: 149, INTERFACE: 28, OBJECT: 395, SCALAR: 5, UNION: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2026-01-23 05:01

997.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa384f1b85148b4fa93157b58fcb82c6099104d49fc

GraphQL introspection enabled at /graphql
Types: 628 (by kind: ENUM: 46, INPUT_OBJECT: 149, INTERFACE: 28, OBJECT: 395, SCALAR: 5, UNION: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2025-12-29 12:42

997.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa384f1b85148b4fa93157b58fcb82c609907f9dba9

GraphQL introspection enabled at /graphql
Types: 628 (by kind: ENUM: 46, INPUT_OBJECT: 149, INTERFACE: 28, OBJECT: 395, SCALAR: 5, UNION: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-01 02:00

997.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2dbb5e0b0029887341363718760c0d0305f9cfea8

GraphQL introspection enabled at /graphql/api
Types: 628 (by kind: ENUM: 46, INPUT_OBJECT: 149, INTERFACE: 28, OBJECT: 395, SCALAR: 5, UNION: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart
Directives: deprecated, include, skip (total: 3)

Found on 2025-11-29 01:01

997.6 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2
```
GraphQL introspection enabled at /graphql/api
```
Found on 2025-11-14 12:47

Create report

Git configuration and history exposed

The following URL (usually /.git/config) is publicly accessible and is leaking source code and repository configuration.

IP: 3.136.92.104
Domain: api.dev.waterworks.com
Port: 443
URL: https://api.dev.waterworks.com

First seen 2023-01-17 17:30

Severity: medium
Fingerprint: 2580fa947178c88602b1737db148c044b81b03713d63bb82370a65224203c6a8

[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = http://bitbucket.org/waterworks/waterworks-magento23
	fetch = +refs/tags/2.84.0:refs/tags/2.84.0
[lfs]
	repositoryformatversion = 0
[user]
	name = bitbucket-pipelines
	email = commits-noreply@bitbucket.org
[push]
	default = current
[http "http://bitbucket.org/waterworks/waterworks-magento23"]
	proxy = http://localhost:29418/

Found on 2023-01-17 17:30

444 Bytes

Create report

Open service 18.217.133.29:443 · api.dev.waterworks.com

2026-01-23 05:01

HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Jan 2026 05:01:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/8.1.33
Set-Cookie: PHPSESSID=e6af0b5c1dcd1f095f255a62281b26d2; expires=Sat, 24-Jan-2026 05:01:41 GMT; Max-Age=86400; path=/; domain=dev.waterworks.com; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://dev.waterworks.com/us_en/
Access-Control-Allow-Origin: *.waterworks.com
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2026-01-23 by HttpPlugin

Create report

Open service 18.217.133.29:443 · api.dev.waterworks.com

2026-01-09 17:17

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Jan 2026 17:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/8.1.33
Set-Cookie: PHPSESSID=a9e6c7f208faa74cf497e8817c8581d8; expires=Sat, 10-Jan-2026 17:17:20 GMT; Max-Age=86400; path=/; domain=dev.waterworks.com; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://dev.waterworks.com/us_en/
Access-Control-Allow-Origin: *.waterworks.com
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2026-01-09 by HttpPlugin

Create report

Open service 18.217.133.29:443 · api.dev.waterworks.com

2026-01-02 17:32

HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Jan 2026 17:32:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/8.1.33
Set-Cookie: PHPSESSID=a38ccddc8ccc1d628b53fd5e99d944e1; expires=Sat, 03-Jan-2026 17:32:54 GMT; Max-Age=86400; path=/; domain=dev.waterworks.com; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://dev.waterworks.com/us_en/
Access-Control-Allow-Origin: *.waterworks.com
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2026-01-02 by HttpPlugin

Create report

Open service 18.217.133.29:443 · api.dev.waterworks.com

2025-12-23 00:00

HTTP/1.1 301 Moved Permanently
Date: Tue, 23 Dec 2025 00:00:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/8.1.33
Set-Cookie: PHPSESSID=08ef680efa616c4b3c17b59a50de716b; expires=Wed, 24-Dec-2025 00:00:25 GMT; Max-Age=86400; path=/; domain=dev.waterworks.com; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://dev.waterworks.com/us_en/
Access-Control-Allow-Origin: *.waterworks.com
Strict-Transport-Security: max-age=31536000; includeSubDomains

Found 2025-12-23 by HttpPlugin

Create report

api.dev.waterworks.com

Fingerprint:

d24a05cea23e469d0f275b681c607480d6dbf19bd04d2eff57ad2c6afe96df3e

CN:

api.dev.waterworks.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-29 11:42

Not after:

2026-03-29 11:42

api.dev.waterworks.com

Fingerprint:

ca8883034b4263759d6756b90ff9f9616266a4bfdfaf35b6a418c76b292a9516

CN:

api.dev.waterworks.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-10-30 12:40

Not after:

2026-01-28 12:40

Domain summary

api.dev.waterworks.com 9

1 recorded

IP summary

18.217.133.29 2 3.136.92.104 1

2 recorded