LeakIX - Host bwxtstore.com

Domain bwxtstore.com

United States

Akamai International B.V.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 23.50.131.148
Domain: www.bwxtstore.com
Port: 443
URL: https://www.bwxtstore.com

First seen 2025-10-27 09:38
Last seen 2026-01-02 14:41
Open for 67 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce6459d15ab5

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-02 14:41

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7db43f29cce

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-01 08:43

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7dbea0f54c3

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-12-12 06:21

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce64a8cf2186

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-16 15:09

656.1 kBytes

Create report

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 23.48.104.59
Domain: bwxtstore.com
Port: 443
URL: https://bwxtstore.com

First seen 2025-10-27 09:39
Last seen 2026-01-03 01:10
Open for 67 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce6459d15ab5

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2026-01-03 01:10

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7db43f29cce

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Detected: Magento

Found on 2025-12-30 14:37

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2d562a70c2fd428505555046b706aa7dbea0f54c3

GraphQL introspection enabled at /graphql/api
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-16 14:25

656.1 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa37d96f14f55243bdde5a2735607dbce64a8cf2186

GraphQL introspection enabled at /graphql
Types: 385 (by kind: ENUM: 28, INPUT_OBJECT: 91, INTERFACE: 20, OBJECT: 241, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, oneOf, skip (total: 4)

Found on 2025-11-12 20:51

656.1 kBytes

Create report

Open service 23.48.104.59:443 · bwxtstore.com

2026-02-02 08:55

HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 363
Expires: Mon, 02 Feb 2026 08:55:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 02 Feb 2026 08:55:07 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1770022506776_389047355_1833627231_9_9388_260_267_-";dur=1

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;bwxtstore&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;3b643017&#46;1770022506&#46;6d4aee5f
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;3b643017&#46;1770022506&#46;6d4aee5f</P>
</BODY>
</HTML>

Found 2026-02-02 by HttpPlugin

Create report

Open service 23.48.104.59:443 · bwxtstore.com

2026-01-23 05:35

HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 363
Expires: Fri, 23 Jan 2026 05:35:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 23 Jan 2026 05:35:40 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1769146540181_389047355_1027553878_10_45961_90_98_-";dur=1

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;bwxtstore&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;3b643017&#46;1769146540&#46;3d3f3a56
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;3b643017&#46;1769146540&#46;3d3f3a56</P>
</BODY>
</HTML>

Found 2026-01-23 by HttpPlugin

Create report

Open service 23.48.104.59:443 · bwxtstore.com

2026-01-09 19:57

HTTP/1.1 403 Forbidden
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 363
Expires: Fri, 09 Jan 2026 19:57:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 19:57:06 GMT
Connection: close
Server-Timing: cdn-cache; desc=HIT
Server-Timing: edge; dur=1
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1767988625941_389047353_3720295792_9_4190_80_83_-";dur=1

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;bwxtstore&#46;com&#47;" on this server.<P>
Reference&#32;&#35;18&#46;39643017&#46;1767988625&#46;ddbf3570
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;39643017&#46;1767988625&#46;ddbf3570</P>
</BODY>
</HTML>

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.50.131.148:443 · www.bwxtstore.com

2026-01-08 21:01

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch\/"}]}


.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.akstat.io *.go-mpulse.net *.helpscout.net d3hb14vkzrxvla.cloudfront.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch/; report-to report-endpoint;, upgrade-insecure-requests;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Location: https://bwxtstore.com/
X-UA-Compatible: IE=edge
X-Frame-Options: SAMEORIGIN
X-Magento-Cache-Debug: MISS
Expires: Thu, 08 Jan 2026 21:01:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 08 Jan 2026 21:01:03 GMT
Connection: close
Set-Cookie: PHPSESSID=p9dc6bh1m5fs6ht9f6m786395d; expires=Fri, 09 Jan 2026 01:01:03 GMT; Max-Age=14400; path=/; domain=bwxtstore.com; secure; HttpOnly; SameSite=Lax
Server-Timing: edge; dur=14
Server-Timing: origin; dur=666
Server-Timing: cdn-cache; desc=MISS
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1767906063056_389224216_4199927538_67826_10486_99_115_-";dur=1

Found 2026-01-08 by HttpPlugin

Create report

Open service 23.48.104.59:443 · bwxtstore.com

2026-01-03 01:10

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch\/"}]}

Page title: Landing Page

.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.akstat.io *.go-mpulse.net *.helpscout.net d3hb14vkzrxvla.cloudfront.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch/; report-to report-endpoint;, upgrade-insecure-requests;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
X-Frame-Options: SAMEORIGIN
X-Magento-Cache-Debug: HIT
Grace: none
X-Akamai-Transformed: 9 10938 0 pmb=mRUM,1
Expires: Sat, 03 Jan 2026 01:10:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Jan 2026 01:10:14 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding
Server-Timing: edge; dur=3
Server-Timing: origin; dur=29
Server-Timing: cdn-cache; desc=MISS
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1767402614213_389047355_3564706109_3112_4467_31_34_-";dur=1

0000C000
<!doctype html>
<html lang="en">
    <head >
        <script>
    var LOCALE = 'en\u002DUS';
    var BASE_URL = 'https\u003A\u002F\u002Fbwxtstore.com\u002F';
    var require = {
        'baseUrl': 'https\u003A\u002F\u002Fbwxtstore.com\u002Fstatic\u002Fversion1766161125\u002Ffrontend\u002FFullpond\u002Fcustom_porto\u002Fen_US'
    };</script>        <meta charset="utf-8"/>
<meta name="title" content="Landing Page"/>
<meta name="robots" content="INDEX,FOLLOW"/>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no"/>
<meta name="format-detection" content="telephone=no"/>
<title>Landing Page</title>
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/mage/calendar.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/css/styles-m.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/owl.carousel/assets/owl.carousel.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/fancybox/css/jquery.fancybox.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/icon-fonts/css/porto-icons-codes.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/simple-line-icons/css/simple-line-icons.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend/Fullpond/custom_porto/en_US/icon-fonts/css/animation.css" />
<link  rel="stylesheet" type="text/css"  media="all" href="https://bwxtstore.com/static/version1766161125/frontend

Found 2026-01-03 by HttpPlugin

Create report

Open service 23.50.131.148:443 · www.bwxtstore.com

2026-01-02 14:41

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Report-To: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"https:\/\/ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch\/"}]}


.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.certcapture.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.akstat.io *.go-mpulse.net *.helpscout.net d3hb14vkzrxvla.cloudfront.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ad1de0bf-a6f7-41e7-94d6-3152bd3ba570.sansec.watch/; report-to report-endpoint;, upgrade-insecure-requests;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Location: https://bwxtstore.com/
X-UA-Compatible: IE=edge
X-Frame-Options: SAMEORIGIN
X-Magento-Cache-Debug: MISS
Expires: Fri, 02 Jan 2026 14:41:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 02 Jan 2026 14:41:12 GMT
Connection: close
Set-Cookie: PHPSESSID=uptg5lj4g2r1p8fj6gsb5q7m12; expires=Fri, 02 Jan 2026 18:41:12 GMT; Max-Age=14400; path=/; domain=bwxtstore.com; secure; HttpOnly; SameSite=Lax
Server-Timing: edge; dur=1
Server-Timing: origin; dur=221
Server-Timing: cdn-cache; desc=MISS
Alt-Svc: h3=":443"; ma=93600
Server-Timing: ak_p; desc="1767364871846_389224212_2803278938_22053_3481_149_151_-";dur=1

Found 2026-01-02 by HttpPlugin