Domain c13e8b92cf.nxcli.io
United States
Software information
nginx
tcp/443 tcp/80
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-12-08 11:25
Last seen 2026-01-23 10:31
Open for 45 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa347a192e5f63e39678a92b51872426d0681d59417GraphQL introspection enabled at /graphql Types: 388 (by kind: ENUM: 28, INPUT_OBJECT: 90, INTERFACE: 20, OBJECT: 245, SCALAR: 5) Operations: - Query: Query | fields: availableStores, cart, categories, category, categoryList - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList Directives: deprecated, include, oneOf, skip (total: 4) Detected: Magento
Found on 2026-01-23 10:31823.2 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa347a192e5f63e39678a92b51872426d06bc93c550GraphQL introspection enabled at /graphql Types: 388 (by kind: ENUM: 28, INPUT_OBJECT: 90, INTERFACE: 20, OBJECT: 245, SCALAR: 5) Operations: - Query: Query | fields: availableStores, cart, categories, category, categoryList - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList Directives: deprecated, include, oneOf, skip (total: 4)
Found on 2025-12-08 11:25823.2 kBytes
-
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-12-08 11:25
Last seen 2026-01-23 12:00
Open for 46 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa347a192e5f63e39678a92b51872426d0681d59417GraphQL introspection enabled at /graphql Types: 388 (by kind: ENUM: 28, INPUT_OBJECT: 90, INTERFACE: 20, OBJECT: 245, SCALAR: 5) Operations: - Query: Query | fields: availableStores, cart, categories, category, categoryList - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList Directives: deprecated, include, oneOf, skip (total: 4) Detected: Magento
Found on 2026-01-23 12:00823.2 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa347a192e5f63e39678a92b51872426d06bc93c550GraphQL introspection enabled at /graphql Types: 388 (by kind: ENUM: 28, INPUT_OBJECT: 90, INTERFACE: 20, OBJECT: 245, SCALAR: 5) Operations: - Query: Query | fields: availableStores, cart, categories, category, categoryList - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList Directives: deprecated, include, oneOf, skip (total: 4)
Found on 2025-12-08 11:25823.2 kBytes
-
-
Open service 209.87.149.24:443 · c13e8b92cf.nxcli.io
2026-01-23 12:00
HTTP/1.1 302 Found Server: nginx Date: Fri, 23 Jan 2026 12:00:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close klaviyo.com/ landofcoder.com *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.facebook.net s.pinimg.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com *.typekit.net static-tracking.klaviyo.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com stats.g.doubleclick.net ct.pinterest.com *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: PHPSESSID=73612c92b3ce0d709fb0f8a522581563; expires=Fri, 23-Jan-2026 22:00:11 GMT; Max-Age=36000; path=/; domain=selectsurfaces.ca; secure; HttpOnly; SameSite=Lax Set-Cookie: wp_ga4_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=selectsurfaces.ca; secure; SameSite=Lax Set-Cookie: wp_ga4_customerGroup=NOT%20LOGGED%20IN; expires=Sat, 23-Jan-2027 12:00:11 GMT; Max-Age=31536000; path=/; domain=selectsurfaces.ca; secure; SameSite=Lax Location: https://www.selectsurfaces.ca/ X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN X-Cache-Via: varnish X-Host: c13e8b92cf.nxcli.io X-Varnish: 232968 X-Cache: MISS X-Varnish-Age: 0 Pragma: no-cache Expires: -1 Cache-Control: no-store, no-cache, must-revalidate, max-age=0 X-Cache-NxAccel: BYPASS
Found 2026-01-23 by HttpPluginCreate report
-
Open service 209.87.149.24:80 · c13e8b92cf.nxcli.io
2026-01-23 10:31
HTTP/1.1 302 Found Server: nginx Date: Fri, 23 Jan 2026 10:31:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close klaviyo.com/ landofcoder.com *.cloudflare.com *.cloudflareinsights.com *.fontawesome.com *.facebook.net s.pinimg.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com *.typekit.net static-tracking.klaviyo.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ landofcoder.com stats.g.doubleclick.net ct.pinterest.com *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: PHPSESSID=829ffd17610b41de2cb376ba05c9b763; expires=Fri, 23-Jan-2026 20:31:49 GMT; Max-Age=36000; path=/; domain=selectsurfaces.ca; HttpOnly; SameSite=Lax Set-Cookie: wp_ga4_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=selectsurfaces.ca; secure; SameSite=Lax Set-Cookie: wp_ga4_customerGroup=NOT%20LOGGED%20IN; expires=Sat, 23-Jan-2027 10:31:49 GMT; Max-Age=31536000; path=/; domain=selectsurfaces.ca; secure; SameSite=Lax Location: https://www.selectsurfaces.ca/ X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN X-Cache-Via: varnish X-Host: c13e8b92cf.nxcli.io X-Varnish: 463498 X-Cache: MISS X-Varnish-Age: 0 Pragma: no-cache Expires: -1 Cache-Control: no-store, no-cache, must-revalidate, max-age=0 X-Cache-NxAccel: BYPASS
Found 2026-01-23 by HttpPluginCreate report