LeakIX - Host magento.staging.dodo-ecom.dev4apps.com

Domain magento.staging.dodo-ecom.dev4apps.com

United States

INCAPSULA

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 45.223.60.126
Domain: magento.staging.dodo-ecom.dev4apps.com
Port: 443
URL: https://magento.staging.dodo-ecom.dev4apps.com

First seen 2025-10-23 07:58
Last seen 2026-01-16 03:07
Open for 84 days

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e8f681c82db2786c48425f1f6466448766e56ca2

GraphQL introspection enabled at /graphql
Types: 433 (by kind: ENUM: 27, INPUT_OBJECT: 101, INTERFACE: 18, OBJECT: 282, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Detected: Magento

Found on 2026-01-16 03:07

713.9 kBytes

Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e8f681c82db2786c48425f1f6466448744bc7b37

GraphQL introspection enabled at /graphql
Types: 433 (by kind: ENUM: 27, INPUT_OBJECT: 101, INTERFACE: 18, OBJECT: 282, SCALAR: 5)
Operations:
- Query: Query | fields: availableStores, cart, categories, category, categoryList
- Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addProductsToCart, addProductsToCompareList
Directives: deprecated, include, skip (total: 3)

Found on 2025-12-09 07:13

713.9 kBytes

Create report

Open service 45.223.60.126:443 · magento.staging.dodo-ecom.dev4apps.com

2026-01-23 00:15

HTTP/1.1 503 Service Unavailable
Retry-After: 5
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 862
X-Iinfo: 61-200047093-0 0NNN RT(1769127321792 3) q(0 -1 -1 1) r(0 -1) b6 U18
Set-Cookie: visid_incap_3122506=Csvrls6uTkSKu7DqXR8rTpm9cmkAAAAAQUIPAAAAAABNlFetI4Zy5xj4Ryb9Zgsx; expires=Fri, 22 Jan 2027 22:29:44 GMT; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: incap_ses_1855_3122506=jFW3P48QM2AQvUjjTEm+GZm9cmkAAAAAMtbg8qzNKaB1oXscDz6zLA==; path=/; Domain=.staging.dodo-ecom.dev4apps.com


<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3"></script></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=26&xinfo=61-200047093-0%200NNN%20RT%281769127321792%203%29%20q%280%20-1%20-1%201%29%20r%280%20-1%29%20b6%20U18&incident_id=1855000691102760208-876703271635325309&edet=30&cinfo=ffffffff&rpinfo=0&cip=139.59.132.8&mth=GET" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 1855000691102760208-876703271635325309</iframe></body></html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 45.223.60.126:443 · magento.staging.dodo-ecom.dev4apps.com

2026-01-09 06:15

HTTP/1.1 302 Found
Cache-Control: max-age=0, must-revalidate, no-cache, no-store


azonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Jan 2026 06:15:33 GMT
Expires: Thu, 09 Jan 2025 06:15:33 GMT
Location: https://staging.dodo.it
Pragma: no-cache
Server: nginx/1.23.1
Set-Cookie: PHPSESSID=7ea507b8bef585e99a96794380a2b521; expires=Fri, 09-Jan-2026 07:15:32 GMT; Max-Age=3600; path=/; domain=magento.staging.dodo-ecom.dev4apps.com; secure; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.33
X-Xss-Protection: 1; mode=block
Connection: close
Transfer-Encoding: chunked
Set-Cookie: visid_incap_3122506=jFeWGuFIRjK6bmOJJQ9q+QSdYGkAAAAAQUIPAAAAAAD6r2430OfGSAXbUfmMnMBE; expires=Fri, 08 Jan 2027 15:42:43 GMT; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: nlbi_3122506=6vkBJTZKN2zp4t/c3WhNngAAAABByzfTr13aOM0dGlPpLKmE; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: incap_ses_1563_3122506=SOicKJyH5TQdIeRTquSwFQSdYGkAAAAACIfmFUYWWd4/t9KKRZIIeQ==; path=/; Domain=.staging.dodo-ecom.dev4apps.com
X-CDN: Imperva
X-Iinfo: 14-235784876-235784880 NNNN CT(194 198 0) RT(1767939332328 45) q(0 0 4 1) r(8 8) U11

0

Found 2026-01-09 by HttpPlugin

Create report

Open service 45.223.60.126:443 · magento.staging.dodo-ecom.dev4apps.com

2026-01-02 06:37

HTTP/1.1 302 Found
Cache-Control: max-age=0, must-revalidate, no-cache, no-store


azonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Jan 2026 06:37:17 GMT
Expires: Thu, 02 Jan 2025 06:37:17 GMT
Location: https://staging.dodo.it
Pragma: no-cache
Server: nginx/1.23.1
Set-Cookie: PHPSESSID=b456a7802dc0a2c27d4ea3dce9307baa; expires=Fri, 02-Jan-2026 07:37:17 GMT; Max-Age=3600; path=/; domain=magento.staging.dodo-ecom.dev4apps.com; secure; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.33
X-Xss-Protection: 1; mode=block
Connection: close
Transfer-Encoding: chunked
Set-Cookie: visid_incap_3122506=jfv3JrbaSliQJC4k0nbG8pxnV2kAAAAAQUIPAAAAAABBXzqxHjVw3fOvghNO4vhF; expires=Fri, 01 Jan 2027 08:33:56 GMT; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: nlbi_3122506=SCqOIoVdqggubm5D3WhNngAAAADnk10QdLRavtkrEPW0hLr6; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: incap_ses_1349_3122506=0ttCKrKb/DShBZjG1Zy4Ep1nV2kAAAAAQkuHVWNDITxJKFqMBjbaCg==; path=/; Domain=.staging.dodo-ecom.dev4apps.com
X-CDN: Imperva
X-Iinfo: 8-38860536-38860541 NNNN CT(88 90 0) RT(1767335836681 144) q(0 0 1 0) r(1 4) U11

0

Found 2026-01-02 by HttpPlugin

Create report

Open service 45.223.60.126:443 · magento.staging.dodo-ecom.dev4apps.com

2025-12-22 13:50

HTTP/1.1 302 Found
Cache-Control: max-age=0, must-revalidate, no-cache, no-store


azonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Content-Type: text/html; charset=UTF-8
Date: Mon, 22 Dec 2025 13:50:29 GMT
Expires: Sun, 22 Dec 2024 13:50:29 GMT
Location: https://staging.dodo.it
Pragma: no-cache
Server: nginx/1.23.1
Set-Cookie: PHPSESSID=8835b1b4e5b6ee1154e6d43f15a4ab37; expires=Mon, 22-Dec-2025 14:50:29 GMT; Max-Age=3600; path=/; domain=magento.staging.dodo-ecom.dev4apps.com; secure; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.33
X-Xss-Protection: 1; mode=block
Connection: close
Transfer-Encoding: chunked
Set-Cookie: visid_incap_3122506=i94VDF1QRcGNKJtPSQlr0aNMSWkAAAAAQUIPAAAAAACs5sHRThJIf+t5id4xEJLI; expires=Tue, 22 Dec 2026 06:33:08 GMT; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: nlbi_3122506=Bq7pWnIBJ3d1Zvfg3WhNngAAAACC4VSEO+zXhSVJkpqBpXtp; HttpOnly; path=/; Domain=.staging.dodo-ecom.dev4apps.com
Set-Cookie: incap_ses_1307_3122506=z9itZcsPA1sv5GYEGGYjEqRMSWkAAAAAkxagdSa0h4wBDRMUvFiKUg==; path=/; Domain=.staging.dodo-ecom.dev4apps.com
X-CDN: Imperva
X-Iinfo: 3-13660158-13660163 NNNN CT(227 31 0) RT(1766411428570 36) q(0 0 3 0) r(6 6) U11

0

Found 2025-12-22 by HttpPlugin

Create report

qeelin.comwww.keringfoundation.org.virtualshowroom.keringeyewear.com.keringapps.com.thefashionpact.org.alexandermcqueen.com.qeelin.com.guccitimeless.com.spring24.balenciaga.com.pct.kering.com.alexandermcqueen.iokeringfoundation.org.globalbit.gucci.api.training-app-balenciaga.com.balenciaga.com.onetimefileshare.cat.kering.cloud.diremigiodidiodoro.it.staging.dodo-ecom.dev4apps.com.mcq.com.brioni.com.dev.dodo-pomellato-ecom.dev4apps.com.kering.cloud.labtil.com.wholesalecityguide.ysl.com.ysl.comwb.labtil.com.technicalservices.boucheron.comrfid.gucci.com.gucci.comwb.themall.it.kakao.balenciaga.com.qual.kering.net.cn.balenciaga.com.keringeyewear.net.globaltech.gucci.dev.balenciaga.com.brioni-tmr-api.shared.dev4apps.com.brioni-tmr.shared.dev4apps.com.staging.dodo-pomellato-ecom.dev4apps.com.dev.pomellato-ecom.dev4apps.com.stg-pre.bottegaveneta.combvapplications.kering.net.garpe.it.pomellato.com.dev.dodo-ecom.dev4apps.com.service-strap.boucheron.com.dodo.itretailhandbook.ysl.com.dodopomellato.com.lindberg.complp-devback.globalbit.gucci.amer.kering.cloud.wwmis.gucci.keringeyewear.com.bottegaveneta.com.guccixoura.com.caravelspa.com.qa.balenciaga.com.trainingapp.balenciaga.com.app.alexandermcqueen.io.retailhandbook.ysl.com.balenciaga.cn.sap.kering.netlabtil.com.github-cn.kering.cloudservice-strap.boucheron.comimperva.comapi.eplanning.alexandermcqueen.io.staging.pomellato-ecom.dev4apps.comfrs.rs.kering.net.store.dodo.it.onetimesecret.cat.kering.cloud.dev4apps.comhq.balenciaga.py8000.com.store.pomellato.comwb.caravelspa.comtechnicalservices.boucheron.com.frs.rs.shared.keringapps.com.cat.kering.cloud.kering.com.drive.balenciaga.com*.training-app-balenciaga.com

Fingerprint:

7ec727d7b2afa1604b7337b494e59c232af3e15654d8ecba743ea0615674c8ae

CN:

imperva.com

Key:

RSA-2048

Issuer:

GlobalSign Atlas R3 DV TLS CA 2025 Q4

Not before:

2026-01-13 13:34

Not after:

2026-07-12 13:34

qeelin.comwww.keringfoundation.org.virtualshowroom.keringeyewear.com.keringapps.com.thefashionpact.org.alexandermcqueen.com.qeelin.com.guccitimeless.com.spring24.balenciaga.com.pct.kering.comkeringfoundation.org.globalbit.gucci.api.training-app-balenciaga.com.balenciaga.com.onetimefileshare.cat.kering.cloud.diremigiodidiodoro.it.staging.dodo-ecom.dev4apps.com.brioni.com.dev.dodo-pomellato-ecom.dev4apps.com.kering.cloud.labtil.com.wholesalecityguide.ysl.com.ysl.comwb.labtil.com.technicalservices.boucheron.comrfid.gucci.com.gucci.comwb.themall.it.kakao.balenciaga.com.qual.kering.net.cn.balenciaga.com.keringeyewear.net.globaltech.gucci.dev.balenciaga.com.brioni-tmr-api.shared.dev4apps.com.brioni-tmr.shared.dev4apps.com.staging.dodo-pomellato-ecom.dev4apps.com.dev.pomellato-ecom.dev4apps.com.stg-pre.bottegaveneta.combvapplications.kering.net.garpe.it.pomellato.com.dev.dodo-ecom.dev4apps.com.service-strap.boucheron.com.dodo.itretailhandbook.ysl.com.dodopomellato.com.lindberg.complp-devback.globalbit.gucci.amer.kering.cloud.wwmis.gucci.keringeyewear.com.bottegaveneta.com.guccixoura.com.caravelspa.com.qa.balenciaga.com.trainingapp.balenciaga.com.app.alexandermcqueen.io.retailhandbook.ysl.com.balenciaga.cn.sap.kering.netlabtil.com.github-cn.kering.cloudservice-strap.boucheron.comimperva.com.staging.pomellato-ecom.dev4apps.comfrs.rs.kering.net.store.dodo.it.onetimesecret.cat.kering.cloud.dev4apps.comhq.balenciaga.py8000.com.store.pomellato.comwb.caravelspa.comtechnicalservices.boucheron.com.frs.rs.shared.keringapps.com.cat.kering.cloud.kering.com.drive.balenciaga.com*.training-app-balenciaga.com

Fingerprint:

dcdb55ac7876e7f5bd7639062bdf641ffa072fc4216262e81bb4a47d339a650b

CN:

imperva.com

Key:

RSA-2048

Issuer:

GlobalSign Atlas R3 DV TLS CA 2025 Q4

Not before:

2025-12-16 17:00

Not after:

2026-06-14 17:00

Domain summary

magento.staging.dodo-ecom.dev4apps.com 5

1 recorded

IP summary

45.223.60.126 2

1 recorded