Pilot Company — Infrastructure Technology Matrix

pilotcompany.com  |  Berkshire Hathaway (majority owner)  |  $50B+ Revenue  |  800+ Locations  |  Analysis Date: July 5, 2026

Secure Gap Partial ℹ Info CF Opportunity
At-a-Glance — Who Runs What EXISTING CF CUSTOMER — mypilotstore.com (Bot Mgmt Active)
DNS
AWS Route 53
4 NS · ~2019 · No DNSSEC
CDN
AWS CloudFront
Main site + order · ~2019
WAF
AWS WAF (Partial)
XSS blocked · SQLi PASSES
Bot Management
Cloudflare
mypilotstore.com ONLY · ~2022
API Security
None
api.pilotflyingj.com on raw IP
Network DDoS
None (AS14556)
5 /24 blocks · 1,280 IPs exposed
Email Security
M365 Only
No gateway · DMARC quarantine
Identity / SSO
Okta + PingFederate
3 Okta tenants + PingFed parallel
DLP / CASB
Not Detected
No SaaS posture mgmt observed
AI / Data Platform
Not Detected
No AI verification TXT records
Analytics / Marketing
Mixpanel + Pardot
GTM, Autopilot/Ortto, OneTrust
Cloud / CMS
AWS + ContentStack
SvelteKit frontend · S3 origins
Core Infrastructure
AWS Route 53Managed DNS
Category
Managed DNS
Nameservers
4 AWS NS
ns-1226.awsdns-25.org
ns-1898.awsdns-45.co.uk
ns-455.awsdns-56.com
ns-770.awsdns-32.net
DNSSEC
Not Enabled
CAA Records
None Published
IPv6 (AAAA)
None on main domain
Yes on mypilot.com (via CF)
Wildcard
Yes → 11.9.0.1 (catch-all sinkhole)
Est. Activation
~2019–2020   High
CF Opportunity: 1-click DNSSEC, CAA mgmt, native IPv6, DNS analytics, fastest authoritative DNS globally
AWS CloudFrontCDN
Category
Content Delivery Network
Coverage
www.pilotcompany.com
order.pilotcompany.com
login.pilotflyingj.com
qa.pilotcompany.com
Origin
S3 + Lambda@Edge
Gaps
api, portal, loyalty, jobs, mail — NO CDN
Header Leaks
server-timing: traceparent exposes OpenTelemetry trace IDs
S3 Replication
x-amz-replication-status: FAILED on order.*
Est. Activation
~2019   High
CF Opportunity: Unified CDN across ALL properties, header stripping, edge caching
AWS WAFWeb Application Firewall (Partial)
Category
Web Application Firewall
XSS Test
403 — Blocked
SQLi Test
NOT BLOCKED — HTTP 200
Header XSS
NOT BLOCKED — HTTP 200
RFI Test
NOT BLOCKED — HTTP 200
Coverage
CloudFront properties only — self-hosted IPs unprotected
Est. Activation
~2020   High
CF Opportunity: Managed WAF rulesets block SQLi + RFI out of the box. SQLi demo is a powerful talking point.
Cloudflare Bot Management (mypilotstore only)
Category
Bot Management
Status
Active on mypilotstore.com
Evidence
cf-mitigated: challenge
Client Hints collection active
Main Site
NO bot mgmt on pilotcompany.com
Risk
Price scraping, credential stuffing on loyalty/rewards
Note
Already licensed — extend to primary domain
Confidence
High — cf-ray + cf-mitigated confirmed
CF Opportunity: Already deployed! Extend Bot Mgmt to pilotcompany.com, order.*, api.*
None DetectedAPI Security / Gateway
Category
API Security
API Gateway
None detected
api.pilotflyingj.com
Exposed on raw IP 65.196.143.200 — no proxy/WAF
HSTS
Missing on main site
CSP
Missing
All 6 Headers
ZERO security headers on pilotcompany.com
Confidence
High
CF Opportunity: API Shield, API Gateway, Transform Rules for instant headers
Cloud, Hosting & Network
Amazon AWSPrimary Cloud
Category
Cloud Hosting (Primary)
Services
CloudFront, S3, ALB, Lambda@Edge, ACM
IPs
3.168.132.77 (www)
13.32.230.99 (order)
18.65.3.2 (qa)
DDoS
AWS Shield Standard only (basic L3/L4)
Origin Leak
AmazonS3 server header, x-nomnom custom headers exposed
Est. Activation
~2019   High
CF Opportunity: Cloudflare in front of AWS — header stripping, caching, WAF, L7 DDoS
Pilot Travel CentersOn-Prem (AS14556)
Category
Self-Managed Network
ASN
AS14556 (PTC - Pilot Travel Centers, LLC)
IP Blocks
74.114.188.0/24
74.114.189.0/24
74.114.190.0/24
70.159.149.0/24
65.196.143.0/24
(1,280 total IPs)
Transit
Verizon (AS701), AT&T (AS7018), Windstream (AS7029), AS12083
DDoS
None — direct transit, no scrubbing
Est. Activation
Pre-2010   High
CF Opportunity: Magic Transit for DDoS on 5 /24 blocks + Spectrum for non-HTTP
Third-Party SaaS HostsFragmented Subdomain Stack
Category
SaaS / PaaS Hosting
Heroku
feedback.pilotcompany.com
Subdomain takeover risk
GitBook
ir.pilotcompany.com (investor relations)
Paradox.ai
careers.pilotcompany.com (recruiting chatbot)
PingFederate
sso.pilotflyingj.com (WiFi SSO on AWS ALB)
Providers Total
7+ different hosting providers across subdomains
CF Opportunity: Consolidate all properties under one proxy — unified security posture
Amazon / GoDaddy / GoogleSSL/TLS Certificates
Category
Certificate Management
Main Cert
Amazon RSA 2048 M02 (DV)
Exp Sep 2026
Legacy Certs
GoDaddy G2 wildcards
*.pilotflyingj.com (Dec 2026)
*.pilottravelcenters.com (Aug 2026)
CF Properties
Google Trust Services WE1
(Cloudflare Universal SSL)
3 CAs
Three separate cert lifecycles across domains
Confidence
High
CF Opportunity: Auto cert management, ACM, eliminate GoDaddy cert cost
ContentStack + SvelteKitCMS & Frontend
Category
Content Management & Frontend
CMS
ContentStack (Headless CMS)
cdn.contentstack.io delivery
Frontend
SvelteKit (Svelte framework)
Tag Mgmt
Google Tag Manager (GTM-P2VZ4WGR)
Cookie Consent
OneTrust (CookieLaw)
Marketing
Autopilot/Ortto SDK
CF Opportunity: Cloudflare works with any CMS via standard origin pull
Email, Identity & Security
Microsoft 365Exchange Online (No Gateway)
Category
Email & Collaboration
MX
pilotcompany-com.mail.protection.outlook.com (pri 10)
DMARC
p=quarantine (should be reject)
SPF
Soft fail (~all) — should be -all
DKIM
selector1/selector2 active
CNAMEs → pilotflyingj.onmicrosoft.com
Gateway
No email security gateway (no Proofpoint/Mimecast)
Est. Activation
~2018–2020   High
CF Opportunity: CF Email Security — layer anti-phishing on M365, move to p=reject / -all
OktaSSO / Identity (3 Tenants)
Category
Identity & Access
Tenant 1
pilotcompany.okta.com Active
Tenant 2
pilot.okta.com Active
References pilot-admin, pilot.kerberos
Tenant 3
pilotflyingj.okta.com Active
CSP leaks "KNXOKTAPOC"
Hybrid
3 Okta tenants + PingFederate in parallel — unusual
Zero Trust
Not a full ZT architecture
Confidence
High — x-okta-request-id confirmed on all 3
CF Opportunity: Cloudflare One (ZTNA + SASE) — 800+ locations, integrates with existing Okta
PingFederateWiFi / SSO Gateway
Category
SSO / Captive Portal
Endpoint
sso.pilotflyingj.com → pingfedwifi-prod-alb-*.elb.amazonaws.com
Cookies
Secure; HttpOnly on PF session cookies
Headers
X-Frame-Options: SAMEORIGIN
Purpose
Guest WiFi authentication at 800+ travel centers
Confidence
High — PF cookie format confirmed
CF Opportunity: Cloudflare WARP can replace captive portal + PingFed for WiFi auth
Amazon SES / PardotTransactional & Marketing Email
Category
Transactional & Marketing Email
Amazon SES
Referenced in SPF for pilottravelcenters.com, onecallnow.com
Pardot
pardot861501 verification on pilotflyingj.com
(Salesforce Marketing Cloud)
Exclaimer
Email signature management
Referenced in SPF records
Everbridge
Emergency notifications
Referenced in SPF for pilottravelcenters.com
Confidence
High
KnowBe4 / OneTrustSecurity & Compliance
Category
Security Training & Privacy
KnowBe4
Security awareness training
Same token across 3 domains — unified
OneTrust
Cookie consent + privacy compliance
CookieLaw SDK on main site
DMARC Reports
Reporting to vali.email
(DMARC analytics service)
Legacy Mail Relays
mail11/mail12.pilottravelcenters.com still in SPF across ALL domains
Confidence
High
SaaS & Third-Party Services (TXT Record Verified)
SalesforceCRM + Pardot
Evidence
Org ID 00d80000000bzl1eai in TXT
Pardot verification on pilotflyingj.com
Purpose
CRM, marketing automation, lead mgmt
Confidence
Confirmed
AtlassianJira / Confluence
Evidence
atlassian-domain-verification on ALL 4 primary domains — same token
Purpose
Project mgmt, wiki — unified org
Confidence
Confirmed
DocuSignE-Signature
Evidence
Multiple docusign TXT verification tokens across domains
Purpose
Contract & document signing
Confidence
Confirmed
Infor CloudSuiteERP
Evidence
infor-cloudsuite-domain-verification on pilottravelcenters.com
Purpose
Enterprise resource planning
Confidence
Confirmed
CF: CASB for SaaS posture monitoring
Adobe / MixpanelAnalytics & Identity
Adobe
adobe-idp-site-verification on pilotflyingj.com + pilottravelcenters.com
Mixpanel
mixpanel-domain-verify on pilotflyingj.com + pilottravelcenters.com
Confidence
Confirmed
LogMeIn / Apple / GoogleRemote Access & Verification
LogMeIn
logmein-verification-code on pilottravelcenters.com
Apple
apple-domain-verification — different tokens (separate apps)
Google
4 google-site-verification tokens on pilotflyingj.com
Facebook
facebook-domain-verification on pilotcompany.com
Subsidiaries & Sister Domains
pilotflyingj.comLegacy Primary Brand
DNS
AWS Route 53
Hosting
Mixed — CloudFront (login), self-hosted (mail, portal, loyalty, API)
WAF/CDN
NONE on self-hosted services
SSL
GoDaddy wildcard *.pilotflyingj.com (Dec 2026)
DMARC
p=quarantine, SPF ~all
Key Services
SSO, API, loyalty portal, rewards, WiFi, mail — all on AS14556
Confidence
High
CF Opportunity: CRITICAL — operational services on exposed IPs with zero protection
mypilot.com / mypilotstore.com CLOUDFLARE — E-Commerce
DNS
Cloudflare NS
mypilot: melissa/nitin
mypilotstore: anna/carl
CDN/WAF
Cloudflare CDN + WAF + Bot Mgmt
Bot Mgmt
cf-mitigated: challenge — ACTIVE
Headers
X-Frame, X-Content-Type, Referrer-Policy, Permissions-Policy
IPv6
Dual-stack AAAA via Cloudflare
Accounts
2 different NS pairs = likely 2 separate CF accounts
Confidence
High — cf-ray confirmed
KEY: Existing CF footprint! Procurement/legal already cleared. Expand to Enterprise.
onecallnow.com CLOUDFLARE — Emergency Comms
DNS
NS1 (nsone.net)
CDN
Cloudflare CDN — server: cloudflare
Redirect
→ crisis24.com (GardaWorld acquisition)
Email
Microsoft 365
SPF -all (hard fail!)
HSTS
Present
Confidence
High
pilottravelcenters.com / pilotcorp.comLegacy Corporate Domains
DNS
AWS Route 53 (both)
pilottravelcenters
Self-hosted (74.114.188.119)
GoDaddy wildcard cert (Aug 2026)
Redirects to pilotcompany.com
pilotcorp
Legacy corporate — DNS/TXT only, no active web
flyingj.com
Self-hosted (74.114.189.73)
No redirect configured
pilotthomas.com
Anodyne (3rd-party) — Pilot Thomas Logistics subsidiary
Confidence
High
CF Opportunity: Registrar consolidation + redirect mgmt for all legacy domains
Unowned Brand Domains BRAND RISK
pilotfuel.com
Parked — Afternic/Sedo marketplace
pilottruckstop.com
Parked — Afternic/Sedo marketplace
pilotfleet.com
Third-party (ns2.atom.com)
pilotpoints.com
Third-party (GoDaddy)
pilotrewards.com
GoDaddy DNS, Google Workspace — outside corporate IT
Risk
Phishing vector — brand-adjacent domains not controlled
CF Opportunity: CF Registrar for domain consolidation + brand protection
Legacy Infrastructure & Shadow IT
feedback.pilotcompany.com Heroku — Subdomain Takeover
Finding
CNAME → herokudns.com
Server: Heroku confirmed
Risk
HIGH — if Heroku app deprovisioned, attacker can claim subdomain
Status
Currently redirects to /surveys — still active
Fix
Remove CNAME or lock Heroku app permanently
qa.pilotcompany.com Staging Exposed
Finding
QA/staging environment publicly accessible on CloudFront (18.65.3.2)
Risk
HIGH — staging data, pre-release features potentially visible
Also
order-api-mobile.* publicly resolvable
Fix
IP allowlist, Cloudflare Access, or WAF rule
CF Opportunity: Cloudflare Access — lock down in under 1 hour, zero-trust auth
Legacy Mail Relays mail11/mail12 Still in SPF
Endpoints
mail11.pilottravelcenters.com → 74.114.188.69
mail12.pilottravelcenters.com → 74.114.188.68
mail.pilotflyingj.com → 74.114.188.192
Risk
MEDIUM — legacy relays on self-hosted IPs, still in SPF for ALL domains
Status
Likely replaced by M365 but DNS/SPF never cleaned up
Fix
Remove from SPF, decommission DNS records
Header / Origin Leaks Info Disclosure
OpenTelemetry
server-timing: traceparent;desc="00-..." on pilotcompany.com
S3 Replication
x-amz-replication-status: FAILED on order.*
Custom Headers
x-nomnom-encoding, x-nomnom-rules-matched (internal framework)
Lambda@Edge
x-cache: LambdaGeneratedResponse on login.*
Okta POC
"KNXOKTAPOC" leaked in CSP on pilotflyingj.okta.com
Redundant Systems Parallel Services
Jobs vs Careers
jobs.pilotcompany.com (self-hosted, 74.114.188.63)
careers.pilotcompany.com (Paradox.ai)
Both live — redundant
M365 Tenant
DKIM CNAMEs reference pilotflyingj.onmicrosoft.com
Legacy tenant name not updated
3 Okta Tenants
Unusual — suggests incomplete identity consolidation
Overall
3 generations of brand names still live in DNS (Pilot Travel Centers → Pilot Flying J → Pilot Company)
Competitive Landscape — Who Uses What
Love's Travel Stops$40B+ Revenue
DNS
Self-managed (dns03/04.loves.com)
CDN/WAF
None observed
Cloudflare?
No
Casey's General Stores$15B Revenue
DNS
Cloudflare
CDN/WAF
Cloudflare
Cloudflare?
FULL STACK — best peer reference
RaceTrac / MaverikRegional Chains
RaceTrac DNS
Azure DNS
RaceTrac CDN
Cloudflare
Maverik DNS
Cloudflare
Maverik CDN
Cloudflare
Cloudflare?
BOTH full stack
7-Eleven / Speedway / Kwik TripImperva Stack
7-Eleven
CSC DNS, Imperva CDN/WAF
Speedway
UU.net DNS, Imperva CDN/WAF
Kwik Trip
Azure DNS, Imperva CDN/WAF
Murphy USA
Azure DNS, Imperva CDN/WAF
Cloudflare?
No — all Imperva
Sheetz / Wawa / Buc-ee'sOther Regional
Sheetz
F5 Cloud DNS + F5 Volt ADC
Wawa
AWS Route 53, no CDN/WAF
Buc-ee's
GoDaddy DNS, no CDN/WAF
Circle K
CSC DNS, CloudFront CDN
Cloudflare?
No
Top 5 Cloudflare Sales Entry Points
#1 — Extend CF from mypilotstoreWAF + CDN + Bot Mgmt → pilotcompany.com
Already a CF customer on mypilotstore.com with Bot Mgmt. Main site has partial WAF (SQLi passes through), zero security headers, no bot protection. Extend existing deployment to primary brand.
Urgency
IMMEDIATE — procurement already cleared, SQLi gap is demo-ready
#2 — On-Prem DDoSMagic Transit + Spectrum
5 /24 blocks (AS14556) with no DDoS scrubbing. API endpoint, loyalty portal, SSO, mail relays all on exposed origin IPs. Direct transit via Verizon/AT&T.
Urgency
HIGH — 1,280 IPs unprotected
#3 — Zero Trust / SASECloudflare One
800+ travel centers, massive distributed workforce. 3 Okta tenants + PingFederate but no ZTNA. WARP + Access + Gateway replaces VPN, secures guest WiFi, integrates with existing Okta.
Urgency
STRATEGIC — large deal, longer sales cycle
#4 — Email SecurityCF Email Security (Area 1)
No email security gateway — M365 only. DMARC at quarantine (not reject), SPF soft fail (~all). No Proofpoint or Mimecast. CF Email Security layers anti-phishing on M365.
Urgency
COMPETITIVE — greenfield, no incumbent to displace
#5 — Security Headers + Shadow CleanupTransform Rules + Access
Main site has 0 of 6 security headers. QA environment publicly exposed. Heroku subdomain takeover risk. Transform Rules add all headers instantly. Access locks down staging.
Urgency
QUICK WIN — demonstrate value in first week