Domain admin.thevan-d2-dev.nike.com
United States
Software information
CloudFront
tcp/443
nginx 1.24.0
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 18.239.50.26
Domain: admin.thevan-d2-dev.nike.com
Port: 443
URL: https://admin.thevan-d2-dev.nike.comFirst seen 2025-10-22 15:32
Last seen 2026-01-01 20:24
Open for 71 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3dd99305b8e7bfc1983da44da6566128bb1bd5d9eGraphQL introspection enabled at /graphql Types: 611 (by kind: ENUM: 60, INPUT_OBJECT: 125, INTERFACE: 36, OBJECT: 385, SCALAR: 5) Operations: - Query: Query | fields: adyenPaymentMethods, adyenPaymentMethodsBalance, adyenPaymentStatus, adyenRedeemedGiftcards, attributesForm - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart Directives: deprecated, include, oneOf, skip (total: 4) Detected: Magento
Found on 2026-01-01 20:24985.8 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e22d51ac0e4746a2fe4459cac1b622ec965cc5d547GraphQL introspection enabled at /graphql/api Types: 611 (by kind: ENUM: 60, INPUT_OBJECT: 125, INTERFACE: 36, OBJECT: 385, SCALAR: 5) Operations: - Query: Query | fields: adyenPaymentMethods, adyenPaymentMethodsBalance, adyenPaymentStatus, adyenRedeemedGiftcards, attributesForm - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart Directives: deprecated, include, oneOf, skip (total: 4) Detected: Magento
Found on 2025-12-30 04:34985.8 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa36de61bc58cf59c07f59212d0032750352223ef6dGraphQL introspection enabled at /graphql Types: 607 (by kind: ENUM: 59, INPUT_OBJECT: 125, INTERFACE: 35, OBJECT: 383, SCALAR: 5) Operations: - Query: Query | fields: adyenPaymentMethods, adyenPaymentMethodsBalance, adyenPaymentStatus, adyenRedeemedGiftcards, attributesForm - Mutation: Mutation | fields: addBundleProductsToCart, addConfigurableProductsToCart, addDownloadableProductsToCart, addGiftRegistryRegistrants, addProductsToCart Directives: deprecated, include, oneOf, skip (total: 4)
Found on 2025-12-08 08:44979.3 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3GraphQL introspection enabled at /graphql
Found on 2025-11-03 02:41 -
Severity: medium
Fingerprint: c2db3a1c40d490dbf8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2f8cbe7e2GraphQL introspection enabled at /graphql/api
Found on 2025-11-01 15:07
-
-
Open service 18.239.50.26:443 · admin.thevan-d2-dev.nike.com
2026-01-08 22:44
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Thu, 08 Jan 2026 22:44:39 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Server: nginx/1.24.0 (Ubuntu) Vary: Accept-Encoding Set-Cookie: PHPSESSID=0rilsvrb7grfv0peu4t4vlkgaj; expires=Fri, 09 Jan 2026 22:44:38 GMT; Max-Age=86400; path=/; domain=admin.thevan-d2-dev.nike.com; HttpOnly; SameSite=Lax Set-Cookie: X-Magento-Vary=9959f5124bf06cbb9112e17903b5b94e3688423001bac836f7a8f64f5af4af19; expires=Fri, 09 Jan 2026 22:44:39 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=Lax Pragma: cache Cache-Control: max-age=86400, public, s-maxage=86400 Expires: Fri, 09 Jan 2026 22:44:38 GMT X-Magento-Tags: store,cms_b,cms_p_244,cat_p X-Magento-Debug: 1 Content-Security-Policy-Report-Only: font-src *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; X-Content-Type-Options: nosniff X-Cache: Miss from cloudfront Via: 1.1 9ac192ffc1203361ea1141b56df84966.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P3 X-Amz-Cf-Id: kBjI2U3CznOxp5cvzNeFUsphZhFXBCvuBvLyqtDe6EZY-jJPimPIuA== Vary: Origin
Found 2026-01-08 by HttpPluginCreate report
-
Open service 18.239.50.26:443 · admin.thevan-d2-dev.nike.com
2026-01-01 20:24
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Thu, 01 Jan 2026 20:24:39 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Server: nginx/1.24.0 (Ubuntu) Vary: Accept-Encoding Set-Cookie: PHPSESSID=43q91itabtocejnbt974itvd39; expires=Fri, 02 Jan 2026 20:24:39 GMT; Max-Age=86400; path=/; domain=admin.thevan-d2-dev.nike.com; HttpOnly; SameSite=Lax Set-Cookie: X-Magento-Vary=9959f5124bf06cbb9112e17903b5b94e3688423001bac836f7a8f64f5af4af19; expires=Fri, 02 Jan 2026 20:24:39 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=Lax Pragma: cache Cache-Control: max-age=86400, public, s-maxage=86400 Expires: Fri, 02 Jan 2026 20:24:39 GMT X-Magento-Tags: store,cms_b,cms_p_244,cat_p X-Magento-Debug: 1 Content-Security-Policy-Report-Only: font-src *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; X-Content-Type-Options: nosniff X-Cache: Miss from cloudfront Via: 1.1 8be4072f43c8c13d02688a798ea634a4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P3 X-Amz-Cf-Id: f7XB_2r3eN54xshmTvK-6kfdRm0azEwRbspeQbHIDQufrSleeuZT6A== Vary: Origin
Found 2026-01-01 by HttpPluginCreate report
-
Open service 18.239.50.26:443 · admin.thevan-d2-dev.nike.com
2025-12-30 04:34
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Tue, 30 Dec 2025 04:34:23 GMT X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Server: nginx/1.24.0 (Ubuntu) Vary: Accept-Encoding Set-Cookie: PHPSESSID=9mo2mhae6ra5kr696d5666b0ah; expires=Wed, 31 Dec 2025 04:34:23 GMT; Max-Age=86400; path=/; domain=admin.thevan-d2-dev.nike.com; HttpOnly; SameSite=Lax Set-Cookie: X-Magento-Vary=9959f5124bf06cbb9112e17903b5b94e3688423001bac836f7a8f64f5af4af19; expires=Wed, 31 Dec 2025 04:34:23 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=Lax Pragma: cache Cache-Control: max-age=86400, public, s-maxage=86400 Expires: Wed, 31 Dec 2025 04:34:23 GMT X-Magento-Tags: store,cms_b,cms_p_244,cat_p X-Magento-Debug: 1 Content-Security-Policy-Report-Only: font-src *.typekit.net *.gstatic.com cash-f.squarecdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com * c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io * magefan.com cm.magefan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com https://unpkg.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cash.app *.fontawesome.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com * api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; X-Content-Type-Options: nosniff X-Cache: Miss from cloudfront Via: 1.1 b744839339b269ebb49818cc6c300b6a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P3 X-Amz-Cf-Id: e3_5DQG2ELkV03KA87DYM_JxHNyL1ryoE-jI1kS2siRmaqY6BVPEiQ== Vary: Origin
Found 2025-12-30 by HttpPluginCreate report
-
Open service 18.239.50.26:443 · admin.thevan-d2-dev.nike.com
2025-12-22 05:26
HTTP/1.1 403 Forbidden Server: CloudFront Date: Mon, 22 Dec 2025 05:26:09 GMT Content-Type: text/html Content-Length: 919 Connection: close X-Cache: Error from cloudfront Via: 1.1 70d3812e62d49cd4dca6f1dcec98b050.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P3 X-Amz-Cf-Id: V1Gbnwvl9rrdG1HGEmpD67xlkM0F5w2-eBwiLRJQbZ-HICxovmR1KA== Vary: Origin Page title: ERROR: The request could not be satisfied <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The request could not be satisfied</TITLE> </HEAD><BODY> <H1>403 ERROR</H1> <H2>The request could not be satisfied.</H2> <HR noshade size="1px"> Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. <BR clear="all"> If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. <BR clear="all"> <HR noshade size="1px"> <PRE> Generated by cloudfront (CloudFront) Request ID: V1Gbnwvl9rrdG1HGEmpD67xlkM0F5w2-eBwiLRJQbZ-HICxovmR1KA== </PRE> <ADDRESS> </ADDRESS> </BODY></HTML>
Found 2025-12-22 by HttpPluginCreate report
-
Open service 18.239.50.26:443 · admin.thevan-d2-dev.nike.com
2025-12-20 05:51
HTTP/1.1 403 Forbidden Server: CloudFront Date: Sat, 20 Dec 2025 05:51:51 GMT Content-Type: text/html Content-Length: 919 Connection: close X-Cache: Error from cloudfront Via: 1.1 73ce513d12556804240bd1d312686daa.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS58-P3 X-Amz-Cf-Id: iMjtizkCCKEvdekbmlcgAutCyxoFNsITE2CCcuGY5FMonrhGvxQOoQ== Vary: Origin Page title: ERROR: The request could not be satisfied <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The request could not be satisfied</TITLE> </HEAD><BODY> <H1>403 ERROR</H1> <H2>The request could not be satisfied.</H2> <HR noshade size="1px"> Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. <BR clear="all"> If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. <BR clear="all"> <HR noshade size="1px"> <PRE> Generated by cloudfront (CloudFront) Request ID: iMjtizkCCKEvdekbmlcgAutCyxoFNsITE2CCcuGY5FMonrhGvxQOoQ== </PRE> <ADDRESS> </ADDRESS> </BODY></HTML>
Found 2025-12-20 by HttpPluginCreate report