Domain horizon-api.us.endurasport.com
United Kingdom
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 31.177.19.30
Domain: horizon-api.us.endurasport.com
Port: 443
URL: https://horizon-api.us.endurasport.comFirst seen 2025-11-20 17:39
Last seen 2026-01-02 18:20
Open for 43 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3e2ab8bfc9024f240df7cfdacaa5c6c20cd9d4677GraphQL introspection enabled at /graphql Types: 597 (by kind: ENUM: 67, INPUT_OBJECT: 74, INTERFACE: 3, OBJECT: 419, SCALAR: 28, UNION: 6) Operations: - Query: Query | fields: check, customer, exchangeSocialAuthenticationToken, passwordResetTokenValidity, socialLoginProviders - Mutation: Mutation | fields: check, updateDateOfBirth, updateEmailAddress, updateMobilePhoneNumber, updateName Directives: authenticated, deprecated, include, internal, rateLimited, sensitive, skip, surrogateControl, volatile, weight (total: 12)
Found on 2026-01-02 18:201.0 MBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3b86ace1ad53b4f8ac71de90acc9f5ef617914a9dGraphQL introspection enabled at /graphql Types: 596 (by kind: ENUM: 66, INPUT_OBJECT: 74, INTERFACE: 3, OBJECT: 419, SCALAR: 28, UNION: 6) Operations: - Query: Query | fields: check, customer, exchangeSocialAuthenticationToken, passwordResetTokenValidity, socialLoginProviders - Mutation: Mutation | fields: check, updateDateOfBirth, updateEmailAddress, updateMobilePhoneNumber, updateName Directives: authenticated, deprecated, include, internal, rateLimited, sensitive, skip, surrogateControl, volatile, weight (total: 12)
Found on 2025-12-17 03:091.0 MBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3fe956316f9957cc67d27bb3e6fed3962e1d295d9GraphQL introspection enabled at /graphql Types: 594 (by kind: ENUM: 66, INPUT_OBJECT: 74, INTERFACE: 3, OBJECT: 417, SCALAR: 28, UNION: 6) Operations: - Query: Query | fields: check, customer, exchangeSocialAuthenticationToken, passwordResetTokenValidity, socialLoginProviders - Mutation: Mutation | fields: check, updateDateOfBirth, updateEmailAddress, updateMobilePhoneNumber, updateName Directives: authenticated, deprecated, include, internal, rateLimited, sensitive, skip, surrogateControl, volatile, weight (total: 12)
Found on 2025-12-12 20:421.0 MBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3a14c127c7bfd49c0a90cd42c7aa6a2a0826ec8f7GraphQL introspection enabled at /graphql Types: 591 (by kind: ENUM: 66, INPUT_OBJECT: 74, INTERFACE: 3, OBJECT: 414, SCALAR: 28, UNION: 6) Operations: - Query: Query | fields: check, customer, exchangeSocialAuthenticationToken, passwordResetTokenValidity, socialLoginProviders - Mutation: Mutation | fields: check, updateDateOfBirth, updateEmailAddress, updateMobilePhoneNumber, updateName Directives: authenticated, deprecated, include, internal, rateLimited, sensitive, skip, surrogateControl, volatile, weight (total: 12)
Found on 2025-11-28 14:311.0 MBytes
-
-
Open service 31.177.19.30:443 · horizon-api.us.endurasport.com
2026-01-10 01:16
HTTP/1.1 200 OK content-type: text/html content-length: 284 x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close Page title: Horizon <!doctype html> <html> <head><meta charset='UTF-8'/><title>Horizon</title></head> <body> <h1>Horizon</h1> <p>This GraphQL API powers THG's enterprise e-commerce platform.</p> <p><a href="https://horizondocs.thgaltitude.com/">Documentation</a> is available online.</p> </body> </html>
Found 2026-01-10 by HttpPluginCreate report
-
Open service 31.177.19.30:443 · horizon-api.us.endurasport.com
2026-01-02 18:20
HTTP/1.1 200 OK content-type: text/html content-length: 284 x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close Page title: Horizon <!doctype html> <html> <head><meta charset='UTF-8'/><title>Horizon</title></head> <body> <h1>Horizon</h1> <p>This GraphQL API powers THG's enterprise e-commerce platform.</p> <p><a href="https://horizondocs.thgaltitude.com/">Documentation</a> is available online.</p> </body> </html>
Found 2026-01-02 by HttpPluginCreate report
-
Open service 185.217.107.30:443 · horizon-api.us.endurasport.com
2026-01-01 12:07
HTTP/1.1 200 OK content-type: text/html content-length: 284 x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close Page title: Horizon <!doctype html> <html> <head><meta charset='UTF-8'/><title>Horizon</title></head> <body> <h1>Horizon</h1> <p>This GraphQL API powers THG's enterprise e-commerce platform.</p> <p><a href="https://horizondocs.thgaltitude.com/">Documentation</a> is available online.</p> </body> </html>
Found 2026-01-01 by HttpPluginCreate report
-
Open service 185.217.107.30:80 · horizon-api.us.endurasport.com
2026-01-01 12:07
HTTP/1.1 403 Forbidden content-length: 93 cache-control: no-cache content-type: text/html <html><body><h1>403 Forbidden</h1> Request forbidden by administrative rules. </body></html>
Found 2026-01-01 by HttpPluginCreate report
-
Open service 31.177.19.30:443 · horizon-api.us.endurasport.com
2025-12-23 00:09
HTTP/1.1 200 OK content-type: text/html content-length: 284 x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close Page title: Horizon <!doctype html> <html> <head><meta charset='UTF-8'/><title>Horizon</title></head> <body> <h1>Horizon</h1> <p>This GraphQL API powers THG's enterprise e-commerce platform.</p> <p><a href="https://horizondocs.thgaltitude.com/">Documentation</a> is available online.</p> </body> </html>
Found 2025-12-23 by HttpPluginCreate report
-
Open service 31.177.19.30:443 · horizon-api.us.endurasport.com
2025-12-21 07:29
HTTP/1.1 406 Not Acceptable content-length: 41 content-type: application/json x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close {"status":406,"message":"Not Acceptable"}Found 2025-12-21 by HttpPluginCreate report
-
Open service 31.177.19.30:443 · horizon-api.us.endurasport.com
2025-12-19 10:06
HTTP/1.1 200 OK content-type: text/html content-length: 284 x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none'; form-action 'none'; report-to csp-endpoint strict-transport-security: max-age=31536000; includeSubDomains; preload reporting-endpoints: csp-endpoint=https://csp.thehut.net/cspReport.txt cache-control: no-store connection: close Page title: Horizon <!doctype html> <html> <head><meta charset='UTF-8'/><title>Horizon</title></head> <body> <h1>Horizon</h1> <p>This GraphQL API powers THG's enterprise e-commerce platform.</p> <p><a href="https://horizondocs.thgaltitude.com/">Documentation</a> is available online.</p> </body> </html>
Found 2025-12-19 by HttpPluginCreate report