LeakIX - Host esp.adboxapp.com

Domain esp.adboxapp.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 35.71.145.101
Domain: esp.adboxapp.com
Port: 443
URL: https://esp.adboxapp.com

First seen 2025-11-13 04:13
Last seen 2026-01-03 00:00
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968
```
GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7)
Operations:
- Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes
- Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-03 00:00
  
  93.7 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-13 04:13
Create report

Open service 35.71.145.101:443 · esp.adboxapp.com

2026-01-10 02:01

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://esp.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=NxFUwwyYIBUMXnEgqspJjUaLMRfWtVbFJ7vqiZwVtKE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768010503"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=NxFUwwyYIBUMXnEgqspJjUaLMRfWtVbFJ7vqiZwVtKE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768010503"
Server: Heroku
Set-Cookie: XSRF-TOKEN=sbZPvW32Bf5WTq8bp3HgXQ2Ad8d5Vk7C%2FOgnMIW3FnW9OecE7Yr%2FKjWymXb7jdv8Puy8I27QOsP9WbDz8E2V2w%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=aac000ac47472e4c84f7034b65ecef66; domain=esp.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: ec4ecf27-8f16-ad70-e405-b3bc50ab5fbd
X-Runtime: 0.027868
X-Xss-Protection: 1; mode=block
Date: Sat, 10 Jan 2026 02:01:43 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://esp.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 35.71.145.101:443 · esp.adboxapp.com

2026-01-03 00:00

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://esp.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=rj2u8it8yCwSBYc4IjMiYDkmkU3dTbzakeGc%2B2g69Ds%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767398421"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=rj2u8it8yCwSBYc4IjMiYDkmkU3dTbzakeGc%2B2g69Ds%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767398421"
Server: Heroku
Set-Cookie: XSRF-TOKEN=oQx0jq8txO0dFWzO7fEOqEiS4C2Qi9H7%2B1j97grjNSRKzoZiUBbUqwd15IluH824Wkemk0otkBvwtykzthoGDA%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=afe22215a54d4a2c0a2bb2dd2fbb1bbe; domain=esp.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 87010d3a-9730-477a-d92a-181a2261bd90
X-Runtime: 0.053461
X-Xss-Protection: 1; mode=block
Date: Sat, 03 Jan 2026 00:00:22 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://esp.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-03 by HttpPlugin

Create report

Open service 35.71.145.101:443 · esp.adboxapp.com

2025-12-23 04:03

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://esp.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=N86oAiA79zVVbna2VnfMb8S0uPMtoEUxRrVp3FohBMs%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766462587"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=N86oAiA79zVVbna2VnfMb8S0uPMtoEUxRrVp3FohBMs%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766462587"
Server: Heroku
Set-Cookie: XSRF-TOKEN=4DTG0OhGuZUL4KhpFvFz5I2X0GMHWm%2FuKtF%2Bge0SI30Sb2blh%2FU0oGyQ8r5PnuAObzPeVS0A%2FaJGH%2BG%2BfQpJbg%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=0cc6352e6f8348e4dbc4c4e1d3dc8706; domain=esp.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 787f35ee-f7b8-01e5-600e-641f7074dea0
X-Runtime: 0.076965
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2025 04:03:07 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://esp.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 35.71.145.101:443 · esp.adboxapp.com

2025-12-20 16:31

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://esp.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hHrOB9zoc%2FqT0MWV%2FC6xo03Gpmz1iO7qDZRI0fIYhBg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766248287"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hHrOB9zoc%2FqT0MWV%2FC6xo03Gpmz1iO7qDZRI0fIYhBg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766248287"
Server: Heroku
Set-Cookie: XSRF-TOKEN=VYvJUJs9WXktR4XBYPh74NGX2c2ykGIBLjGc2tDfUaIQeYfaiCB8uQp8e0%2FOqMRnT7QaBKIoQqFdyYqQ3cncKw%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=0d5554ee989c4a992677123fdd33917a; domain=esp.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 36fec2d9-25a0-b5cd-b1a4-46cd8f3c6101
X-Runtime: 0.030372
X-Xss-Protection: 1; mode=block
Date: Sat, 20 Dec 2025 16:31:28 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://esp.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

esp.adboxapp.com

Fingerprint:

0a6a6726dd9d0596f4b119211bb958b44b405b49c238f93a8cbbf2f739cead56

CN:

esp.adboxapp.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-13 03:15

Not after:

2026-02-11 03:15

Domain summary

esp.adboxapp.com 5

1 recorded

IP summary

35.71.145.101 2 13.248.132.87 1

2 recorded

Domain esp.adboxapp.com

United States

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

esp.adboxapp.com

Domain summary

IP summary