Domain lexus.adboxapp.com
United States
AMAZON-02
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-13 03:54
Last seen 2026-01-02 00:35
Open for 49 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968GraphQL introspection enabled at /graphql Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7) Operations: - Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes - Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign Directives: deprecated, include, skip (total: 3)
Found on 2026-01-02 00:3593.7 kBytes
-
-
Open service 35.71.145.101:443 · lexus.adboxapp.com
2026-01-09 02:37
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://lexus.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=uYWsos%2F5uK%2Fxy62KtQz4aKYxPBQtgHCL0T1xs3Xmq5s%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767926252"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=uYWsos%2F5uK%2Fxy62KtQz4aKYxPBQtgHCL0T1xs3Xmq5s%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767926252" Server: Heroku Set-Cookie: XSRF-TOKEN=ab7G9haCcuwmrCrIG5%2FWmFS7%2Bp65xT%2FuSPSoeFuWdEPoBW7jCkv%2BCsmK6DiA%2B4i%2Bpk1BH7DwKLCc1uRGVxO%2FuQ%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=8c80bf11dab2972104707928cf44f61a; domain=lexus.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 5df08d65-3313-939a-fdfd-761261d5aa4d X-Runtime: 0.027308 X-Xss-Protection: 1; mode=block Date: Fri, 09 Jan 2026 02:37:32 GMT Content-Length: 98 Connection: close <html><body>You are being <a href="https://lexus.adboxapp.com/login">redirected</a>.</body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · lexus.adboxapp.com
2026-01-02 00:35
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://lexus.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=CFbfSnC%2Fxf%2BgGytFdtATjKNSWv0qy0d0oe0SBwfC3sc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767314124"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=CFbfSnC%2Fxf%2BgGytFdtATjKNSWv0qy0d0oe0SBwfC3sc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767314124" Server: Heroku Set-Cookie: XSRF-TOKEN=jHj71uSwB2bqtsb%2BYGbmZGDmQfI7uA52tq4XCGLKa8FjowEP7hoZrjniIuRwnCWXGfSBQmahpkZt12Zl%2B9tB%2Fg%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=3f03f0f8951065f80395f44b826f18ae; domain=lexus.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 829b12d0-cd98-e139-ab32-b093c88950aa X-Runtime: 0.029274 X-Xss-Protection: 1; mode=block Date: Fri, 02 Jan 2026 00:35:24 GMT Content-Length: 98 Connection: close <html><body>You are being <a href="https://lexus.adboxapp.com/login">redirected</a>.</body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · lexus.adboxapp.com
2025-12-30 08:10
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://lexus.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=SyQRAUzt3pMyAVHQ9kdE8qNrTAeJMSv2sqSTJ7IieDc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767082244"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=SyQRAUzt3pMyAVHQ9kdE8qNrTAeJMSv2sqSTJ7IieDc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767082244" Server: Heroku Set-Cookie: XSRF-TOKEN=QjfKeJ1dhNRgTX4b2nxlQg9i02rrPJrNiLEnAd9c8w4mB3FvxbtbSriZRvyVaiJjxHONKsLorSHcMn248SsbMg%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=1dcff9f08f2f8ab33e1dcf9420682782; domain=lexus.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: d38ec2b6-9ec0-6093-28fe-cecefcf92e83 X-Runtime: 0.023703 X-Xss-Protection: 1; mode=block Date: Tue, 30 Dec 2025 08:10:44 GMT Content-Length: 98 Connection: close <html><body>You are being <a href="https://lexus.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-30 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · lexus.adboxapp.com
2025-12-23 00:47
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://lexus.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=CZmwlFnyKArqYo7kTc0GWPIuDxb5EYlL7WJsg1Mu1C0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766450835"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=CZmwlFnyKArqYo7kTc0GWPIuDxb5EYlL7WJsg1Mu1C0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766450835" Server: Heroku Set-Cookie: XSRF-TOKEN=f%2F1wrCdfjIucSeQAsDuEvMjYQ9U4zxosKAtRTYUqexQu5Lk2GS0Mi%2F1%2B1rnWl2BsHE%2BonY0Py4QxREQc0aoGPA%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=470c4cd0d7de9454cd5988e7645d7444; domain=lexus.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 98bd373b-de01-1320-454b-4efc962721dd X-Runtime: 0.030436 X-Xss-Protection: 1; mode=block Date: Tue, 23 Dec 2025 00:47:15 GMT Content-Length: 98 Connection: close <html><body>You are being <a href="https://lexus.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.145.101:443 · lexus.adboxapp.com
2025-12-20 23:00
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://lexus.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3DHMopYBhUQ1FxTKQyyiLUPP9T24115rKE516SA5Kw8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766271632"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3DHMopYBhUQ1FxTKQyyiLUPP9T24115rKE516SA5Kw8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766271632" Server: Heroku Set-Cookie: XSRF-TOKEN=HPAmPQJLhjMFJKu0TYVmDiYG56nrW3RkZstiK9pZOTBJD1OwwuZeF8vdnmMWkYI8l7YMd%2BU%2FlnrOO8dd9kWUig%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=019a9d42fdc2ab2181928f45d3ddc349; domain=lexus.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 447d01d5-0d13-7ec7-89d9-2dc5d9293064 X-Runtime: 0.087304 X-Xss-Protection: 1; mode=block Date: Sat, 20 Dec 2025 23:00:32 GMT Content-Length: 98 Connection: close <html><body>You are being <a href="https://lexus.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-20 by HttpPluginCreate report
lexus.adboxapp.com
CN:
lexus.adboxapp.com
Not before:
2025-11-13 02:55
Not after:
2026-02-11 02:55