LeakIX - Host manheim.adboxapp.com

Domain manheim.adboxapp.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 13.248.132.87
Domain: manheim.adboxapp.com
Port: 443
URL: https://manheim.adboxapp.com

First seen 2025-11-13 04:03
Last seen 2026-01-02 16:54
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968
```
GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7)
Operations:
- Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes
- Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 16:54
  
  93.7 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-13 04:03
Create report

Open service 13.248.132.87:443 · manheim.adboxapp.com

2026-01-09 20:46

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://manheim.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=lGsq8rEzQvfDlhma1GMWEbJTUp2CpKgdHYPWlUSujO0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767991564"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=lGsq8rEzQvfDlhma1GMWEbJTUp2CpKgdHYPWlUSujO0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767991564"
Server: Heroku
Set-Cookie: XSRF-TOKEN=TCk1w42C2oqvpmAOkK%2BOLE%2FkNBku9tEVEtna%2FLKjbE2SvfVkGbvP9kKzihyS95yuXefsH%2FvxXc18IaHfH3yvaA%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=2a6705735f44e1f47be6b5f74e19c9af; domain=manheim.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: b7c10cc7-7a27-8791-8e93-d907d3cf3a1d
X-Runtime: 0.025565
X-Xss-Protection: 1; mode=block
Date: Fri, 09 Jan 2026 20:46:04 GMT
Content-Length: 100
Connection: close


<html><body>You are being <a href="https://manheim.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 13.248.132.87:443 · manheim.adboxapp.com

2026-01-02 16:54

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://manheim.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=RGw71cgxfiKerIQ8fNjZe1E5mSRjSULQqcZxvzc%2FN7Y%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767372848"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=RGw71cgxfiKerIQ8fNjZe1E5mSRjSULQqcZxvzc%2FN7Y%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767372848"
Server: Heroku
Set-Cookie: XSRF-TOKEN=WU84GkJKDf2rMyfhR9e37966BCx1ouolZS%2FWW27XHIpsMfVMwsRC8ZhyM0JJe6UcF9DbjIMYVAz9Ofh6G4Vx4w%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=a91a3bf521795fd09bfa30d5bdf87b57; domain=manheim.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 8f3b57da-662a-4bc9-82b2-1435d24f0be1
X-Runtime: 0.075635
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jan 2026 16:54:08 GMT
Content-Length: 100
Connection: close


<html><body>You are being <a href="https://manheim.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 13.248.132.87:443 · manheim.adboxapp.com

2025-12-23 02:20

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://manheim.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=j6CQmepLWZHudwYbIdKOnX1i3fY%2B9cBi3m2V%2Ft3IYp0%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766456455"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=j6CQmepLWZHudwYbIdKOnX1i3fY%2B9cBi3m2V%2Ft3IYp0%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766456455"
Server: Heroku
Set-Cookie: XSRF-TOKEN=V9P78hbosP38N7fmK9w9RdSkOTQBIxN1fe6rV0tF9P1LVLc44Pcfa3iSOGLTO6u4%2FPfptN9pMvfvo7WimFooxw%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=e6320f8d7b374e90b2116bcf14db1ce5; domain=manheim.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 2d7b9a12-6025-344c-1183-52bb519200a5
X-Runtime: 0.029458
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2025 02:20:55 GMT
Content-Length: 100
Connection: close


<html><body>You are being <a href="https://manheim.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 13.248.132.87:443 · manheim.adboxapp.com

2025-12-20 14:29

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://manheim.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GFo98KMTpz9I25b8qPyNpUfHibhheCd5pAsO2Ic5Bi8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766240986"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GFo98KMTpz9I25b8qPyNpUfHibhheCd5pAsO2Ic5Bi8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766240986"
Server: Heroku
Set-Cookie: XSRF-TOKEN=IwtUG7s5uv4RFLo3fDjDsVOcHh8o5t7vOlxIXLcnUPGncvizk26Ne8AYybdB9jE%2BFH61z5xtip1xvL1rxRN6ow%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=3b6ade74cc7e810fd58e3db873cbf1cf; domain=manheim.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 5e2494a6-75ca-d056-753f-738120115a98
X-Runtime: 0.033138
X-Xss-Protection: 1; mode=block
Date: Sat, 20 Dec 2025 14:29:46 GMT
Content-Length: 100
Connection: close


<html><body>You are being <a href="https://manheim.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

manheim.adboxapp.com

Fingerprint:

e560b4bf616a0cc4a1a85b00942718eedeaf92da7fdc38b535ea5889b2870360

CN:

manheim.adboxapp.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-13 03:05

Not after:

2026-02-11 03:05

Domain summary

manheim.adboxapp.com 5

1 recorded

IP summary

13.248.132.87 2

1 recorded

Domain manheim.adboxapp.com

United States

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

manheim.adboxapp.com

Domain summary

IP summary