LeakIX - Host oua.adboxapp.com

Domain oua.adboxapp.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 75.2.97.79
Domain: oua.adboxapp.com
Port: 443
URL: https://oua.adboxapp.com

First seen 2025-11-13 02:14
Last seen 2026-01-02 22:27
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968
```
GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7)
Operations:
- Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes
- Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 22:27
  
  93.7 kBytes
Create report

Open service 75.2.97.79:443 · oua.adboxapp.com

2026-01-09 15:58

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://oua.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=cLFGr8K9afEDQjl3qSi088zfHb5rSMUEDhxa17fp%2F%2Fs%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767974291"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=cLFGr8K9afEDQjl3qSi088zfHb5rSMUEDhxa17fp%2F%2Fs%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767974291"
Server: Heroku
Set-Cookie: XSRF-TOKEN=L22q4k4glzjAqPU55C4%2BRSUr0ykZAk%2FNQdt7lbHKFsZEG0BZ91cYtpN9XQpJ1kpp0Co8B3YCoXVzH3rbb8kw0g%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=5a12a3a7c3e1c25f8914d3286a9252a6; domain=oua.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 2d540cb4-79c3-bcca-402e-ff3f4234557c
X-Runtime: 0.025382
X-Xss-Protection: 1; mode=block
Date: Fri, 09 Jan 2026 15:58:11 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://oua.adboxapp.com/login">redirected</a>.</body></html>

Found 3 days ago by HttpPlugin

Create report

Open service 75.2.97.79:443 · oua.adboxapp.com

2026-01-02 22:27

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://oua.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9h2E0eIf27tBJDeEFSQXRIOZg08rba0nQ5Biu8qNcGs%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767392872"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=9h2E0eIf27tBJDeEFSQXRIOZg08rba0nQ5Biu8qNcGs%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767392872"
Server: Heroku
Set-Cookie: XSRF-TOKEN=Wa70V5ml5q2spp5KMzKX3nlLTRT5O7EkbZtL9bUDnb5DnBhh8E8CxxHwth6fZo6MzHB7ZzldrDAK1TPmcg7RSQ%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=3ac18593340e20edd54b3a6cb98b108c; domain=oua.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: c0656bcb-a7aa-efef-95e8-ffc70235faef
X-Runtime: 0.028500
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jan 2026 22:27:52 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://oua.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 75.2.97.79:443 · oua.adboxapp.com

2025-12-22 14:20

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://oua.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=B%2BokxSkOmmPL%2FsfS9KwsDneRy028O%2F7prcsagzvtoJA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766413218"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=B%2BokxSkOmmPL%2FsfS9KwsDneRy028O%2F7prcsagzvtoJA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766413218"
Server: Heroku
Set-Cookie: XSRF-TOKEN=OFGVIRjS59QjxsybFlnqbpd2LwO20cS4YVjtB%2BZ0RLDjIhb1X2WPSMkjld2LXByjCP%2FOllhHW6h%2BI5hj8NBu8g%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=2c0460316d85bcd4862bda53f50005c1; domain=oua.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: af4f28cd-2e68-19cc-4868-38ec70596627
X-Runtime: 0.033943
X-Xss-Protection: 1; mode=block
Date: Mon, 22 Dec 2025 14:20:18 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://oua.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 75.2.97.79:443 · oua.adboxapp.com

2025-12-20 13:29

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://oua.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0fjE%2Bmg%2Bq4xDCvpu9taIyEsO4l%2B7p5JHNPSc7iExZFM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766237397"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0fjE%2Bmg%2Bq4xDCvpu9taIyEsO4l%2B7p5JHNPSc7iExZFM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766237397"
Server: Heroku
Set-Cookie: XSRF-TOKEN=H%2F%2FTMoephRrKpJ%2BiIWnG8YYirPlpbASd7wnXfOtZNL0bWaiArShPpM%2FYtscxG%2BUkt6fu%2BpHp%2FLu%2FaGilS6EzAQ%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=371625d1a400bf2a61de6570a6ae2123; domain=oua.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: d31efe87-eee8-2b17-c5d0-22a00b0405e9
X-Runtime: 0.030300
X-Xss-Protection: 1; mode=block
Date: Sat, 20 Dec 2025 13:29:57 GMT
Content-Length: 96
Connection: close


<html><body>You are being <a href="https://oua.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

oua.adboxapp.com

Fingerprint:

9dca0148ac4169e88d57dd87cfc772bab64f651e33e0e483a120153a6214459c

CN:

oua.adboxapp.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-13 01:15

Not after:

2026-02-11 01:15

Domain summary

oua.adboxapp.com 4

1 recorded

IP summary

75.2.97.79 2

1 recorded

Domain oua.adboxapp.com

United States

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

oua.adboxapp.com

Domain summary

IP summary