LeakIX - Host quest.adboxapp.com

Domain quest.adboxapp.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 75.2.97.79
Domain: quest.adboxapp.com
Port: 443
URL: https://quest.adboxapp.com

First seen 2025-11-13 03:53
Last seen 2026-01-03 00:09
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968
```
GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7)
Operations:
- Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes
- Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-03 00:09
  
  93.7 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-13 03:53
Create report

Open service 75.2.97.79:443 · quest.adboxapp.com

2026-01-10 01:56

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quest.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9utE48wJ3BIgEnXVSyyiAI10AZcQM974WtJ4oTlyI3Q%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768010177"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=9utE48wJ3BIgEnXVSyyiAI10AZcQM974WtJ4oTlyI3Q%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768010177"
Server: Heroku
Set-Cookie: XSRF-TOKEN=%2BzcKYZUZT%2FXnGrY%2BnYIr0rYqZb2Ws3q%2FkrDkkMNYDWfASKId21M0m02b7sqTiq5Au94DldUlB%2Bln8BHjh1hrlg%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=0579e5f1944e2c9a8e4654ae6e1dac9e; domain=quest.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 8924b999-1e2f-874b-8853-205f89b35725
X-Runtime: 0.025137
X-Xss-Protection: 1; mode=block
Date: Sat, 10 Jan 2026 01:56:17 GMT
Content-Length: 98
Connection: close


<html><body>You are being <a href="https://quest.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 75.2.97.79:443 · quest.adboxapp.com

2026-01-03 00:09

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quest.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0h1ArlXqK6ErlNs6A0AHGuZ9v4eYBO9DlRV%2B5uoK8wM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767398957"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0h1ArlXqK6ErlNs6A0AHGuZ9v4eYBO9DlRV%2B5uoK8wM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767398957"
Server: Heroku
Set-Cookie: XSRF-TOKEN=JxagHlZoD2jaVsLgADy7oQZ7FMbMAGVOz%2Fc3P78RB%2F4AFZ%2BjuXdMnIDfiR6XHHF8OvBn%2BB360Uymm2Wlb7NbRw%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=4cfe9834c88ecc73d3995e8c15bd95dc; domain=quest.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 01addc09-3e07-4825-36ab-b8ade68e80f1
X-Runtime: 0.027849
X-Xss-Protection: 1; mode=block
Date: Sat, 03 Jan 2026 00:09:17 GMT
Content-Length: 98
Connection: close


<html><body>You are being <a href="https://quest.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-03 by HttpPlugin

Create report

Open service 75.2.97.79:443 · quest.adboxapp.com

2025-12-23 03:38

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quest.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=W%2B%2FPYyDPs%2BgcxptqC%2FbQgtH7bT2tBhHJZ1SjQHRoP3A%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766461086"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=W%2B%2FPYyDPs%2BgcxptqC%2FbQgtH7bT2tBhHJZ1SjQHRoP3A%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766461086"
Server: Heroku
Set-Cookie: XSRF-TOKEN=IPd1BhlkhqeyTFaaT2U5L6hLZjFSAZDWH9M6Mc6i6dacKN7HAHIxG6IuP84Hy4QP1MNyBU0SYZIdpSQo8lMcRA%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=316e253c4b66ad347ed97edc2e2554af; domain=quest.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 95d611d6-43c2-fc13-4766-2334a6a7e91c
X-Runtime: 0.033987
X-Xss-Protection: 1; mode=block
Date: Tue, 23 Dec 2025 03:38:06 GMT
Content-Length: 98
Connection: close


<html><body>You are being <a href="https://quest.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 75.2.97.79:443 · quest.adboxapp.com

2025-12-20 16:48

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quest.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=b%2BRx6uq1ogVEmBBUGQuTisPc257zWnp4W4wqdaiJkZE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766249312"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=b%2BRx6uq1ogVEmBBUGQuTisPc257zWnp4W4wqdaiJkZE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766249312"
Server: Heroku
Set-Cookie: XSRF-TOKEN=f3aUOIni5im6RqX5bIvjcP2MGAcU9QM9nz4xW%2Fr9lKjusrqvw%2FRg8z6CFRUIxvzPFu4SjzAjur6McpFifLy6Pw%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=01a574af55fa33e82dd6e123896655e6; domain=quest.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 5a923da7-b95a-f54e-7269-4755aafa8fe6
X-Runtime: 0.031196
X-Xss-Protection: 1; mode=block
Date: Sat, 20 Dec 2025 16:48:32 GMT
Content-Length: 98
Connection: close


<html><body>You are being <a href="https://quest.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-20 by HttpPlugin

Create report

quest.adboxapp.com

Fingerprint:

06827ef353d7f5b5a138014c4a7e6170a602b2a4a49a84f351238cb45b18c1ff

CN:

quest.adboxapp.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-13 02:55

Not after:

2026-02-11 02:55

Domain summary

quest.adboxapp.com 5

1 recorded

IP summary

75.2.97.79 2

1 recorded

Domain quest.adboxapp.com

United States

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

quest.adboxapp.com

Domain summary

IP summary