LeakIX - Host quicksilver.adboxapp.com

Domain quicksilver.adboxapp.com

United States

AMAZON-02

Software information

Heroku

tcp/443

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 35.71.145.101
Domain: quicksilver.adboxapp.com
Port: 443
URL: https://quicksilver.adboxapp.com

First seen 2025-11-13 04:13
Last seen 2026-01-02 15:57
Open for 50 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968
```
GraphQL introspection enabled at /graphql
Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7)
Operations:
- Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes
- Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign
Directives: deprecated, include, skip (total: 3)
```
  Found on 2026-01-02 15:57
  
  93.7 kBytes
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2025-11-13 04:13
Create report

Open service 35.71.145.101:443 · quicksilver.adboxapp.com

2026-01-09 17:43

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quicksilver.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=enTvkEN4RAm3lm2pQBiMcvFRVAzBbPFjySadiErtedA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767980617"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=enTvkEN4RAm3lm2pQBiMcvFRVAzBbPFjySadiErtedA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767980617"
Server: Heroku
Set-Cookie: XSRF-TOKEN=u%2B3F3Zh7MXUQVckVXt%2BvwpDZH%2F7DJZK%2FaKv7%2BobpAL3dgENq9zvJgdkOPi3dfgMpI6ocYMA5AZF%2BmmRyuDy1LA%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=dfb43330ad2ce0829f9a4b1f45246209; domain=quicksilver.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: d677ef26-0b10-fc10-d25f-6fea64ebee0d
X-Runtime: 0.031184
X-Xss-Protection: 1; mode=block
Date: Fri, 09 Jan 2026 17:43:37 GMT
Content-Length: 104
Connection: close


<html><body>You are being <a href="https://quicksilver.adboxapp.com/login">redirected</a>.</body></html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 35.71.145.101:443 · quicksilver.adboxapp.com

2025-12-22 22:18

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quicksilver.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vfR%2FyhgemmoC6m30XJnh3xjeyDwomTW0MuvzbcvHk4E%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766441915"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vfR%2FyhgemmoC6m30XJnh3xjeyDwomTW0MuvzbcvHk4E%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766441915"
Server: Heroku
Set-Cookie: XSRF-TOKEN=aEN5cHZPAMFdevUFStgB05tNpyc3JkiL3%2BLyK9isT%2FCE3Hw9WmsgmzqGcqQ40GkLe9LUhgFZk28R0wdPr13tUg%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=c808a723f4b6f49bec233dff5eb9b7b5; domain=quicksilver.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 63a25974-58f6-b2db-9e83-151506357348
X-Runtime: 0.029701
X-Xss-Protection: 1; mode=block
Date: Mon, 22 Dec 2025 22:18:35 GMT
Content-Length: 104
Connection: close


<html><body>You are being <a href="https://quicksilver.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 35.71.145.101:443 · quicksilver.adboxapp.com

2025-12-21 09:16

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quicksilver.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=yrBL6PMb8b21KWHBSHfnVf%2FE4q0tQjIu6RmL6TcCelU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766308611"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=yrBL6PMb8b21KWHBSHfnVf%2FE4q0tQjIu6RmL6TcCelU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766308611"
Server: Heroku
Set-Cookie: XSRF-TOKEN=vo66%2FYZgBQCTjDNY%2BWfHoEsSGaeJxaWjThioKgXGTdbrpwICIqru6wTVGgZRmxB7Sc3Fb2IyCIVWWXuYkslWDg%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=bade0c3659fb036112b3c872edf1b53d; domain=quicksilver.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: bb89dbf7-bd23-4c3d-82db-19d2fb5dec82
X-Runtime: 0.025931
X-Xss-Protection: 1; mode=block
Date: Sun, 21 Dec 2025 09:16:51 GMT
Content-Length: 104
Connection: close


<html><body>You are being <a href="https://quicksilver.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-21 by HttpPlugin

Create report

Open service 35.71.145.101:443 · quicksilver.adboxapp.com

2025-12-19 11:08

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com
Content-Type: text/html; charset=utf-8
Location: https://quicksilver.adboxapp.com/login
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jENgaE05TGGI6%2BFSPDTsTuh2O4pEx4W5JkkSpWReH5c%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766142494"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=jENgaE05TGGI6%2BFSPDTsTuh2O4pEx4W5JkkSpWReH5c%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766142494"
Server: Heroku
Set-Cookie: XSRF-TOKEN=Ie5zGwOGqt9X91bn%2F5pF%2FRpdpgUf4Zz7%2BW4Oq3%2F6wBQG8VbsUI5ccZ3GAhsAqc3z2z6aW33DerQRE%2F8WT7fdYQ%3D%3D; path=/; secure; SameSite=Lax
Set-Cookie: myadbox-session=7520038e43339e7565b0eb4ad0fce492; domain=quicksilver.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=604800
Vary: Accept-Encoding, Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: sameorigin
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: d9db5bfa-4865-6837-0a7f-2723f3874ded
X-Runtime: 0.031132
X-Xss-Protection: 1; mode=block
Date: Fri, 19 Dec 2025 11:08:14 GMT
Content-Length: 104
Connection: close


<html><body>You are being <a href="https://quicksilver.adboxapp.com/login">redirected</a>.</body></html>

Found 2025-12-19 by HttpPlugin

Create report

quicksilver.adboxapp.com

Fingerprint:

4ae86a7f7773b31306a37078973c9b7d3ad5637768ed9ce5e15259ebea7bd458

CN:

quicksilver.adboxapp.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-13 03:15

Not after:

2026-02-11 03:15

Domain summary

quicksilver.adboxapp.com 5

1 recorded

IP summary

35.71.145.101 2 99.83.151.71 1

2 recorded

Domain quicksilver.adboxapp.com

United States

Software information

GraphQL introspection is enabled.

Create report

Create report

Create report

Create report

quicksilver.adboxapp.com

Domain summary

IP summary