Domain xtm.adboxapp.com
United States
AMAZON-02
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-14 01:32
Last seen 2026-01-14 00:37
Open for 60 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa365aed762ca93e532870dcdc37c5253f0e4a9a968GraphQL introspection enabled at /graphql Types: 61 (by kind: ENUM: 9, INPUT_OBJECT: 9, INTERFACE: 1, OBJECT: 35, SCALAR: 7) Operations: - Query: Query | fields: accessGroups, adRequest, adRequests, asset, assignTypes - Mutation: Mutation | fields: archiveJob, assignJob, assignType, createMustacheAsset, deleteCampaign Directives: deprecated, include, skip (total: 3)
Found on 2026-01-14 00:3793.7 kBytes
-
-
Open service 99.83.151.71:443 · xtm.adboxapp.com
2026-01-09 23:50
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://xtm.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=HlgbSh5aZnqhX4YBNkr%2Fls8DiyksMdsCv6AVlqW9ozQ%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768002657"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=HlgbSh5aZnqhX4YBNkr%2Fls8DiyksMdsCv6AVlqW9ozQ%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768002657" Server: Heroku Set-Cookie: XSRF-TOKEN=mSSVij38VQgy6QAMyVsQpP3x4e5TSjeQ%2BDF9o4KBzQI%2BOXiO3Wc6albHpPd%2BeDiyUoqGN3mtZ8pYcgBX05RlGA%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=c18ce19b0e4730d8f969ef6cd9764fa0; domain=xtm.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 457a2d31-cc16-efed-56b9-699d38bb8468 X-Runtime: 0.030466 X-Xss-Protection: 1; mode=block Date: Fri, 09 Jan 2026 23:50:57 GMT Content-Length: 96 Connection: close <html><body>You are being <a href="https://xtm.adboxapp.com/login">redirected</a>.</body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · xtm.adboxapp.com
2026-01-02 21:31
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://xtm.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PNADlCkeDrQ8839iGNd7u9ngtYfAqmL3vi8iqsz%2FDvc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767389486"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PNADlCkeDrQ8839iGNd7u9ngtYfAqmL3vi8iqsz%2FDvc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767389486" Server: Heroku Set-Cookie: XSRF-TOKEN=svemR6IJqeuqQTRsqrlBwWBBsyLEI7eBk%2FhN8Egxhdop%2BvL1aKLrWBCxSbXtN6p%2F41vqe8pomFFT7KmWSweNMw%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=63a1937bb7a9441e8de0fd943c32170d; domain=xtm.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: dc7fce43-fb5a-d0eb-0202-0b8ecb1a67c5 X-Runtime: 0.061604 X-Xss-Protection: 1; mode=block Date: Fri, 02 Jan 2026 21:31:26 GMT Content-Length: 96 Connection: close <html><body>You are being <a href="https://xtm.adboxapp.com/login">redirected</a>.</body></html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · xtm.adboxapp.com
2025-12-23 01:49
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://xtm.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wlrp6T2l0SSw88hUQGIIn3PGGbuojnjUn5Kvsbrd234%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766454563"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wlrp6T2l0SSw88hUQGIIn3PGGbuojnjUn5Kvsbrd234%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766454563" Server: Heroku Set-Cookie: XSRF-TOKEN=J%2FKc3ngYqkIQNvoW1uGFcEhWg9as0vXWT3LA5lPVvEFNenHOWCY4iBdGq6SQGLrj1GJC0gXBdqa5MH2cEVuY1A%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=336dfda7f4d32551f566dbf5a8511f1f; domain=xtm.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 7da32f39-a962-53ef-ef51-503af869b95c X-Runtime: 0.033219 X-Xss-Protection: 1; mode=block Date: Tue, 23 Dec 2025 01:49:23 GMT Content-Length: 96 Connection: close <html><body>You are being <a href="https://xtm.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-23 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · xtm.adboxapp.com
2025-12-20 10:42
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://xtm.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xKqL0zugj3uBzunKgeraZG8XLxX3BWc%2BGaw7wVc%2BX0o%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766227329"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xKqL0zugj3uBzunKgeraZG8XLxX3BWc%2BGaw7wVc%2BX0o%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766227329" Server: Heroku Set-Cookie: XSRF-TOKEN=5%2FvZCJzlvqxpCVtgKoP2o1prSd8H0HkrDredbC6T0hLDBEbXIxIHHzaG2Etj4Q8Kjy4DOG1hRJXWE676WnCJlQ%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=fc3fe55e3e17dc22d37c9e051c7d1ed5; domain=xtm.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: ec579789-6e5b-5183-48c9-e87008ca415a X-Runtime: 0.029605 X-Xss-Protection: 1; mode=block Date: Sat, 20 Dec 2025 10:42:09 GMT Content-Length: 96 Connection: close <html><body>You are being <a href="https://xtm.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 99.83.151.71:443 · xtm.adboxapp.com
2025-12-19 10:41
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Security-Policy-Report-Only: default-src 'self'; connect-src 'self' *.amazonaws.com *.pusher.com *.intercom.io *.intercom.com *.sentry.io sentry.io wss://*.pusherapp.com wss://*.pusher.com wss://*.intercom.io *.launchdarkly.com wss://myworkflows-backend-uat.herokuapp.com myworkflows-backend-uat.herokuapp.com myreports-backend-uat.herokuapp.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com rsms.me; frame-ancestors 'none'; frame-src 'self' *.amazonaws.com; img-src 'self' data: blob: *.amazonaws.com *.imagekit.io *.intercomcdn.com static.intercomassets.com *.cloudinary.com; manifest-src 'self'; media-src 'self' *.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.polyfill.io cdnjs.cloudflare.com *.pusher.com *.intercom.io *.intercom.com *.intercomcdn.com *.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com rsms.me; upgrade-insecure-requests; worker-src 'self' blob: unpkg.com Content-Type: text/html; charset=utf-8 Location: https://xtm.adboxapp.com/login Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3pCZYkimA54J1oEzucovGIy5t%2BGG6H7WYxFbLiGr4M4%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766140871"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3pCZYkimA54J1oEzucovGIy5t%2BGG6H7WYxFbLiGr4M4%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766140871" Server: Heroku Set-Cookie: XSRF-TOKEN=4QkSqhDJx%2BnIM%2BGLy3%2FKrX%2FSQ%2BYG%2FLVelJmIQLzUUogxOoXqBINGZA6UMmOv6JtvTVlNVZhptGzMsVFNR0SNMQ%3D%3D; path=/; secure; SameSite=Lax Set-Cookie: myadbox-session=ae975850a39ee8139b8362490f9b095f; domain=xtm.adboxapp.com; path=/; secure; HttpOnly; SameSite=Lax Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding, Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: sameorigin X-Permitted-Cross-Domain-Policies: none X-Request-Id: 9693e9f3-7b81-177b-efb7-ce5a656e804e X-Runtime: 0.028792 X-Xss-Protection: 1; mode=block Date: Fri, 19 Dec 2025 10:41:11 GMT Content-Length: 96 Connection: close <html><body>You are being <a href="https://xtm.adboxapp.com/login">redirected</a>.</body></html>Found 2025-12-19 by HttpPluginCreate report
xtm.adboxapp.com
CN:
xtm.adboxapp.com
Not before:
2025-11-14 00:34
Not after:
2026-02-12 00:34