Domain app.dev.queful.com
United States
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
First seen 2025-11-20 00:01
Last seen 2026-01-02 19:10
Open for 43 days-
Severity: medium
Fingerprint: c2db3a1c40d490db2337d3d6cde7f71eecfc060e49ff74e3e6c18e6a9c435df6GraphQL introspection enabled at /api/graphql Types: 78 (by kind: ENUM: 2, INPUT_OBJECT: 1, OBJECT: 64, SCALAR: 10, UNION: 1) Operations: - Query: Query | fields: campConfig, currentUser, flash, status - Mutation: Mutation | fields: resetPassword, sendAccountEmail, signup Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
Found on 2026-01-02 19:10187.4 kBytes
-
-
Open service 35.71.131.46:443 · app.dev.queful.com
2026-01-09 14:01
HTTP/1.1 200 OK Content-Length: 1455 Content-Type: text/html Last-Modified: Sun, 10 Aug 2025 20:57:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aoHVrUW0UPX4CCwtVa0T1fI8ZqH0R0fT5FJbRfTbPPA%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1767967289"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aoHVrUW0UPX4CCwtVa0T1fI8ZqH0R0fT5FJbRfTbPPA%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1767967289" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin Via: 1.1 heroku-router Date: Fri, 09 Jan 2026 14:01:29 GMT Connection: close Page title: Queful <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- manifest.json provides metadata used when your web app is added to the homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#005d99"> <meta name="msapplication-TileColor" content="#cccccc"> <meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500"> <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"> <link rel="manifest" href="/manifest.json"> <link rel="shortcut icon" href="/favicon.ico"> <title>Queful</title> <script type="module" crossorigin src="/assets/index-nHmLKyK6.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-Bdw8eBc2.css"> </head> <body> <noscript> You need to enable JavaScript to run this app. </noscript> <div id="root"></div> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 35.71.131.46:443 · app.dev.queful.com
2026-01-02 19:10
HTTP/1.1 200 OK Content-Length: 1455 Content-Type: text/html Last-Modified: Sun, 10 Aug 2025 20:57:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PreyMBCV%2BGRpbn7ci5H5QQGfeWv2XERskdbiy9ww%2FFk%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1767381035"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PreyMBCV%2BGRpbn7ci5H5QQGfeWv2XERskdbiy9ww%2FFk%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1767381035" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin Via: 1.1 heroku-router Date: Fri, 02 Jan 2026 19:10:35 GMT Connection: close Page title: Queful <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- manifest.json provides metadata used when your web app is added to the homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#005d99"> <meta name="msapplication-TileColor" content="#cccccc"> <meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500"> <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"> <link rel="manifest" href="/manifest.json"> <link rel="shortcut icon" href="/favicon.ico"> <title>Queful</title> <script type="module" crossorigin src="/assets/index-nHmLKyK6.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-Bdw8eBc2.css"> </head> <body> <noscript> You need to enable JavaScript to run this app. </noscript> <div id="root"></div> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 35.71.131.46:443 · app.dev.queful.com
2025-12-23 05:13
HTTP/1.1 200 OK Content-Length: 1455 Content-Type: text/html Last-Modified: Sun, 10 Aug 2025 20:57:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gwe4oYoMLCb4U66BbnYY%2Fzn7uBWLHk5ixsTix1IF3XY%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1766466806"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gwe4oYoMLCb4U66BbnYY%2Fzn7uBWLHk5ixsTix1IF3XY%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1766466806" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin Via: 1.1 heroku-router Date: Tue, 23 Dec 2025 05:13:26 GMT Connection: close Page title: Queful <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- manifest.json provides metadata used when your web app is added to the homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#005d99"> <meta name="msapplication-TileColor" content="#cccccc"> <meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500"> <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"> <link rel="manifest" href="/manifest.json"> <link rel="shortcut icon" href="/favicon.ico"> <title>Queful</title> <script type="module" crossorigin src="/assets/index-nHmLKyK6.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-Bdw8eBc2.css"> </head> <body> <noscript> You need to enable JavaScript to run this app. </noscript> <div id="root"></div> </body> </html>Found 2025-12-23 by HttpPluginCreate report
-
Open service 35.71.131.46:443 · app.dev.queful.com
2025-12-21 01:46
HTTP/1.1 200 OK Content-Length: 1455 Content-Type: text/html Last-Modified: Sun, 10 Aug 2025 20:57:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=D6HusaZ74A8IVs4HbymnGsS3xIFwNW038GTPdbZvwH8%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1766281615"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=D6HusaZ74A8IVs4HbymnGsS3xIFwNW038GTPdbZvwH8%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1766281615" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin Via: 1.1 heroku-router Date: Sun, 21 Dec 2025 01:46:55 GMT Connection: close Page title: Queful <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- manifest.json provides metadata used when your web app is added to the homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#005d99"> <meta name="msapplication-TileColor" content="#cccccc"> <meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500"> <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"> <link rel="manifest" href="/manifest.json"> <link rel="shortcut icon" href="/favicon.ico"> <title>Queful</title> <script type="module" crossorigin src="/assets/index-nHmLKyK6.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-Bdw8eBc2.css"> </head> <body> <noscript> You need to enable JavaScript to run this app. </noscript> <div id="root"></div> </body> </html>Found 2025-12-21 by HttpPluginCreate report
-
Open service 35.71.131.46:443 · app.dev.queful.com
2025-12-19 05:03
HTTP/1.1 200 OK Content-Length: 1455 Content-Type: text/html Last-Modified: Sun, 10 Aug 2025 20:57:51 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=nDOey2t%2BOZvXcOor%2BgOF%2BO6%2Fq%2F%2BweCoq5BcL0cGRhAA%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1766120632"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=nDOey2t%2BOZvXcOor%2BgOF%2BO6%2Fq%2F%2BweCoq5BcL0cGRhAA%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1766120632" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Vary: Origin Via: 1.1 heroku-router Date: Fri, 19 Dec 2025 05:03:52 GMT Connection: close Page title: Queful <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- manifest.json provides metadata used when your web app is added to the homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#005d99"> <meta name="msapplication-TileColor" content="#cccccc"> <meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500"> <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"> <link rel="manifest" href="/manifest.json"> <link rel="shortcut icon" href="/favicon.ico"> <title>Queful</title> <script type="module" crossorigin src="/assets/index-nHmLKyK6.js"></script> <link rel="stylesheet" crossorigin href="/assets/index-Bdw8eBc2.css"> </head> <body> <noscript> You need to enable JavaScript to run this app. </noscript> <div id="root"></div> </body> </html>Found 2025-12-19 by HttpPluginCreate report