Domain core-tmp.payoutpartner.com
United States
Software information
Heroku
tcp/443
-
GraphQL introspection is enabled.
GraphQL introspection is enabled.
This could leak to data leak if not properly configured.
IP: 76.223.11.49
Domain: core-tmp.payoutpartner.com
Port: 443
URL: https://core-tmp.payoutpartner.comFirst seen 2025-12-01 00:49
Last seen 2026-01-01 23:57
Open for 31 days-
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa3943ac6615745c8a34b683b799a3b83ad27731945GraphQL introspection enabled at /graphql Types: 475 (by kind: ENUM: 52, INPUT_OBJECT: 190, INTERFACE: 3, OBJECT: 224, SCALAR: 6) Operations: - Query: Query | fields: checkSlug, clients, companies, company, crcPurposes - Mutation: Mutation | fields: addAccountMember, approveEnrollment, approveJobApplication, archiveClient, archiveDocuments Directives: deprecated, include, oneOf, skip (total: 4)
Found on 2026-01-01 23:57535.7 kBytes -
Severity: medium
Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3GraphQL introspection enabled at /graphql
Found on 2025-12-01 00:49
-
-
Open service 76.223.11.49:443 · core-tmp.payoutpartner.com
2026-01-09 00:46
HTTP/1.1 302 Found Cache-Control: no-store Content-Type: text/html; charset=utf-8 Location: https://core-tmp.payoutpartner.com/partner/session/new Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5OfM9PhQpZmbwswmwDURiZolsOwgXOlU1L8croG5fMc%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767919581"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5OfM9PhQpZmbwswmwDURiZolsOwgXOlU1L8croG5fMc%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767919581" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 74557a68-e121-4a1f-a696-05b6d9941041 X-Runtime: 0.005525 X-Xss-Protection: 0 Date: Fri, 09 Jan 2026 00:46:21 GMT Content-Length: 120 Connection: close <html><body>You are being <a href="https://core-tmp.payoutpartner.com/partner/session/new">redirected</a>.</body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · core-tmp.payoutpartner.com
2026-01-01 23:57
HTTP/1.1 302 Found Cache-Control: no-store Content-Type: text/html; charset=utf-8 Location: https://core-tmp.payoutpartner.com/partner/session/new Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Ns4KZtZe9maW%2Bgr6pxX%2BfqW5G6tVv5O1hTgTpYY5h4U%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767311871"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Ns4KZtZe9maW%2Bgr6pxX%2BfqW5G6tVv5O1hTgTpYY5h4U%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767311871" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 82978178-75d6-4a81-b636-1ea4b107219d X-Runtime: 0.005137 X-Xss-Protection: 0 Date: Thu, 01 Jan 2026 23:57:51 GMT Content-Length: 120 Connection: close <html><body>You are being <a href="https://core-tmp.payoutpartner.com/partner/session/new">redirected</a>.</body></html>Found 2026-01-01 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · core-tmp.payoutpartner.com
2025-12-30 10:12
HTTP/1.1 302 Found Cache-Control: no-store Content-Type: text/html; charset=utf-8 Location: https://core-tmp.payoutpartner.com/partner/session/new Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=2zjyz6cwhrJcDogVjnhcUTvWIPm%2ByWnWU1NC35ra%2F5Q%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767089543"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=2zjyz6cwhrJcDogVjnhcUTvWIPm%2ByWnWU1NC35ra%2F5Q%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767089543" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 310c7cf6-754e-45fc-82f8-ba8a7e651229 X-Runtime: 0.004116 X-Xss-Protection: 0 Date: Tue, 30 Dec 2025 10:12:23 GMT Content-Length: 120 Connection: close <html><body>You are being <a href="https://core-tmp.payoutpartner.com/partner/session/new">redirected</a>.</body></html>Found 2025-12-30 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · core-tmp.payoutpartner.com
2025-12-22 07:31
HTTP/1.1 302 Found Cache-Control: no-store Content-Type: text/html; charset=utf-8 Location: https://core-tmp.payoutpartner.com/partner/session/new Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=IZ2Z%2FQkypdrWLcj2%2Bj%2BxMeCa97HxTQw1m%2FZczFJSPkw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766388672"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=IZ2Z%2FQkypdrWLcj2%2Bj%2BxMeCa97HxTQw1m%2FZczFJSPkw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766388672" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 8b8d61f9-e300-4dfd-9770-0412b30fe74a X-Runtime: 0.005162 X-Xss-Protection: 0 Date: Mon, 22 Dec 2025 07:31:12 GMT Content-Length: 120 Connection: close <html><body>You are being <a href="https://core-tmp.payoutpartner.com/partner/session/new">redirected</a>.</body></html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 76.223.11.49:443 · core-tmp.payoutpartner.com
2025-12-20 08:22
HTTP/1.1 302 Found Cache-Control: no-store Content-Type: text/html; charset=utf-8 Location: https://core-tmp.payoutpartner.com/partner/session/new Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=rHDukqT0P2PKS7Grgy92e%2FAhJ4Dlmdk4%2BqyIx%2FkpcY8%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766218956"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=rHDukqT0P2PKS7Grgy92e%2FAhJ4Dlmdk4%2BqyIx%2FkpcY8%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766218956" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: f62d6cd6-302b-4d5c-9906-639153cf3187 X-Runtime: 0.004426 X-Xss-Protection: 0 Date: Sat, 20 Dec 2025 08:22:36 GMT Content-Length: 120 Connection: close <html><body>You are being <a href="https://core-tmp.payoutpartner.com/partner/session/new">redirected</a>.</body></html>Found 2025-12-20 by HttpPluginCreate report