Domain cloud.lury.app
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-11 00:05
Last seen 2026-01-09 22:44
Open for 29 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec1fc9f56ab15506cc1364e9c49a20d07127b2fa6dPublic Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /actuator GET /actuator/beans GET /actuator/caches GET /actuator/caches/{cache} GET /actuator/conditions GET /actuator/configprops GET /actuator/env GET /actuator/env/{toMatch} GET /actuator/health GET /actuator/health/** GET /actuator/heapdump GET /actuator/info GET /actuator/loggers GET /actuator/loggers/{name} GET /actuator/mappings GET /actuator/metrics GET /actuator/metrics/{requiredMetricName} GET /actuator/scheduledtasks GET /actuator/threaddump GET /admin/merchant/analytics GET /admin/merchant/collections GET /admin/merchant/collections/search/{keyword} GET /admin/merchant/collections/status/{enabled} GET /admin/merchant/collections/{collection_id}/products GET /admin/merchant/offers/export/{period} GET /admin/merchant/offers/list GET /admin/merchant/offers/recent GET /admin/merchant/offers/search/{keyword} GET /admin/merchant/offers/status/{status} GET /admin/merchant/products GET /admin/merchant/products/blocked GET /admin/merchant/products/paginated GET /admin/merchant/products/search/{keyword} GET /admin/merchant/products/status/{enabled} GET /error GET /inititalload GET /load/periodic/shop GET /load/periodic/shop/all GET /loadmapping GET /offers/{shop_domain}/discount/status GET /offers/{shop_domain}/offer/cta GET /test/productdownload/{shop_domain} GET /token/decrypted POST /admin/merchant/collections/{collection_id}/price/{accept_percentage}/of/{price_type} POST /admin/merchant/collections/{collection_id}/status/{enabled} POST /admin/merchant/product/{sfy_product_id}/status/{blocked} POST /admin/merchant/product/{sfy_product_id}/variant/{sfy_variant_id}/price/{accept_price} POST /admin/merchant/product/{sfy_product_id}/variant/{sfy_variant_id}/status/{enabled} POST /offers/{shop_domain}/discount/{existing_discount_nyp_code}/renew POST /offers/{shop_domain}/offer/make_offer POST /offers/{shop_domain}/offer/{new_offer_id}/discount/{existing_discount_nyp_code}/update POST /offers/{shop_domain}/offer/{offer_id}/discount/createFound on 2026-01-09 22:44
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-11 00:05
Last seen 2026-01-09 06:08
Open for 29 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110a331ec1fc9f56ab15506cc1364e9c49a20d07127b2fa6dPublic Swagger UI/API detected at path: /v2/api-docs - sample paths: GET /actuator GET /actuator/beans GET /actuator/caches GET /actuator/caches/{cache} GET /actuator/conditions GET /actuator/configprops GET /actuator/env GET /actuator/env/{toMatch} GET /actuator/health GET /actuator/health/** GET /actuator/heapdump GET /actuator/info GET /actuator/loggers GET /actuator/loggers/{name} GET /actuator/mappings GET /actuator/metrics GET /actuator/metrics/{requiredMetricName} GET /actuator/scheduledtasks GET /actuator/threaddump GET /admin/merchant/analytics GET /admin/merchant/collections GET /admin/merchant/collections/search/{keyword} GET /admin/merchant/collections/status/{enabled} GET /admin/merchant/collections/{collection_id}/products GET /admin/merchant/offers/export/{period} GET /admin/merchant/offers/list GET /admin/merchant/offers/recent GET /admin/merchant/offers/search/{keyword} GET /admin/merchant/offers/status/{status} GET /admin/merchant/products GET /admin/merchant/products/blocked GET /admin/merchant/products/paginated GET /admin/merchant/products/search/{keyword} GET /admin/merchant/products/status/{enabled} GET /error GET /inititalload GET /load/periodic/shop GET /load/periodic/shop/all GET /loadmapping GET /offers/{shop_domain}/discount/status GET /offers/{shop_domain}/offer/cta GET /test/productdownload/{shop_domain} GET /token/decrypted POST /admin/merchant/collections/{collection_id}/price/{accept_percentage}/of/{price_type} POST /admin/merchant/collections/{collection_id}/status/{enabled} POST /admin/merchant/product/{sfy_product_id}/status/{blocked} POST /admin/merchant/product/{sfy_product_id}/variant/{sfy_variant_id}/price/{accept_price} POST /admin/merchant/product/{sfy_product_id}/variant/{sfy_variant_id}/status/{enabled} POST /offers/{shop_domain}/discount/{existing_discount_nyp_code}/renew POST /offers/{shop_domain}/offer/make_offer POST /offers/{shop_domain}/offer/{new_offer_id}/discount/{existing_discount_nyp_code}/update POST /offers/{shop_domain}/offer/{offer_id}/discount/createFound on 2026-01-09 06:08
-
-
Open service 15.197.149.68:80 · cloud.lury.app
2026-01-09 22:44
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 09 Jan 2026 22:45:28 GMT Expires: 0 Location: http://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=cpUsfFerlMlJpMqCNNXvKr0iQL39RwRJr2RHe%2Fn4AAA%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767998728"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=cpUsfFerlMlJpMqCNNXvKr0iQL39RwRJr2RHe%2Fn4AAA%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767998728" Server: Heroku Set-Cookie: XSRF-TOKEN=5e0306b1-9e56-4a83-a9ff-90439dd836c3; Path=/ Set-Cookie: JSESSIONID=D318A4CA2892BA38127B33A436C00599; Path=/; HttpOnly Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2026-01-09 06:08
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 09 Jan 2026 06:08:55 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Utl6BKa5r3u6JPR5OKbaEqlHdqovYtUtY5hUHeAqe8U%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767938935"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Utl6BKa5r3u6JPR5OKbaEqlHdqovYtUtY5hUHeAqe8U%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767938935" Server: Heroku Set-Cookie: XSRF-TOKEN=c13c47a4-cf04-4dbb-81d1-68a90d7543af; Path=/; Secure Set-Cookie: JSESSIONID=A2C6FFE8E84B363D1809A565DE46FD8A; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-09 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · cloud.lury.app
2026-01-02 15:30
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 02 Jan 2026 15:30:29 GMT Expires: 0 Location: http://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=mco22El9%2BmICnunmqNIFowdRCyH43KyWd8BWuY5XnYE%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767367829"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=mco22El9%2BmICnunmqNIFowdRCyH43KyWd8BWuY5XnYE%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767367829" Server: Heroku Set-Cookie: XSRF-TOKEN=9fefc471-ffc5-42e7-9ead-7eba1a3e8246; Path=/ Set-Cookie: JSESSIONID=CB9CE032AA8A52918E5260201F0517B4; Path=/; HttpOnly Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2026-01-02 06:50
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 02 Jan 2026 06:50:33 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wYvO3cnWK27oX%2B7vW%2BdJ2Jt%2BHK7h2qRZBC4dnYpjGWg%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767336633"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wYvO3cnWK27oX%2B7vW%2BdJ2Jt%2BHK7h2qRZBC4dnYpjGWg%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767336633" Server: Heroku Set-Cookie: XSRF-TOKEN=395cb7e6-e55e-478b-b427-c5e9f5524c5e; Path=/; Secure Set-Cookie: JSESSIONID=A450BC3B52999358F84B78617CB48684; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2026-01-02 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2025-12-30 10:11
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 30 Dec 2025 10:11:52 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=SDrTgJGcdweB5VHqrvm9DlHX%2BGso%2BMjhybJlc0XA7ZQ%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1767089513"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=SDrTgJGcdweB5VHqrvm9DlHX%2BGso%2BMjhybJlc0XA7ZQ%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1767089513" Server: Heroku Set-Cookie: XSRF-TOKEN=2fc072e7-9556-49a5-9edd-b31014b08b24; Path=/; Secure Set-Cookie: JSESSIONID=ADC8CC552DAAAC7AA5BC433CC2121A7D; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-30 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · cloud.lury.app
2025-12-22 23:44
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Mon, 22 Dec 2025 23:44:47 GMT Expires: 0 Location: http://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=KBCMLlbnj2PmJ2PA5MmcZIBV8Qi47arbqymNppD2%2B8M%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766447087"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=KBCMLlbnj2PmJ2PA5MmcZIBV8Qi47arbqymNppD2%2B8M%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766447087" Server: Heroku Set-Cookie: XSRF-TOKEN=21c63c25-8f15-4ad3-b67d-f2952d2f0b9d; Path=/ Set-Cookie: JSESSIONID=D88ED9D4005298764919FC878FD4F130; Path=/; HttpOnly Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2025-12-22 23:21
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Mon, 22 Dec 2025 23:21:40 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BgI5lBXMyoj9ZUN8Qt2o4ckfAomFCNB9404owa3Iq7U%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766445701"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BgI5lBXMyoj9ZUN8Qt2o4ckfAomFCNB9404owa3Iq7U%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766445701" Server: Heroku Set-Cookie: XSRF-TOKEN=047a86f2-6889-46d6-96a9-5d836b0050f0; Path=/; Secure Set-Cookie: JSESSIONID=0DDE53FC5A40C97BD423DAF9AABB2B1A; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2025-12-21 07:49
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Sun, 21 Dec 2025 07:49:02 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ticQCHbkr396g1zySYLSqzfUd2VdytUAvxVATqRxjjw%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766303342"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ticQCHbkr396g1zySYLSqzfUd2VdytUAvxVATqRxjjw%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766303342" Server: Heroku Set-Cookie: XSRF-TOKEN=94f5eee8-d3a8-4148-8120-f89dc13ae9b8; Path=/; Secure Set-Cookie: JSESSIONID=76A8905876AC60B73CED0718DE88EA38; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · cloud.lury.app
2025-12-21 07:31
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Sun, 21 Dec 2025 07:31:54 GMT Expires: 0 Location: http://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Uw1aSKLgrkcANa4MUWFCh40d6AFUAIrKdhhzldA%2FD8A%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766302315"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Uw1aSKLgrkcANa4MUWFCh40d6AFUAIrKdhhzldA%2FD8A%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766302315" Server: Heroku Set-Cookie: XSRF-TOKEN=512f273e-e269-4ffa-b501-887239e3fb2a; Path=/ Set-Cookie: JSESSIONID=3907BBAD69979BF4BCDF67AA19FC04F3; Path=/; HttpOnly Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-21 by HttpPluginCreate report
-
Open service 15.197.149.68:80 · cloud.lury.app
2025-12-19 10:04
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 19 Dec 2025 10:04:56 GMT Expires: 0 Location: http://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xuUY7lmhn7sNPpr%2Fa8e1djICbs4ILjSSKnOs8CyziYU%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766138697"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xuUY7lmhn7sNPpr%2Fa8e1djICbs4ILjSSKnOs8CyziYU%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766138697" Server: Heroku Set-Cookie: XSRF-TOKEN=702be064-1e6c-4d01-b584-8af53799c9d8; Path=/ Set-Cookie: JSESSIONID=C755EC3AAB96CBE655F7402700E9C3D6; Path=/; HttpOnly Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-19 by HttpPluginCreate report
-
Open service 13.248.213.92:443 · cloud.lury.app
2025-12-19 09:53
HTTP/1.1 302 Found Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Fri, 19 Dec 2025 09:53:36 GMT Expires: 0 Location: https://cloud.lury.app/init Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GOCEnsq3R5fC%2B85WjewBdqc5ifKfbF%2FJDgc%2Bsk4RSTQ%3D\u0026sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6\u0026ts=1766138017"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GOCEnsq3R5fC%2B85WjewBdqc5ifKfbF%2FJDgc%2Bsk4RSTQ%3D&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&ts=1766138017" Server: Heroku Set-Cookie: XSRF-TOKEN=902aee60-7ce0-44e4-abb6-b88bf38f1144; Path=/; Secure Set-Cookie: JSESSIONID=4B10AEACED8A8A06BA56CE19E1F93BA9; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Connection: closeFound 2025-12-19 by HttpPluginCreate report