Domain staging-api.motion.org.uk
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-23 02:11
Last seen 2026-01-09 10:56
Open for 47 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-09 10:56
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 15.197.253.240
Domain: staging-api.motion.org.uk
Port: 443
URL: https://staging-api.motion.org.ukFirst seen 2025-11-23 02:11
Last seen 2026-01-09 07:48
Open for 47 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2026-01-09 07:48
-
-
Open service 99.83.185.157:80 · staging-api.motion.org.uk
2026-01-09 10:56
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 10:57:50 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=R8kRSIopEvTifw263h7ynzPov7MDPb01Zn%2Bm5QzLvqU%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767956270"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=R8kRSIopEvTifw263h7ynzPov7MDPb01Zn%2Bm5QzLvqU%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767956270" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 15.197.253.240:443 · staging-api.motion.org.uk
2026-01-09 07:48
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 07:48:11 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GxrcWVgaLaBA7Pq0wnXCuR6uYLTFUfPCXLHs4iwCxiE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767944891"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GxrcWVgaLaBA7Pq0wnXCuR6uYLTFUfPCXLHs4iwCxiE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767944891" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 15.197.253.240:443 · staging-api.motion.org.uk
2026-01-02 13:32
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 13:32:31 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=URYTCt5L7UPad3oSyOWdNzaPeB2tfD9lvyvmgNzW1gQ%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767360751"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=URYTCt5L7UPad3oSyOWdNzaPeB2tfD9lvyvmgNzW1gQ%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767360751" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 99.83.185.157:80 · staging-api.motion.org.uk
2026-01-02 04:07
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 02 Jan 2026 04:07:08 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=evYwt5XL%2BUhhdVGP92yObvNoH%2F%2FdTlsWxIJGwycgLTI%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1767326828"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=evYwt5XL%2BUhhdVGP92yObvNoH%2F%2FdTlsWxIJGwycgLTI%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1767326828" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 15.197.253.240:443 · staging-api.motion.org.uk
2025-12-22 21:01
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 21:01:30 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=0p4Ynaa51qCkQmBv54iq1qB%2FKPGF9J4DquoMl5ireh8%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766437290"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=0p4Ynaa51qCkQmBv54iq1qB%2FKPGF9J4DquoMl5ireh8%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766437290" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 99.83.185.157:80 · staging-api.motion.org.uk
2025-12-22 14:49
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 14:49:11 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=P3JDqjAx00HB7ZuhwchCOqdkFjfEdEJ2ZDZGZ0NzYlM%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766414951"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=P3JDqjAx00HB7ZuhwchCOqdkFjfEdEJ2ZDZGZ0NzYlM%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766414951" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 15.197.253.240:443 · staging-api.motion.org.uk
2025-12-20 23:24
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 23:24:20 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kDL8bA%2FBxaLQwRJooNQxy7wghslJ6k4G6c%2B65znlxLg%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766273060"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kDL8bA%2FBxaLQwRJooNQxy7wghslJ6k4G6c%2B65znlxLg%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766273060" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 99.83.185.157:80 · staging-api.motion.org.uk
2025-12-20 12:57
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 12:57:37 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=85zM47CWo8GRJtwQp8YQMr5kx7F10EgnC%2FUHmJZjXvE%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766235457"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=85zM47CWo8GRJtwQp8YQMr5kx7F10EgnC%2FUHmJZjXvE%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766235457" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2025-12-20 by HttpPluginCreate report
-
Open service 15.197.253.240:443 · staging-api.motion.org.uk
2025-12-19 01:11
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Content-Length: 139 Content-Security-Policy: default-src 'none' Content-Type: text/html; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 19 Dec 2025 01:11:33 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=fZ%2F4lBz1F0R29cELvdQ7cjzdi%2F1Cvgt3xeb9teTX0ss%3D\u0026sid=812dcc77-0bd0-43b1-a5f1-b25750382959\u0026ts=1766106693"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=fZ%2F4lBz1F0R29cELvdQ7cjzdi%2F1Cvgt3xeb9teTX0ss%3D&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&ts=1766106693" Server: Heroku Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Vary: Origin Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: DENY X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot GET /</pre> </body> </html>Found 2025-12-19 by HttpPluginCreate report