LeakIX - Host www.bonsa.dev

Domain www.bonsa.dev

United States

MICROSOFT-CORP-MSN-AS-BLOCK

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.97.79
Domain: www.bonsa.dev
Port: 80
URL: http://www.bonsa.dev

First seen 2025-11-22 02:24
Last seen 2026-01-10 00:54
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-10 00:54
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 35.71.145.101
Domain: www.bonsa.dev
Port: 443
URL: https://www.bonsa.dev

First seen 2025-11-22 02:24
Last seen 2026-01-09 04:32
Open for 48 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-09 04:32
Create report

Open service 75.2.97.79:80 · www.bonsa.dev

2026-01-10 00:54

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 10 Jan 2026 00:55:35 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=NNiWaBhwgVuxVZlLA4QB9tNIoDmSeOoDYD8wGnRax4c%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768006535"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=NNiWaBhwgVuxVZlLA4QB9tNIoDmSeOoDYD8wGnRax4c%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768006535"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 35.71.145.101:443 · www.bonsa.dev

2026-01-09 04:32

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 04:32:28 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5qfyYWt81eahU%2FZZclp1Xi1mTDTOW%2FUNhPd2%2FWnKst8%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767933148"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5qfyYWt81eahU%2FZZclp1Xi1mTDTOW%2FUNhPd2%2FWnKst8%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767933148"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 35.71.145.101:443 · www.bonsa.dev

2026-01-02 10:57

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 10:57:41 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PGN58cshfddcOpcELHhGj1TLbmw4jWSEDAmcg4zcA%2Bg%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767351461"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PGN58cshfddcOpcELHhGj1TLbmw4jWSEDAmcg4zcA%2Bg%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767351461"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 35.71.145.101:443 · www.bonsa.dev

2025-12-23 02:58

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 02:58:47 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PRWgolEVhdqbvrILkJaRf%2FCsM3RgcciL7FTlCE5%2ByfY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766458727"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PRWgolEVhdqbvrILkJaRf%2FCsM3RgcciL7FTlCE5%2ByfY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766458727"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 75.2.97.79:80 · www.bonsa.dev

2025-12-22 13:44

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Dec 2025 13:44:42 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=kWT6t9ov5K1Fo%2BobWOyd4Azs97%2FEORem12VYhqOtkZU%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766411082"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=kWT6t9ov5K1Fo%2BobWOyd4Azs97%2FEORem12VYhqOtkZU%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766411082"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 20.8.132.166:80 · www.bonsa.dev

2025-12-21 02:19

HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: close
Date: Sun, 21 Dec 2025 02:19:50 GMT
Location: https://www.bonsa.dev/

Found 2025-12-21 by HttpPlugin

Create report

Open service 20.8.132.166:443 · www.bonsa.dev

2025-12-21 02:19

HTTP/1.1 200 OK
Content-Length: 680
Connection: close
Content-Type: text/html
Date: Sun, 21 Dec 2025 02:19:49 GMT
Cache-Control: public, must-revalidate, max-age=30
ETag: "61227383"
Last-Modified: Sun, 21 Dec 2025 01:58:03 GMT
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Referrer-Policy: same-origin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-DNS-Prefetch-Control: off

Page title: CareFlow Suite

<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>CareFlow Suite</title>
    <meta property="og:image" content="https://bolt.new/static/og_default.png">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="twitter:image" content="https://bolt.new/static/og_default.png">
  <script type="module" crossorigin src="/assets/index-BjsQ7SWV.js"></script>
  <link rel="stylesheet" crossorigin href="/assets/index-DV-ix9Wc.css">
</head>
  <body>
    <div id="root"></div>
  </body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

Open service 35.71.145.101:443 · www.bonsa.dev

2025-12-20 17:54

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 17:54:27 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YmYgUznEBsoa%2B8AQOx3AwiHYElz1I2jFmb%2Fk112e7Xk%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766253267"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YmYgUznEBsoa%2B8AQOx3AwiHYElz1I2jFmb%2Fk112e7Xk%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766253267"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.97.79:80 · www.bonsa.dev

2025-12-20 11:12

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 11:12:54 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=4eaNUeyRYJ%2FEgETU6Fqj9qd5VBX3S4aj3FXCp8zpWOI%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766229174"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=4eaNUeyRYJ%2FEgETU6Fqj9qd5VBX3S4aj3FXCp8zpWOI%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766229174"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.97.79:80 · www.bonsa.dev

2025-12-19 10:29

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Dec 2025 10:29:41 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=YNb48ce7%2BfIkLOrYZRz%2FFumyFZcj0%2BMYFnNVSB5T61c%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766140181"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=YNb48ce7%2BfIkLOrYZRz%2FFumyFZcj0%2BMYFnNVSB5T61c%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766140181"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-19 by HttpPlugin

Create report

Open service 35.71.145.101:443 · www.bonsa.dev

2025-12-19 03:00

HTTP/1.1 404 Not Found
Content-Length: 139
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Dec 2025 03:00:41 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=L5dVKxv%2FmkGHrVDXCH4S6AABAZehOu3WqqPPPxsex%2BY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766113241"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=L5dVKxv%2FmkGHrVDXCH4S6AABAZehOu3WqqPPPxsex%2BY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766113241"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Powered-By: Express
Connection: close

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-19 by HttpPlugin

Create report

www.bonsa.dev

Fingerprint:

43beeace2b20c6d803bac633f93ce0ed6b0486ee99ef41c4ac73e92e4674ee44

CN:

www.bonsa.dev

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-22 01:25

Not after:

2026-02-20 01:25

.msha-slice-6-am2-1-ase.p.azurewebsites.net.scm.msha-slice-6-am2-1-ase.p.azurewebsites.net.msha-slice-6-am2-1-ase.p.azure-mobile.net.scm.msha-slice-6-am2-1-ase.p.azure-mobile.netmsha-slice-6-am2-1-ase.scm.p.azurewebsites.net

Fingerprint:

56b34170e13e73e355d9bbd4f6eb2b263ed621564963479fc572f32bcb5e50eb

CN:

*.msha-slice-6-am2-1-ase.p.azurewebsites.net

Key:

RSA-2048

Issuer:

Microsoft Azure RSA TLS Issuing CA 04

Not before:

2025-11-28 02:10

Not after:

2026-05-27 02:10

Domain summary

www.bonsa.dev 12

1 recorded

IP summary

75.2.97.79 1 35.71.145.101 1 20.8.132.166 1

3 recorded

Domain www.bonsa.dev

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

www.bonsa.dev

*.msha-slice-6-am2-1-ase.p.azurewebsites.net*.scm.msha-slice-6-am2-1-ase.p.azurewebsites.net*.msha-slice-6-am2-1-ase.p.azure-mobile.net*.scm.msha-slice-6-am2-1-ase.p.azure-mobile.netmsha-slice-6-am2-1-ase.scm.p.azurewebsites.net

Domain summary

IP summary

.msha-slice-6-am2-1-ase.p.azurewebsites.net.scm.msha-slice-6-am2-1-ase.p.azurewebsites.net.msha-slice-6-am2-1-ase.p.azure-mobile.net.scm.msha-slice-6-am2-1-ase.p.azure-mobile.netmsha-slice-6-am2-1-ase.scm.p.azurewebsites.net