LeakIX - Host 85.208.103.39

Host 85.208.103.39

The Netherlands

Brutalsys, S.L.

Software information

envoy

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 85.208.103.39
Domain: dashboard.bugfender.com
Port: 443
URL: https://dashboard.bugfender.com

First seen 2025-12-14 00:05
Last seen 2026-02-09 16:12
Open for 57 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1f5e22fb471616734f8cdfb11ea2f3e966cdef9db80d9d5bd
```
Public Swagger UI/API detected at path: /api/swagger.json - sample paths:
DELETE /api/app/{app_id}/version/{version_id}/symbols/{id}
GET /api/app
GET /api/app/{app_id}/device/{device_id}
GET /api/app/{id}/devices
GET /api/app/{id}/issues/download
GET /api/app/{id}/logs/download
GET /api/app/{id}/logs/paginated
GET /api/app/{id}/versions
GET /auth/authorize
POST /api/app/{app_id}/version/{id}/symbols
POST /api/app/{id}/device/{uid}/erase
POST /api/upload-symbols
POST /auth/token
```
  Found on 2026-02-09 16:12
Create report

Open service 85.208.103.39:443 · dashboard.bugfender.com

2026-01-23 01:55

HTTP/1.1 303 See Other
cache-control: no-cache, no-store, must-revalidate
content-security-policy: form-action https://api-iam.eu.intercom.io https://api-iam.au.intercom.io 'self' https://intercom.help https://api-iam.intercom.io; connect-src https://api.eu.intercom.io https://js.bugfender.com https://nexus-europe-websocket.intercom.io https://api-iam.au.intercom.io https://api.stripe.com https://api.bugfender.com wss://nexus-websocket-b.intercom.io https://api.au.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io wss://nexus-australia-websocket.intercom.io https://js.stripe.com https://plausible.io https://nexus-websocket-a.intercom.io https://*.intercom-messenger.com https://api-iam.eu.intercom.io https://uploads.au.intercomcdn.com 'self' https://kmw.bugfender.com:443 https://kmw.bugfender.com wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://*.intercom-messenger.com https://uploads.intercomcdn.eu https://via.intercom.io https://maps.googleapis.com https://api.intercom.io https://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.eu.intercomcdn.com wss://nexus-europe-websocket.intercom.io https://uploads.intercomusercontent.com; media-src 'self' https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; frame-src https://www.youtube.com https://dashboard:5601 https://kibana.bugfender.com:443 https://kibana.bugfender.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com 'self' https://kmw.bugfender.com:443 https://kmw.bugfender.com; img-src 'self' blob: https://gravatar.com https://gifs.intercomcdn.com https://*.intercom-attachments-6.com https://uploads.intercomusercontent.com https://messenger-apps.eu.intercom.io https://*.au.intercom-attachments.com https://*.intercom-attachments.eu https://downloads.intercomcdn.eu https://*.intercom-attachments-2.com https://*.intercom-attachments-5.com https://static.intercomassets.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments-4.com data: https://*.intercom-attachments-1.com https://*.intercom-attachments-3.com https://static.intercomassets.eu https://downloads.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.au.intercom.io https://downloads.au.intercomcdn.com https://*.intercom-attachments-7.com https://static.au.intercomassets.com https://js.intercomcdn.com https://video-messages.intercomcdn.com; child-src 'self' https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://intercom-sheets.com https://www.intercom-reporting.com; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; base-uri 'self'; worker-src blob: https://api.bugfender.com; default-src 'self'; script-src 'nonce-xgERALH2p5UqMzLwViJazA' https://app.intercom.io https://widget.intercom.io https://*.js.stripe.com https://js.stripe.com https://plausible.io 'self' https://js.bugfender.com https://js.intercomcdn.com https://maps.googleapis.com blob:
content-type: text/html; charset=utf-8
expires: 0
location: /login?next=%2F
permissions-policy: accelerometer=(), autoplay=*, camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
date: Fri, 23 Jan 2026 01:55:33 GMT
content-length: 42
x-envoy-upstream-service-time: 13
server: envoy
connection: close


<a href="/login?next=%2F">See Other</a>.

Found 2026-01-23 by HttpPlugin

Create report

*.bugfender.combugfender.com

Fingerprint:

fab2a997aee09518195427d7b30759290cd5d7d87588f2f0e32eb211b201903c

CN:

bugfender.com

Key:

ECDSA-256

Issuer:

Not before:

2025-12-03 05:05

Not after:

2026-03-03 05:05

Domain summary

dashboard.bugfender.com 1

1 recorded