LeakIX - Host order-api.selectmeat.ro

Domain order-api.selectmeat.ro

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 76.223.11.49
Domain: order-api.selectmeat.ro
Port: 443
URL: https://order-api.selectmeat.ro

First seen 2025-11-16 00:14
Last seen 2026-01-09 14:48
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b7f0f93a13d18990547eb8bf9024cfa4d6d83b17f
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/order/bulk
GET /api/address/client/{id}
GET /api/address/client/{id}/cbd
GET /api/address/{id}
GET /api/client
GET /api/client/{id}
GET /api/order/{id}
GET /api/products
GET /api/user
GET /api/vendor
GET /api/vendor/{id}
POST /api/address
POST /api/order
POST /api/order/report
```
  Found on 2026-01-09 14:48
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.43.161
Domain: order-api.selectmeat.ro
Port: 80
URL: http://order-api.selectmeat.ro

First seen 2025-11-16 00:14
Last seen 2026-01-09 01:56
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4b7f0f93a13d18990547eb8bf9024cfa4d6d83b17f
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /api/order/bulk
GET /api/address/client/{id}
GET /api/address/client/{id}/cbd
GET /api/address/{id}
GET /api/client
GET /api/client/{id}
GET /api/order/{id}
GET /api/products
GET /api/user
GET /api/vendor
GET /api/vendor/{id}
POST /api/address
POST /api/order
POST /api/order/report
```
  Found on 2026-01-09 01:56
Create report

Open service 76.223.11.49:443 · order-api.selectmeat.ro

2026-01-09 14:48

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 14:48:22 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AWIJCHNAJNVq6bHGprJZP4%2FWebOKYPHknQAYi%2BAqYAw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767970102"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AWIJCHNAJNVq6bHGprJZP4%2FWebOKYPHknQAYi%2BAqYAw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767970102"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 75.2.43.161:80 · order-api.selectmeat.ro

2026-01-09 01:56

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 09 Jan 2026 01:57:53 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3Tx5oLj1KPE5UeD%2BZe9hggd%2Be0cPOQZb1CxJooq4%2F6g%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767923873"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3Tx5oLj1KPE5UeD%2BZe9hggd%2Be0cPOQZb1CxJooq4%2F6g%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767923873"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-09 by HttpPlugin

Create report

Open service 76.223.11.49:443 · order-api.selectmeat.ro

2026-01-02 14:49

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 02 Jan 2026 14:49:21 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=vylQzj91aJ1I6WAOS8iF1ae7y4j6Z%2BP9HZDlYzeb5V4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767365361"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=vylQzj91aJ1I6WAOS8iF1ae7y4j6Z%2BP9HZDlYzeb5V4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767365361"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-02 by HttpPlugin

Create report

Open service 75.2.43.161:80 · order-api.selectmeat.ro

2026-01-01 19:41

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Thu, 01 Jan 2026 19:41:09 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BVblg%2BCsO91zmES9BH33cTny6wmphSq55SVoTkl8CNM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767296469"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BVblg%2BCsO91zmES9BH33cTny6wmphSq55SVoTkl8CNM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767296469"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2026-01-01 by HttpPlugin

Create report

Open service 76.223.11.49:443 · order-api.selectmeat.ro

2025-12-23 06:00

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Tue, 23 Dec 2025 06:00:18 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aLHdtRCkxp5xMyWAMIw2scJtt2ax4ioyr0f41cUKHHM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766469618"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aLHdtRCkxp5xMyWAMIw2scJtt2ax4ioyr0f41cUKHHM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766469618"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-23 by HttpPlugin

Create report

Open service 75.2.43.161:80 · order-api.selectmeat.ro

2025-12-22 20:24

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Mon, 22 Dec 2025 20:24:12 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BnImuMVUNqYmzpnkvgJF1aVm%2FyKWGS5Vz%2FFo51tGdYg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766435052"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BnImuMVUNqYmzpnkvgJF1aVm%2FyKWGS5Vz%2FFo51tGdYg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766435052"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-22 by HttpPlugin

Create report

Open service 75.2.43.161:80 · order-api.selectmeat.ro

2025-12-21 03:48

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 21 Dec 2025 03:48:23 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gY91eWeNOZtoX6m2iQoXAjTcjv6u2ql7MxPrcf7j2lk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766288903"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gY91eWeNOZtoX6m2iQoXAjTcjv6u2ql7MxPrcf7j2lk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766288903"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-21 by HttpPlugin

Create report

Open service 76.223.11.49:443 · order-api.selectmeat.ro

2025-12-20 13:05

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sat, 20 Dec 2025 13:05:23 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6BI5vJAVIKUydf1yn2pyDlkg5GRPKseXHBkH%2BqMRoy4%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766235923"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=6BI5vJAVIKUydf1yn2pyDlkg5GRPKseXHBkH%2BqMRoy4%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766235923"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.43.161:80 · order-api.selectmeat.ro

2025-12-19 04:59

HTTP/1.1 403 Forbidden
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Fri, 19 Dec 2025 04:59:54 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=lO%2B5aGOHZ4f%2BHx8hhcumwlGOB%2Fn8gFCbhi72JKUdUI0%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766120394"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=lO%2B5aGOHZ4f%2BHx8hhcumwlGOB%2Fn8gFCbhi72JKUdUI0%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766120394"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close

Found 2025-12-19 by HttpPlugin

Create report

order-api.selectmeat.ro

Fingerprint:

77822c51e2a6975944e7ccea86a81f6f7e8fafa65624a90ccc10df1823f7b180

CN:

order-api.selectmeat.ro

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-15 23:15

Not after:

2026-02-13 23:15

Domain summary

order-api.selectmeat.ro 10

1 recorded

IP summary

76.223.11.49 1 75.2.43.161 1

2 recorded

Domain order-api.selectmeat.ro

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

order-api.selectmeat.ro

Domain summary

IP summary