LeakIX - Host www.wrongsecrets.com

Domain www.wrongsecrets.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 76.223.11.49
Domain: www.wrongsecrets.com
Port: 80
URL: http://www.wrongsecrets.com

First seen 2025-12-07 01:15
Last seen 2026-01-09 07:55
Open for 33 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-09 07:55
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.43.161
Domain: www.wrongsecrets.com
Port: 443
URL: https://www.wrongsecrets.com

First seen 2025-12-07 01:15
Last seen 2026-01-10 00:53
Open for 33 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-01-10 00:53
Create report

Open service 75.2.43.161:443 · www.wrongsecrets.com

2026-01-10 00:53

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Sat, 10 Jan 2026 00:53:12 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GHT9NOxKrH7GeNaNh93Q8K0iQrvUW%2B4Tk4laVYpq24o%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768006392"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GHT9NOxKrH7GeNaNh93Q8K0iQrvUW%2B4Tk4laVYpq24o%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768006392"
Server: Heroku
Set-Cookie: JSESSIONID=F40C75A8687487C3EA06A9F1D5F054A8; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2026-01-10 by HttpPlugin

Create report

Open service 76.223.11.49:80 · www.wrongsecrets.com

2026-01-09 07:55

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Fri, 09 Jan 2026 07:56:37 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hU6K%2FOtvFsusNmHEgKI5SD74scVxzMMp6NXw5wqCPBE%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767945397"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hU6K%2FOtvFsusNmHEgKI5SD74scVxzMMp6NXw5wqCPBE%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767945397"
Server: Heroku
Set-Cookie: JSESSIONID=1A53D81799A11D1E26AA4C60CA00CB08; Path=/; HttpOnly
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2026-01-09 by HttpPlugin

Create report

Open service 75.2.43.161:443 · www.wrongsecrets.com

2026-01-02 19:36

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Fri, 02 Jan 2026 19:36:40 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=W6b32Kna%2FQ8kdWB8Hp7WwwBUOAMUztqLPSN83dXuK00%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767382600"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=W6b32Kna%2FQ8kdWB8Hp7WwwBUOAMUztqLPSN83dXuK00%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767382600"
Server: Heroku
Set-Cookie: JSESSIONID=4EF7F8B7B4A825D0119CD097AF0E1ABC; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2026-01-02 by HttpPlugin

Create report

Open service 76.223.11.49:80 · www.wrongsecrets.com

2026-01-02 05:35

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Fri, 02 Jan 2026 05:35:58 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BkB%2B%2FvwhJqCapW%2F6PaKSJR%2BokPA8bVAc1HUKs2s7IuQ%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767332158"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BkB%2B%2FvwhJqCapW%2F6PaKSJR%2BokPA8bVAc1HUKs2s7IuQ%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767332158"
Server: Heroku
Set-Cookie: JSESSIONID=4C671E9A1D482193085ED2631513C2C6; Path=/; HttpOnly
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2026-01-02 by HttpPlugin

Create report

Open service 75.2.43.161:443 · www.wrongsecrets.com

2025-12-23 01:06

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Tue, 23 Dec 2025 01:06:24 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=VEYJDCHZx6PbjsD5PGiDHukIG26DBtRapH1M8vy2CEM%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766451984"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=VEYJDCHZx6PbjsD5PGiDHukIG26DBtRapH1M8vy2CEM%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766451984"
Server: Heroku
Set-Cookie: JSESSIONID=C2075F37636434591BAF1A159ABF906C; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2025-12-23 by HttpPlugin

Create report

Open service 76.223.11.49:80 · www.wrongsecrets.com

2025-12-22 08:12

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Mon, 22 Dec 2025 08:13:02 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=eGJRBOAYaIiwzQGj629Ac3hZjg4itIi1vR2j1D60ceg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766391182"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=eGJRBOAYaIiwzQGj629Ac3hZjg4itIi1vR2j1D60ceg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766391182"
Server: Heroku
Set-Cookie: JSESSIONID=018D6EC5625D08B20F113BE89EE7D8D3; Path=/; HttpOnly
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2025-12-22 by HttpPlugin

Create report

Open service 75.2.43.161:443 · www.wrongsecrets.com

2025-12-21 09:19

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Sun, 21 Dec 2025 09:19:39 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=OpkRKPqli4LMX5eh7P8uI5Z254VUICjS4N6%2FVU5DIfs%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766308779"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=OpkRKPqli4LMX5eh7P8uI5Z254VUICjS4N6%2FVU5DIfs%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766308779"
Server: Heroku
Set-Cookie: JSESSIONID=4C9A613AFE2FFCF2E70669032BD4EFDA; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2025-12-21 by HttpPlugin

Create report

Open service 76.223.11.49:80 · www.wrongsecrets.com

2025-12-20 05:47

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Sat, 20 Dec 2025 05:47:10 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=WWwHd%2Bv8qQg7bo4dXCOJ0a4FNIEesw%2BuQXv3uT0Y2Hg%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766209630"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=WWwHd%2Bv8qQg7bo4dXCOJ0a4FNIEesw%2BuQXv3uT0Y2Hg%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766209630"
Server: Heroku
Set-Cookie: JSESSIONID=F4FBB68ADA10AE18A634BB457269E242; Path=/; HttpOnly
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2025-12-20 by HttpPlugin

Create report

Open service 75.2.43.161:443 · www.wrongsecrets.com

2025-12-19 02:04

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-US
Content-Security-Policy: default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; img-src data:
Content-Type: text/html;charset=UTF-8
Date: Fri, 19 Dec 2025 02:04:29 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=DVnV%2FF36IgfmZgH6wpLrlLtrQ0U7BzB%2FqYS50JBC4VQ%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766109868"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=DVnV%2FF36IgfmZgH6wpLrlLtrQ0U7BzB%2FqYS50JBC4VQ%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766109868"
Server: Heroku
Set-Cookie: JSESSIONID=FF8822CC2FF886ECC4BC0F2E73DF161E; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: accept-encoding
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Connection: close
Transfer-Encoding: chunked

Found 2025-12-19 by HttpPlugin

Create report

www.wrongsecrets.com

Fingerprint:

2fa4f7dc7bf14d1b298d083443624fc154618f6e5b35313735a8cfbea0a0aede

CN:

www.wrongsecrets.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-07 00:16

Not after:

2026-03-07 00:16

Domain summary

www.wrongsecrets.com 10

1 recorded

IP summary

75.2.43.161 1 76.223.11.49 1

2 recorded

Domain www.wrongsecrets.com

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

www.wrongsecrets.com

Domain summary

IP summary