A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in some news articles and blog posts. However, no large-scale measurement has quantified the extent of such exposures. We present an automated system that detects and analyzes potential sensitive information leaked through publicly accessible URLs. The system combines lexical URL filtering, dynamic rendering, OCR-based extraction, and content classification to identify potential leaks. We apply it to 6,094,475 URLs collected from public scanning platforms, paste sites, and web archives, identifying 12,331 potential exposures across authentication, financial, personal, and document-related domains. These findings show that sensitive information remains exposed, underscoring the importance of automated detection to identify accidental leaks.

翻译：大量URL被各类平台公开用于安全分析、归档和粘贴共享——例如VirusTotal、URLScan.io、Hybrid Analysis、Wayback Machine和RedHunt。正如某些新闻报道和博客文章所述，这些服务可能无意中暴露包含敏感信息的链接。然而，目前尚无大规模测量研究量化此类暴露的程度。我们提出了一种自动化系统，用于检测和分析通过公开访问URL泄露的潜在敏感信息。该系统结合了词汇URL过滤、动态渲染、基于OCR的提取和内容分类技术来识别潜在泄露。我们将其应用于从公共扫描平台、粘贴站点和网络档案中收集的6,094,475个URL，在身份验证、金融、个人和文档相关领域识别出12,331个潜在暴露案例。这些发现表明敏感信息仍处于暴露状态，凸显了通过自动化检测识别意外泄露的重要性。