LeakIX - Host api-express-drive.financialexpress.com

Domain api-express-drive.financialexpress.com

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.23.7.40
Domain: api-express-drive.financialexpress.com
Port: 443
URL: https://api-express-drive.financialexpress.com

First seen 2025-11-24 07:14
Last seen 2026-01-31 17:29
Open for 68 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-31 17:29
Create report

Open service 2.23.7.40:443 · api-express-drive.financialexpress.com

2026-01-23 10:49

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Content-Length: 139
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Date: Fri, 23 Jan 2026 10:49:32 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=600 ; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Accept, Authorization, X-Api-Key, *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST,PUT

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-23 by HttpPlugin

Create report

Open service 2.23.7.40:443 · api-express-drive.financialexpress.com

2026-01-09 13:40

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Content-Length: 139
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Date: Fri, 09 Jan 2026 13:40:40 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=600 ; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Accept, Authorization, X-Api-Key, *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST,PUT

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.23.7.40:443 · api-express-drive.financialexpress.com

2026-01-02 13:39

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Content-Length: 139
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Date: Fri, 02 Jan 2026 13:39:17 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=600 ; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Accept, Authorization, X-Api-Key, *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST,PUT

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.23.7.40:443 · api-express-drive.financialexpress.com

2025-12-23 06:53

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Content-Length: 139
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Date: Tue, 23 Dec 2025 06:53:27 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=600 ; includeSubDomains
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, Accept, Authorization, X-Api-Key, *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST,PUT

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

adda.indianexpress.comapi-express-drive.financialexpress.comapi-market.financialexpress.comappsapi-images.indianexpress.comappsapi.indianexpress.comarticle-api.financialexpress.comarticle-cms.financialexpress.comaspire.financialexpress.comaspire.financialexpressb2b.comb2b.financialexpress.combeta.financialexpress.combfsi.financialexpress.combfsi.financialexpressb2b.combrandwagon.financialexpress.combrandwagon.financialexpressb2b.comcdn-microsites.indianexpress.comcdn.brandwagonconclave.comcfo.financialexpress.comcfo.financialexpressb2b.comcio.financialexpress.comcio.financialexpressb2b.comcms-gujarati.indianexpress.comdata.jansatta.comdata.loksatta.comdb.financialexpressb2b.comdevapi-market.financialexpress.comeducation-board-results-api.indianexpress.comeducation-exams-api.indianexpress.comeducation-institutes-api.indianexpress.comeducation-router-api.indianexpress.comeducation.indianexpress.comepaper.loksatta.comepaperapp.loksatta.comepaperappbeta.loksatta.comepaperbeta.loksatta.comev.prelaunch.indianexpress.comev.preprod.indianexpress.comev.vipgo.indianexpress.comfehealthcare.financialexpress.comfinancialexpress.xpresstechie.comhealthcare.financialexpressb2b.comievip.xpresstechie.comimages-epaper.loksatta.comimages-gujarati.indianexpress.comm.jansatta.commalayalam-testing.indianexpress.commocktest-ie.indianexpress.commoe-panel.indianexpress.compreprod-fe.xpresstechie.compreprod.financialexpress.compreprod.indianexpress.compreprod.jansatta.comretail.financialexpress.comretail.financialexpressb2b.comselect.febrandwagon.comsite-api.financialexpress.comsite-cms.financialexpress.comsocialapps.indianexpress.comstaging-gujarati.indianexpress.comsubscriptions.indianexpress.comsubscriptions.loksatta.comvirtualevent.financialexpress.comvirtualevent.indianexpress.comwww.brandwagoncmocouncil.comwww.financialexpressb2b.comwww.indiaeducationsummit.inwww.indianexpressgroup.comxpresstechie.com

Fingerprint:

dddf6075a3600262d938c26a96b9f7540fc6d83077be29d6cfef89bfbaad5882

CN:

xpresstechie.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-24 06:15

Not after:

2026-02-22 06:15

Domain summary

api-express-drive.financialexpress.com 4

1 recorded

IP summary

2.23.7.40 2

1 recorded

Domain api-express-drive.financialexpress.com

Germany

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Domain summary

IP summary