LeakIX - Host dev-cdp-api.nw18.com

Domain dev-cdp-api.nw18.com

Germany

Akamai International B.V.

Software information

istio-envoy

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.206.146
Domain: dev-cdp-api.nw18.com
Port: 443
URL: https://dev-cdp-api.nw18.com

First seen 2025-11-11 06:45
Last seen 2026-01-10 16:54
Open for 60 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109
```
Public Swagger UI/API detected at path: /api-docs/swagger.json
```
  Found on 2026-01-10 16:54
Create report

Open service 2.23.176.37:443 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 4
Server: istio-envoy
Date: Sat, 10 Jan 2026 16:55:01 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 2a02:26f0:3500:12::1730:17bd:443 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 4
Server: istio-envoy
Date: Sat, 10 Jan 2026 16:55:00 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 2a02:26f0:3500:12::1730:17a4:443 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 4
Server: istio-envoy
Date: Sat, 10 Jan 2026 16:55:00 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 2.23.176.33:443 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 4
Server: istio-envoy
Date: Sat, 10 Jan 2026 16:55:01 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-10 by HttpPlugin

Create report

Open service 2.23.176.33:80 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://dev-cdp-api.nw18.com:443/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Jan 2026 16:55:40 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Found 2026-01-10 by HttpPlugin

Create report

Open service 2a02:26f0:3500:12::1730:17a4:80 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://dev-cdp-api.nw18.com:443/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Jan 2026 16:55:40 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Found 2026-01-10 by HttpPlugin

Create report

Open service 2.23.176.37:80 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://dev-cdp-api.nw18.com:443/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Jan 2026 16:55:39 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Found 2026-01-10 by HttpPlugin

Create report

Open service 2a02:26f0:3500:12::1730:17bd:80 · dev-cdp-api.nw18.com

2026-01-10 16:54

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: https://dev-cdp-api.nw18.com:443/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 10 Jan 2026 16:55:37 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Found 2026-01-10 by HttpPlugin

Create report

Open service 2.16.206.146:443 · dev-cdp-api.nw18.com

2026-01-09 23:41

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 4
Server: istio-envoy
Date: Fri, 09 Jan 2026 23:41:35 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 2.16.206.146:443 · dev-cdp-api.nw18.com

2026-01-02 21:26

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 3
Server: istio-envoy
Date: Fri, 02 Jan 2026 21:26:29 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 2.16.206.146:443 · dev-cdp-api.nw18.com

2025-12-23 04:55

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 3
Server: istio-envoy
Date: Tue, 23 Dec 2025 04:55:26 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 2.16.206.146:443 · dev-cdp-api.nw18.com

2025-12-21 09:52

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 3
Server: istio-envoy
Date: Sun, 21 Dec 2025 09:52:46 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

Open service 2.16.206.146:443 · dev-cdp-api.nw18.com

2025-12-19 00:34

HTTP/1.1 404 Not Found
x-powered-by: Express
Content-Security-Policy: default-src 'none'
x-content-type-options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 139
x-envoy-upstream-service-time: 3
Server: istio-envoy
Date: Fri, 19 Dec 2025 00:34:56 GMT
Connection: close
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

Page title: Error

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Found 2025-12-19 by HttpPlugin

Create report

accounts.cnbctv18.comapi-beta-unified.cnbctv18.comapi-beta-unified.news18.comapi-pf-dev.nw18.comapi-pf.nw18.comapi.cnbctv18.comapi.platform.nw18.comauthgateway.cnbctv18.combeta-api.forbesindia.combeta-bff.forbesindia.combeta-cms-article.forbesindia.combeta-cms-blog.forbesindia.combeta-cms-richlist.forbesindia.combeta-cms-subs.forbesindia.combeta-en-access.cnbctv18.combeta-mt.forbesindia.combeta-subs.forbesindia.combetaassam-unified.news18.combetabengali-unified.news18.combetaencms-unified.cnbctv18.combetaeng-unified-cms.firstpost.combetaenglish-unified.news18.combetagujarati-unified.news18.combetahicms-unified.cnbctv18.combetahindi-unified.news18.combetaimages.forbesindia.combetakannada-unified.news18.combetalokmat-unified.news18.combetamalayalam-unified.news18.combetamarathi-unified.news18.combetaodia-unified.news18.combetapunjabi-unified.news18.combetatamil-unified.news18.combetatelugu-unified.news18.combetaurdu-unified.news18.comcdp-api.nw18.comcdp.nw18.comcms.payments.cnbctv18.comcomments.nw18.comdev-cdp-api.nw18.comdev-cdp.nw18.comdev-staticcdp.nw18.comfile18-cms-plugin.nw18.comgdpr.nw18.comms-staging.news18.comms.overdrive.inmscms.cnbctv18.commscms.firstpost.commscms.forbesindia.commscms.news18features.comnews18.compayments.cnbctv18.compre-prod-api-ops.nw18.compre-prod-df.nw18.compre-prod-file-api.nw18.compre-prod-ops.nw18.compre-prodfile18-cms-plugin.nw18.comstage-api-ops.nw18.comstage-ops.nw18.comstaticcdp.nw18.comstg-api-gu.cnbctv18.comstg-api.cnbctv18.comstg-api.forbesindia.comstg-cdp-api.nw18.comstg-cdp.nw18.comstg-elections-v4-api.news18.comstg-elections-v4-cms.news18.comstg-elections-v4-rut.news18.comstg-elections-v4.news18.comstg-en-access.cnbctv18.comstg-eshop.network18publishing.comstg-feeds.news18.comstg-mt.forbesindia.comstg-nw18videoupload-gcp.news18.comstg-staticcdp.nw18.comstg-video.nw18.comstg.forbesindia.comstg.local18.instgaccounts.cnbctv18.comstgauthgateway.cnbctv18.comstgcms-forbes.news18.comstgcms-media-service.nw18.comstgcms.nw18.comstgcms.payments.cnbctv18.comstgcore-components-storybook.nw18.comstgdevops-1234.news18.comstgencms-unified.cnbctv18.comstgeng-unified-cms.firstpost.comstgenglishcms-unified.news18.comstgfile18-cms-plugin.nw18.comstghicms-unified.cnbctv18.comstghindicms-unified.news18.comstgimages.forbesindia.comstgpayments.cnbctv18.comstgstrapicms.cnbctv18.comstgtechpickscms.moneycontrol.comtechpickscms.moneycontrol.comvideo-cms.nw18.comwww.gujarati.news18.comwww.news18marathi.com

Fingerprint:

5e6d58805e4d2355aa2ccdac464de6285b542f991d85011b909c5578316cda89

CN:

gdpr.nw18.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-11 05:47

Not after:

2026-02-09 05:47

Domain summary

dev-cdp-api.nw18.com 13

1 recorded

IP summary

2.23.176.37 1 2a02:26f0:3500:12::1730:17bd 1 2a02:26f0:3500:12::1730:17a4 1 2.23.176.33 1 2.16.206.146 1

5 recorded

Domain dev-cdp-api.nw18.com

Germany

Software information

Swagger API description is publicly available

Domain summary

IP summary