LeakIX - Host dxc.databand.ai

Domain dxc.databand.ai

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.213.161.201
Domain: dxc.databand.ai
Port: 443
URL: https://dxc.databand.ai

First seen 2025-11-28 06:23
Last seen 2026-02-08 20:47
Open for 72 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-08 20:47
Create report

Open service 23.213.161.201:443 · dxc.databand.ai

2026-01-09 04:43

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000fd97ce37f282891f-fd97ce37f282891f-01
tracestate: in=fd97ce37f282891f;fd97ce37f282891f
X-INSTANA-T: fd97ce37f282891f
X-INSTANA-S: fd97ce37f282891f
Server-Timing: intid;desc=fd97ce37f282891f
Expires: Fri, 09 Jan 2026 04:43:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 04:43:47 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=IjcyY2YzYTFmMzA0NTZiMjQ1YzNlYmRiNmEzOTgxMmFlZWY0N2MyZjQi.aWCHgw._LYMgvDAnQPkq2rLQeyl-rNoEwc; Expires=Fri, 09 Jan 2026 05:43:47 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=18dcd2cf-4bb7-408e-b45c-945c95cf54a7; Expires=Fri, 09 Jan 2026 05:43:47 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.213.161.201:443 · dxc.databand.ai

2026-01-02 10:23

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000882acf1d2fdc20c1-882acf1d2fdc20c1-01
tracestate: in=882acf1d2fdc20c1;882acf1d2fdc20c1
X-INSTANA-T: 882acf1d2fdc20c1
X-INSTANA-S: 882acf1d2fdc20c1
Server-Timing: intid;desc=882acf1d2fdc20c1
Expires: Fri, 02 Jan 2026 10:23:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 02 Jan 2026 10:23:41 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=Ijk1MDdlM2UwMWJlODExODE0MWM3MjA3MzI0NmY1NTg5MTMyMmQwMWUi.aVecrA.r2UWwGHakJUrfR_VJ9HP10WTPQs; Expires=Fri, 02 Jan 2026 11:23:40 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=2d84d016-1168-4c91-adeb-d95b4bf168ee; Expires=Fri, 02 Jan 2026 11:23:40 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-02 by HttpPlugin

Create report

Open service 23.213.161.201:443 · dxc.databand.ai

2025-12-22 21:13

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000bfb5b76b27f6a7ba-bfb5b76b27f6a7ba-01
tracestate: in=bfb5b76b27f6a7ba;bfb5b76b27f6a7ba
X-INSTANA-T: bfb5b76b27f6a7ba
X-INSTANA-S: bfb5b76b27f6a7ba
Server-Timing: intid;desc=bfb5b76b27f6a7ba
Expires: Mon, 22 Dec 2025 21:13:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 22 Dec 2025 21:13:14 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=ImE1YjBmYjAxNmYwMzg1OGIzNzQ0ZTdmZjdlMjVmNDcxMGNkOGM4OGMi.aUm0ag.Fa42EXFrLQ-z2g2wmm4cLitq1Tk; Expires=Mon, 22 Dec 2025 22:13:14 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=5e3329d7-75df-4ce0-847d-3e3f489fd658; Expires=Mon, 22 Dec 2025 22:13:14 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2025-12-22 by HttpPlugin

Create report

*.databand.aidataband.ai

Fingerprint:

c639964747c90a6aa840e7b5ba4b90703105c1565b0b8f1b15f118691d3d8d41

CN:

*.databand.ai

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-11-30 00:00

Not after:

2026-12-01 23:59

Domain summary

dxc.databand.ai 3

1 recorded

IP summary

23.213.161.201 2

1 recorded

Domain dxc.databand.ai

Germany

Swagger API description is publicly available

Create report

Create report

Create report

*.databand.aidataband.ai

Domain summary

IP summary