Domain ikea.databand.ai
Germany
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-23 16:11
Last seen 2026-02-01 21:07
Open for 101 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-02-01 21:07
-
-
Open service 104.126.37.128:443 · ikea.databand.ai
2026-01-09 07:05
HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=utf-8 Content-Length: 195 Location: /app X-Robots-Tag: noindex, nofollow Permissions-Policy: geolocation=() X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' Strict-Transport-Security: max-age=15724800; includeSubDomains Referrer-Policy: strict-origin-when-cross-origin X-INSTANA-L: 1 traceparent: 00-00000000000000009473122a83fa63ca-9473122a83fa63ca-01 tracestate: in=9473122a83fa63ca;9473122a83fa63ca X-INSTANA-T: 9473122a83fa63ca X-INSTANA-S: 9473122a83fa63ca Server-Timing: intid;desc=9473122a83fa63ca Expires: Fri, 09 Jan 2026 07:05:31 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 09 Jan 2026 07:05:31 GMT Alt-Svc: h3=":443"; ma=93600 Connection: close Set-Cookie: X-CSRF-TOKEN=IjcxZTMyYTJhMzlkNjAzMzc2Yjc0ZDNlZTUwZWE0YTlkMjU0OTQ5MjQi.aWCouw.uND1QwtwraKhol0FKVPM52UVJyA; Expires=Fri, 09 Jan 2026 08:05:31 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax Set-Cookie: dbnd_session=6fab0e5f-4407-4f02-81d0-41550c835eba; Expires=Fri, 09 Jan 2026 08:05:31 GMT; Secure; HttpOnly; Path=/; SameSite=Lax Page title: Redirecting... <!doctype html> <html lang=en> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.
Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.126.37.128:443 · ikea.databand.ai
2026-01-02 06:41
HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=utf-8 Content-Length: 195 Location: /app X-Robots-Tag: noindex, nofollow Permissions-Policy: geolocation=() X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' Strict-Transport-Security: max-age=15724800; includeSubDomains Referrer-Policy: strict-origin-when-cross-origin X-INSTANA-L: 1 traceparent: 00-000000000000000015e5652c102f6928-15e5652c102f6928-01 tracestate: in=15e5652c102f6928;15e5652c102f6928 X-INSTANA-T: 15e5652c102f6928 X-INSTANA-S: 15e5652c102f6928 Server-Timing: intid;desc=15e5652c102f6928 Expires: Fri, 02 Jan 2026 06:41:33 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 02 Jan 2026 06:41:33 GMT Alt-Svc: h3=":443"; ma=93600 Connection: close Set-Cookie: X-CSRF-TOKEN=ImRhMjY4MDI0Zjc0ZjhmNTgzZTUyODczZmI1ODkyNjdhOTljMTUzOGIi.aVdonA.PiAFh9vVoWbhk6M21tZwZ8M-yzw; Expires=Fri, 02 Jan 2026 07:41:32 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax Set-Cookie: dbnd_session=87421c44-c47c-4d3f-a49c-3ac7140134d7; Expires=Fri, 02 Jan 2026 07:41:32 GMT; Secure; HttpOnly; Path=/; SameSite=Lax Page title: Redirecting... <!doctype html> <html lang=en> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.
Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.126.37.128:443 · ikea.databand.ai
2025-12-22 21:12
HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=utf-8 Content-Length: 195 Location: /app X-Robots-Tag: noindex, nofollow Permissions-Policy: geolocation=() X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' Strict-Transport-Security: max-age=15724800; includeSubDomains Referrer-Policy: strict-origin-when-cross-origin X-INSTANA-L: 1 traceparent: 00-0000000000000000689a4156d6161939-689a4156d6161939-01 tracestate: in=689a4156d6161939;689a4156d6161939 X-INSTANA-T: 689a4156d6161939 X-INSTANA-S: 689a4156d6161939 Server-Timing: intid;desc=689a4156d6161939 Expires: Mon, 22 Dec 2025 21:12:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Dec 2025 21:12:59 GMT Alt-Svc: h3=":443"; ma=93600 Connection: close Set-Cookie: X-CSRF-TOKEN=IjZjMzYwMGU1NmI1NjA3ZWQyODI4NjhjODJkNmYxODE2ODJhMWUzZmIi.aUm0Ww.Fk635Z_dc-Uhas-dS0rtHIXBQ00; Expires=Mon, 22 Dec 2025 22:12:59 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax Set-Cookie: dbnd_session=b117cb92-6211-4e96-a36d-8772bdb3a9cf; Expires=Mon, 22 Dec 2025 22:12:59 GMT; Secure; HttpOnly; Path=/; SameSite=Lax Page title: Redirecting... <!doctype html> <html lang=en> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.
Found 2025-12-22 by HttpPluginCreate report