LeakIX - Host natwest-dev.databand.ai

Domain natwest-dev.databand.ai

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.213.161.201
Domain: natwest-dev.databand.ai
Port: 443
URL: https://natwest-dev.databand.ai

First seen 2025-11-28 06:00
Last seen 2026-02-09 00:59
Open for 72 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-02-09 00:59
Create report

Open service 23.213.161.201:443 · natwest-dev.databand.ai

2026-01-09 06:56

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-00000000000000008c1b6d555f7504be-8c1b6d555f7504be-01
tracestate: in=8c1b6d555f7504be;8c1b6d555f7504be
X-INSTANA-T: 8c1b6d555f7504be
X-INSTANA-S: 8c1b6d555f7504be
Server-Timing: intid;desc=8c1b6d555f7504be
Expires: Fri, 09 Jan 2026 06:56:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 06:56:40 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=IjFmY2IxZWFiYjAwMDY0OGExY2Y5ZGI0ODczYTc4YWU2NzMzMDAyNDIi.aWCmqA.l05TxkXNvuKhekGypxsPD82CrcI; Expires=Fri, 09 Jan 2026 07:56:40 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=c1026b9e-1e04-4548-aa38-f41870998bee; Expires=Fri, 09 Jan 2026 07:56:40 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-09 by HttpPlugin

Create report

Open service 23.213.161.201:443 · natwest-dev.databand.ai

2026-01-02 06:51

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000234d3c016cbadc16-234d3c016cbadc16-01
tracestate: in=234d3c016cbadc16;234d3c016cbadc16
X-INSTANA-T: 234d3c016cbadc16
X-INSTANA-S: 234d3c016cbadc16
Server-Timing: intid;desc=234d3c016cbadc16
Expires: Fri, 02 Jan 2026 06:52:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 02 Jan 2026 06:52:00 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=ImI2NDIwMjA3YTdiZDkyNWNlNDQzODQ0ODlkNTkyYTIwNmQ4MmM3ODQi.aVdrEA.i0AWboHRwcrvhh93mrerjEKVFu0; Expires=Fri, 02 Jan 2026 07:52:00 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=a3277195-625b-47f0-ab53-3c26592ec9a6; Expires=Fri, 02 Jan 2026 07:52:00 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-02 by HttpPlugin

Create report

Open service 23.213.161.201:443 · natwest-dev.databand.ai

2025-12-23 04:57

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000dbd3efde5482b9f0-dbd3efde5482b9f0-01
tracestate: in=dbd3efde5482b9f0;dbd3efde5482b9f0
X-INSTANA-T: dbd3efde5482b9f0
X-INSTANA-S: dbd3efde5482b9f0
Server-Timing: intid;desc=dbd3efde5482b9f0
Expires: Tue, 23 Dec 2025 04:57:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 23 Dec 2025 04:57:25 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=ImMyMWVkNjdiMTlkNDQ3NzdmMjA4MDZiZjllMGEzMTgxMDg0NjcxMWEi.aUohNQ.Yug3EQJP31hLcXt0XqEl8xayFb8; Expires=Tue, 23 Dec 2025 05:57:25 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=840bf1d7-b4c0-4818-9556-874e2a2116b8; Expires=Tue, 23 Dec 2025 05:57:25 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2025-12-23 by HttpPlugin

Create report

*.databand.aidataband.ai

Fingerprint:

c639964747c90a6aa840e7b5ba4b90703105c1565b0b8f1b15f118691d3d8d41

CN:

*.databand.ai

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-11-30 00:00

Not after:

2026-12-01 23:59

Domain summary

natwest-dev.databand.ai 3

1 recorded

IP summary

23.213.161.201 2

1 recorded

Domain natwest-dev.databand.ai

Germany

Swagger API description is publicly available

Create report

Create report

Create report

*.databand.aidataband.ai

Domain summary

IP summary