LeakIX - Host watson-ads-dev.databand.ai

Domain watson-ads-dev.databand.ai

The Netherlands

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.183.75
Domain: watson-ads-dev.databand.ai
Port: 443
URL: https://watson-ads-dev.databand.ai

First seen 2025-11-07 13:10
Last seen 2026-01-06 12:13
Open for 59 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
  Found on 2026-01-06 12:13
Create report

Open service 2.16.6.202:80 · watson-ads-dev.databand.ai

2026-01-06 12:13

HTTP/1.1 308 Permanent Redirect
Content-Type: text/html
Content-Length: 164
Location: https://watson-ads-dev.databand.ai
Expires: Tue, 06 Jan 2026 12:14:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Jan 2026 12:14:14 GMT
Connection: close

Page title: 308 Permanent Redirect

<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-06 by HttpPlugin

Create report

Open service 2.16.6.199:443 · watson-ads-dev.databand.ai

2026-01-06 12:13

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000cc9f6959428ba5ae-cc9f6959428ba5ae-01
tracestate: in=cc9f6959428ba5ae;cc9f6959428ba5ae
X-INSTANA-T: cc9f6959428ba5ae
X-INSTANA-S: cc9f6959428ba5ae
Server-Timing: intid;desc=cc9f6959428ba5ae
Expires: Tue, 06 Jan 2026 12:13:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Jan 2026 12:13:32 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=ImMyZDUzOTYyOGY4MjhmMWJjMzEzYTI1NWNjZDMxODZhYzdkN2JiOTYi.aVz8bA.-XL57Xz8L-bH24zenuczG19M5hs; Expires=Tue, 06 Jan 2026 13:13:32 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=55382e66-84f4-41cf-8021-79d95d622ec3; Expires=Tue, 06 Jan 2026 13:13:32 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-06 by HttpPlugin

Create report

Open service 2.16.6.199:80 · watson-ads-dev.databand.ai

2026-01-06 12:13

HTTP/1.1 308 Permanent Redirect
Content-Type: text/html
Content-Length: 164
Location: https://watson-ads-dev.databand.ai
Expires: Tue, 06 Jan 2026 12:14:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Jan 2026 12:14:13 GMT
Connection: close

Page title: 308 Permanent Redirect

<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

Found 2026-01-06 by HttpPlugin

Create report

Open service 2.16.6.202:443 · watson-ads-dev.databand.ai

2026-01-06 12:13

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Content-Length: 195
Location: /app
X-Robots-Tag: noindex, nofollow
Permissions-Policy: geolocation=()
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; frame-src https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'; object-src 'none'; style-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; font-src https://1.www.s81c.com 'self' data:; worker-src 'self' blob:; img-src https://*.googletagmanager.com https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io https://www.gravatar.com 'self' data:; script-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; script-src-elem https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self' 'unsafe-inline'; connect-src https://*.googletagmanager.com https://*.walkme.com https://*.amplitude.com https://*.instana.io https://*.newrelic.com https://*.nr-data.net https://1.www.s81c.com https://*.ibm.com https://*.ibmcloud.com https://*.truste.com https://*.trustarc.com https://*.segment.com https://*.segment.io 'self'
Strict-Transport-Security: max-age=15724800; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
X-INSTANA-L: 1
traceparent: 00-0000000000000000e24c627f959acb39-e24c627f959acb39-01
tracestate: in=e24c627f959acb39;e24c627f959acb39
X-INSTANA-T: e24c627f959acb39
X-INSTANA-S: e24c627f959acb39
Server-Timing: intid;desc=e24c627f959acb39
Expires: Tue, 06 Jan 2026 12:13:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Jan 2026 12:13:31 GMT
Alt-Svc: h3=":443"; ma=93600
Connection: close
Set-Cookie: X-CSRF-TOKEN=Ijk5OTUwMTE5ODdhZjAzZjNjNjRlNDdmNGQzYWMwZjRiNWI0YjA0YjIi.aVz8aw.10eK9ljSoce1rz_uJCx4TVx5OrM; Expires=Tue, 06 Jan 2026 13:13:31 GMT; Max-Age=3600; Secure; Path=/; SameSite=Lax
Set-Cookie: dbnd_session=8b15fcca-c8c4-4882-b0f1-c67641eda246; Expires=Tue, 06 Jan 2026 13:13:31 GMT; Secure; HttpOnly; Path=/; SameSite=Lax

Page title: Redirecting...

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="/app">/app</a>. If not, click the link.

Found 2026-01-06 by HttpPlugin

Create report

*.databand.aidataband.ai

Fingerprint:

c639964747c90a6aa840e7b5ba4b90703105c1565b0b8f1b15f118691d3d8d41

CN:

*.databand.ai

Key:

ECDSA-256

Issuer:

DigiCert Global G3 TLS ECC SHA384 2020 CA1

Not before:

2025-11-30 00:00

Not after:

2026-12-01 23:59

Domain summary

watson-ads-dev.databand.ai 4

1 recorded

IP summary

2.16.6.202 1 2.16.6.199 1 2.16.183.75 1

3 recorded

Domain watson-ads-dev.databand.ai

The Netherlands

Swagger API description is publicly available

Create report

Create report

Create report

Create report

*.databand.aidataband.ai

Domain summary

IP summary