LeakIX - Host cledigitale.espace-client.hellobank.fr

Domain cledigitale.espace-client.hellobank.fr

Germany

Akamai International B.V.

Software information

AkamaiGHost

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.145
Domain: prev.cledigitale.espace-client.hellobank.fr
Port: 443
URL: https://prev.cledigitale.espace-client.hellobank.fr

First seen 2025-11-17 00:10
Last seen 2026-02-02 09:40
Open for 77 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-02-02 09:40
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 23.50.131.158
Domain: cledigitale.espace-client.hellobank.fr
Port: 443
URL: https://cledigitale.espace-client.hellobank.fr

First seen 2025-11-17 00:08
Last seen 2026-02-02 09:35
Open for 77 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50c
```
Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
GET /**/jwks
GET /grid/{gridId}
GET /keepalive
GET /keepaliveSSO
GET /mobile/templatelclf
GET /oidc/jwks
GET /recover-authentication/{uid}
POST /init-authentication
```
  Found on 2026-02-02 09:35
Create report

Open service 23.50.131.158:443 · cledigitale.espace-client.hellobank.fr

2026-02-09 20:39

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 398
Expires: Mon, 09 Feb 2026 20:39:43 GMT
Date: Mon, 09 Feb 2026 20:39:43 GMT
Connection: close

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;cledigitale&#46;espace&#45;client&#46;hellobank&#46;fr&#47;" on this server.<P>
Reference&#32;&#35;18&#46;9173317&#46;1770669583&#46;53a0a497
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;9173317&#46;1770669583&#46;53a0a497</P>
</BODY>
</HTML>

Found 2026-02-09 by HttpPlugin

Create report

Open service 23.50.131.145:443 · prev.cledigitale.espace-client.hellobank.fr

2026-02-09 20:36

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 407
Expires: Mon, 09 Feb 2026 20:36:24 GMT
Date: Mon, 09 Feb 2026 20:36:24 GMT
Connection: close

Page title: Access Denied

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>
 
You don't have permission to access "http&#58;&#47;&#47;prev&#46;cledigitale&#46;espace&#45;client&#46;hellobank&#46;fr&#47;" on this server.<P>
Reference&#32;&#35;18&#46;11173317&#46;1770669384&#46;94df647
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;11173317&#46;1770669384&#46;94df647</P>
</BODY>
</HTML>

Found 2026-02-09 by HttpPlugin

Create report

Open service 23.50.131.158:443 · cledigitale.espace-client.hellobank.fr

2026-01-23 10:31

HTTP/1.1 200 OK
requestId: 36eb1567-f51c-4354-8832-b347b8818f3d
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: object-src 'none';worker-src blob:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443;
Content-Type: text/html;charset=UTF-8
Content-Language: en
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 23 Jan 2026 10:31:18 GMT
Content-Length: 6877
Connection: close
Set-Cookie: SESSION=86F40EC216743CC33303AE473B2ACE26; Path=/; Secure; HttpOnly; samesite=None
Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None
Set-Cookie: CAS_MB=152441399.47873.0000; path=/; Httponly; Secure; samesite=None
Set-Cookie: TS013a6823=01a16de8d91888d716a10a448d57dc6c1b1562afcaaea21a741a2f33e411b3ad78f994358027a60d42309d3a7350b9182085ce2818; Path=/; Secure; samesite=None

Page title: Site momentanément en maintenance

<!DOCTYPE html><html>
<head>
</head>
<html lang="fr" xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Site momentanément en maintenance</title>
    <script nonce="3193293b-9f09-40db-9a75-85db6b896257" src="/common/js/jquery-3.7.1.min-c9771cc3e90e18f5336eedbd0fffb2cf.js"></script>
    <link  href="/error/css/big-main-4d36c2aa1c23e01f84fdf28e3676807d.css" rel="stylesheet"><link type="image/x-icon" href="/common/faviconHB.ico" rel="shortcut icon"></head><body>
    <header>
        <nav class="aki-nav" id="navbarAki">
            <div class="container">
                <div class="navbar-header navbar-logo">
                    <a class="brand-logo" href="https://www.hellobank.fr/" title="Hello bank! la banque en ligne de BNP Paribas"></a>
                </div>
  
                <div class="navbar-collapse" id="navAki">
                    <div class="container">
                        <ul class="nav-level1">
                            <li><a href="https://www.hellobank.fr/fr/votre-banque-en-ligne/">Banque en ligne</a></li>
                            <li><a href="https://www.hellobank.fr/fr/tarifs/">Tarifs</a></li>
                            <li><a href="https://www.hellobank.fr/fr/vos-cartes-bancaires/">Cartes bancaires</a></li>
                            <li><a href="https://www.hellobank.fr/fr/votre-offre-parrainage/">Parrainage</a></li>
                        </ul>
                    </div>
                </div>
            </div>
        </nav>
    </header>

    <main class="quatre-cent-quatre">
        <section class="hero-banner">
            <div class="container content">
                <div class="row ">
                    <div class="kol-sm-12">
                        <h1 class="h1"><span class="txt-white">Oooups,</span> ça pique&nbsp;!</h1>
                        <p class="summary">Problème épineux&nbsp;: cette page <br class="visible-xs">n'existe pas.</p>
                        <a class="btn btn-default-neg" href="https://www.hellobank.fr/" title="Retour à l'accueil">Retour à l'accueil</a>
                    </div>
                </div>
            </div>
        </section>
    </main>

    <footer class="main-footer">
        <div class="container">
            <div class="footer-5-col">
                <ul class="liste-liens">
                    <li class="nav-title">Des questions&nbsp;?</li>
                    <li><a href="https://www.hellobank.fr/faq">Consultez les FAQ</a></li>
                    <li><a href="https://forum.hellobank.fr/">Visitez le Forum</a></li>
                    <li><a href="https://www.hellobank.fr/fr/pourquoi-nous-choisir/">Pourquoi nous choisir&nbsp;?</a></li>
                    <li><a href="https://www.hellobank.fr/lexique/">Lexique</a></li>
                </ul>
                <ul class="liste-liens">
                    <li class="nav-title">Les essentiels</li>
                    <li><a href="https://www.hellobank.fr/fr/votre-banque-en-ligne/">Banque en ligne</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/credit/credit-immobilier/">Prêt immobilier</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/credit/credit-consommation/">Prêt consommation</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/compte-et-cartes/services-bancaires/mobilite-bancaire/">Changer pour Hello&nbsp;bank!</a></li>
                </ul>
                <ul class="liste-liens">
                    <li class="nav-title">Extras</li>
                    <li><a href="https://www.hellobank.fr/fr/votre-offre-parrainage/">Parrainage</a></li>
                    <li><a href="https://www.hellobank.fr/fr/financement-participatif/">Financement participatif</a></li>
                    <li><a href="https://www.hellobank.fr/fr/recrutement/">Recrutement</a></li>
                    <li

Found 2026-01-23 by HttpPlugin

Create report

Open service 23.50.131.145:443 · prev.cledigitale.espace-client.hellobank.fr

2026-01-23 10:20

HTTP/1.1 200 OK
requestId: 9cc714b6-5092-4db4-843a-29c40f4c3463
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: object-src 'none';worker-src blob:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443;
Content-Type: text/html;charset=UTF-8
Content-Language: en
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: origin
Vary: access-control-request-method
Vary: access-control-request-headers
Date: Fri, 23 Jan 2026 10:20:46 GMT
Content-Length: 6877
Connection: close
Set-Cookie: SESSION=02DE9E22D5568E97D46A864D61C8D718; Path=/; Secure; HttpOnly; samesite=None
Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None
Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None
Set-Cookie: TS01ab8141=01a16de8d9858dc52be3f772264f1fde4e105a77fe26b0e158686422ff57f0701fb000720821f8205455c2cd70f8f358383e7dbc37; Path=/; Secure; samesite=None

Page title: Site momentanément en maintenance

<!DOCTYPE html><html>
<head>
</head>
<html lang="fr" xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Site momentanément en maintenance</title>
    <script nonce="f0bd127d-b976-4987-95ba-1da759c33de8" src="/common/js/jquery-3.7.1.min-c9771cc3e90e18f5336eedbd0fffb2cf.js"></script>
    <link  href="/error/css/big-main-4d36c2aa1c23e01f84fdf28e3676807d.css" rel="stylesheet"><link type="image/x-icon" href="/common/faviconHB.ico" rel="shortcut icon"></head><body>
    <header>
        <nav class="aki-nav" id="navbarAki">
            <div class="container">
                <div class="navbar-header navbar-logo">
                    <a class="brand-logo" href="https://www.hellobank.fr/" title="Hello bank! la banque en ligne de BNP Paribas"></a>
                </div>
  
                <div class="navbar-collapse" id="navAki">
                    <div class="container">
                        <ul class="nav-level1">
                            <li><a href="https://www.hellobank.fr/fr/votre-banque-en-ligne/">Banque en ligne</a></li>
                            <li><a href="https://www.hellobank.fr/fr/tarifs/">Tarifs</a></li>
                            <li><a href="https://www.hellobank.fr/fr/vos-cartes-bancaires/">Cartes bancaires</a></li>
                            <li><a href="https://www.hellobank.fr/fr/votre-offre-parrainage/">Parrainage</a></li>
                        </ul>
                    </div>
                </div>
            </div>
        </nav>
    </header>

    <main class="quatre-cent-quatre">
        <section class="hero-banner">
            <div class="container content">
                <div class="row ">
                    <div class="kol-sm-12">
                        <h1 class="h1"><span class="txt-white">Oooups,</span> ça pique&nbsp;!</h1>
                        <p class="summary">Problème épineux&nbsp;: cette page <br class="visible-xs">n'existe pas.</p>
                        <a class="btn btn-default-neg" href="https://www.hellobank.fr/" title="Retour à l'accueil">Retour à l'accueil</a>
                    </div>
                </div>
            </div>
        </section>
    </main>

    <footer class="main-footer">
        <div class="container">
            <div class="footer-5-col">
                <ul class="liste-liens">
                    <li class="nav-title">Des questions&nbsp;?</li>
                    <li><a href="https://www.hellobank.fr/faq">Consultez les FAQ</a></li>
                    <li><a href="https://forum.hellobank.fr/">Visitez le Forum</a></li>
                    <li><a href="https://www.hellobank.fr/fr/pourquoi-nous-choisir/">Pourquoi nous choisir&nbsp;?</a></li>
                    <li><a href="https://www.hellobank.fr/lexique/">Lexique</a></li>
                </ul>
                <ul class="liste-liens">
                    <li class="nav-title">Les essentiels</li>
                    <li><a href="https://www.hellobank.fr/fr/votre-banque-en-ligne/">Banque en ligne</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/credit/credit-immobilier/">Prêt immobilier</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/credit/credit-consommation/">Prêt consommation</a></li>
                    <li><a href="https://www.hellobank.fr/fr/offre/compte-et-cartes/services-bancaires/mobilite-bancaire/">Changer pour Hello&nbsp;bank!</a></li>
                </ul>
                <ul class="liste-liens">
                    <li class="nav-title">Extras</li>
                    <li><a href="https://www.hellobank.fr/fr/votre-offre-parrainage/">Parrainage</a></li>
                    <li><a href="https://www.hellobank.fr/fr/financement-participatif/">Financement participatif</a></li>
                    <li><a href="https://www.hellobank.fr/fr/recrutement/">Recrutement</a></li>
                    <li

Found 2026-01-23 by HttpPlugin

Create report

tpc-connexion.mabanque.bnpparibascledigitale.connexion.mabanque.bnpparibasespace-client.hellobank.frconnexion-mabanque.bnpparibascledigitale.espace-client.hellobank.frespace-client.hellobankpro.frconnexion.mabanque.bnpparibas

Fingerprint:

cd0a1e605f06f3078e8c3a6ce78bad6d1f25a56a643b329eb261100b75b59ccd

CN:

tpc-connexion.mabanque.bnpparibas

Key:

RSA-2048

Issuer:

Thawte EV RSA CA G2

Not before:

2025-09-03 00:00

Not after:

2026-09-02 23:59

tpc-prev.connexion-mabanque.bnpparibassandbox.espace-client.hellobank.frprev.cledigitale.connexion.mabanque.bnpparibasprev.connexion-mabanque.bnpparibasprev.connexion.mabanque.bnpparibasprev-espace-client.hellobankpro.frsandbox.connexion-mabanque.bnpparibasprev.cledigitale.espace-client.hellobank.frprev-espace-client.hellobank.frsandbox.connexion.mabanque.bnpparibasprev-bast.connexion-mabanque.bnpparibassandbox.espace-client.hellobankpro.frprev-bast.espace-client.hellobank.fr

Fingerprint:

492f7d9a43d34c63288227244a2b097a52a03d53f640c6600467226726bd3f43

CN:

tpc-prev.connexion-mabanque.bnpparibas

Key:

RSA-2048

Issuer:

Thawte EV RSA CA G2

Not before:

2025-10-08 00:00

Not after:

2026-10-07 23:59

Domain summary

cledigitale.espace-client.hellobank.fr 2 prev.cledigitale.espace-client.hellobank.fr 2

2 recorded

IP summary

23.50.131.158 2 23.50.131.145 2

2 recorded

Domain cledigitale.espace-client.hellobank.fr

Germany

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Create report

Create report

Create report

Create report

tpc-connexion.mabanque.bnpparibascledigitale.connexion.mabanque.bnpparibasespace-client.hellobank.frconnexion-mabanque.bnpparibascledigitale.espace-client.hellobank.frespace-client.hellobankpro.frconnexion.mabanque.bnpparibas

Domain summary

IP summary