LeakIX - Host pb-santander.com

Domain pb-santander.com

Germany

Services Industriels de Geneve

Software information

AkamaiGHost

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 217.169.130.138
Domain: api.pb-santander.com
Port: 443
URL: https://api.pb-santander.com

First seen 2025-10-15 16:26
Last seen 2026-02-02 06:46
Open for 109 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-02 06:46
Create report

Open service 2a02:26f0:3500:18::1724:a288:80 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:02:07 GMT
Date: Mon, 26 Jan 2026 10:02:07 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;88a02417&#46;1769421727&#46;28eefb1e
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;88a02417&#46;1769421727&#46;28eefb1e</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2a02:26f0:3500:18::1724:a29a:80 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:02:07 GMT
Date: Mon, 26 Jan 2026 10:02:07 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;9aa02417&#46;1769421727&#46;4ee56864
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;9aa02417&#46;1769421727&#46;4ee56864</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2.16.183.8:80 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:02:07 GMT
Date: Mon, 26 Jan 2026 10:02:07 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;c81d1002&#46;1769421727&#46;cf1fd35c
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;c81d1002&#46;1769421727&#46;cf1fd35c</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2.16.183.8:443 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:01:44 GMT
Date: Mon, 26 Jan 2026 10:01:44 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;c81d1002&#46;1769421704&#46;cf1e49c6
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;c81d1002&#46;1769421704&#46;cf1e49c6</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2a02:26f0:3500:18::1724:a288:443 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:01:44 GMT
Date: Mon, 26 Jan 2026 10:01:44 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;88a02417&#46;1769421704&#46;28ee8eb3
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;88a02417&#46;1769421704&#46;28ee8eb3</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2a02:26f0:3500:18::1724:a29a:443 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:01:44 GMT
Date: Mon, 26 Jan 2026 10:01:44 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;9aa02417&#46;1769421704&#46;4ee508e8
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;9aa02417&#46;1769421704&#46;4ee508e8</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2.16.183.17:443 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:01:45 GMT
Date: Mon, 26 Jan 2026 10:01:45 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;c81d1002&#46;1769421705&#46;cf1e4f8d
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;c81d1002&#46;1769421705&#46;cf1e4f8d</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 2.16.183.17:80 · pb-santander.com

2026-01-26 10:01

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 312
Expires: Mon, 26 Jan 2026 10:02:07 GMT
Date: Mon, 26 Jan 2026 10:02:07 GMT
Connection: close

Page title: Invalid URL

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#91;no&#32;URL&#93;", is invalid.<p>
Reference&#32;&#35;9&#46;d11d1002&#46;1769421727&#46;7cb97d88
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;9&#46;d11d1002&#46;1769421727&#46;7cb97d88</P>
</BODY></HTML>

Found 2026-01-26 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-23 01:21

HTTP/1.1 500 
Date: Fri, 23 Jan 2026 01:21:15 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=902eba56a7b351847ec7ff1b51d8c752; path=/; HttpOnly; Secure; SameSite=None;HttpOnly;Secure;SameSite=Strict
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627bf5fbc8769fe6430fc8b30445694478b9428d8e90cb21406fbd5df007ddfecea92ba1a1882e5cbd392857cd44989c819e4c090367fea447d35076001a41f76dd; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"bf5a3d13-e092-467a-b0d3-559b9c39493c","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-23 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-09 07:32

HTTP/1.1 500 
Date: Fri, 09 Jan 2026 07:32:08 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=7a6c84b385100ebab29123a334373011; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=019608262756eacade7594d9ffdd4d87a0853e03b63d7cc4c448dfc11083709e6f2c8cd832cbf1a18618d58b1188b042f36876d22445ecd2f0b0c4d21597587bebbf778cdf; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"ebf45dfb-85a9-49f1-8aa2-37f2b2dff34b","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-09 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-02 07:23

HTTP/1.1 500 
Date: Fri, 02 Jan 2026 07:23:00 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=7a6c84b385100ebab29123a334373011; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627f33907e1bcb3e497e964622bf8a0ef4d3ac976279f9ce6e970d231b931565081980689b96fe6a26afba80b124c986368174089e8dd15271a4d46846dc732cbb9; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"c8a1637f-b61f-42bc-945d-697c5a82490f","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-02 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2025-12-23 03:37

HTTP/1.1 500 
Date: Tue, 23 Dec 2025 03:37:33 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=228f884869a689fa3de9bab232886432; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=01960826271f85c522c9213c2d0fceb1263c6db7b5d1826ebf7f81ee829485dbfb27fea77855585819b5dff28008d2392f5f9a97d40b8f390f69505f462aa7ab5b2f7e1f73; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"6c4d712a-172f-4444-b93a-94e1d9db383d","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2025-12-23 by HttpPlugin

Create report

*.pb-santander.compb-santander.com

Fingerprint:

2c9eec75dfe3e1ed885d52a26787396d8951d4a7d434eac59c04ec95a543a71a

CN:

*.pb-santander.com

Key:

RSA-2048

Issuer:

Sectigo RSA Organization Validation Secure Server CA

Not before:

2025-03-25 00:00

Not after:

2026-03-25 23:59

api.pb-santander.com360workspace-cms.pb-santander.com360workspace.pb-santander.comapi-dwmia.pb-santander.comapi-dwmiadev.pb-santander.comapi-dwmiapre.pb-santander.comapi-dwmiauat.pb-santander.comapi-iwmiadev.pb-santander.comapi-iwmiapre.pb-santander.comapi-iwmiauat.pb-santander.comapi-onedev.pb-santander.comapi-onepre.pb-santander.comapi-onepro.pb-santander.comash-colo-fw01.pb-santander.comash-dr-esa1.pb-santander.comash-dr-mbx1.pb-santander.comash-dr-mbx2.pb-santander.comash-dr-mbx3.pb-santander.comashsub.pb-santander.comautodiscover.pb-santander.comazul.bpi-gruposantander.comazul.pb-santander.combsiapps.pb-santander.combsseco.pb-santander.comclientaccess.pb-santander.comclientaccessva.pb-santander.comdigitalwealth-forgerock-mia-dev.pb-santander.comdigitalwealth-forgerock-mia-pre.pb-santander.comdigitalwealth-forgerock-mia.pb-santander.comdigitalwealth-unblu-mia-dev.pb-santander.comdigitalwealth-unblu-mia-pre.pb-santander.comdigitalwealth-unblu-mia.pb-santander.comdigitalwealth-unblu.pb-santander.comdmzns.pb-santander.comdmzny.pb-santander.comdmzva.pb-santander.comhybrid365.pb-santander.commia-colo-fw01.pb-santander.commia-dc-doupki.pb-santander.commia-dc-esa1.pb-santander.commia-dc-mbx1.pb-santander.commia-dc-mbx2.pb-santander.commia-dc-mbx3.pb-santander.commia-hq-cistera02.pb-santander.commia-hq-mbx1.pb-santander.commia-hq-mbx2.pb-santander.commia2.pb-santander.commiaaw.pb-santander.commiaccmsub2.pb-santander.commiadcns1.pb-santander.commiadcns2.pb-santander.commiaecowas.pb-santander.commiapub.pb-santander.commiasub.pb-santander.comportal360mia.pb-santander.comprd-mq.pb-santander.comprd.pb-santander.comrojo.bpi-gruposantander.comrojo.pb-santander.comrojonew.pb-santander.comsdata.pb-santander.comsecure.pb-santander.comsecured.pb-santander.comseg.pb-santander.comsftp.pb-santander.comsg.pb-santander.comskype.pb-santander.comsmail.pb-santander.comsmail.pb.pb-santander.comspbi-uat.pb-santander.comspbi.pb-santander.comsso.pb-santander.comstatic.pb-santander.comsugirelay.pb-santander.comtest-mq.pb-santander.comuat.pb-santander.comwaf.api-dwmia.pb-santander.comwaf.api-dwmiadev.pb-santander.comwaf.api-dwmiapre.pb-santander.comwaf.api-dwmiauat.pb-santander.comwebmailas.pb-santander.comworkspaceapps-dev.pb-santander.comworkspaceapps-pre.pb-santander.comworkspaceapps-uat.pb-santander.comworkspaceapps.pb-santander.comwww.pb-santander.comwww1.pb-santander.comwww3.pb-santander.comwww4.pb-santander.comwww5.pb-santander.comwww6.pb-santander.com

Fingerprint:

630a69a94994ebcdcfa08a087c90546d184bb30e8250e5e15745a534a25a7ddc

CN:

api.pb-santander.com

Key:

RSA-2048

Issuer:

Sectigo Public Server Authentication CA OV R36

Not before:

2025-11-05 00:00

Not after:

2026-11-05 23:59

Domain summary

api.pb-santander.com 4 pb-santander.com 7

2 recorded

IP summary

217.169.130.138 2 2a02:26f0:3500:18::1724:a288 1 2a02:26f0:3500:18::1724:a29a 1 2.16.183.8 1 2.16.183.17 1

5 recorded

Domain pb-santander.com

Germany

Software information

Swagger API description is publicly available

*.pb-santander.compb-santander.com

Domain summary

IP summary