Domain sandbox.connexion.mabanque.bnpparibas
Germany
Akamai International B.V.
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 23.50.131.157
Domain: sandbox.connexion.mabanque.bnpparibas
Port: 443
URL: https://sandbox.connexion.mabanque.bnpparibasFirst seen 2025-11-17 00:10
Last seen 2026-01-16 11:50
Open for 60 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50cPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /**/jwks GET /grid/{gridId} GET /keepalive GET /keepaliveSSO GET /mobile/templatelclf GET /oidc/jwks GET /recover-authentication/{uid} POST /init-authenticationFound on 2026-01-16 11:50
-
-
Open service 23.50.131.157:443 · sandbox.connexion.mabanque.bnpparibas
2026-01-09 09:18
HTTP/1.1 200 OK requestId: 1b0b20f7-e87e-41fd-8149-36e09c3ab5de Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Fri, 09 Jan 2026 09:18:42 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=28BB90608C7A234F9ED1973BE6430F7E; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9465c6b19b3ab0cc605d4f3133a9f9242ab420ed7c45aecc567f9712fbb536e1f9544cce81911d8fdeb22b954fc053e43; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.connexion.mabanque.bnpparibas
2026-01-02 08:08
HTTP/1.1 200 OK requestId: 76a464df-d0d9-40be-b447-177e8548babe Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Fri, 02 Jan 2026 08:08:42 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=A91570A1A983D65D6711AED06B9B6B3E; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9ee28fd00cb56cfd4298385e24d40968f602f6b6c3dc64f5afc395aae158cf9768c28320bf7131f75e9185bb7ee09b3ed; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.connexion.mabanque.bnpparibas
2025-12-24 19:28
HTTP/1.1 200 OK requestId: 11a31dda-ec56-431d-b109-7fdc2958fe20 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Wed, 24 Dec 2025 19:28:06 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=7ED97085B54C5140DF2C404F6ADDAF91; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9bca5870d89c50454023e7bfbb69ccc854d4b1b0c89ae096aeaab8790cca5a1a2b9695ca8f7f8eae162077e882c60e3f8; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2025-12-24 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.connexion.mabanque.bnpparibas
2025-12-22 20:24
HTTP/1.1 200 OK requestId: b7a56d69-1f52-4190-a01e-7fae03eea0e7 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Mon, 22 Dec 2025 20:24:57 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=F608AEC89855AFB7B17D345595CA3C7C; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9b9a2005b478aa2990a463940b44528544bfe04747e8b4167094b5a1cfe05ec0729e57318d15650bd47c001a5643c23a6; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2025-12-22 by HttpPluginCreate report
tpc-prev.connexion-mabanque.bnpparibassandbox.espace-client.hellobank.frprev.cledigitale.connexion.mabanque.bnpparibasprev.connexion-mabanque.bnpparibasprev.connexion.mabanque.bnpparibasprev-espace-client.hellobankpro.frsandbox.connexion-mabanque.bnpparibasprev.cledigitale.espace-client.hellobank.frprev-espace-client.hellobank.frsandbox.connexion.mabanque.bnpparibasprev-bast.connexion-mabanque.bnpparibassandbox.espace-client.hellobankpro.frprev-bast.espace-client.hellobank.fr
CN:
tpc-prev.connexion-mabanque.bnpparibas
Not before:
2025-10-08 00:00
Not after:
2026-10-07 23:59