Domain sandbox.espace-client.hellobankpro.fr
Germany
Akamai International B.V.
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 23.50.131.157
Domain: sandbox.espace-client.hellobankpro.fr
Port: 443
URL: https://sandbox.espace-client.hellobankpro.frFirst seen 2025-11-17 00:10
Last seen 2026-01-23 14:16
Open for 67 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4bff366d864b1e61f16cbc89feef29ab8aca65b50cPublic Swagger UI/API detected at path: /v3/api-docs - sample paths: GET /**/jwks GET /grid/{gridId} GET /keepalive GET /keepaliveSSO GET /mobile/templatelclf GET /oidc/jwks GET /recover-authentication/{uid} POST /init-authenticationFound on 2026-01-23 14:16
-
-
Open service 23.50.131.157:443 · sandbox.espace-client.hellobankpro.fr
2026-01-23 14:16
HTTP/1.1 200 OK requestId: bede057e-62be-4a31-818d-dec3f795afd9 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Fri, 23 Jan 2026 14:16:29 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=5C09ADD0F0C7E990EE80A2B435EA815D; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9babb0f95210baeaccce8379f5a19df78463b1953d4711f328647d4a0c3eb3eab897e8f38dad58e588ed0bf90767a8381; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.espace-client.hellobankpro.fr
2026-01-09 16:59
HTTP/1.1 200 OK requestId: 7efbdb01-0b75-4c74-bce8-f2fa92757982 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Fri, 09 Jan 2026 16:59:42 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=4D369CCC089A0E20A987A3C678F08FF5; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9084e6d7059b82883683136d643e891f098e063792cd845a21321592cbfa02d2b5eedac5e47f0a6b4789fa88f6de249da; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.espace-client.hellobankpro.fr
2026-01-02 20:59
HTTP/1.1 200 OK requestId: f020dab3-eedd-4f29-8321-113a2037687a Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Fri, 02 Jan 2026 20:59:18 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=FF1A594DCC93A411079C623825B26759; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9ec885e83a73ea226553ad12675fde572a4124390471e5dc9d009e341e83b445a94b2700a77deca2f1223c6054db47394; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 23.50.131.157:443 · sandbox.espace-client.hellobankpro.fr
2025-12-22 23:45
HTTP/1.1 200 OK requestId: 1f82ac6e-3254-4b68-bae9-b40fa77c7f8e Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: object-src 'none';worker-src blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval' https://ult-inwebo.com https://assets.adobedtm.com https://cdn.doyoudreamup.com https://*.online-metrix.net https://*.dev.echonet https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net;frame-ancestors 'self' https://*.hellobankpro.fr https://*.hellobank.fr https://*.bnpparibas https://*.bnpparibas.net https://*.cardif-iard.fr https://*.biapi.pro https://*.mosaic.fr https://*.protection24.com https://*.facil-iti.com https://*.herokuapp.com https://*.matmut.com https://login.mabanque-s1.dev.echonet:8443; Content-Type: text/html;charset=UTF-8 Content-Language: en X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: origin Vary: access-control-request-method Vary: access-control-request-headers Date: Mon, 22 Dec 2025 23:45:57 GMT Content-Length: 1684 Connection: close Set-Cookie: SESSION=53D944DD3EFA522F906F9D97560D76C7; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_TGC=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly; samesite=None Set-Cookie: CAS_MB=2914119946.47873.0000; path=/; Httponly; Secure; samesite=None Set-Cookie: TS01ab8141=01a16de8d9ca01cefe213ba33f43ac2e7f47abee2dd83d8720938a24fee12c19b9d82f019710f6f71fce4054132d4aa45640ebc02d; Path=/; Secure; samesite=None Page title: BNP PARIBAS | la banque et l'assurance d'un monde qui change <!DOCTYPE html><html> <head> </head> <html lang="fr" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>BNP PARIBAS | la banque et l'assurance d'un monde qui change </title> <meta name="keywords" content=""><meta name="description" content=""><meta name="vpath" content=""><meta name="page-locale-name" content=""><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><link type="text/css" href="/error/css/errorStyle-9f3e2b4c2f6b024eb0fd442ce4198e0c.css" rel="stylesheet" /></head><body class="mw-1400"> <div id="header"> <header class="bottom-header"> <div class="no-mob"> <div class="logoBNP-container"> <a href="https://mabanque.bnpparibas" class="logoBNP text-hide"></a><span class="logotext">La banque d'un monde qui change</span> </div> </div> <header class="bottom-header-connected mobile-only pull-left"> <ul id="" class="list-header-connected left mobile-only"> <li class="logo"><a href="/" class="logoBNP"></a></li> </ul> </header> </header> </div> <div id="wrapper-maintenance" style="height: 83%;"> <div class="content"> <h1>Votre site est actuellement indisponible.</h1> <p>Afin d’améliorer le service, l’accès à la gestion de vos comptes est actuellement en cours de maintenance. <br> Les équipes BNP Paribas font le nécessaire pour rétablir le service au plus vite.</p> </div> </div> <div id="footer"> <div class="footer-contact-bel"> <h2></h2> </div> </div> </body> </html> <body> </body> </html>Found 2025-12-22 by HttpPluginCreate report
tpc-prev.connexion-mabanque.bnpparibassandbox.espace-client.hellobank.frprev.cledigitale.connexion.mabanque.bnpparibasprev.connexion-mabanque.bnpparibasprev.connexion.mabanque.bnpparibasprev-espace-client.hellobankpro.frsandbox.connexion-mabanque.bnpparibasprev.cledigitale.espace-client.hellobank.frprev-espace-client.hellobank.frsandbox.connexion.mabanque.bnpparibasprev-bast.connexion-mabanque.bnpparibassandbox.espace-client.hellobankpro.frprev-bast.espace-client.hellobank.fr
CN:
tpc-prev.connexion-mabanque.bnpparibas
Not before:
2025-10-08 00:00
Not after:
2026-10-07 23:59