LeakIX - Host 217.169.130.138

Host 217.169.130.138

Switzerland

Services Industriels de Geneve

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 217.169.130.138
Port: 443
URL: https://217.169.130.138

First seen 2025-12-11 18:25
Last seen 2026-02-08 12:37
Open for 58 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-08 12:37
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 217.169.130.138
Domain: api.pb-santander.com
Port: 443
URL: https://api.pb-santander.com

First seen 2025-10-15 16:26
Last seen 2026-02-02 06:46
Open for 109 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1926e27d0926e27d0926e27d0926e27d0926e27d0926e27d0
```
Public Swagger UI/API detected at path: /webjars/swagger-ui/index.html
```
  Found on 2026-02-02 06:46
Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-23 01:21

HTTP/1.1 500 
Date: Fri, 23 Jan 2026 01:21:15 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=902eba56a7b351847ec7ff1b51d8c752; path=/; HttpOnly; Secure; SameSite=None;HttpOnly;Secure;SameSite=Strict
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627bf5fbc8769fe6430fc8b30445694478b9428d8e90cb21406fbd5df007ddfecea92ba1a1882e5cbd392857cd44989c819e4c090367fea447d35076001a41f76dd; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"bf5a3d13-e092-467a-b0d3-559b9c39493c","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-23 by HttpPlugin

Create report

Open service 217.169.130.138:443

2026-01-22 15:05

HTTP/1.1 500 
Date: Thu, 22 Jan 2026 15:05:10 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=12bd6b613bb470f25093005b67a66d15; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627bfb4f64fb5f362476169d05a6fb33fda883fe69ff2f50493a9c8a4e33826a77460ac3b454afb45e65cebab023090878701434363f89b1d95fb93ef073288ec08; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"831aa353-bb3a-4513-a22c-c7d8eb8c5c61","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-22 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-09 07:32

HTTP/1.1 500 
Date: Fri, 09 Jan 2026 07:32:08 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=7a6c84b385100ebab29123a334373011; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=019608262756eacade7594d9ffdd4d87a0853e03b63d7cc4c448dfc11083709e6f2c8cd832cbf1a18618d58b1188b042f36876d22445ecd2f0b0c4d21597587bebbf778cdf; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"ebf45dfb-85a9-49f1-8aa2-37f2b2dff34b","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-09 by HttpPlugin

Create report

Open service 217.169.130.138:443

2026-01-08 16:16

HTTP/1.1 500 
Date: Thu, 08 Jan 2026 16:16:02 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=7a6c84b385100ebab29123a334373011; path=/; HttpOnly; Secure; SameSite=None;HttpOnly;Secure;SameSite=Strict
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627d2bfa422ea5b890283e45c83860358714d4b4406016222311280ff502876193aef23b6ba8b4e826dd9575dc990a42b3158ee76c01e675d7440e99d5f08e29251; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"1f83da96-a909-4dbe-bb78-896b3d55f7f4","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-08 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2026-01-02 07:23

HTTP/1.1 500 
Date: Fri, 02 Jan 2026 07:23:00 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=7a6c84b385100ebab29123a334373011; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627f33907e1bcb3e497e964622bf8a0ef4d3ac976279f9ce6e970d231b931565081980689b96fe6a26afba80b124c986368174089e8dd15271a4d46846dc732cbb9; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"c8a1637f-b61f-42bc-945d-697c5a82490f","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-02 by HttpPlugin

Create report

Open service 217.169.130.138:443

2026-01-01 18:09

HTTP/1.1 500 
Date: Thu, 01 Jan 2026 18:09:31 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=d62a55478f5896f8fb7d60202eabfd37; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627375cd47b0b63a923543cd3584ee05a9d7e667bde5647f225a6d567d5c435a860c88b1dd59cfc20174cc3e6d4a48373e9c98f3ffad43092d301ddfd16e11b8d74; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"151a2eb6-7227-47c5-b3f6-9d31e2bd57cc","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2026-01-01 by HttpPlugin

Create report

Open service 217.169.130.138:443

2025-12-24 01:11

HTTP/1.1 500 
Date: Wed, 24 Dec 2025 01:11:03 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=2d8a1f7fb11dd9715c45fe80cdd75cc8; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=0196082627f3aab900a52cab2df75c20398e86551c9cb61ffbe54b4fbdb1a9398c7a5989cb6ae9459ab05d610585cc6fabafe860a1bc4dd490648a0e39070368a9b8563ce8; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"b095d462-a16f-4462-bdce-42803842228d","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2025-12-24 by HttpPlugin

Create report

Open service 217.169.130.138:443 · api.pb-santander.com

2025-12-23 03:37

HTTP/1.1 500 
Date: Tue, 23 Dec 2025 03:37:33 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache;no-store;must-revalidate;private;max-age=0
Content-Security-Policy: default-src 'self';
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
set-cookie: 0fcd6cdd99c32f308c66b28b0789c09a=228f884869a689fa3de9bab232886432; path=/; HttpOnly; Secure; SameSite=None
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Policy: timeout
Set-Cookie: TS01370017=01960826271f85c522c9213c2d0fceb1263c6db7b5d1826ebf7f81ee829485dbfb27fea77855585819b5dff28008d2392f5f9a97d40b8f390f69505f462aa7ab5b2f7e1f73; Path=/; Secure; HttpOnly
Transfer-Encoding: chunked


{"traceId":"6c4d712a-172f-4444-b93a-94e1d9db383d","rewrittenPath":"","originalPath":"/","error":"Internal Server Error","message":"404 NOT_FOUND No static resource .","status":500}

Found 2025-12-23 by HttpPlugin

Create report

api.pb-santander.com360workspace-cms.pb-santander.com360workspace.pb-santander.comapi-dwmia.pb-santander.comapi-dwmiadev.pb-santander.comapi-dwmiapre.pb-santander.comapi-dwmiauat.pb-santander.comapi-iwmiadev.pb-santander.comapi-iwmiapre.pb-santander.comapi-iwmiauat.pb-santander.comapi-onedev.pb-santander.comapi-onepre.pb-santander.comapi-onepro.pb-santander.comash-colo-fw01.pb-santander.comash-dr-esa1.pb-santander.comash-dr-mbx1.pb-santander.comash-dr-mbx2.pb-santander.comash-dr-mbx3.pb-santander.comashsub.pb-santander.comautodiscover.pb-santander.comazul.bpi-gruposantander.comazul.pb-santander.combsiapps.pb-santander.combsseco.pb-santander.comclientaccess.pb-santander.comclientaccessva.pb-santander.comdigitalwealth-forgerock-mia-dev.pb-santander.comdigitalwealth-forgerock-mia-pre.pb-santander.comdigitalwealth-forgerock-mia.pb-santander.comdigitalwealth-unblu-mia-dev.pb-santander.comdigitalwealth-unblu-mia-pre.pb-santander.comdigitalwealth-unblu-mia.pb-santander.comdigitalwealth-unblu.pb-santander.comdmzns.pb-santander.comdmzny.pb-santander.comdmzva.pb-santander.comhybrid365.pb-santander.commia-colo-fw01.pb-santander.commia-dc-doupki.pb-santander.commia-dc-esa1.pb-santander.commia-dc-mbx1.pb-santander.commia-dc-mbx2.pb-santander.commia-dc-mbx3.pb-santander.commia-hq-cistera02.pb-santander.commia-hq-mbx1.pb-santander.commia-hq-mbx2.pb-santander.commia2.pb-santander.commiaaw.pb-santander.commiaccmsub2.pb-santander.commiadcns1.pb-santander.commiadcns2.pb-santander.commiaecowas.pb-santander.commiapub.pb-santander.commiasub.pb-santander.comportal360mia.pb-santander.comprd-mq.pb-santander.comprd.pb-santander.comrojo.bpi-gruposantander.comrojo.pb-santander.comrojonew.pb-santander.comsdata.pb-santander.comsecure.pb-santander.comsecured.pb-santander.comseg.pb-santander.comsftp.pb-santander.comsg.pb-santander.comskype.pb-santander.comsmail.pb-santander.comsmail.pb.pb-santander.comspbi-uat.pb-santander.comspbi.pb-santander.comsso.pb-santander.comstatic.pb-santander.comsugirelay.pb-santander.comtest-mq.pb-santander.comuat.pb-santander.comwaf.api-dwmia.pb-santander.comwaf.api-dwmiadev.pb-santander.comwaf.api-dwmiapre.pb-santander.comwaf.api-dwmiauat.pb-santander.comwebmailas.pb-santander.comworkspaceapps-dev.pb-santander.comworkspaceapps-pre.pb-santander.comworkspaceapps-uat.pb-santander.comworkspaceapps.pb-santander.comwww.pb-santander.comwww1.pb-santander.comwww3.pb-santander.comwww4.pb-santander.comwww5.pb-santander.comwww6.pb-santander.com

Fingerprint:

630a69a94994ebcdcfa08a087c90546d184bb30e8250e5e15745a534a25a7ddc

CN:

api.pb-santander.com

Key:

RSA-2048

Issuer:

Sectigo Public Server Authentication CA OV R36

Not before:

2025-11-05 00:00

Not after:

2026-11-05 23:59

Domain summary

api.pb-santander.com 4

1 recorded

Host 217.169.130.138

Switzerland

Swagger API description is publicly available

Swagger API description is publicly available

Domain summary