LeakIX - Host hubspot.api.app.sdocs.com

Domain hubspot.api.app.sdocs.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.60.68
Domain: hubspot.api.app.sdocs.com
Port: 80
URL: http://hubspot.api.app.sdocs.com

First seen 2025-12-02 04:09
Last seen 2026-01-09 23:09
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /file
GET /app/access-token
GET /app/install
GET /auth/verify
GET /decodeToken/{token}
GET /documents
GET /envelopes
GET /generate/init
GET /generateTemplate
GET /hubspot/document/{documentId}/generate/Pdf
GET /hubspot/documents/attachments
GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures
GET /hubspot/file
GET /hubspot/generateFinalPdf
GET /hubspot/getFile
GET /hubspot/mergeData
GET /hubspot/object/{object}/{objectId}/associations
GET /hubspot/objects
GET /hubspot/objects/{objectType}/properties
GET /hubspot/objects/{object}/{objectId}
GET /hubspot/properties/{objectType}/{propertyName}
GET /hubspot/schema/{apiName}
GET /hubspot/schemas
GET /hubspot/user/{userId}
GET /templates
GET /user
GET /users
PATCH /hubspot/object/{objectId}
POST /activity/timeline/info
POST /app/install/sync
POST /app/install/templates
POST /esign/envelope/create
POST /hubspot/datasource/refresh
POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign
POST /hubspot/object/{objName}
POST /hubspot/template
POST /hubspot/uploadFile
POST /hubspot/uploadImage
POST /workflow/actions/generatedocument
POST /workflow/actions/generatedocumentandattach
POST /workflow/actions/generatedocumentesign
POST /workflow/actions/templates

Found on 2026-01-09 23:09

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.60.68
Domain: hubspot.api.app.sdocs.com
Port: 443
URL: https://hubspot.api.app.sdocs.com

First seen 2025-12-02 04:09
Last seen 2026-01-09 23:35
Open for 38 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /file
GET /app/access-token
GET /app/install
GET /auth/verify
GET /decodeToken/{token}
GET /documents
GET /envelopes
GET /generate/init
GET /generateTemplate
GET /hubspot/document/{documentId}/generate/Pdf
GET /hubspot/documents/attachments
GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures
GET /hubspot/file
GET /hubspot/generateFinalPdf
GET /hubspot/getFile
GET /hubspot/mergeData
GET /hubspot/object/{object}/{objectId}/associations
GET /hubspot/objects
GET /hubspot/objects/{objectType}/properties
GET /hubspot/objects/{object}/{objectId}
GET /hubspot/properties/{objectType}/{propertyName}
GET /hubspot/schema/{apiName}
GET /hubspot/schemas
GET /hubspot/user/{userId}
GET /templates
GET /user
GET /users
PATCH /hubspot/object/{objectId}
POST /activity/timeline/info
POST /app/install/sync
POST /app/install/templates
POST /esign/envelope/create
POST /hubspot/datasource/refresh
POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign
POST /hubspot/object/{objName}
POST /hubspot/template
POST /hubspot/uploadFile
POST /hubspot/uploadImage
POST /workflow/actions/generatedocument
POST /workflow/actions/generatedocumentandattach
POST /workflow/actions/generatedocumentesign
POST /workflow/actions/templates

Found on 2026-01-09 23:35

Create report

Open service 75.2.60.68:443 · hubspot.api.app.sdocs.com

2026-01-09 23:35

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Fri, 09 Jan 2026 23:35:39 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=3AFHEtcJBsiLHAGdG%2FWFgH9LSv634ZmRMJbWk5%2F3L6I%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1768001739"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=3AFHEtcJBsiLHAGdG%2FWFgH9LSv634ZmRMJbWk5%2F3L6I%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1768001739"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-09T23:35:39.735+00:00"}{"timestamp":"2026-01-09T23:35:39.736+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 75.2.60.68:80 · hubspot.api.app.sdocs.com

2026-01-09 23:09

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Fri, 09 Jan 2026 23:10:13 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BX0eIgEiOChFVbRPA0UxhvOAF1Z7bFoe%2BfyiJ%2BXYwVc%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1768000213"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BX0eIgEiOChFVbRPA0UxhvOAF1Z7bFoe%2BfyiJ%2BXYwVc%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1768000213"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-09T23:10:13.045+00:00"}{"timestamp":"2026-01-09T23:10:13.046+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 75.2.60.68:80 · hubspot.api.app.sdocs.com

2026-01-02 13:08

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Fri, 02 Jan 2026 13:08:53 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AeoQ2CWipa1%2ByomDvQ%2FJ0a4dF4xxFU2uXb%2FkescAfJw%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767359333"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AeoQ2CWipa1%2ByomDvQ%2FJ0a4dF4xxFU2uXb%2FkescAfJw%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767359333"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-02T13:08:53.294+00:00"}{"timestamp":"2026-01-02T13:08:53.296+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 75.2.60.68:443 · hubspot.api.app.sdocs.com

2025-12-30 10:12

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Tue, 30 Dec 2025 10:12:30 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=WmZkW47RkEBD8J5LqcPga%2BGS6Du5m4sKnyv1%2BIWEjCA%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1767089550"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=WmZkW47RkEBD8J5LqcPga%2BGS6Du5m4sKnyv1%2BIWEjCA%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1767089550"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-30T10:12:30.131+00:00"}{"timestamp":"2025-12-30T10:12:30.132+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2025-12-30 by HttpPlugin

Create report

Open service 75.2.60.68:443 · hubspot.api.app.sdocs.com

2025-12-23 03:50

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Tue, 23 Dec 2025 03:50:19 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7VfyfhulqrgOoqER61hvrZTJA6UKvOJNx6zCmrv6TeY%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766461820"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7VfyfhulqrgOoqER61hvrZTJA6UKvOJNx6zCmrv6TeY%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766461820"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-23T03:50:20.300+00:00"}{"timestamp":"2025-12-23T03:50:20.301+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 75.2.60.68:80 · hubspot.api.app.sdocs.com

2025-12-22 13:32

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Mon, 22 Dec 2025 13:32:49 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=w22jaTUNsgPaI%2FOt7Yhvcg1jxGv9vKGRaQM8Tvo3Drc%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766410369"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=w22jaTUNsgPaI%2FOt7Yhvcg1jxGv9vKGRaQM8Tvo3Drc%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766410369"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-22T13:32:49.562+00:00"}{"timestamp":"2025-12-22T13:32:49.563+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2025-12-22 by HttpPlugin

Create report

Open service 75.2.60.68:443 · hubspot.api.app.sdocs.com

2025-12-21 10:33

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Sun, 21 Dec 2025 10:33:35 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ccsypB6ehubUQr7tLE2YD0TG1QkfzsYoaHrnUVR%2Fhaw%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766313215"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ccsypB6ehubUQr7tLE2YD0TG1QkfzsYoaHrnUVR%2Fhaw%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766313215"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-21T10:33:35.950+00:00"}{"timestamp":"2025-12-21T10:33:35.951+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2025-12-21 by HttpPlugin

Create report

Open service 75.2.60.68:80 · hubspot.api.app.sdocs.com

2025-12-20 11:34

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Content-Type: application/json
Date: Sat, 20 Dec 2025 11:34:20 GMT
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=JxA7cOpZptWtzgZqZsumZjsBlsOXoF1M1ikZytaDhis%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1766230460"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=JxA7cOpZptWtzgZqZsumZjsBlsOXoF1M1ikZytaDhis%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1766230460"
Server: Heroku
Via: 1.1 heroku-router
Content-Length: 183
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-20T11:34:20.844+00:00"}{"timestamp":"2025-12-20T11:34:20.846+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2025-12-20 by HttpPlugin

Create report

hubspot.api.app.sdocs.com

Fingerprint:

10bd87c4d3611c16088795ed701dec16c02b7873443724a2a7b5d98f1805ce0a

CN:

hubspot.api.app.sdocs.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-15 22:59

Not after:

2026-02-13 22:59

Domain summary

hubspot.api.app.sdocs.com 9

1 recorded

IP summary

75.2.60.68 2

1 recorded