LeakIX - Host hubspot.api.dev.sdocs.com

Domain hubspot.api.dev.sdocs.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 35.71.145.101
Domain: hubspot.api.dev.sdocs.com
Port: 80
URL: http://hubspot.api.dev.sdocs.com

First seen 2025-12-08 00:41
Last seen 2026-01-09 14:31
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /file
GET /app/access-token
GET /app/install
GET /auth/verify
GET /decodeToken/{token}
GET /documents
GET /envelopes
GET /generate/init
GET /generateTemplate
GET /hubspot/document/{documentId}/generate/Pdf
GET /hubspot/documents/attachments
GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures
GET /hubspot/file
GET /hubspot/generateFinalPdf
GET /hubspot/getFile
GET /hubspot/mergeData
GET /hubspot/object/{object}/{objectId}/associations
GET /hubspot/objects
GET /hubspot/objects/{objectType}/properties
GET /hubspot/objects/{object}/{objectId}
GET /hubspot/properties/{objectType}/{propertyName}
GET /hubspot/schema/{apiName}
GET /hubspot/schemas
GET /hubspot/user/{userId}
GET /templates
GET /user
GET /users
PATCH /hubspot/object/{objectId}
POST /activity/timeline/info
POST /app/install/sync
POST /app/install/templates
POST /esign/envelope/create
POST /hubspot/datasource/refresh
POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign
POST /hubspot/object/{objName}
POST /hubspot/template
POST /hubspot/uploadFile
POST /hubspot/uploadImage
POST /workflow/actions/generatedocument
POST /workflow/actions/generatedocumentandattach
POST /workflow/actions/generatedocumentesign
POST /workflow/actions/templates

Found on 2026-01-09 14:31

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 13.248.132.87
Domain: hubspot.api.dev.sdocs.com
Port: 443
URL: https://hubspot.api.dev.sdocs.com

First seen 2025-12-08 00:41
Last seen 2026-01-09 07:36
Open for 32 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /file
GET /app/access-token
GET /app/install
GET /auth/verify
GET /decodeToken/{token}
GET /documents
GET /envelopes
GET /generate/init
GET /generateTemplate
GET /hubspot/document/{documentId}/generate/Pdf
GET /hubspot/documents/attachments
GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures
GET /hubspot/file
GET /hubspot/generateFinalPdf
GET /hubspot/getFile
GET /hubspot/mergeData
GET /hubspot/object/{object}/{objectId}/associations
GET /hubspot/objects
GET /hubspot/objects/{objectType}/properties
GET /hubspot/objects/{object}/{objectId}
GET /hubspot/properties/{objectType}/{propertyName}
GET /hubspot/schema/{apiName}
GET /hubspot/schemas
GET /hubspot/user/{userId}
GET /templates
GET /user
GET /users
PATCH /hubspot/object/{objectId}
POST /activity/timeline/info
POST /app/install/sync
POST /app/install/templates
POST /esign/envelope/create
POST /hubspot/datasource/refresh
POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign
POST /hubspot/object/{objName}
POST /hubspot/template
POST /hubspot/uploadFile
POST /hubspot/uploadImage
POST /workflow/actions/generatedocument
POST /workflow/actions/generatedocumentandattach
POST /workflow/actions/generatedocumentesign
POST /workflow/actions/templates

Found on 2026-01-09 07:36

Create report

Open service 35.71.145.101:80 · hubspot.api.dev.sdocs.com

2026-01-09 14:31

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Fri, 09 Jan 2026 14:32:28 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=H%2BlOLd6GMPWRnYIuq7dRmxIJgQEMojqb4HBAWmDs35s%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767969148"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=H%2BlOLd6GMPWRnYIuq7dRmxIJgQEMojqb4HBAWmDs35s%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767969148"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-09T14:32:28.523+00:00"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 13.248.132.87:443 · hubspot.api.dev.sdocs.com

2026-01-09 07:36

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Fri, 09 Jan 2026 07:36:22 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Qsk%2FNgeQhZdjeSVLpw7OdiBU9yE5FgUlVsLZgHxhHxc%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767944182"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=Qsk%2FNgeQhZdjeSVLpw7OdiBU9yE5FgUlVsLZgHxhHxc%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767944182"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-09T07:36:22.719+00:00"}

Found 2026-01-09 by HttpPlugin

Create report

Open service 35.71.145.101:80 · hubspot.api.dev.sdocs.com

2026-01-02 15:04

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Fri, 02 Jan 2026 15:04:52 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=oQzNoWK2xFuAGBXxh99RHKIML339sv1%2BMtkthdVoJ8A%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767366292"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=oQzNoWK2xFuAGBXxh99RHKIML339sv1%2BMtkthdVoJ8A%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767366292"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-02T15:04:52.316+00:00"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 13.248.132.87:443 · hubspot.api.dev.sdocs.com

2026-01-02 06:02

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Fri, 02 Jan 2026 06:02:34 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=gnwvzEg3oa2ebCSTJckmqfldM3bSbRHO%2BPGW5yKHX%2BM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767333754"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=gnwvzEg3oa2ebCSTJckmqfldM3bSbRHO%2BPGW5yKHX%2BM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767333754"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2026-01-02T06:02:34.256+00:00"}

Found 2026-01-02 by HttpPlugin

Create report

Open service 35.71.145.101:80 · hubspot.api.dev.sdocs.com

2025-12-23 06:17

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Tue, 23 Dec 2025 06:17:59 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=6DQ%2FpC1Lw6HEgLXeo0HbJYp3ufLQgma%2Bct%2FLXsgO0%2FY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766470679"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=6DQ%2FpC1Lw6HEgLXeo0HbJYp3ufLQgma%2Bct%2FLXsgO0%2FY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766470679"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-23T06:17:59.374+00:00"}

Found 2025-12-23 by HttpPlugin

Create report

Open service 13.248.132.87:443 · hubspot.api.dev.sdocs.com

2025-12-22 21:02

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Mon, 22 Dec 2025 21:02:49 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ojZqTa6Erd31xSunmU28Nfm8JlsY2K2BiHjFFcQ210M%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766437369"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=ojZqTa6Erd31xSunmU28Nfm8JlsY2K2BiHjFFcQ210M%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766437369"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-22T21:02:49.446+00:00"}

Found 2025-12-22 by HttpPlugin

Create report

Open service 35.71.145.101:80 · hubspot.api.dev.sdocs.com

2025-12-21 02:56

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Sun, 21 Dec 2025 02:56:37 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=7Va%2Fa68MuD%2BHXxDh0I1nM24qETZUUm%2FiL6q1Ya780ss%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766285797"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=7Va%2Fa68MuD%2BHXxDh0I1nM24qETZUUm%2FiL6q1Ya780ss%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766285797"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-21T02:56:37.161+00:00"}

Found 2025-12-21 by HttpPlugin

Create report

Open service 13.248.132.87:443 · hubspot.api.dev.sdocs.com

2025-12-21 00:33

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Sun, 21 Dec 2025 00:33:43 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=31zt7F4bF5UJfZia80hJQ2GLa%2BtxY%2BV6cReR18xDrHQ%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766277223"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=31zt7F4bF5UJfZia80hJQ2GLa%2BtxY%2BV6cReR18xDrHQ%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766277223"
Server: Heroku
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-21T00:33:43.239+00:00"}

Found 2025-12-21 by HttpPlugin

Create report

Open service 35.71.145.101:80 · hubspot.api.dev.sdocs.com

2025-12-19 05:34

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json
Date: Fri, 19 Dec 2025 05:34:58 GMT
Expires: 0
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Pragma: no-cache
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=PDmjgdRklvGcJiyZwiXblUgT6q3EjN4SgrW%2FUXOk1Eo%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766122498"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=PDmjgdRklvGcJiyZwiXblUgT6q3EjN4SgrW%2FUXOk1Eo%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766122498"
Server: Heroku
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 0
Content-Length: 91
Connection: close


{"message":"No User Details","details":"uri=/","timestamp":"2025-12-19T05:34:58.171+00:00"}

Found 2025-12-19 by HttpPlugin

Create report

hubspot.api.dev.sdocs.com

Fingerprint:

498c1be2262f59653ecddaf22d03ccf736e7f34310af4028b6036cec27308c73

CN:

hubspot.api.dev.sdocs.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-12-07 23:41

Not after:

2026-03-07 23:41

Domain summary

hubspot.api.dev.sdocs.com 10

1 recorded

IP summary

35.71.145.101 1 13.248.132.87 1

2 recorded