Domain hubspot.api.staging.sdocs.com
United States
Software information
Heroku
tcp/443 tcp/80
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 75.2.97.79
Domain: hubspot.api.staging.sdocs.com
Port: 80
URL: http://hubspot.api.staging.sdocs.comFirst seen 2025-10-17 00:41
Last seen 2026-01-10 01:53
Open for 85 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /file GET /app/access-token GET /app/install GET /auth/verify GET /decodeToken/{token} GET /documents GET /envelopes GET /generate/init GET /generateTemplate GET /hubspot/document/{documentId}/generate/Pdf GET /hubspot/documents/attachments GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures GET /hubspot/file GET /hubspot/generateFinalPdf GET /hubspot/getFile GET /hubspot/mergeData GET /hubspot/object/{object}/{objectId}/associations GET /hubspot/objects GET /hubspot/objects/{objectType}/properties GET /hubspot/objects/{object}/{objectId} GET /hubspot/properties/{objectType}/{propertyName} GET /hubspot/schema/{apiName} GET /hubspot/schemas GET /hubspot/user/{userId} GET /templates GET /user GET /users PATCH /hubspot/object/{objectId} POST /activity/timeline/info POST /app/install/sync POST /app/install/templates POST /esign/envelope/create POST /hubspot/datasource/refresh POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign POST /hubspot/object/{objName} POST /hubspot/template POST /hubspot/uploadFile POST /hubspot/uploadImage POST /workflow/actions/generatedocument POST /workflow/actions/generatedocumentandattach POST /workflow/actions/generatedocumentesign POST /workflow/actions/templatesFound on 2026-01-10 01:53
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 13.248.132.87
Domain: hubspot.api.staging.sdocs.com
Port: 443
URL: https://hubspot.api.staging.sdocs.comFirst seen 2025-10-17 00:41
Last seen 2026-01-09 09:25
Open for 84 days-
Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b763a87836b89d23865da56b0074f326b42204381Public Swagger UI/API detected at path: /v3/api-docs - sample paths: DELETE /file GET /app/access-token GET /app/install GET /auth/verify GET /decodeToken/{token} GET /documents GET /envelopes GET /generate/init GET /generateTemplate GET /hubspot/document/{documentId}/generate/Pdf GET /hubspot/documents/attachments GET /hubspot/envelope/{envelopeId}/document/{documentId}/signatures GET /hubspot/file GET /hubspot/generateFinalPdf GET /hubspot/getFile GET /hubspot/mergeData GET /hubspot/object/{object}/{objectId}/associations GET /hubspot/objects GET /hubspot/objects/{objectType}/properties GET /hubspot/objects/{object}/{objectId} GET /hubspot/properties/{objectType}/{propertyName} GET /hubspot/schema/{apiName} GET /hubspot/schemas GET /hubspot/user/{userId} GET /templates GET /user GET /users PATCH /hubspot/object/{objectId} POST /activity/timeline/info POST /app/install/sync POST /app/install/templates POST /esign/envelope/create POST /hubspot/datasource/refresh POST /hubspot/envelope/{envelopeId}/documents/signatureField/uploadSign POST /hubspot/object/{objName} POST /hubspot/template POST /hubspot/uploadFile POST /hubspot/uploadImage POST /workflow/actions/generatedocument POST /workflow/actions/generatedocumentandattach POST /workflow/actions/generatedocumentesign POST /workflow/actions/templatesFound on 2026-01-09 09:25
-
-
Open service 75.2.97.79:80 · hubspot.api.staging.sdocs.com
2026-01-10 01:53
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Sat, 10 Jan 2026 01:54:58 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=AnfIPAnA9OTnMJIHbXLp163826Ye9anNg1NhFlLRtkM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1768010098"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=AnfIPAnA9OTnMJIHbXLp163826Ye9anNg1NhFlLRtkM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1768010098" Server: Heroku Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2026-01-10T01:54:58.435+00:00"}{"timestamp":"2026-01-10T01:54:58.442+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2026-01-10 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · hubspot.api.staging.sdocs.com
2026-01-09 09:25
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json Date: Fri, 09 Jan 2026 09:25:57 GMT Expires: 0 Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Pragma: no-cache Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GNeVx5hb%2FbOWUEbOUxtt8ZaQKxIubDIdMspFE4iTtlk%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767950757"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GNeVx5hb%2FbOWUEbOUxtt8ZaQKxIubDIdMspFE4iTtlk%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767950757" Server: Heroku Strict-Transport-Security: max-age=31536000 ; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Xss-Protection: 0 Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2026-01-09T09:25:57.835+00:00"}{"timestamp":"2026-01-09T09:25:57.838+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · hubspot.api.staging.sdocs.com
2026-01-03 00:13
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Sat, 03 Jan 2026 00:13:55 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=GoZ4HxpWSfnFYCTCv6VMwZYzqJ5I%2F%2FzvtdheKjAMvSA%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767399235"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=GoZ4HxpWSfnFYCTCv6VMwZYzqJ5I%2F%2FzvtdheKjAMvSA%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767399235" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2026-01-03T00:13:55.967+00:00"}{"timestamp":"2026-01-03T00:13:55.968+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2026-01-03 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · hubspot.api.staging.sdocs.com
2026-01-01 19:29
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Thu, 01 Jan 2026 19:29:01 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=MZnqwPRr4duZj6SixatUne6wNYEo8goHzVO7JJ74wOE%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1767295742"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=MZnqwPRr4duZj6SixatUne6wNYEo8goHzVO7JJ74wOE%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1767295742" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2026-01-01T19:29:02.169+00:00"}{"timestamp":"2026-01-01T19:29:02.172+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2026-01-01 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · hubspot.api.staging.sdocs.com
2025-12-23 03:13
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Tue, 23 Dec 2025 03:13:48 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=hX1riJIExTCnt1l6QnXTetJ%2F9knjWOJ91ddSeEVqwQY%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766459628"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=hX1riJIExTCnt1l6QnXTetJ%2F9knjWOJ91ddSeEVqwQY%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766459628" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2025-12-23T03:13:48.290+00:00"}{"timestamp":"2025-12-23T03:13:48.294+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2025-12-23 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · hubspot.api.staging.sdocs.com
2025-12-22 17:39
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Mon, 22 Dec 2025 17:39:26 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=RZmdNK6SToj5TEbKJlWqwPxVyYJdNrBedfWKtFjKdeM%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766425166"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=RZmdNK6SToj5TEbKJlWqwPxVyYJdNrBedfWKtFjKdeM%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766425166" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2025-12-22T17:39:26.724+00:00"}{"timestamp":"2025-12-22T17:39:26.727+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 13.248.132.87:443 · hubspot.api.staging.sdocs.com
2025-12-20 21:01
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Sat, 20 Dec 2025 21:01:49 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=yryRPprFmqSagOc0JHedJVKp7iwcxbmTWxJPMziEs40%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766264510"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=yryRPprFmqSagOc0JHedJVKp7iwcxbmTWxJPMziEs40%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766264510" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2025-12-20T21:01:50.559+00:00"}{"timestamp":"2025-12-20T21:01:50.562+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2025-12-20 by HttpPluginCreate report
-
Open service 75.2.97.79:80 · hubspot.api.staging.sdocs.com
2025-12-20 17:39
HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Content-Type: application/json Date: Sat, 20 Dec 2025 17:39:37 GMT Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=npb8UPTCDfoRBLPohJOZEgNBUb1K7Yk3sXJ7p3yaJcw%3D\u0026sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add\u0026ts=1766252377"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=npb8UPTCDfoRBLPohJOZEgNBUb1K7Yk3sXJ7p3yaJcw%3D&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&ts=1766252377" Server: Heroku Via: 1.1 heroku-router Content-Length: 183 Connection: close {"message":"No User Details","details":"uri=/","timestamp":"2025-12-20T17:39:37.179+00:00"}{"timestamp":"2025-12-20T17:39:37.181+00:00","status":401,"error":"Unauthorized","path":"/"}Found 2025-12-20 by HttpPluginCreate report