LeakIX - Host auth.nextech.com

Domain auth.nextech.com

CLOUDFLARENET

Software information

cloudflare

tcp/443

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.18.1.230
Domain: auth.nextech.com
Port: 443
URL: https://auth.nextech.com

First seen 2025-10-29 13:12
Last seen 2026-01-10 02:28
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d69bb1abdc

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/Practice/{practiceId}
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2026-01-10 02:28

Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d619b745dd

Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache
DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache
DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal
DELETE /api/DatabaseConnection/Icp/cache
DELETE /api/DatabaseConnection/PracticePlus/cache
DELETE /api/DatabaseConnection/PracticePlusODS/cache
DELETE /api/NextechUsers
GET /api/Clients
GET /api/Clients/{accountNumber}
GET /api/Clients/{accountNumber}/BaseUri/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/Icp
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus
GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS
GET /api/Clients/{accountNumber}/IPWhitelist
GET /api/Clients/{accountNumber}/Nodes
GET /api/Clients/{accountNumber}/Nodes/{id}
GET /api/Clients/{accountNumber}/Nodes/{id}/children
GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees
GET /api/Clients/{accountNumber}/Users
GET /api/Clients/{accountNumber}/Users/ByEmail
GET /api/Clients/{accountNumber}/Users/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes
GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees
GET /api/MfaType
GET /api/rate-limit/{id}
GET /health-check/sql
POST /api/Authentication/AuthenticateToken
POST /api/Authentication/AuthenticatedUser
POST /api/Authentication/ChangePassword
POST /api/Authentication/RenewToken
POST /api/Authentication/User
POST /api/Authentication/VerifyToken
POST /api/Clients/UpdateUserEmailAcrossClients
POST /api/Clients/{accountNumber}/ForgotPassword
POST /api/Clients/{accountNumber}/ForgotPassword/changePassword
POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token}
POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave
POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers
POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId}
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword
POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail
POST /api/DatabaseConnection/PracticePlus/search
POST /api/DatabaseConnection/PracticePlusODS/search
POST /api/rate-limit
PUT /api/Authentication/ExpireToken

Found on 2025-11-10 19:55

Create report

Open service 104.18.1.230:443 · auth.nextech.com

2026-01-10 02:28

HTTP/1.1 404 Not Found
Date: Sat, 10 Jan 2026 02:29:00 GMT
Transfer-Encoding: chunked
Connection: close
CF-RAY: 9bb8be824faf4d76-FRA
request-context: appId=cid-v1:83452291-292b-4485-b7df-399ae0693a17
x-iis-host: AUTH01
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=T4ueOSSSfjuYEJXmj7RfZOsULqmc3.oMFQ8Nxwf3M1s-1768012140-1.0.1.1-mpQl0SDZjlUq_6QFYHjUDfO2y_eI6SoE9XMs.ZwtbAkFba5_MZQW7XF.Ril9k08tjaiwjc3D.JigyJpbVo9q6TmPfmGacnMIxn2uKWPNn0A; path=/; expires=Sat, 10-Jan-26 02:59:00 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None
Server: cloudflare

Found 2026-01-10 by HttpPlugin

Create report

Open service 104.18.1.230:443 · auth.nextech.com

2026-01-02 23:11

HTTP/1.1 404 Not Found
Date: Fri, 02 Jan 2026 23:11:15 GMT
Transfer-Encoding: chunked
Connection: close
CF-RAY: 9b7def3a2fe71c09-FRA
request-context: appId=cid-v1:83452291-292b-4485-b7df-399ae0693a17
x-iis-host: AUTH02
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=eqNDf4m.xBpAmvJ_aKbGA.1DsskPBODTIyTtBD2qITg-1767395475-1.0.1.1-4YxdW9TbORyn8oyBJvDm6ox0ZR7c51A9v3SPh0ZlUQEmykX0iZeeFWy2cVfl67uVc6QPZzQkwrP7L.eUmh4M9qUurKw6sHY0aL6qQtNxFfc; path=/; expires=Fri, 02-Jan-26 23:41:15 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None
Server: cloudflare

Found 2026-01-02 by HttpPlugin

Create report

Open service 104.18.1.230:443 · auth.nextech.com

2025-12-21 08:16

HTTP/1.1 404 Not Found
Date: Sun, 21 Dec 2025 08:16:23 GMT
Transfer-Encoding: chunked
Connection: close
CF-RAY: 9b15efe05f5b1325-EWR
request-context: appId=cid-v1:83452291-292b-4485-b7df-399ae0693a17
x-iis-host: AUTH01
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=y0UCwsxvl8FB2R93NB5hXqmDoRwgqHsEE_Q6J4fr9Hg-1766304983-1.0.1.1-lyq56q4VIjtB4ejK1EwkSDYJ4nmQfpulOKxP6LwqvFtLYR5uKfqvdzgc5kM1o47m4JryXfrz0uWXxgi7MrMrP5cnNRDkVKv5tdXNPltk9r4; path=/; expires=Sun, 21-Dec-25 08:46:23 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None
Server: cloudflare

Found 2025-12-21 by HttpPlugin

Create report

Open service 104.18.1.230:443 · auth.nextech.com

2025-12-19 09:33

HTTP/1.1 404 Not Found
Date: Fri, 19 Dec 2025 09:33:16 GMT
Transfer-Encoding: chunked
Connection: close
CF-RAY: 9b05e5c01ba94fcb-YYZ
request-context: appId=cid-v1:83452291-292b-4485-b7df-399ae0693a17
x-iis-host: AUTH02
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=0ZzU4ZEmeXCg_tRY3WiYyZizU48XsiYl1ns_FSP1oUo-1766136796-1.0.1.1-t7jhnfIixnvXLCnQNPhkg2VsVH_Szmocj4D1hWE7J2uzif7cxTVEObi.Tb_1P96gaoPyotnJEarYYXZ7773S6rrPBO5en2SOfQQSiDRR6RQ; path=/; expires=Fri, 19-Dec-25 10:03:16 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None
Server: cloudflare

Found 2025-12-19 by HttpPlugin

Create report

auth.nextech.com

Fingerprint:

7bcf73326415df110c31552c0dcc568bb79571a2bcd4df4f0f7ec50b85777e7a

CN:

auth.nextech.com

Key:

ECDSA-256

Issuer:

WE1

Not before:

2025-12-09 22:29

Not after:

2026-03-09 23:29

Domain summary

auth.nextech.com 5

1 recorded

IP summary

104.18.1.230 2

1 recorded