Domain auth.qa.nextech.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-07 22:25
Last seen 2026-01-09 14:30
Open for 32 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f646a9685aea56616e3b2dfcce2444d69bb1abdcPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/Clients/{accountNumber}/DatabaseConnection/Icp/cache DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus/cache DELETE /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS/cache DELETE /api/Clients/{accountNumber}/Users/{applicationUserId}/InactivateInternal DELETE /api/DatabaseConnection/Icp/cache DELETE /api/DatabaseConnection/PracticePlus/cache DELETE /api/DatabaseConnection/PracticePlusODS/cache DELETE /api/NextechUsers GET /api/Clients GET /api/Clients/Practice/{practiceId} GET /api/Clients/{accountNumber} GET /api/Clients/{accountNumber}/BaseUri/Icp GET /api/Clients/{accountNumber}/DatabaseConnection/Icp GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlus GET /api/Clients/{accountNumber}/DatabaseConnection/PracticePlusODS GET /api/Clients/{accountNumber}/IPWhitelist GET /api/Clients/{accountNumber}/Nodes GET /api/Clients/{accountNumber}/Nodes/{id} GET /api/Clients/{accountNumber}/Nodes/{id}/children GET /api/Clients/{accountNumber}/Nodes/{nodeId}/Employees GET /api/Clients/{accountNumber}/Users GET /api/Clients/{accountNumber}/Users/ByEmail GET /api/Clients/{accountNumber}/Users/Nodes GET /api/Clients/{accountNumber}/Users/{applicationUserId} GET /api/Clients/{accountNumber}/Users/{applicationUserId}/MfaRememberMe GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes GET /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/Employees GET /api/MfaType GET /api/rate-limit/{id} GET /health-check/sql POST /api/Authentication/AuthenticateToken POST /api/Authentication/AuthenticatedUser POST /api/Authentication/ChangePassword POST /api/Authentication/RenewToken POST /api/Authentication/User POST /api/Authentication/VerifyToken POST /api/Clients/UpdateUserEmailAcrossClients POST /api/Clients/{accountNumber}/ForgotPassword POST /api/Clients/{accountNumber}/ForgotPassword/changePassword POST /api/Clients/{accountNumber}/ForgotPassword/validateResetToken/{token} POST /api/Clients/{accountNumber}/IPWhitelist/BulkSave POST /api/Clients/{accountNumber}/Users/BulkProcessNewSsoUsers POST /api/Clients/{accountNumber}/Users/Nodes/GrantFullDataEntitlement POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/GrantFullDataEntitlement POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Nodes/{nodeId} POST /api/Clients/{accountNumber}/Users/{applicationUserId}/Reactivate POST /api/Clients/{accountNumber}/Users/{applicationUserId}/ResetPassword POST /api/Clients/{accountNumber}/Users/{applicationUserId}/SendNewUserEmail POST /api/DatabaseConnection/PracticePlus/search POST /api/DatabaseConnection/PracticePlusODS/search POST /api/rate-limit PUT /api/Authentication/ExpireTokenFound on 2026-01-09 14:30
-
-
Open service 104.18.1.230:443 · auth.qa.nextech.com
2026-01-09 14:30
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 14:30:24 GMT Transfer-Encoding: chunked Connection: close CF-RAY: 9bb4a1e179edf8f3-SJC request-context: appId=cid-v1:cf277243-e603-4c08-995a-adf3d970d111 x-powered-by: ASP.NET cf-cache-status: DYNAMIC Set-Cookie: __cf_bm=kdte.5sWw5EqgAO2D5hhc59mgZ1N8m88Jj7kCf5vGos-1767969024-1.0.1.1-3Kpc7Rye8bZ5bN6.NXL9L50GCyTPFY0IKb3JyAUGU6y6iVdwrzwjfHiJvaa_ZJ_O6RELdeb8wjDC1z1bAVaHL.IaoshxiYMTpkn0PyFD8bk; path=/; expires=Fri, 09-Jan-26 15:00:24 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Server: cloudflare
Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.18.1.230:443 · auth.qa.nextech.com
2026-01-02 15:05
HTTP/1.1 404 Not Found Date: Fri, 02 Jan 2026 15:05:44 GMT Transfer-Encoding: chunked Connection: close CF-RAY: 9b7b2800ae77720c-SJC request-context: appId=cid-v1:cf277243-e603-4c08-995a-adf3d970d111 x-powered-by: ASP.NET cf-cache-status: DYNAMIC Set-Cookie: __cf_bm=.S_TZp5jGeXDKb5w_uw8KH_91OwxPB._lDTYpZA.dgU-1767366344-1.0.1.1-WVC_WQYfTyAI9qMtnTEB_bc5.loQ5YbhNeA7MP7utw.lz5fz329m1nDpQqk4n6mMR3mcOORgIhRjTPxWcv8xX.MtcV6gfgrZbGkZW5SCCMc; path=/; expires=Fri, 02-Jan-26 15:35:44 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Server: cloudflare
Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.18.1.230:443 · auth.qa.nextech.com
2025-12-23 06:16
HTTP/1.1 404 Not Found Date: Tue, 23 Dec 2025 06:16:15 GMT Transfer-Encoding: chunked Connection: close CF-RAY: 9b25baa58ea23d08-EWR request-context: appId=cid-v1:cf277243-e603-4c08-995a-adf3d970d111 x-powered-by: ASP.NET cf-cache-status: DYNAMIC Set-Cookie: __cf_bm=.arlETPnO.GvxxlQ4OikezaHrtia7pMQqvccdjbLSyo-1766470575-1.0.1.1-BIDKOLqkUjge_m40BH9psAWzfqjPwvEjv8LSUk5WG1JFUE29EHfXeMNwYn7S1_892LDi0gkv4pLQo4HiZUhMOUNNX1op3FGGTkOKrPO43Ig; path=/; expires=Tue, 23-Dec-25 06:46:15 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Server: cloudflare
Found 2025-12-23 by HttpPluginCreate report
-
Open service 104.18.1.230:443 · auth.qa.nextech.com
2025-12-21 03:01
HTTP/1.1 404 Not Found Date: Sun, 21 Dec 2025 03:01:03 GMT Transfer-Encoding: chunked Connection: close CF-RAY: 9b1421f9faa87117-YYZ request-context: appId=cid-v1:cf277243-e603-4c08-995a-adf3d970d111 x-powered-by: ASP.NET cf-cache-status: DYNAMIC Set-Cookie: __cf_bm=cZILVr1.iMpfwBGhVdrdHefLEP9cz3CnTqcO8hXxfMQ-1766286063-1.0.1.1-Ih7fDl.LdsZ.RzhwGZSV6LC6azyixSlgHIsij1genDgyWJe1kzTBKZz.8jdWCjqzVVRXs4A5lP0rAE8IuWi6fNRvw5gA9d0Q3y34F7M4BSw; path=/; expires=Sun, 21-Dec-25 03:31:03 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Server: cloudflare
Found 2025-12-21 by HttpPluginCreate report
-
Open service 104.18.1.230:443 · auth.qa.nextech.com
2025-12-19 05:32
HTTP/1.1 404 Not Found Date: Fri, 19 Dec 2025 05:32:02 GMT Transfer-Encoding: chunked Connection: close CF-RAY: 9b048461b988134a-EWR request-context: appId=cid-v1:cf277243-e603-4c08-995a-adf3d970d111 x-powered-by: ASP.NET cf-cache-status: DYNAMIC Set-Cookie: __cf_bm=p33XRj832aYUqp2PZtMVt84sTFSaiOvh019UJ4v9BZA-1766122322-1.0.1.1-Iiuu.sBh8vx8dOfQV4qDTsWAtDTzexZFfyfHvwW.i5Xo2kkUaVxVo0kQUIM.A_DVJMLn9qDhIswebB6fZx6FTXoLXmdC4OWMAOUoqoCx9N4; path=/; expires=Fri, 19-Dec-25 06:02:02 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Server: cloudflare
Found 2025-12-19 by HttpPluginCreate report