Domain scheduler.api.nextech.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-10 06:16
Last seen 2026-01-09 07:43
Open for 30 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60bba1d3d6e29fff9ef8acdcbc957a0c8b7be8f1e3Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/ProviderImages/{id} GET /api/Admin/UnmigratedClients GET /api/AppointmentReasons GET /api/AppointmentReasons/AvailableOnline GET /api/AppointmentTypes GET /api/AppointmentTypes/AvailableOnline GET /api/GeneralSettings GET /api/GeneralSettings/AvailableOnline GET /api/Insurance GET /api/Insurance/AvailableOnline GET /api/Locations GET /api/Locations/AvailableOnline GET /api/OnlineScheduling GET /api/Payment GET /api/Practice/FeatureFlags/{id} GET /api/Practice/Nodes/{id} GET /api/Practice/PaymentSettings/{accountNumber} GET /api/ProviderImages GET /api/Providers GET /api/Providers/AvailableOnline GET /api/SasToken GET /api/rate-limit/{id} GET /health-check/sql PATCH /api/Admin/MigrateIndividualClient POST /api/ProviderImages/{providerId}/Upload POST /api/ProviderImages/{resourceId}/ResourceUpload POST /api/rate-limit PUT /api/ProviderImages/{id}/DefaultFound on 2026-01-09 07:43
-
-
Open service 104.18.0.230:443 · scheduler.api.nextech.com
2026-01-09 07:43
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 07:43:35 GMT Content-Length: 0 Connection: close CF-RAY: 9bb24df73c3cac63-YYZ Set-Cookie: ARRAffinity=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;Secure;Domain=scheduler.api.nextech.com Set-Cookie: ARRAffinitySameSite=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;SameSite=None;Secure;Domain=scheduler.api.nextech.com Set-Cookie: __cf_bm=T2pLgmt2c_FyUA5oTMEnSfDXTskpB4oP6XTjbyR_SNo-1767944615-1.0.1.1-8J71PrTBZztv.wXOwOYi4bzhL5YODvebsUp5_NB9JNYOGlYQyP_92XZXmGdVfvLinEPLmIXQB.y.Rn9KvZbqjrdEi_FssS4wFGpRpKQXAV4; path=/; expires=Fri, 09-Jan-26 08:13:35 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:8875fe5e-577f-4fe5-a880-a77a77bf7c46 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.18.0.230:443 · scheduler.api.nextech.com
2026-01-02 05:18
HTTP/1.1 404 Not Found Date: Fri, 02 Jan 2026 05:18:24 GMT Content-Length: 0 Connection: close CF-RAY: 9b77cbaa0adc9048-FRA Set-Cookie: ARRAffinity=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;Secure;Domain=scheduler.api.nextech.com Set-Cookie: ARRAffinitySameSite=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;SameSite=None;Secure;Domain=scheduler.api.nextech.com Set-Cookie: __cf_bm=9rBPjou_KX7Dmr6AgP46kMMuHAIVgavcJxB2vpOSfiI-1767331104-1.0.1.1-zkAlVhcM5ZVYlUPowWlqEWLRfha2zAIjUaJeR2g8A3Y5k4M.E1vbsl60AlxJ87xE.GSBGhA_RkBmXSxHdEF1hfDQyocKKbmIr44i7TRPMuI; path=/; expires=Fri, 02-Jan-26 05:48:24 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:8875fe5e-577f-4fe5-a880-a77a77bf7c46 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.18.0.230:443 · scheduler.api.nextech.com
2025-12-22 13:39
HTTP/1.1 404 Not Found Date: Mon, 22 Dec 2025 13:39:25 GMT Content-Length: 0 Connection: close CF-RAY: 9b200672ad403c73-AMS Set-Cookie: ARRAffinity=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;Secure;Domain=scheduler.api.nextech.com Set-Cookie: ARRAffinitySameSite=ec67fed98bb481df2e2e4da0e706b13d32adc685f3b7eab48166bd769941a280;Path=/;HttpOnly;SameSite=None;Secure;Domain=scheduler.api.nextech.com Set-Cookie: __cf_bm=N2kVc.NChFLUd_bGNOGP4vIbEAQunbrfbj_EdlIr_8I-1766410765-1.0.1.1-C9pXRTYLmS1CgBHt_zqRsL23BGfxjNlxbnNcYIKQTExc9kcNaGVUIxigeyAfJX9Pcdsba0nRaJlZC4wSaQTqvM5mgknddiDfafzoF4SVX.k; path=/; expires=Mon, 22-Dec-25 14:09:25 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:8875fe5e-577f-4fe5-a880-a77a77bf7c46 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2025-12-22 by HttpPluginCreate report
-
Open service 104.18.0.230:443 · scheduler.api.nextech.com
2025-12-20 13:41
HTTP/1.1 404 Not Found Date: Sat, 20 Dec 2025 13:41:06 GMT Content-Length: 0 Connection: close CF-RAY: 9b0f8e29ef658fd0-FRA Set-Cookie: ARRAffinity=5ea39e139d64143435c3ff546fb12ab41fd8f8d934b19ad4e385e046a4a492ba;Path=/;HttpOnly;Secure;Domain=scheduler.api.nextech.com Set-Cookie: ARRAffinitySameSite=5ea39e139d64143435c3ff546fb12ab41fd8f8d934b19ad4e385e046a4a492ba;Path=/;HttpOnly;SameSite=None;Secure;Domain=scheduler.api.nextech.com Set-Cookie: __cf_bm=QtmXWWyct9_pDN.SBJUkRqesuj06t2OMY0kxxH6bbSc-1766238066-1.0.1.1-Qw189DE5d13kbV5dj7EM2AKNMueyfIIpGW_fGY01LTzShXtv0xhp35sA2ejtowObwmERW0W_uGQexjkizxcDe4TnDGVHJ42h6_IZ0jETwhE; path=/; expires=Sat, 20-Dec-25 14:11:06 GMT; domain=.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:8875fe5e-577f-4fe5-a880-a77a77bf7c46 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2025-12-20 by HttpPluginCreate report