Domain todo.staging.nextech.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-17 23:09
Last seen 2026-01-09 15:09
Open for 83 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d606aeda8d3e47fdbbdae42428fef69f894b62d36d2Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/AuditEvent GET /api/Category GET /api/Category/{id} GET /api/CommunicationMethod GET /api/Group GET /api/Group/{id} GET /api/Task GET /api/Task/patient/{patientId}/Count GET /api/Task/user/{applicationUserId}/Count GET /api/Task/{id} GET /api/rate-limit/{id} GET /health-check PATCH /api/Todo/{id} POST /api/AuditEvent/_search POST /api/Category/bulk POST /api/Client/backfill POST /api/Task/_search POST /api/Task/category/backfill POST /api/Task/user/{applicationUserId}/IcpCount POST /api/rate-limitFound on 2026-01-09 15:09
-
-
Open service 104.18.14.132:443 · todo.staging.nextech.com
2026-01-09 15:09
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 15:10:01 GMT Content-Length: 0 Connection: close CF-RAY: 9bb4dbe98f339a1e-FRA Set-Cookie: TiPMix=24.16192807662394; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;Secure;Domain=todo.staging.nextech.com Set-Cookie: ARRAffinitySameSite=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;SameSite=None;Secure;Domain=todo.staging.nextech.com Set-Cookie: __cf_bm=FNFrVSdkY5oSqQjeKyrV6Yhgms0JhHwTrFxPjAwkHOM-1767971401-1.0.1.1-pAqVt8_8JXYSMP7EdRomoO8UNDcUHF6wLd_xTVYqNBdc80MfaQUTOJ08Y0fxd9pB3P8c8OuYdnc2_QEHtOGXRZc0_oxx.jO6v.pHdGoYHoM; path=/; expires=Fri, 09-Jan-26 15:40:01 GMT; domain=.staging.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:30411e97-464a-4bc0-a69f-2b8c4faeb172 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.18.14.132:443 · todo.staging.nextech.com
2026-01-02 14:28
HTTP/1.1 404 Not Found Date: Fri, 02 Jan 2026 14:28:53 GMT Content-Length: 0 Connection: close CF-RAY: 9b7af204ffa06e15-FRA Set-Cookie: TiPMix=84.2371649964329; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;Secure;Domain=todo.staging.nextech.com Set-Cookie: ARRAffinitySameSite=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;SameSite=None;Secure;Domain=todo.staging.nextech.com Set-Cookie: __cf_bm=8kEHkgv7Ygc3szM57Szpw2Ye0ZFg32MR2mm6Tgcs_4E-1767364133-1.0.1.1-sweyg0Tk7pgWee_SD2bmfZvf9vKqgUhlww4uXZBZZKVp2YBtAwseolWjPxlQ8s99FuirSTUeoevB2Hn_kmr2Es1N.BMQKjYT9AuM3MnoHFI; path=/; expires=Fri, 02-Jan-26 14:58:53 GMT; domain=.staging.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:30411e97-464a-4bc0-a69f-2b8c4faeb172 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.18.14.132:443 · todo.staging.nextech.com
2025-12-22 23:35
HTTP/1.1 404 Not Found Date: Mon, 22 Dec 2025 23:35:35 GMT Content-Length: 0 Connection: close CF-RAY: 9b236fbbcdb2fc3b-LHR Set-Cookie: TiPMix=68.78837016863558; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;Secure;Domain=todo.staging.nextech.com Set-Cookie: ARRAffinitySameSite=edad4441c23080036d9f0536b216416688fe1dedbf252eab20f9ce201c265bd6;Path=/;HttpOnly;SameSite=None;Secure;Domain=todo.staging.nextech.com Set-Cookie: __cf_bm=ht1zmzdaP0FtobwKShTMOg6OdcdMKK1k3wAM9dpLVYo-1766446535-1.0.1.1-Bu3_cv7.nBCSq0rG4.Lt1056j8psOggqcas7SycMJ4E1A4pwsWH701S1UvhxAwCZr04KjoklU.3esijmwz58XnwtmvgMNnuukEP41370aF0; path=/; expires=Tue, 23-Dec-25 00:05:35 GMT; domain=.staging.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:30411e97-464a-4bc0-a69f-2b8c4faeb172 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2025-12-22 by HttpPluginCreate report
-
Open service 104.18.14.132:443 · todo.staging.nextech.com
2025-12-21 07:40
HTTP/1.1 404 Not Found Date: Sun, 21 Dec 2025 07:40:32 GMT Content-Length: 0 Connection: close CF-RAY: 9b15bb6068ccebe9-SJC Set-Cookie: TiPMix=10.696496693096623; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=91f888586f2efc58873a4ce4a02db8b8ea7782792c5d91cffd75a716f613be73;Path=/;HttpOnly;Secure;Domain=todo.staging.nextech.com Set-Cookie: ARRAffinitySameSite=91f888586f2efc58873a4ce4a02db8b8ea7782792c5d91cffd75a716f613be73;Path=/;HttpOnly;SameSite=None;Secure;Domain=todo.staging.nextech.com Set-Cookie: __cf_bm=k_NKcCem4EINkkeY95PfL4mR4_iRj7tcdbcHD7KwyjI-1766302832-1.0.1.1-LtPNFgqhO.s8pRAuItqvU95.X6ugGH9sxcEsVYgJi8OU5sF8bFR38n2wZyH7ivpUecnBBAKkbNbEnRV.tos_BsA8IPlVY0XfCBXq73yPGVE; path=/; expires=Sun, 21-Dec-25 08:10:32 GMT; domain=.staging.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:30411e97-464a-4bc0-a69f-2b8c4faeb172 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2025-12-21 by HttpPluginCreate report
-
Open service 104.18.14.132:443 · todo.staging.nextech.com
2025-12-19 09:59
HTTP/1.1 404 Not Found Date: Fri, 19 Dec 2025 09:59:02 GMT Content-Length: 0 Connection: close CF-RAY: 9b060b7bc956ced7-SJC Set-Cookie: TiPMix=90.49971511577924; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=todo.staging.nextech.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: ARRAffinity=91f888586f2efc58873a4ce4a02db8b8ea7782792c5d91cffd75a716f613be73;Path=/;HttpOnly;Secure;Domain=todo.staging.nextech.com Set-Cookie: ARRAffinitySameSite=91f888586f2efc58873a4ce4a02db8b8ea7782792c5d91cffd75a716f613be73;Path=/;HttpOnly;SameSite=None;Secure;Domain=todo.staging.nextech.com Set-Cookie: __cf_bm=.o8WqQy8yxuCp80ArJx4Cbq4xRtibZStk_7EFwGo_hs-1766138342-1.0.1.1-OFb0vWOU2GQuDdAWoDbGZ.WxIVeGqEYxX5FjEPcH6RaHV4yofSo_vse_Sp_33dQxfYAgK2tO85OqC6Uhk8VrQCOAMu0eAUoU7rCUWqCO8C8; path=/; expires=Fri, 19-Dec-25 10:29:02 GMT; domain=.staging.nextech.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:30411e97-464a-4bc0-a69f-2b8c4faeb172 X-Powered-By: ASP.NET cf-cache-status: DYNAMIC Server: cloudflare
Found 2025-12-19 by HttpPluginCreate report