Domain togetherfirstcic.htech.app
United States
Software information
Heroku
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 99.83.217.1
Domain: togetherfirstcic.htech.app
Port: 443
URL: https://togetherfirstcic.htech.appFirst seen 2025-11-27 00:18
Last seen 2026-01-09 23:38
Open for 43 days-
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532cPublic Swagger UI/API detected at path: /swagger/index.html
Found on 2026-01-09 23:38
-
-
Open service 99.83.217.1:443 · togetherfirstcic.htech.app
2026-01-09 23:38
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://togetherfirstcic.htech.app/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=xTT11mef2VhI60SJIoZdOMmFm6jcsUjoFjIkkb%2BMP8o%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768001927"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=xTT11mef2VhI60SJIoZdOMmFm6jcsUjoFjIkkb%2BMP8o%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768001927" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 815aed07-01fa-aa5e-2110-20268db4a2ca X-Runtime: 0.049040 X-Xss-Protection: 0 Date: Fri, 09 Jan 2026 23:38:47 GMT Content-Length: 117 Connection: close <html><body>You are being <a href="https://togetherfirstcic.htech.app/patients/sign-in">redirected</a>.</body></html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · togetherfirstcic.htech.app
2025-12-30 09:55
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://togetherfirstcic.htech.app/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=wgGQef98%2FZ0WCq%2B1%2Fe0xgu69AunFDfKcGzmMPD2%2B%2Fok%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767088504"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=wgGQef98%2FZ0WCq%2B1%2Fe0xgu69AunFDfKcGzmMPD2%2B%2Fok%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767088504" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 3f50bbd0-12f9-35e5-764a-7267ebea7aa3 X-Runtime: 0.037790 X-Xss-Protection: 0 Date: Tue, 30 Dec 2025 09:55:04 GMT Content-Length: 117 Connection: close <html><body>You are being <a href="https://togetherfirstcic.htech.app/patients/sign-in">redirected</a>.</body></html>Found 2025-12-30 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · togetherfirstcic.htech.app
2025-12-22 22:48
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://togetherfirstcic.htech.app/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=BSkNB97%2B8WLq%2BIrBUsZC2jmcizXMMq4O5uzvO06FfWY%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766443685"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=BSkNB97%2B8WLq%2BIrBUsZC2jmcizXMMq4O5uzvO06FfWY%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766443685" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 7ccbba25-a33d-d046-5d04-bf0540853d3a X-Runtime: 0.049679 X-Xss-Protection: 0 Date: Mon, 22 Dec 2025 22:48:05 GMT Content-Length: 117 Connection: close <html><body>You are being <a href="https://togetherfirstcic.htech.app/patients/sign-in">redirected</a>.</body></html>Found 2025-12-22 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · togetherfirstcic.htech.app
2025-12-21 02:54
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://togetherfirstcic.htech.app/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=OxHvUoRNver1J%2BYOgQcCAXayaRWDyAwCJLwwjyQaozQ%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766285683"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=OxHvUoRNver1J%2BYOgQcCAXayaRWDyAwCJLwwjyQaozQ%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766285683" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: 9bf1fe90-f71c-fb9d-9793-6b39249a3372 X-Runtime: 0.029291 X-Xss-Protection: 0 Date: Sun, 21 Dec 2025 02:54:43 GMT Content-Length: 117 Connection: close <html><body>You are being <a href="https://togetherfirstcic.htech.app/patients/sign-in">redirected</a>.</body></html>Found 2025-12-21 by HttpPluginCreate report
-
Open service 99.83.217.1:443 · togetherfirstcic.htech.app
2025-12-19 03:23
HTTP/1.1 302 Found Cache-Control: no-cache Content-Security-Policy: Content-Type: text/html; charset=utf-8 Location: https://togetherfirstcic.htech.app/patients/sign-in Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1} Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=5%2BZRe1bmKiq9v5YddL0mHd7IMERWijjdZVZ3Yy%2FxP44%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766114631"}],"max_age":3600} Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=5%2BZRe1bmKiq9v5YddL0mHd7IMERWijjdZVZ3Yy%2FxP44%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766114631" Server: Heroku Strict-Transport-Security: max-age=63072000; includeSubDomains Via: 1.1 heroku-router X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Request-Id: e4abdad7-844a-e46c-3ef2-f649c170a971 X-Runtime: 0.044953 X-Xss-Protection: 0 Date: Fri, 19 Dec 2025 03:23:51 GMT Content-Length: 117 Connection: close <html><body>You are being <a href="https://togetherfirstcic.htech.app/patients/sign-in">redirected</a>.</body></html>Found 2025-12-19 by HttpPluginCreate report