Domain servicesapi-demo.questel.com
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 104.18.6.185
Domain: servicesapi-demo.questel.com
Port: 443
URL: https://servicesapi-demo.questel.comFirst seen 2025-11-11 00:59
Last seen 2026-02-09 21:37
Open for 90 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d604dc55fe510cf6cab326447c50536aac9679ff8cePublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/v{version}/webhooks/{eventType} GET /api/v{version}/apilogging/all-logs GET /api/v{version}/apilogging/client-logs GET /api/v{version}/apilogging/logs GET /api/v{version}/estimates/{estimateId} GET /api/v{version}/files/{fileType}/{fileId} GET /api/v{version}/ip-assets/{assetId} GET /api/v{version}/ip-assets/{assetId}/orders GET /api/v{version}/orders/{orderId} GET /api/v{version}/projects/{projectId} GET /api/v{version}/reference-values/applicant-designated-states GET /api/v{version}/reference-values/applicants GET /api/v{version}/reference-values/case-managers GET /api/v{version}/reference-values/countries GET /api/v{version}/reference-values/delivery-agents GET /api/v{version}/reference-values/drafting-agents GET /api/v{version}/reference-values/jurisdictions GET /api/v{version}/reference-values/project-types GET /api/v{version}/reference-values/project-types/{serviceType}/workflows GET /api/v{version}/reference-values/prosecuting-agents/{countryCode} GET /api/v{version}/reference-values/source-locales GET /api/v{version}/reference-values/unitary-patent-translationlanguages GET /api/v{version}/status GET /api/v{version}/webhooks GET /api/v{version}/webhooks/alllogs GET /api/v{version}/webhooks/logs POST /api/v{version}/authtoken POST /api/v{version}/estimates POST /api/v{version}/estimates/{estimateId}/convert POST /api/v{version}/ip-assets POST /api/v{version}/ip-assets/portfolio-load POST /api/v{version}/ip-assets/{assetId}/abandon POST /api/v{version}/ip-assets/{assetId}/hold POST /api/v{version}/ip-assets/{assetId}/renew POST /api/v{version}/projects POST /api/v{version}/projects/{projectId}/cancelFound on 2026-02-09 21:37 -
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d604dc55fe510cf6cab326447c50536aac94d88e116Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/v{version}/webhooks/{eventType} GET /api/v{version}/apilogging/all-logs GET /api/v{version}/apilogging/client-logs GET /api/v{version}/apilogging/logs GET /api/v{version}/estimates/{estimateId} GET /api/v{version}/files/{fileType}/{fileId} GET /api/v{version}/ip-assets/{assetId} GET /api/v{version}/ip-assets/{assetId}/orders GET /api/v{version}/orders/{orderId} GET /api/v{version}/projects/{projectId} GET /api/v{version}/reference-values/applicants GET /api/v{version}/reference-values/case-managers GET /api/v{version}/reference-values/countries GET /api/v{version}/reference-values/delivery-agents GET /api/v{version}/reference-values/drafting-agents GET /api/v{version}/reference-values/jurisdictions GET /api/v{version}/reference-values/project-types GET /api/v{version}/reference-values/project-types/{serviceType}/workflows GET /api/v{version}/reference-values/prosecuting-agents/{countryCode} GET /api/v{version}/reference-values/source-locales GET /api/v{version}/reference-values/unitary-patent-translationlanguages GET /api/v{version}/status GET /api/v{version}/webhooks GET /api/v{version}/webhooks/alllogs GET /api/v{version}/webhooks/logs POST /api/v{version}/authtoken POST /api/v{version}/estimates POST /api/v{version}/estimates/{estimateId}/convert POST /api/v{version}/ip-assets POST /api/v{version}/ip-assets/portfolio-load POST /api/v{version}/ip-assets/{assetId}/abandon POST /api/v{version}/ip-assets/{assetId}/hold POST /api/v{version}/ip-assets/{assetId}/renew POST /api/v{version}/projects POST /api/v{version}/projects/{projectId}/cancelFound on 2026-01-02 14:44
-
-
Open service 104.18.6.185:443 · servicesapi-demo.questel.com
2026-01-23 16:29
HTTP/1.1 404 Not Found Date: Fri, 23 Jan 2026 16:29:48 GMT Content-Length: 0 Connection: close CF-RAY: 9c28ac08da7cb905-FRA X-StackifyID: V2|195a8237-6256-4696-9c1a-8eeeea69a6f8|C0|CD0 correlation-id: f36893d5-285c-4a09-83d0-aea043b61fee Strict-Transport-Security: max-age=15724800; includeSubDomains cf-cache-status: DYNAMIC speculation-rules: "/cdn-cgi/speculation" Server: cloudflare alt-svc: h3=":443"; ma=86400
Found 2026-01-23 by HttpPluginCreate report
-
Open service 104.18.7.185:443 · servicesapi-demo.questel.com
2026-01-09 14:53
HTTP/1.1 404 Not Found Date: Fri, 09 Jan 2026 14:53:13 GMT Content-Length: 0 Connection: close CF-RAY: 9bb4c34bfd60ccb6-EWR X-StackifyID: V2|28df74f3-ab7c-4669-b529-68f81825fd2b|C0|CD0 correlation-id: 4938772d-95cf-4452-a0d5-a9180a99da55 Strict-Transport-Security: max-age=15724800; includeSubDomains cf-cache-status: DYNAMIC speculation-rules: "/cdn-cgi/speculation" Server: cloudflare alt-svc: h3=":443"; ma=86400
Found 2026-01-09 by HttpPluginCreate report