LeakIX - Host qa-dps.choreograph.com

Domain qa-dps.choreograph.com

Germany

Akamai International B.V.

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 2.16.204.92
Domain: qa-dps.choreograph.com
Port: 443
URL: https://qa-dps.choreograph.com

First seen 2025-10-22 11:38
Last seen 2026-01-09 22:37
Open for 79 days

Severity: info
Fingerprint: 5733ddf49ff49cd151e75e4b538a35318d076649ac922871aa12a6d0a5eac0aa

Public Swagger UI/API detected at path: /v3/api-docs - sample paths:
DELETE /dps/admin/dsar/{id}
GET /actuator
GET /actuator/env
GET /actuator/env/{toMatch}
GET /actuator/health
GET /actuator/health/**
GET /actuator/info
GET /actuator/metrics
GET /actuator/metrics/{requiredMetricName}
GET /dps/about/docu
GET /dps/admin/country
GET /dps/admin/dmp
GET /dps/admin/dmp/review
GET /dps/admin/dsar/bulk-audit
GET /dps/admin/dsar/bulk-download/{updateId}
GET /dps/admin/dsar/{id}/ecrypted-links
GET /dps/admin/user
GET /dps/admin/user-role
GET /dps/admin/user/{name}
GET /dps/app/configs
GET /dps/dmp/dsar/{dmpId}/{id}/pii
GET /dps/dmp/dsar/{dsarId}/utility-bill
GET /dps/dmp/encrypted-Id/{encryptedId}/dsar-id
GET /dps/ds/dsar/gpc/status
GET /dps/ds/dsar/{email}
GET /dps/ds/dsar/{encryptedId}/json
GET /dps/ds/dsar/{encryptedId}/zip-download
GET /dps/ds/dsar/{encryptedId}/zip-download/multiple
GET /dps/ds/region-info
GET /dps/email/dsar/{encryptedId}/confirm
GET /dps/email/dsar/{encryptedId}/data-access
GET /dps/mobile
GET /dps/report/count
GET /dps/report/dsar/{id}
GET /dps/report/find
GET /dps/report/pgp/dashboard
GET /dps/report/pgp/data
GET /dps/report/pgp/states
GET /dps/tokenid
POST /dps/admin/dsar/bulk-update
POST /dps/dmp/dsar/create
POST /dps/dmp/dsar/{id}/utility-bill/verification
POST /dps/dmp/{dmpId}/dsar/encryptedId/{encryptedId}/{recordStatus}
POST /dps/dmp/{dmpId}/dsar/{dsarId}/complete
POST /dps/dmp/{dmpRevId}/dsar/{dsarId}/review
POST /dps/ds/dsar
POST /dps/ds/dsar/pii
PUT /dps/admin/dsar/resolve/{dsarId}
PUT /dps/ds/dsar/{dsarId}

Found on 2026-01-09 22:37

Create report

Open service 2.16.204.92:443 · qa-dps.choreograph.com

2026-01-09 22:37

HTTP/1.1 401 Unauthorized
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: Basic realm="Realm"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Referrer-Policy: unsafe-url
Cross-Origin-Opener-Policy: unsafe-none
Cross-Origin-Embedder-Policy: unsafe-none
Cross-Origin-Resource-Policy: cross-origin
Content-Type: application/json
Content-Length: 92
Expires: Fri, 09 Jan 2026 22:37:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jan 2026 22:37:46 GMT
Connection: close
Set-Cookie: JSESSIONID=42F2D698536598AFAC74AD1F901669D3; Path=/; HttpOnly
Server-Timing: cdn-cache; desc=MISS
Server-Timing: edge; dur=219
Server-Timing: origin; dur=116
Server-Timing: ak_p; desc="1767998265805_34610527_1169808769_33465_16088_9_328_-";dur=1


{"timestamp":"2026-01-09T22:37:46.426+00:00","status":401,"error":"Unauthorized","path":"/"}

Found 2026-01-09 by HttpPlugin