LeakIX - Host api.dev.loop-aero.com

Domain api.dev.loop-aero.com

United States

AMAZON-02

Software information

Heroku

tcp/443 tcp/80

GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 15.197.129.158
Domain: api.dev.loop-aero.com
Port: 443
URL: https://api.dev.loop-aero.com

First seen 2025-12-01 00:59
Last seen 2026-01-02 13:07
Open for 32 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2026-01-02 13:07
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3af54412400a716a8db0d566e819396dbd8e14373
```
GraphQL introspection enabled at /graphql
Types: 1160 (by kind: ENUM: 25, INPUT_OBJECT: 954, OBJECT: 175, SCALAR: 6)
Operations:
- Query: Query | fields: airlineCompanies, airlineCompany, airlineStaff, airlineStaffs, airport
- Mutation: Mutation | fields: acknowledgeNotification, createFlight, createUserComment, createUserSearch, deleteUserComment
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2025-12-01 00:59
  
  1.7 MBytes
Create report
GraphQL introspection is enabled.

GraphQL introspection is enabled.

This could leak to data leak if not properly configured.

IP: 99.83.217.1
Domain: api.dev.loop-aero.com
Port: 80
URL: http://api.dev.loop-aero.com

First seen 2025-12-01 00:59
Last seen 2026-01-01 19:46
Open for 31 days
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa31a0bbaa3
```
GraphQL introspection enabled at /graphql
```
  Found on 2026-01-01 19:46
- Severity: medium
  Fingerprint: c2db3a1c40d490db1a0bbaa3af54412400a716a8db0d566e819396dbd8e14373
```
GraphQL introspection enabled at /graphql
Types: 1160 (by kind: ENUM: 25, INPUT_OBJECT: 954, OBJECT: 175, SCALAR: 6)
Operations:
- Query: Query | fields: airlineCompanies, airlineCompany, airlineStaff, airlineStaffs, airport
- Mutation: Mutation | fields: acknowledgeNotification, createFlight, createUserComment, createUserSearch, deleteUserComment
Directives: deprecated, include, oneOf, skip, specifiedBy (total: 5)
```
  Found on 2025-12-01 00:59
  
  1.7 MBytes
Create report

Open service 15.197.129.158:443 · api.dev.loop-aero.com

2026-01-09 23:09

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 23:09:59 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=n1Q26AopwDj9lhxT9BuV1NINxA2543TBRJvHrVM9U%2Fc%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1768000199"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=n1Q26AopwDj9lhxT9BuV1NINxA2543TBRJvHrVM9U%2Fc%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1768000199"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2 days ago by HttpPlugin

Create report

Open service 99.83.217.1:80 · api.dev.loop-aero.com

2026-01-09 01:52

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 09 Jan 2026 01:53:26 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=M3%2B4Bx4lfzOoqEbPgl%2B3cokbG%2BR0YiLRPqWouTtXnGk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767923606"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=M3%2B4Bx4lfzOoqEbPgl%2B3cokbG%2BR0YiLRPqWouTtXnGk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767923606"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2026-01-09 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api.dev.loop-aero.com

2026-01-02 13:07

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 02 Jan 2026 13:07:27 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=4CLOUDuOoTiE0Ua%2FcuGFxJeugjYuyhQ8B%2FUXjFI5RVc%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767359247"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=4CLOUDuOoTiE0Ua%2FcuGFxJeugjYuyhQ8B%2FUXjFI5RVc%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767359247"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2026-01-02 by HttpPlugin

Create report

Open service 99.83.217.1:80 · api.dev.loop-aero.com

2026-01-01 19:46

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Thu, 01 Jan 2026 19:46:10 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=KCc5bN2dZy2imyJcbz0%2BHmM%2Bw6lapPmGH4jFhJjai8Y%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1767296770"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=KCc5bN2dZy2imyJcbz0%2BHmM%2Bw6lapPmGH4jFhJjai8Y%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1767296770"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2026-01-01 by HttpPlugin

Create report

Open service 99.83.217.1:80 · api.dev.loop-aero.com

2025-12-22 20:16

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 20:16:44 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=aBdw2260AmQyukt9OId4xEl%2BuLjXL6k6a9nnZTdTaMw%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766434604"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=aBdw2260AmQyukt9OId4xEl%2BuLjXL6k6a9nnZTdTaMw%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766434604"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2025-12-22 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api.dev.loop-aero.com

2025-12-22 13:33

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Mon, 22 Dec 2025 13:33:35 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=TZRlcJfC1rtV72LMUxqQWPuUXLOvtT%2Ftj0jHjpaiB%2BY%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766410415"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=TZRlcJfC1rtV72LMUxqQWPuUXLOvtT%2Ftj0jHjpaiB%2BY%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766410415"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2025-12-22 by HttpPlugin

Create report

Open service 99.83.217.1:80 · api.dev.loop-aero.com

2025-12-21 03:59

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sun, 21 Dec 2025 03:59:33 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=tPphdJKzATmxksRymGWWZOTeNeR6V0QtvxDtNccE0Uk%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766289573"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=tPphdJKzATmxksRymGWWZOTeNeR6V0QtvxDtNccE0Uk%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766289573"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2025-12-21 by HttpPlugin

Create report

Open service 15.197.129.158:443 · api.dev.loop-aero.com

2025-12-20 11:32

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Sat, 20 Dec 2025 11:32:43 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=zrhZ6lzFYD47bBfRlHS%2F%2BrgfzKXvr2WiIoCjBAMvHpc%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766230363"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=zrhZ6lzFYD47bBfRlHS%2F%2BrgfzKXvr2WiIoCjBAMvHpc%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766230363"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2025-12-20 by HttpPlugin

Create report

Open service 99.83.217.1:80 · api.dev.loop-aero.com

2025-12-19 04:50

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Length: 20
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Date: Fri, 19 Dec 2025 04:50:13 GMT
Etag: W/"14-vPz2TBJ3fHn/B1F8Q1Gux/9hLeg"
Nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Report-To: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=rePGgXIEwFikAAds6WZ4EMfodo1VVdkkDNZ4bZVCV%2Fo%3D\u0026sid=c4c9725f-1ab0-44d8-820f-430df2718e11\u0026ts=1766119813"}],"max_age":3600}
Reporting-Endpoints: heroku-nel="https://nel.heroku.com/reports?s=rePGgXIEwFikAAds6WZ4EMfodo1VVdkkDNZ4bZVCV%2Fo%3D&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&ts=1766119813"
Server: Heroku
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
Via: 1.1 heroku-router
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 0
Connection: close


Loopaero backend dev

Found 2025-12-19 by HttpPlugin

Create report

api.dev.loop-aero.com

Fingerprint:

8cf9eef30a1ae058932a59a1625706b02e142548e6e8d0f4071f9daf5205cd40

CN:

api.dev.loop-aero.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-12-01 00:00

Not after:

2026-03-01 00:00

Domain summary

api.dev.loop-aero.com 12

1 recorded

IP summary

15.197.129.158 1 99.83.217.1 1 76.223.11.49 1

3 recorded

Domain api.dev.loop-aero.com

United States

Software information

GraphQL introspection is enabled.

GraphQL introspection is enabled.

api.dev.loop-aero.com

Domain summary

IP summary