LeakIX - Host insight-staging.locomote.com

Domain insight-staging.locomote.com

United States

AMAZON-02

Software information

heroku-router

tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 99.83.220.108
Domain: insight-staging.locomote.com
Port: 443
URL: https://insight-staging.locomote.com

First seen 2025-11-03 00:18
Last seen 2025-11-30 19:00
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43a6803424777154098186713ec9a2b7b3b097f7f1
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /v1/agency_branches
GET /v1/agency_branches/find
GET /v1/agency_branches/{uuid}
GET /v1/identities
GET /v1/identities/{uuid}/itineraries
GET /v1/identities/{uuid}/travellers
GET /v1/identities/{uuid}/trips
GET /v1/identity/info
GET /v1/identity/oauth2/auth
GET /v1/itineraries
GET /v1/itineraries/{compound_key}
GET /v1/trip/{uuid}
GET /v1/trip/{uuid}/itinerary
POST /v1/agency_branches/sync
POST /v1/companies/sync
POST /v1/identities/auth
POST /v1/identity/create_session
POST /v1/identity/oauth2/token
```
  Found on 2025-11-30 19:00
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 75.2.60.68
Domain: insight-staging.locomote.com
Port: 80
URL: http://insight-staging.locomote.com

First seen 2025-11-03 00:18
Last seen 2025-11-30 21:28
Open for 27 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1b885ff43a6803424777154098186713ec9a2b7b3b097f7f1
```
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /v1/agency_branches
GET /v1/agency_branches/find
GET /v1/agency_branches/{uuid}
GET /v1/identities
GET /v1/identities/{uuid}/itineraries
GET /v1/identities/{uuid}/travellers
GET /v1/identities/{uuid}/trips
GET /v1/identity/info
GET /v1/identity/oauth2/auth
GET /v1/itineraries
GET /v1/itineraries/{compound_key}
GET /v1/trip/{uuid}
GET /v1/trip/{uuid}/itinerary
POST /v1/agency_branches/sync
POST /v1/companies/sync
POST /v1/identities/auth
POST /v1/identity/create_session
POST /v1/identity/oauth2/token
```
  Found on 2025-11-30 21:28
Create report

Open service 75.2.60.68:80 · insight-staging.locomote.com

2026-01-08 19:56

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2026-01-08 19:57:41.619532445 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2026-01-08 by HttpPlugin

Create report

Open service 75.2.60.68:80 · insight-staging.locomote.com

2026-01-01 20:26

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2026-01-01 20:26:35.476142963 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2026-01-01 by HttpPlugin

Create report

Open service 75.2.60.68:80 · insight-staging.locomote.com

2025-12-30 04:35

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-30 04:35:27.476886565 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-30 by HttpPlugin

Create report

Open service 75.2.60.68:80 · insight-staging.locomote.com

2025-12-22 05:27

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-22 05:27:20.269570996 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 75.2.60.68:80 · insight-staging.locomote.com

2025-12-20 05:53

HTTP/1.1 404 Not Found
Content-Length: 548
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Date: 2025-12-20 05:53:10.812131377 +0000 UTC
Server: heroku-router

Page title: No such app

<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta charset="utf-8">
    <title>No such app</title>
    <style media="screen">
      html,body,iframe {
        margin: 0;
        padding: 0;
      }
      html,body {
        height: 100%;
        overflow: hidden;
      }
      iframe {
        width: 100%;
        height: 100%;
        border: 0;
      }
    </style>
  </head>
  <body>
    <iframe src="//www.herokucdn.com/error-pages/no-such-app.html"></iframe>
  </body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

Domain summary

insight-staging.locomote.com 6

1 recorded

IP summary

75.2.60.68 2 99.83.220.108 1

2 recorded

Domain insight-staging.locomote.com

United States

Software information

Swagger API description is publicly available

Swagger API description is publicly available

Create report

Create report

Create report

Create report

Create report

Domain summary

IP summary