Fly Leasing operates as an aircraft leasing company that acquires and leases commercial jet aircraft to airlines worldwide. The company owns a portfolio of passenger and cargo aircraft which it leases under operating lease agreements to airline operators across multiple regions. UpGuard continuously monitors the security posture of Fly Leasing Limited using open-source, commercial, and proprietary threat intelligence feeds. Our analysis is centered on objective, externally verifiable information.
Fly Leasing Limited's security rating is based on the analysis of their external attack surface. The higher the rating, the better their security posture. Start a free trial to get a more in-depth risk assessment for Fly Leasing Limited.
Last updated July 8, 2026
This vendor risk report is based on UpGuard's continuous monitoring of Fly Leasing Limited's security posture using open-source, commercial, and proprietary threat intelligence feeds. The results are summarized into a security rating based on the analysis of hundreds of individual checks across five risk categories: website security, email security, phishing & malware, brand & reputation risk, and network security.
The Content Security Policy on this site allows insecure active content.
The Content Security Policy is implemented with unsafe-eval, reducing protection against XSS attacks.
A Content Security Policy is implemented to help protect against XSS and clickjacking attacks.
The Content Security Policy does not allow any insecure passive (img/media) sources.
The 'HTTP' service is running and exposed to the internet. The configuration of the server should be reviewed and unnecessary ports closed.
DNSSEC records prevent third parties from forging the records that guarantee a domain's identity. DNSSEC should be configured for this domain.
Domain is not protected from unsolicited deletion requests with the registrar or registry. The domain should have clientDeleteProhibited or serverDeleteProhibited set.
Domain is not protected from unsolicited update requests with the registrar or registry. The domain should have clientUpdateProhibited or serverUpdateProhibited set.
The domain does not contain a valid Certification Authority Authorization (CAA) record. A CAA record indicates which Certificate Authorities (CAs) are authorized to issue certificates for a domain.
Domain has not expired.
Domain does not expire within 30 days.
Domain is not flagged as inactive.
Domain is not pending deletion with the registrar.
Domain is not pending restoration with the registrar.
Domain is protected from unsolicited transfer requests.
Domain is not under a DNS resolution hold with the registrar.
Domain is not under a DNS resolution hold with the registry itself.
Domain is not prohibited from renewal at the registry itself.
The domain is still accessible over HTTP. All HTTP requests should be redirected to HTTPS.
The domain was not found on the HSTS preload list. Users who visit the website for the first time will be vulnerable to MITM attacks. The requirements for inclusion on the preload list are specified by hstspreload.org.
The site's certificate chain was checked against our list of revoked certificates.
SSL is supported for this site.
The site's hostname matches the SSL certificate.
SSL certificate has not expired.
The certificate presented by this domain was issued by a trusted certificate authority.
No insecure SSL/TLS versions are available for this site.
A complete SSL certificate chain was presented by the server for this domain.
SSL intermediate and root certificates do not expire within 20 days.
The SSL certificate presented by the server has an expiration period shorter than 398 days.
SSL certificate does not expire in less than 20% of its total valid period.
Industry standard SHA-256 encryption in use.
The HTTP Strict Transport Security (HSTS) header contains the includeSubDomains directive.
The site's public certificate provides at least 112 bits of security strength.
TLS connections to the site do not support any weak cipher suites.
This IP/domain has not been reported as a source of botnet activity in the last 30 days.
This IP/domain did not appear on any list of IPs and domains known to perform brute force login attempts in the last 30 days.
This IP/domain has been reported for distributing malware in the last 30 days.
This IP/domain has not been reported for performing unsolicited scanning in the last 30 days.
This IP/domain has not been reported as a phishing site in the last 30 days.
This IP/domain has not been reported as a source of botnet activity in the last 90 days.
This IP/domain did not appear on any list of IPs and domains known to perform brute force login attempts in the last 90 days.
This IP/domain has been reported for distributing malware in the last 90 days.
This IP/domain has not been reported for performing unsolicited scanning in the last 90 days.
This IP/domain has not been reported as a phishing site in the last 90 days.
A bug in OpenSSL's implementation of the TLS heartbeat extension allows access to portions of memory on the targeted host e.g. cryptographic keys and passwords.
The server does not support SSLv3, and is not vulnerable to the POODLE attack.
The server does not offer RSA_EXPORT cipher suites, so clients are not vulnerable to the FREAK attack.
The server is using strong Diffie-Hellman parameters and is not vulnerable to the Logjam attack.
Compare Fly Leasing Limited's security performance with other companies in their industry.
NVIDIA designs and manufactures graphics processing units (GPUs) and system on a chip units for computing applications. The company provides hardware and software platforms for artificial intelligence, data centers, high-performance computing, gaming, professional visualization, and automotive markets.
Amazon.com operates an online retail platform offering a wide range of consumer products, including electronics, books, clothing, and household goods. The company also provides cloud computing services through Amazon Web Services and operates digital streaming and subscription services.
DocuSign provides electronic signature software and intelligent agreement management solutions that enable organizations to create, sign, track, and manage digital contracts and documents. The company's platform includes AI-powered tools for agreement analysis, automated workflows, contract lifecycle management, and integrations with business applications like Salesforce.
youX provides asset finance technology and fulfilment products for manufacturers, dealers, brokers, and lenders. The company offers a software platform that facilitates vehicle, equipment, marine, and commercial asset financing through integration with over 80 lending partners.
Canva operates an online graphic design platform that enables users to create visual content including presentations, social media graphics, posters, and documents. The platform provides templates, design tools, and a library of images and fonts accessible through a web browser and mobile applications.
Verizon provides wireless telecommunications services, home internet connectivity, and digital television offerings to consumer and business customers. The company operates mobile networks and fiber-optic infrastructure to deliver voice, data, and video services across the United States.
The ultimate guide to attack surface and third-party risk management – actionable advice for security teams, managers, and executives.
Security research and global news about data breaches.
Explore resourcesArticles, news, and research on third-party risk management.
Explore resourcesArticles, news, and research on attack surface management.
Explore resourcesArticles, news, and research on cybersecurity.
Explore resources