Domain media.arches.network
United States
Software information
Vercel
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-17 05:25
Last seen 2026-01-09 07:28
Open for 84 days-
Severity: info
Fingerprint: 5733ddf49ff49cd110b5863cdcee827e6596f702a6c2cd10b19ad7cdfdadc997Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths: DELETE /api/transcription/{videoId} GET /api/bumper/list GET /api/bumper/{bumperId} GET /api/transcription/{videoId}/captions GET /api/transcription/{videoId}/status GET /api/transcription/{videoId}/transcript GET /api/upload/status/{videoId} GET /api/video/{videoId} GET /api/video/{videoId}/hls GET /api/video/{videoId}/info GET /api/video/{videoId}/thumbnail GET /api/watermark/default GET /api/watermark/list GET /api/watermark/{watermarkId} GET /api/webhooks/health GET /health POST /api/bumper/upload POST /api/bumper/upload/confirm POST /api/bumper/{bumperId}/apply POST /api/transcription/{videoId}/start POST /api/upload/video POST /api/upload/video/confirm POST /api/upload/video/presigned-url POST /api/watermark/upload POST /api/watermark/upload/confirm POST /api/webhooks/transcription PUT /api/watermark/{watermarkId}/set-defaultFound on 2026-01-09 07:28 -
Severity: info
Fingerprint: 5733ddf49ff49cd110b5863cdcee827e6596f702a6c2cd10b19ad7cd005b6e1bPublic Swagger UI/API detected at path: /api-docs/swagger.json - sample paths: DELETE /api/transcription/{videoId} GET /api/bumper/list GET /api/bumper/{bumperId} GET /api/transcription/{videoId}/captions GET /api/transcription/{videoId}/status GET /api/transcription/{videoId}/transcript GET /api/upload/status/{videoId} GET /api/video/{videoId} GET /api/video/{videoId}/hls GET /api/video/{videoId}/info GET /api/video/{videoId}/thumbnail GET /api/webhooks/health GET /health POST /api/bumper/upload POST /api/bumper/{bumperId}/apply POST /api/transcription/{videoId}/start POST /api/upload/video POST /api/upload/video/confirm POST /api/upload/video/presigned-url POST /api/webhooks/transcriptionFound on 2025-12-01 01:54 -
Severity: info
Fingerprint: 5733ddf49ff49cd110b5863cdcee827e6596f702a6c2cd10b19ad7cdf83f1d80Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths: DELETE /api/transcription/{videoId} GET /api/bumper/list GET /api/bumper/{bumperId} GET /api/transcription/{videoId}/captions GET /api/transcription/{videoId}/status GET /api/transcription/{videoId}/transcript GET /api/upload/status/{videoId} GET /api/video/{videoId} GET /api/video/{videoId}/hls GET /api/video/{videoId}/info GET /api/video/{videoId}/thumbnail GET /api/webhooks/health GET /health POST /api/bumper/upload POST /api/bumper/{bumperId}/apply POST /api/transcription/{videoId}/start POST /api/upload/video POST /api/upload/video/confirm POST /api/webhooks/transcriptionFound on 2025-11-20 18:31 -
Severity: info
Fingerprint: 5733ddf49ff49cd110b5863ce5cf43551bb2770eaf93398770f441b370f441b3Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths: GET /api/upload/status/{videoId} GET /health POST /api/upload/video POST /api/upload/video/confirmFound on 2025-11-16 10:07 -
Severity: info
Fingerprint: 5733ddf49ff49cd110b5863ce5cf43551bb2770eaf933987af933987af933987Public Swagger UI/API detected at path: /api-docs/swagger.json - sample paths: GET /api/upload/status/{videoId} GET /health POST /api/upload/videoFound on 2025-10-28 08:45 -
Severity: info
Fingerprint: 5733ddf49ff49cd1bf890109bf890109bf890109bf890109bf890109bf890109Public Swagger UI/API detected at path: /api-docs/swagger.json
Found on 2025-10-19 06:14
-
-
Open service 216.150.1.1:443 · media.arches.network
2026-01-09 07:28
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 71 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://unpkg.com;script-src 'self' 'unsafe-inline' https://unpkg.com;img-src 'self' data: validator.swagger.io;font-src 'self' data:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Fri, 09 Jan 2026 07:28:05 GMT Etag: W/"47-4pBBr3SpSx1mBrKd3BMXrRwNyRU" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::z5l8q-1767943685122-1ae4a2a3c0e8 X-Xss-Protection: 0 Connection: close {"error":"Not found","message":"The requested endpoint does not exist"}Found 2026-01-09 by HttpPluginCreate report
-
Open service 216.150.1.1:443 · media.arches.network
2025-12-22 13:54
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 71 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://unpkg.com;script-src 'self' 'unsafe-inline' https://unpkg.com;img-src 'self' data: validator.swagger.io;font-src 'self' data:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Mon, 22 Dec 2025 13:54:02 GMT Etag: W/"47-4pBBr3SpSx1mBrKd3BMXrRwNyRU" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::cnlqg-1766411641776-fa74ed04881a X-Xss-Protection: 0 Connection: close {"error":"Not found","message":"The requested endpoint does not exist"}Found 2025-12-22 by HttpPluginCreate report
-
Open service 216.150.1.1:443 · media.arches.network
2025-12-20 13:56
HTTP/1.1 404 Not Found Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 71 Content-Security-Policy: default-src 'self';style-src 'self' 'unsafe-inline' https://unpkg.com;script-src 'self' 'unsafe-inline' https://unpkg.com;img-src 'self' data: validator.swagger.io;font-src 'self' data:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Date: Sat, 20 Dec 2025 13:56:05 GMT Etag: W/"47-4pBBr3SpSx1mBrKd3BMXrRwNyRU" Origin-Agent-Cluster: ?1 Referrer-Policy: no-referrer Server: Vercel Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Vercel-Cache: MISS X-Vercel-Id: fra1::iad1::srllq-1766238964105-4a37984929cd X-Xss-Protection: 0 Connection: close {"error":"Not found","message":"The requested endpoint does not exist"}Found 2025-12-20 by HttpPluginCreate report