Domain api.iprod.it
Italy
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-01 00:41
Last seen 2026-01-09 02:22
Open for 69 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d89aa6fd37d616f71278166d9d14f10720ef4930Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Boms/DeleteBom DELETE /api/Customers/DeleteCustomer DELETE /api/Items/DeleteItem DELETE /api/Machines/DeleteMachine DELETE /api/Phases/DeleteProductPhase DELETE /api/PhasesInstances/DeletePhaseInstance DELETE /api/Posts/DeletePost DELETE /api/SalesOrders/DeleteSalesOrder DELETE /api/TrackingData/removepart DELETE /api/WorkOrders/DeleteWorkOrder GET /api/Account/Avatar GET /api/Account/GetIprodCustomer GET /api/Account/GetIprodTenantData GET /api/Account/GetMemoryStats GET /api/Account/GetUser GET /api/Account/GetUserTable GET /api/Account/Logo GET /api/Boms/GetBom GET /api/Boms/GetBomByCode GET /api/Boms/GetBomsPaged GET /api/Boms/GetBomsTable GET /api/Categories/GetCategories GET /api/Categories/GetCategoriesByContext GET /api/Contacts/GetCompaniesContactsTable GET /api/Customers/GetCustomerByVat GET /api/Customers/GetCustomersPaged GET /api/Customers/GetCustomersTable GET /api/Documents/GetAvailableDocuments GET /api/Documents/GetDocument GET /api/Documents/GetDocumentsByType GET /api/Documents/GetDocumentsByTypeAndDate GET /api/Documents/GetPDFDocument GET /api/Documents/GetPurchaseOrders GET /api/Documents/GetReasons GET /api/EnelX/GetEnergyFirstNote GET /api/EnelX/GetEnergyFirstNotesByPeriod GET /api/Items/GetItem GET /api/Items/GetItemByCode GET /api/Items/GetItemsPaged GET /api/Items/GetItemsTable GET /api/Machines/GetMachine GET /api/Machines/GetMachineTable GET /api/PdfViewer/GetBase64PdfDocument GET /api/PdfViewer/GetPdfDocument GET /api/Phases/GetPhaseTable GET /api/Phases/GetPhasesPaged GET /api/Phases/GetSinglePhase GET /api/PhasesInstances/GetPhaseInstance GET /api/PhasesInstances/GetPhaseInstanceActive GET /api/PhasesInstances/GetPhaseInstanceActivePerMachine GET /api/PhasesInstances/GetPhaseInstancePerWO GET /api/PhasesInstances/GetPhaseInstancesPaged GET /api/PhasesInstances/GetPhaseInstancesTable GET /api/PhasesInstances/GetUnassignedPhases GET /api/Posts/GetAllPostsByContext GET /api/Posts/GetPost GET /api/Posts/GetPosts GET /api/Posts/GetPostsByOwnerAndContext GET /api/Posts/GetPostsByPhase GET /api/Posts/GetPostsPaged GET /api/Posts/GetPostsSons GET /api/Posts/GetVisiblePosts GET /api/SalesOrders/CloseSalesOrder GET /api/SalesOrders/GetSalesOrder GET /api/SalesOrders/GetSalesOrdersPaged GET /api/SalesOrders/GetSalesOrdersTable GET /api/Statistics/GetStatistics GET /api/Telemetry/GetTelemetry GET /api/TrackingData/GetLastOngoingUserActivity GET /api/TrackingData/GetTrackingdata GET /api/WareHouses/GetWareHousesTable GET /api/WorkOrders/CloseWorkOrder GET /api/WorkOrders/GetWorkOrder GET /api/WorkOrders/GetWorkOrdersBySOID GET /api/WorkOrders/GetWorkOrdersPaged GET /api/WorkOrders/GetWorkOrdersTable POST /api/Boms/ImportBoms POST /api/Boms/SaveBom POST /api/Boms/SaveBomsBatch POST /api/Contacts/SaveCompanyContactsBatch POST /api/Customers/SaveCustomer POST /api/Documents/AddPickingListParameters POST /api/Documents/GetDocuments POST /api/Documents/SaveDocument POST /api/Documents/SaveDocumentsBatch POST /api/Documents/SavePurchaseOrder POST /api/Documents/SaveStock POST /api/Documents/SaveStocksBatch POST /api/EnelX/SaveEnergyFirstNote POST /api/EnelX/SaveEnergyFirstNotesBatch POST /api/Files/UploadFiles POST /api/Items/GetPDFLabel POST /api/Items/SaveProduct POST /api/Items/SaveProductsBatch POST /api/Logs/UploadAppLog POST /api/Machines/SaveMachine POST /api/PdfViewer/AddSquareAnnotation POST /api/PdfViewer/Bookmarks POST /api/PdfViewer/Download POST /api/PdfViewer/ExportAnnotations POST /api/PdfViewer/ExportFormFields POST /api/PdfViewer/ImportAnnotations POST /api/PdfViewer/ImportFormFields POST /api/PdfViewer/Load POST /api/PdfViewer/RenderAnnotationComments POST /api/PdfViewer/RenderPdfPages POST /api/PdfViewer/RenderThumbnailImages POST /api/PdfViewer/Unload POST /api/Phases/SaveProductPhase POST /api/Phases/SaveProductPhaseBatch POST /api/PhasesInstances/ChangePhaseStatus POST /api/PhasesInstances/GetOperatorActivities POST /api/PhasesInstances/UpdateInstance POST /api/Posts/UpdatePost POST /api/SalesOrders/SaveSalesOrder POST /api/TrackingData/UpdateTrackingData POST /api/TrackingData/newpart POST /api/TrackingData/trashpart POST /api/WareHouses/NewWareHouse POST /api/WorkOrders/SaveWorkOrder POST /api/iProdAuthentication/GetTokenV2
Found on 2026-01-09 02:22 -
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d89aa6fd37d616f71278166d9d14f107f0711d1dPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Boms/DeleteBom DELETE /api/Customers/DeleteCustomer DELETE /api/Items/DeleteItem DELETE /api/Machines/DeleteMachine DELETE /api/Phases/DeleteProductPhase DELETE /api/PhasesInstances/DeletePhaseInstance DELETE /api/Posts/DeletePost DELETE /api/SalesOrders/DeleteSalesOrder DELETE /api/TrackingData/removepart DELETE /api/WorkOrders/DeleteWorkOrder GET /api/Account/Avatar GET /api/Account/GetIprodCustomer GET /api/Account/GetIprodTenantData GET /api/Account/GetMemoryStats GET /api/Account/GetUser GET /api/Account/GetUserTable GET /api/Account/Logo GET /api/Boms/GetBom GET /api/Boms/GetBomByCode GET /api/Boms/GetBomsPaged GET /api/Boms/GetBomsTable GET /api/Categories/GetCategories GET /api/Categories/GetCategoriesByContext GET /api/Contacts/GetCompaniesContactsTable GET /api/Customers/GetCustomerByVat GET /api/Customers/GetCustomersPaged GET /api/Customers/GetCustomersTable GET /api/Documents/GetAvailableDocuments GET /api/Documents/GetDocument GET /api/Documents/GetDocumentsByType GET /api/Documents/GetDocumentsByTypeAndDate GET /api/Documents/GetPDFDocument GET /api/Documents/GetPurchaseOrders GET /api/Documents/GetReasons GET /api/EnelX/GetEnergyFirstNote GET /api/EnelX/GetEnergyFirstNotesByPeriod GET /api/Items/GetItem GET /api/Items/GetItemByCode GET /api/Items/GetItemsPaged GET /api/Items/GetItemsTable GET /api/Machines/GetMachine GET /api/Machines/GetMachineTable GET /api/PdfViewer/GetBase64PdfDocument GET /api/PdfViewer/GetPdfDocument GET /api/Phases/GetPhaseTable GET /api/Phases/GetPhasesPaged GET /api/Phases/GetSinglePhase GET /api/PhasesInstances/GetPhaseInstance GET /api/PhasesInstances/GetPhaseInstanceActive GET /api/PhasesInstances/GetPhaseInstanceActivePerMachine GET /api/PhasesInstances/GetPhaseInstancePerWO GET /api/PhasesInstances/GetPhaseInstancesPaged GET /api/PhasesInstances/GetPhaseInstancesTable GET /api/PhasesInstances/GetUnassignedPhases GET /api/Posts/GetAllPostsByContext GET /api/Posts/GetPost GET /api/Posts/GetPosts GET /api/Posts/GetPostsByOwnerAndContext GET /api/Posts/GetPostsByPhase GET /api/Posts/GetPostsPaged GET /api/Posts/GetPostsSons GET /api/Posts/GetVisiblePosts GET /api/SalesOrders/CloseSalesOrder GET /api/SalesOrders/GetSalesOrder GET /api/SalesOrders/GetSalesOrdersPaged GET /api/SalesOrders/GetSalesOrdersTable GET /api/Statistics/GetStatistics GET /api/Telemetry/GetTelemetry GET /api/TrackingData/GetLastOngoingUserActivity GET /api/TrackingData/GetTrackingdata GET /api/WareHouses/GetWareHousesTable GET /api/WorkOrders/CloseWorkOrder GET /api/WorkOrders/GetWorkOrder GET /api/WorkOrders/GetWorkOrdersBySOID GET /api/WorkOrders/GetWorkOrdersPaged GET /api/WorkOrders/GetWorkOrdersTable POST /api/Boms/ImportBoms POST /api/Boms/SaveBom POST /api/Boms/SaveBomsBatch POST /api/Contacts/SaveCompanyContactsBatch POST /api/Customers/SaveCustomer POST /api/Documents/AddPickingListParameters POST /api/Documents/SaveDocument POST /api/Documents/SaveDocumentsBatch POST /api/Documents/SavePurchaseOrder POST /api/Documents/SaveStock POST /api/Documents/SaveStocksBatch POST /api/EnelX/SaveEnergyFirstNote POST /api/EnelX/SaveEnergyFirstNotesBatch POST /api/Files/UploadFiles POST /api/Items/GetPDFLabel POST /api/Items/SaveProduct POST /api/Items/SaveProductsBatch POST /api/Logs/UploadAppLog POST /api/Machines/SaveMachine POST /api/PdfViewer/AddSquareAnnotation POST /api/PdfViewer/Bookmarks POST /api/PdfViewer/Download POST /api/PdfViewer/ExportAnnotations POST /api/PdfViewer/ExportFormFields POST /api/PdfViewer/ImportAnnotations POST /api/PdfViewer/ImportFormFields POST /api/PdfViewer/Load POST /api/PdfViewer/RenderAnnotationComments POST /api/PdfViewer/RenderPdfPages POST /api/PdfViewer/RenderThumbnailImages POST /api/PdfViewer/Unload POST /api/Phases/SaveProductPhase POST /api/Phases/SaveProductPhaseBatch POST /api/PhasesInstances/ChangePhaseStatus POST /api/PhasesInstances/GetOperatorActivities POST /api/PhasesInstances/UpdateInstance POST /api/Posts/UpdatePost POST /api/SalesOrders/SaveSalesOrder POST /api/TrackingData/UpdateTrackingData POST /api/TrackingData/newpart POST /api/TrackingData/trashpart POST /api/WareHouses/NewWareHouse POST /api/WorkOrders/SaveWorkOrder POST /api/iProdAuthentication/GetTokenV2
Found on 2025-11-07 07:39
-
-
Open service 4.232.99.1:443 · api.iprod.it
2026-01-09 02:22
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 09 Jan 2026 02:23:19 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2026-01-09 by HttpPluginCreate report
-
Open service 4.232.99.1:443 · api.iprod.it
2026-01-02 01:59
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 02 Jan 2026 01:59:48 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2026-01-02 by HttpPluginCreate report
-
Open service 4.232.99.1:443 · api.iprod.it
2025-12-30 12:13
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Tue, 30 Dec 2025 12:13:51 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2025-12-30 by HttpPluginCreate report
-
Open service 4.232.99.1:443 · api.iprod.it
2025-12-22 06:32
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Mon, 22 Dec 2025 06:32:06 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2025-12-22 by HttpPluginCreate report
-
Open service 4.232.99.1:443 · api.iprod.it
2025-12-20 18:28
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sat, 20 Dec 2025 18:28:23 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2025-12-20 by HttpPluginCreate report
-
Open service 4.232.99.1:443 · api.iprod.it
2025-12-19 02:26
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 19 Dec 2025 02:26:31 GMT Location: https://api.iprod.it/Login/UserLogin/?ReturnUrl=%2F Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:9a7a9170-54c8-43e5-9690-ed4db2ea3861 Content-Security-Policy: frame-ancestors 'self'; X-Frame-Options: DENY X-Content-Type-Options: nosniff
Found 2025-12-19 by HttpPluginCreate report