LeakIX - Host booktime.org

Domain booktime.org

CLOUDFLARENET

Software information

cloudflare

tcp/443 tcp/80

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.71.166
Domain: api.booktime.org
Port: 80
URL: http://api.booktime.org

First seen 2025-10-29 18:44
Last seen 2026-01-08 23:49
Open for 71 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed63651ec92556

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/recommended-series
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/MD5/bookAudio
POST /v1/MD5/languageResourceFile
POST /v1/MD5/readingEnginesFiles
POST /v1/MD5/voiceSample
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-08 23:49

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365b10533ff

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-12-01 14:28

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365ab7c7b2f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-11-23 13:30

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f378535fcba4c8b25af31c015f9f4bbc2979c12c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-11-01 04:32

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.2.150
Domain: api.booktime.org
Port: 443
URL: https://api.booktime.org

First seen 2025-10-29 18:44
Last seen 2026-01-09 20:47
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed63651ec92556

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/recommended-series
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/MD5/bookAudio
POST /v1/MD5/languageResourceFile
POST /v1/MD5/readingEnginesFiles
POST /v1/MD5/voiceSample
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-09 20:47

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365b10533ff

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-12-01 02:12

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365ab7c7b2f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-11-23 10:25

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f378535fcba4c8b25af31c015f9f4bbc2979c12c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-11-02 00:54

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.3.150
Domain: api-dev.booktime.org
Port: 80
URL: http://api-dev.booktime.org

First seen 2025-10-29 17:48
Last seen 2026-01-09 20:46
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed63651ec92556

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/recommended-series
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/MD5/bookAudio
POST /v1/MD5/languageResourceFile
POST /v1/MD5/readingEnginesFiles
POST /v1/MD5/voiceSample
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-09 20:46

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365ab7c7b2f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-12-01 10:09

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.2.150
Domain: cds-api-dev.booktime.org
Port: 80
URL: http://cds-api-dev.booktime.org

First seen 2025-12-03 03:09
Last seen 2026-01-09 17:38
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a1b363f1fe3fe71d80d1060a27d990051065929a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/age-ratings
GET /api/age-ratings/{id}
GET /api/book-source-types
GET /api/book-source-types/{id}
GET /api/book-types
GET /api/book-types/{id}
GET /api/books
GET /api/books/{id}
GET /api/contributor-multilingual/{contributor_id}
GET /api/contributor-multilingual/{id}
GET /api/contributors
GET /api/contributors/{id}
GET /api/groups
GET /api/groups/{id}
GET /api/languages
GET /api/languages/{id}
GET /api/lookups
GET /api/reading-levels
GET /api/reading-levels/{id}
GET /api/series
GET /api/series/{id}
GET /api/tags
GET /api/tags-multi-language
GET /api/tags-multi-language/{id}
GET /api/tags/{id}
GET /api/user-roles
GET /api/user-roles/by-role/{roleId}
GET /api/user-roles/by-user/{userId}
GET /api/users
POST /api/contributor-multilingual
POST /api/user-roles/unassign

Found on 2026-01-09 17:38

Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
```
Public Swagger UI/API detected at path: /swagger/index.html
```
Found on 2025-12-06 01:44

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.2.150
Domain: api-dev.booktime.org
Port: 443
URL: https://api-dev.booktime.org

First seen 2025-10-29 17:48
Last seen 2026-01-09 06:32
Open for 71 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed63651ec92556

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/booktime-search
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/recommended-series
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/MD5/bookAudio
POST /v1/MD5/languageResourceFile
POST /v1/MD5/readingEnginesFiles
POST /v1/MD5/voiceSample
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-09 06:32

Severity: info
Fingerprint: 5733ddf49ff49cd1aad035499a14444549dafc13bd70ca9e12ed6365ab7c7b2f

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /deletion-status
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/language_resource_file
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/recommended-books
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /facebook-data-deletion
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/published-books
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2025-11-30 23:54

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.71.166
Domain: donation.api.booktime.org
Port: 443
URL: https://donation.api.booktime.org

First seen 2025-11-15 20:05
Last seen 2026-01-09 04:57
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549656625719795a1b080b4ee3f5c49d3095c49d309
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /donation/get-client-token
GET /donation/unsubscribe/{subscriptionId}/{projectId}
POST /donation
POST /donation/webhooks
```
  Found on 2026-01-09 04:57
Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.3.150
Domain: cds-api-dev.booktime.org
Port: 443
URL: https://cds-api-dev.booktime.org

First seen 2025-12-03 03:09
Last seen 2026-01-09 07:35
Open for 37 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a1b363f1fe3fe71d80d1060a27d990051065929a

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/age-ratings
GET /api/age-ratings/{id}
GET /api/book-source-types
GET /api/book-source-types/{id}
GET /api/book-types
GET /api/book-types/{id}
GET /api/books
GET /api/books/{id}
GET /api/contributor-multilingual/{contributor_id}
GET /api/contributor-multilingual/{id}
GET /api/contributors
GET /api/contributors/{id}
GET /api/groups
GET /api/groups/{id}
GET /api/languages
GET /api/languages/{id}
GET /api/lookups
GET /api/reading-levels
GET /api/reading-levels/{id}
GET /api/series
GET /api/series/{id}
GET /api/tags
GET /api/tags-multi-language
GET /api/tags-multi-language/{id}
GET /api/tags/{id}
GET /api/user-roles
GET /api/user-roles/by-role/{roleId}
GET /api/user-roles/by-user/{userId}
GET /api/users
POST /api/contributor-multilingual
POST /api/user-roles/unassign

Found on 2026-01-09 07:35

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.2.150
Domain: api-stag.booktime.org
Port: 443
URL: https://api-stag.booktime.org

First seen 2025-10-29 19:15
Last seen 2026-01-09 20:47
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f378535fcba4c8b25af31c015f9f4bbcc2b67d5c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-09 20:47

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.2.150
Domain: api-stag.booktime.org
Port: 80
URL: http://api-stag.booktime.org

First seen 2025-10-29 19:15
Last seen 2026-01-09 20:47
Open for 72 days

Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f378535fcba4c8b25af31c015f9f4bbcc2b67d5c

Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /v1/app-version/force-updates/{platform}
GET /v1/get-user-insights
GET /v1/reading-engines
GET /v1/reading-languages
GET /v1/users/profile
GET /v1/users/rating
GET /v1/users/status
GET /v1/users/{reading_language_iso_code}/favorites
GET /v1/{reading_language_iso_code}/books
GET /v1/{reading_language_iso_code}/books/{book_id}/download-url
GET /v1/{reading_language_iso_code}/carousel-books
GET /v1/{reading_language_iso_code}/carousel-books-v2
GET /v1/{reading_language_iso_code}/carousel-books_old
GET /v1/{reading_language_iso_code}/contributors/{contributor_id}/books
GET /v1/{reading_language_iso_code}/featured-books
GET /v1/{reading_language_iso_code}/featured-series
GET /v1/{reading_language_iso_code}/reading-levels
GET /v1/{reading_language_iso_code}/search
GET /v1/{reading_language_iso_code}/series
GET /v1/{reading_language_iso_code}/series/{series_id}
GET /v1/{reading_language_iso_code}/user-profile-books
GET /v1/{reading_language_iso_code}/user-profile-books-old
POST /v1/auth/refresh-token
POST /v1/auth/social-login
POST /v1/auth/student-login
POST /v1/auth/verify-otp
POST /v1/book-audio-track
POST /v1/insert-user-activity
POST /v1/sync-number-of-words
POST /v1/sync-table-of-content
POST /v1/user-reading
POST /v1/users
POST /v1/users/deactivate
POST /v1/users/{reading_language_iso_code}/downloads
POST /v1/voice-preferred
POST /v1/voices
POST /v1/{reading_language_iso_code}/auth/send-otp
POST /v1/{reading_language_iso_code}/contact-us

Found on 2026-01-09 20:47

Create report

Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.71.166
Domain: donation.api.booktime.org
Port: 80
URL: http://donation.api.booktime.org

First seen 2025-11-15 20:05
Last seen 2026-01-09 10:04
Open for 54 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549656625719795a1b080b4ee3f5c49d3095c49d309
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /donation/get-client-token
GET /donation/unsubscribe/{subscriptionId}/{projectId}
POST /donation
POST /donation/webhooks
```
  Found on 2026-01-09 10:04
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 172.67.71.166
Domain: dev-donation.api.booktime.org
Port: 443
URL: https://dev-donation.api.booktime.org

First seen 2025-11-15 12:30
Last seen 2026-01-13 12:43
Open for 59 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549656625719795a1b080b4ee3f5c49d3095c49d309
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /donation/get-client-token
GET /donation/unsubscribe/{subscriptionId}/{projectId}
POST /donation
POST /donation/webhooks
```
  Found on 2026-01-13 12:43
Create report
Swagger API description is publicly available

Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.

Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.

While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.

IP: 104.26.3.150
Domain: dev-donation.api.booktime.org
Port: 80
URL: http://dev-donation.api.booktime.org

First seen 2025-11-15 12:30
Last seen 2026-01-13 12:43
Open for 59 days
- Severity: info
  Fingerprint: 5733ddf49ff49cd1aad03549656625719795a1b080b4ee3f5c49d3095c49d309
```
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /donation/get-client-token
GET /donation/unsubscribe/{subscriptionId}/{projectId}
POST /donation
POST /donation/webhooks
```
  Found on 2026-01-13 12:43
Create report

Open service 104.26.2.150:443 · api-stag.booktime.org

2026-01-09 20:47

HTTP/1.1 404 Not Found
Date: Fri, 09 Jan 2026 20:47:30 GMT
Transfer-Encoding: chunked
Connection: close
Server: cloudflare
x-powered-by: ASP.NET
cf-cache-status: DYNAMIC
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=j4myhoadHhXJkUst73KfeKCLHi7wkVN1m4C%2FAY%2BVWtpzqIm5bvl%2BASU26PRKhLbYUM5hqwDSg0MqEJ1M%2FvpKx5BhX5Yz87tIURlZsGIrpoDY7IDA"}]}
CF-RAY: 9bb6ca3f2977048f-FRA

Found 2026-01-09 by HttpPlugin