immutable
13
In Scope
8
Out of Scope
In-Scope Assets (13)
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| ██████████████ | OTHER | Yes | |
| ████████████████ | OTHER | Yes | |
| █████████████████ | OTHER | Yes | |
| ███████████████████ | OTHER | Yes | |
| ██████████████████████ | OTHER | Yes | |
| ██████████████████████████████████████████ | OTHER | Yes | |
| █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Yes | |
| ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Yes |
Scope Changes (196)
May 11, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | ███████████████████ | OTHER | Out of Scope | 00:28 |
| Added | █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | █████████████████████████████████████████████ | URL | In Scope | 00:28 |
| Added | ████████████████████████████████████████████████████ | URL | In Scope | 00:28 |
| Added | ████████████ | OTHER | In Scope | 00:28 |
| Added | █████████████████████████████████ | URL | In Scope | 00:28 |
| Added | █████████████████████████ | URL | In Scope | 00:28 |
| Added | ████████████████████████████ | URL | In Scope | 00:28 |
| Added | ███████████████ | URL | In Scope | 00:28 |
| Added | ███████████ | URL | In Scope | 00:28 |
| Added | █████████████████████ | OTHER | In Scope | 00:28 |
| Added | ███████████████████████ | OTHER | In Scope | 00:28 |
| Added | █████████████████████████████ | URL | In Scope | 00:28 |
| Added | ███████████████████████████ | URL | In Scope | 00:28 |
| Added | █████████████ | URL | In Scope | 00:28 |
| Added | ███████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████ | OTHER | Out of Scope | 00:28 |
| Added | █████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ██████████████████████ | OTHER | Out of Scope | 00:28 |
| Removed | https://api.x.immutable.com/ | URL | In Scope | 00:28 |
| Removed | https://docs.immutable.com/ | URL | In Scope | 00:28 |
| Removed | *.immutable.com | URL | In Scope | 00:28 |
| Removed | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 00:28 |
| Removed | https://hub.immutable.com/ | URL | In Scope | 00:28 |
| Removed | *.imtbl.com | URL | In Scope | 00:28 |
| Removed | godsunchained.com | OTHER | Out of Scope | 00:28 |
| Removed | https://passport.immutable.com/ | URL | In Scope | 00:28 |
| Removed | https://api.immutable.com | URL | In Scope | 00:28 |
| Removed | https://market.immutable.com/ | URL | In Scope | 00:28 |
| Removed | testnet.immutable.com | OTHER | In Scope | 00:28 |
| Removed | gogbackend.com | OTHER | Out of Scope | 00:28 |
| Removed | *.gogbackend.com | OTHER | Out of Scope | 00:28 |
| Removed | https://play.immutable.com | URL | In Scope | 00:28 |
| Removed | *.testnet.immutable.com | OTHER | In Scope | 00:28 |
| Removed | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | OTHER | In Scope | 00:28 |
| Removed | imx.community | URL | In Scope | 00:28 |
| Removed | *.godsunchained.com | OTHER | Out of Scope | 00:28 |
| Removed | *.guildofguardians.com | OTHER | Out of Scope | 00:28 |
| Removed | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | OTHER | Out of Scope | 00:28 |
| Removed | anything that does not belong to immutable | OTHER | Out of Scope | 00:28 |
| Removed | https://link.x.immutable.com/ | URL | In Scope | 00:28 |
| Removed | https://auth.immutable.com | URL | In Scope | 00:28 |
| Added | ████████████████████████████████████████████████████ | URL | In Scope | 00:28 |
| Added | █████████████████████████ | URL | In Scope | 00:28 |
| Added | ███████████████ | URL | In Scope | 00:28 |
| Added | ███████████ | URL | In Scope | 00:28 |
| Added | █████████████████████████████ | URL | In Scope | 00:28 |
| Added | ██████████████ | OTHER | Out of Scope | 00:28 |
| Added | █████████████████████████████████ | URL | In Scope | 00:28 |
| Added | ████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ███████████████████████████ | URL | In Scope | 00:28 |
| Added | █████████████████████████████████████████████ | URL | In Scope | 00:28 |
| Added | ████████████ | OTHER | In Scope | 00:28 |
| Added | █████████████████████ | CIDR | In Scope | 00:28 |
| Added | █████████████████ | OTHER | Out of Scope | 00:28 |
| Added | ████████████████████████████ | URL | In Scope | 00:28 |
| Added | ███████████████████████ | CIDR | In Scope | 00:28 |
| Added | █████████████ | URL | In Scope | 00:28 |
| Added | ██████████████████████████████████████████ | OTHER | Out of Scope | 00:28 |
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 22:26 |
| Added | *.guildofguardians.com | WILDCARD | Out of Scope | 22:26 |
| Added | anything that does not belong to immutable | OTHER | Out of Scope | 22:26 |
| Added | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | OTHER | Out of Scope | 22:26 |
| Added | *.guildofguardians.com | OTHER | Out of Scope | 22:26 |
| Added | https://auth.immutable.com | URL | In Scope | 22:26 |
| Added | https://market.immutable.com/ | URL | In Scope | 22:26 |
| Added | *.godsunchained.com | WILDCARD | Out of Scope | 22:26 |
| Added | https://play.immutable.com | URL | In Scope | 22:26 |
| Added | *.imtbl.com | WILDCARD | In Scope | 22:26 |
| Added | imx.community | URL | In Scope | 22:26 |
| Added | gogbackend.com | URL | Out of Scope | 22:26 |
| Added | godsunchained.com | URL | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 22:26 |
| Added | https://docs.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://passport.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://hub.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://api.immutable.com | URL | In Scope | 22:26 |
| Added | https://api.x.immutable.com/ | URL | In Scope | 22:26 |
| Added | *.testnet.immutable.com | WILDCARD | In Scope | 22:26 |
| Added | https://link.x.immutable.com/ | URL | In Scope | 22:26 |
| Added | *.gogbackend.com | WILDCARD | Out of Scope | 22:26 |
| Added | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | URL | In Scope | 22:26 |
| Added | *.immutable.com | WILDCARD | In Scope | 22:26 |
| Added | testnet.immutable.com | URL | In Scope | 22:26 |
| Added | https://passport.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://auth.immutable.com | URL | In Scope | 22:26 |
| Added | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | OTHER | In Scope | 22:26 |
| Added | https://hub.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://play.immutable.com | URL | In Scope | 22:26 |
| Added | https://api.immutable.com | URL | In Scope | 22:26 |
| Added | https://api.x.immutable.com/ | URL | In Scope | 22:26 |
| Added | *.immutable.com | URL | In Scope | 22:26 |
| Added | *.imtbl.com | URL | In Scope | 22:26 |
| Added | testnet.immutable.com | OTHER | In Scope | 22:26 |
| Added | *.testnet.immutable.com | OTHER | In Scope | 22:26 |
| Added | https://link.x.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://market.immutable.com/ | URL | In Scope | 22:26 |
| Added | https://docs.immutable.com/ | URL | In Scope | 22:26 |
| Added | imx.community | URL | In Scope | 22:26 |
| Added | *.godsunchained.com | OTHER | Out of Scope | 22:26 |
| Added | *.gogbackend.com | OTHER | Out of Scope | 22:26 |
| Added | gogbackend.com | OTHER | Out of Scope | 22:26 |
| Added | godsunchained.com | OTHER | Out of Scope | 22:26 |
| Added | anything that does not belong to immutable | OTHER | Out of Scope | 22:26 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.imtbl.com | WILDCARD | In Scope | 19:09 |
| Added | testnet.immutable.com | URL | In Scope | 19:09 |
| Added | *.testnet.immutable.com | WILDCARD | In Scope | 19:09 |
| Added | *.godsunchained.com | WILDCARD | Out of Scope | 19:09 |
| Added | anything that does not belong to immutable | OTHER | Out of Scope | 19:09 |
| Added | *.guildofguardians.com | WILDCARD | Out of Scope | 19:09 |
| Added | https://docs.immutable.com/ | URL | In Scope | 19:09 |
| Added | https://passport.immutable.com/ | URL | In Scope | 19:09 |
| Added | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | URL | In Scope | 19:09 |
| Added | https://hub.immutable.com/ | URL | In Scope | 19:09 |
| Added | *.immutable.com | WILDCARD | In Scope | 19:09 |
| Added | https://link.x.immutable.com/ | URL | In Scope | 19:09 |
| Added | *.gogbackend.com | WILDCARD | Out of Scope | 19:09 |
| Added | https://play.immutable.com | URL | In Scope | 19:09 |
| Added | imx.community | URL | In Scope | 19:09 |
| Added | https://auth.immutable.com | URL | In Scope | 19:09 |
| Added | https://api.x.immutable.com/ | URL | In Scope | 19:09 |
| Added | https://market.immutable.com/ | URL | In Scope | 19:09 |
| Added | gogbackend.com | URL | Out of Scope | 19:09 |
| Added | godsunchained.com | URL | Out of Scope | 19:09 |
| Added | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 19:09 |
| Added | https://api.immutable.com | URL | In Scope | 19:09 |
| Program Removed | — | — | — | 17:22 |
| Added | https://passport.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://auth.immutable.com | URL | In Scope | 16:59 |
| Added | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | OTHER | In Scope | 16:59 |
| Added | https://hub.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://play.immutable.com | URL | In Scope | 16:59 |
| Added | https://api.immutable.com | URL | In Scope | 16:59 |
| Added | https://api.x.immutable.com/ | URL | In Scope | 16:59 |
| Added | *.immutable.com | URL | In Scope | 16:59 |
| Added | *.imtbl.com | URL | In Scope | 16:59 |
| Added | testnet.immutable.com | OTHER | In Scope | 16:59 |
| Added | *.testnet.immutable.com | OTHER | In Scope | 16:59 |
| Added | https://link.x.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://market.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://docs.immutable.com/ | URL | In Scope | 16:59 |
| Added | imx.community | URL | In Scope | 16:59 |
| Added | *.godsunchained.com | OTHER | Out of Scope | 16:59 |
| Added | *.gogbackend.com | OTHER | Out of Scope | 16:59 |
| Added | gogbackend.com | OTHER | Out of Scope | 16:59 |
| Added | godsunchained.com | OTHER | Out of Scope | 16:59 |
| Added | anything that does not belong to immutable | OTHER | Out of Scope | 16:59 |
| Added | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | OTHER | Out of Scope | 16:59 |
| Added | *.guildofguardians.com | OTHER | Out of Scope | 16:59 |
| Added | https://api.immutable.com | URL | In Scope | 16:59 |
| Added | https://api.x.immutable.com/ | URL | In Scope | 16:59 |
| Added | *.testnet.immutable.com | WILDCARD | In Scope | 16:59 |
| Added | godsunchained.com | URL | Out of Scope | 16:59 |
| Added | https://hub.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://play.immutable.com | URL | In Scope | 16:59 |
| Added | *.immutable.com | WILDCARD | In Scope | 16:59 |
| Added | *.imtbl.com | WILDCARD | In Scope | 16:59 |
| Added | https://link.x.immutable.com/ | URL | In Scope | 16:59 |
| Added | *.gogbackend.com | WILDCARD | Out of Scope | 16:59 |
| Added | anything that does not belong to immutable | OTHER | Out of Scope | 16:59 |
| Added | *.guildofguardians.com | WILDCARD | Out of Scope | 16:59 |
| Added | https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport | URL | In Scope | 16:59 |
| Added | testnet.immutable.com | URL | In Scope | 16:59 |
| Added | https://market.immutable.com/ | URL | In Scope | 16:59 |
| Added | gogbackend.com | URL | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) | WILDCARD | Out of Scope | 16:59 |
| Added | https://passport.immutable.com/ | URL | In Scope | 16:59 |
| Added | https://auth.immutable.com | URL | In Scope | 16:59 |
| Added | https://docs.immutable.com/ | URL | In Scope | 16:59 |
| Added | imx.community | URL | In Scope | 16:59 |
| Added | *.godsunchained.com | WILDCARD | Out of Scope | 16:59 |
| Added | any data exposure bug that are classified as public data such as ethereum wallet address, nft purchase activity, or other public blockchain activity | OTHER | Out of Scope | 16:59 |