t-mobile
82
In Scope
6
Out of Scope
In-Scope Assets (82)
Out-of-Scope Assets (6)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.mobile.uscc.com | URL | Yes | |
| *.mobile.uscc.net | URL | Yes | |
| *.sprint.net | URL | Yes | |
| /self-service-* | URL | Yes | |
| Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus. | OTHER | Yes | |
| https://*.moengage.com | URL | Yes |
Scope Changes (552)
Mar 20, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://rc.tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://www.blismedia.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://development.msaudience.com | URL | In Scope | 18:45 |
| Removed | https://m.blismedia.com | URL | In Scope | 18:45 |
| Removed | https://events.blis.com | URL | In Scope | 18:45 |
| Removed | https://rc.msaudience.com | URL | In Scope | 18:45 |
| Removed | https://www.blis.com | URL | In Scope | 18:45 |
| Removed | https://development.emaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://register.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://blismedia.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.msaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://blis.co.uk | URL | In Scope | 18:45 |
| Removed | https://imply.rc.wmaudience.com | URL | In Scope | 18:45 |
| Removed | https://groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://development.telekom.blis.com | URL | In Scope | 18:45 |
| Removed | https://tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.emaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://www.blis.media | URL | In Scope | 18:45 |
| Removed | https://rc.atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://imply.tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://development.t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://development.publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://rc.groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.msaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.emaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://la.lb.infinity.gcp.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://imply.msaudience.com | URL | In Scope | 18:45 |
| Removed | https://amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.wmaudience.com | URL | In Scope | 18:45 |
| Removed | https://t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://rc.publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://telekom.blis.com | URL | In Scope | 18:45 |
| Removed | https://rc.t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://development.groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://rc.emaudience.com | URL | In Scope | 18:45 |
| Removed | https://msaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://emaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.telekom.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.telekom.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://us.blis.com | URL | In Scope | 18:45 |
| Removed | https://www.blis.co.uk | URL | In Scope | 18:45 |
| Removed | https://development.atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.telekom.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://development.tpmaudience.com | URL | In Scope | 18:45 |
| Removed | https://rc.amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://blis.media | URL | In Scope | 18:45 |
| Removed | https://imply.rc.t-ads.blis.com | URL | In Scope | 18:45 |
| Removed | https://development.amazon-tacticalplanner.com | URL | In Scope | 18:45 |
| Removed | https://imply.development.publicis.blis.com | URL | In Scope | 18:45 |
| Removed | https://imply.rc.atom-lens.com | URL | In Scope | 18:45 |
| Removed | https://imply.emaudience.com | URL | In Scope | 18:45 |
| Removed | https://imply.groupmaudience.com | URL | In Scope | 18:45 |
| Removed | https://rc.telekom.blis.com | URL | In Scope | 18:45 |
Mar 18, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://wmaudience.com | URL | In Scope | 17:45 |
| Added | https://www.blis.co.uk | URL | In Scope | 17:45 |
| Added | https://www.blis.com | URL | In Scope | 17:45 |
| Added | https://www.blis.media | URL | In Scope | 17:45 |
| Added | https://www.blismedia.com | URL | In Scope | 17:45 |
| Added | https://platform.blis.com | URL | In Scope | 17:45 |
| Added | https://platform.blismedia.com | URL | In Scope | 17:45 |
| Added | https://platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://platform.development2.blis.com | URL | In Scope | 17:45 |
| Added | https://platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://privacy.blismedia.com | URL | In Scope | 17:45 |
| Added | https://publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://rc.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://rc.emaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.msaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://register.blis.com | URL | In Scope | 17:45 |
| Added | https://signature.blis.com | URL | In Scope | 17:45 |
| Added | https://sitepixel.blis.com | URL | In Scope | 17:45 |
| Added | https://sitepixel.dev.blis.com | URL | In Scope | 17:45 |
| Added | https://t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://us.blis.com | URL | In Scope | 17:45 |
| Added | https://wiki.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.internal.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://internal.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://m.blismedia.com | URL | In Scope | 17:45 |
| Added | https://msaudience.com | URL | In Scope | 17:45 |
| Added | https://platform.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.development.msaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://signature.blis.com | URL | In Scope | 17:45 |
| Added | https://sitepixel.dev.blis.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://www.blismedia.com | URL | In Scope | 17:45 |
| Added | https://imply.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.msaudience.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://development.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.development.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://jenkins-github.gcp.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://wmaudience.com | URL | In Scope | 17:45 |
| Added | https://platform.development2.blis.com | URL | In Scope | 17:45 |
| Added | https://development.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://events.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.msaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://platform.blismedia.com | URL | In Scope | 17:45 |
| Added | https://t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://development.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.test.blis.com | URL | In Scope | 17:45 |
| Added | https://la.lb.infinity.gcp.blis.com | URL | In Scope | 17:45 |
| Added | https://platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://development.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.msaudience.com | URL | In Scope | 17:45 |
| Added | https://blis.co.uk | URL | In Scope | 17:45 |
| Added | https://blis.com | URL | In Scope | 17:45 |
| Added | https://emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://register.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://sitepixel.blis.com | URL | In Scope | 17:45 |
| Added | https://assets.development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://privacy.blismedia.com | URL | In Scope | 17:45 |
| Added | https://amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://audiencelogos.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.emaudience.com | URL | In Scope | 17:45 |
| Added | https://www.blis.media | URL | In Scope | 17:45 |
| Added | https://blismedia.com | URL | In Scope | 17:45 |
| Added | https://imply-pivot.blis.com | URL | In Scope | 17:45 |
| Added | https://imply-pivot.test.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.emaudience.com | URL | In Scope | 17:45 |
| Added | https://rc.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://development.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://development.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://development.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://www.blis.co.uk | URL | In Scope | 17:45 |
| Added | https://blis.media | URL | In Scope | 17:45 |
| Added | https://imply.rc.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://atom-lens.com | URL | In Scope | 17:45 |
| Added | https://rc.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://us.blis.com | URL | In Scope | 17:45 |
| Added | https://wiki.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://development.msaudience.com | URL | In Scope | 17:45 |
| Added | https://groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://www.blis.com | URL | In Scope | 17:45 |
| Added | https://rc.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://development.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://creative.infinity.blismedia.com | URL | In Scope | 17:45 |
| Added | https://rc.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://rc.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://assets.development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://assets.platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://atom-lens.com | URL | In Scope | 17:45 |
| Added | https://audiencelogos.blis.com | URL | In Scope | 17:45 |
| Added | https://blis.co.uk | URL | In Scope | 17:45 |
| Added | https://blis.com | URL | In Scope | 17:45 |
| Added | https://blis.media | URL | In Scope | 17:45 |
| Added | https://blismedia.com | URL | In Scope | 17:45 |
| Added | https://creative.infinity.blismedia.com | URL | In Scope | 17:45 |
| Added | https://development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://development.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://development.emaudience.com | URL | In Scope | 17:45 |
| Added | https://development.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://development.msaudience.com | URL | In Scope | 17:45 |
| Added | https://development.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://development.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://development.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://development.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://development.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://emaudience.com | URL | In Scope | 17:45 |
| Added | https://events.blis.com | URL | In Scope | 17:45 |
| Added | https://groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply-pivot.blis.com | URL | In Scope | 17:45 |
| Added | https://imply-pivot.test.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.development.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.development.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.msaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.development.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.development.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.internal.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.msaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.development.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.platform.rc.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.amazon-tacticalplanner.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.atom-lens.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.emaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.groupmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.msaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.publicis.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.rc.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.t-ads.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.telekom.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.test.blis.com | URL | In Scope | 17:45 |
| Added | https://imply.tpmaudience.com | URL | In Scope | 17:45 |
| Added | https://imply.wmaudience.com | URL | In Scope | 17:45 |
| Added | https://internal.platform.blis.com | URL | In Scope | 17:45 |
| Added | https://jenkins-github.gcp.blis.com | URL | In Scope | 17:45 |
| Added | https://la.lb.infinity.gcp.blis.com | URL | In Scope | 17:45 |
| Added | https://m.blismedia.com | URL | In Scope | 17:45 |
| Added | https://msaudience.com | URL | In Scope | 17:45 |
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 22:29 |
| Added | *.moengage.com | URL | Out of Scope | 22:29 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 22:29 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 22:29 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 22:29 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://demo.adstruc.com | URL | In Scope | 22:29 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 22:29 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://digits.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscellular.com | WILDCARD | In Scope | 22:29 |
| Added | https://www.assurancewireless.com | URL | In Scope | 22:29 |
| Added | assets labeled as in-scope | OTHER | In Scope | 22:29 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 22:29 |
| Added | https://account.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 22:29 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 22:29 |
| Added | https://sprint.com | URL | In Scope | 22:29 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tess.service-now.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 22:29 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 22:29 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscc.net | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 22:29 |
| Added | /self-service-* | URL | Out of Scope | 22:29 |
| Added | https://t-mobile.com | URL | In Scope | 22:29 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 22:29 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://clients.adstruc.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 22:29 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 22:29 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 22:29 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | t&p servers | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 22:29 |
| Added | https://api.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscc.com | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 22:29 |
| Added | internal server via internet network | OTHER | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 22:29 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 22:29 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 22:29 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 22:29 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 22:29 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 22:29 |
| Added | t&p servers | OTHER | In Scope | 22:29 |
| Added | internal server via internet network | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 22:29 |
| Added | https://account.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 22:29 |
| Added | https://sprint.com | URL | In Scope | 22:29 |
| Added | https://t-mobile.com | URL | In Scope | 22:29 |
| Added | https://api.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tess.service-now.com | URL | In Scope | 22:29 |
| Added | https://digits.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 22:29 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 22:29 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://clients.adstruc.com | URL | In Scope | 22:29 |
| Added | https://demo.adstruc.com | URL | In Scope | 22:29 |
| Added | *.uscc.net | URL | In Scope | 22:29 |
| Added | *.uscc.com | URL | In Scope | 22:29 |
| Added | *.uscellular.com | URL | In Scope | 22:29 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 22:29 |
| Added | https://www.assurancewireless.com | URL | In Scope | 22:29 |
| Added | *.assurancewireless.com | URL | In Scope | 22:29 |
| Added | assets labeled as in-scope | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 22:29 |
| Added | https://digits.t-mobile.com/ | OTHER | In Scope | 22:29 |
| Added | *.sprint.net | URL | Out of Scope | 22:29 |
| Added | /self-service-* | URL | Out of Scope | 22:29 |
| Added | *.mobile.uscc.net | URL | Out of Scope | 22:29 |
| Added | *.mobile.uscc.com | URL | Out of Scope | 22:29 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | /self-service-* | URL | Out of Scope | 19:12 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 19:12 |
| Added | https://demo.adstruc.com | URL | In Scope | 19:12 |
| Added | *.uscc.com | WILDCARD | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 19:12 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 19:12 |
| Added | *.uscellular.com | WILDCARD | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 19:12 |
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 19:12 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://clients.adstruc.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 19:12 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 19:12 |
| Added | t&p servers | OTHER | In Scope | 19:12 |
| Added | https://sprint.com | URL | In Scope | 19:12 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 19:12 |
| Added | https://tess.service-now.com | URL | In Scope | 19:12 |
| Added | https://t-mobile.com | URL | In Scope | 19:12 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 19:12 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 19:12 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 19:12 |
| Added | internal server via internet network | OTHER | In Scope | 19:12 |
| Added | https://api.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 19:12 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://www.assurancewireless.com | URL | In Scope | 19:12 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://account.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://api.vistarmedia.com | URL | In Scope | 19:12 |
| Added | *.uscc.net | WILDCARD | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 19:12 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 19:12 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 19:12 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 19:12 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 19:12 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 19:12 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 19:12 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 19:12 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 19:12 |
| Added | assets labeled as in-scope | OTHER | In Scope | 19:12 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 19:12 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 19:12 |
| Added | https://digits.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 19:12 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 19:12 |
| Program Removed | — | — | — | 17:22 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 17:01 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 17:01 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 17:01 |
| Added | t&p servers | OTHER | In Scope | 17:01 |
| Added | internal server via internet network | OTHER | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 17:01 |
| Added | https://account.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 17:01 |
| Added | https://sprint.com | URL | In Scope | 17:01 |
| Added | https://t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://tess.service-now.com | URL | In Scope | 17:01 |
| Added | https://digits.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 17:01 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 17:01 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://clients.adstruc.com | URL | In Scope | 17:01 |
| Added | https://demo.adstruc.com | URL | In Scope | 17:01 |
| Added | *.uscc.net | URL | In Scope | 17:01 |
| Added | *.uscc.com | URL | In Scope | 17:01 |
| Added | *.uscellular.com | URL | In Scope | 17:01 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 17:01 |
| Added | https://www.assurancewireless.com | URL | In Scope | 17:01 |
| Added | *.assurancewireless.com | URL | In Scope | 17:01 |
| Added | assets labeled as in-scope | OTHER | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 17:01 |
| Added | https://digits.t-mobile.com/ | OTHER | In Scope | 17:01 |
| Added | *.sprint.net | URL | Out of Scope | 17:01 |
| Added | /self-service-* | URL | Out of Scope | 17:01 |
| Added | *.mobile.uscc.net | URL | Out of Scope | 17:01 |
| Added | *.mobile.uscc.com | URL | Out of Scope | 17:01 |
| Added | *.moengage.com | URL | Out of Scope | 17:01 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 17:01 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://account.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://sprint.com | URL | In Scope | 17:01 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 17:01 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://www.assurancewireless.com | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 17:01 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 17:01 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 17:01 |
| Added | https://api.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://clients.adstruc.com | URL | In Scope | 17:01 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 17:01 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 17:01 |
| Added | *.uscc.net | WILDCARD | In Scope | 17:01 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 17:01 |
| Added | t&p servers | OTHER | In Scope | 17:01 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 17:01 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 17:01 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 17:01 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 17:01 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://demo.adstruc.com | URL | In Scope | 17:01 |
| Added | *.uscellular.com | WILDCARD | In Scope | 17:01 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 17:01 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 17:01 |
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 17:01 |
| Added | https://t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 17:01 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 17:01 |
| Added | internal server via internet network | OTHER | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 17:01 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.uscc.com | WILDCARD | In Scope | 17:01 |
| Added | https://digits.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 17:01 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 17:01 |
| Added | assets labeled as in-scope | OTHER | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 17:01 |
| Added | /self-service-* | URL | Out of Scope | 17:01 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 17:01 |
| Added | https://tess.service-now.com | URL | In Scope | 17:01 |