t-mobile
51
In Scope
6
Out of Scope
In-Scope Assets (51)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Assets labeled as in-scope | OTHER | Yes | - | |
| Cellular Network Auth Bypass via Web/Mobile App | OTHER | Yes | - | |
| Internal Server via Internet Network | OTHER | Yes | - | |
| Self Register Account on T-Mobile Microsoft Entra ID | OTHER | Yes | - | |
| T&P Servers | OTHER | Yes | - | |
| https://*.assurancewireless.com | URL | Yes | ||
| https://*.uscc.com | URL | Yes | ||
| https://*.uscc.net | URL | Yes | ||
| https://*.uscellular.com | URL | Yes | ||
| https://account.t-mobile.com | URL | Yes | ||
| https://api.t-mobile.com | URL | Yes | ||
| https://api.vistarmedia.com | URL | Yes | ||
| https://api.vistarmedia.eu | URL | Yes | ||
| https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | Yes | - | |
| https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | Yes | - | |
| https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | Yes | - | |
| https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | Yes | - | |
| https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | Yes | - | |
| https://assets-cdn.vistarmedia.com | URL | Yes | ||
| https://audience-builder.vistarmedia.com | URL | Yes | ||
| https://clients.adstruc.com | URL | Yes | ||
| https://creatives.vistarmedia.com | URL | Yes | ||
| https://dashboard-101.moengage.com | URL | Yes | ||
| https://demo.adstruc.com | URL | Yes | ||
| https://devedge.t-mobile.com | URL | Yes | ||
| https://digits.t-mobile.com | URL | Yes | ||
| https://digits.t-mobile.com/ | OTHER | Yes | - | |
| https://docker-staging.adstruc.com | URL | Yes | ||
| https://docsite.vistarmedia.com | URL | Yes | ||
| https://job-svc-b.vistarmedia.com | URL | Yes | ||
| https://maps.vistarmedia.com | URL | Yes | ||
| https://metrobyt-mobile.com | URL | Yes | ||
| https://packages.cortexpowered.com | URL | Yes | ||
| https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | Yes | ||
| https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | Yes | ||
| https://production-delivery-metrics-svc.vistarmedia.com | URL | Yes | ||
| https://production-dynam-creative.vistarmedia.com | URL | Yes | ||
| https://sfleet.cortexpowered.com | URL | Yes | ||
| https://sflower.cortexpowered.com | URL | Yes | ||
| https://sprint.com | URL | Yes | ||
| https://staging-login.vistarmedia.com | URL | Yes | ||
| https://staging-trafficking.vistarmedia.com | URL | Yes | ||
| https://storybook.vistarmedia.com | URL | Yes | ||
| https://t-mobile.com | URL | Yes | ||
| https://tess.service-now.com | URL | Yes | ||
| https://tfb.t-mobile.com | URL | Yes | ||
| https://transcodes-cdn.vistarmedia.com | URL | Yes | ||
| https://www.assurancewireless.com | URL | Yes |
Out-of-Scope Assets (6)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.mobile.uscc.com | URL | Yes | |
| *.mobile.uscc.net | URL | Yes | |
| *.sprint.net | URL | Yes | |
| /self-service-* | URL | Yes | |
| Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus. | OTHER | Yes | |
| https://*.moengage.com | URL | Yes |
Scope Changes (286)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 22:29 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 22:29 |
| Added | t&p servers | OTHER | In Scope | 22:29 |
| Added | internal server via internet network | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 22:29 |
| Added | https://account.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 22:29 |
| Added | https://sprint.com | URL | In Scope | 22:29 |
| Added | https://t-mobile.com | URL | In Scope | 22:29 |
| Added | https://api.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tess.service-now.com | URL | In Scope | 22:29 |
| Added | https://digits.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 22:29 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 22:29 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://clients.adstruc.com | URL | In Scope | 22:29 |
| Added | https://demo.adstruc.com | URL | In Scope | 22:29 |
| Added | *.uscc.net | URL | In Scope | 22:29 |
| Added | *.uscc.com | URL | In Scope | 22:29 |
| Added | *.uscellular.com | URL | In Scope | 22:29 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 22:29 |
| Added | https://www.assurancewireless.com | URL | In Scope | 22:29 |
| Added | *.assurancewireless.com | URL | In Scope | 22:29 |
| Added | assets labeled as in-scope | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 22:29 |
| Added | https://digits.t-mobile.com/ | OTHER | In Scope | 22:29 |
| Added | *.sprint.net | URL | Out of Scope | 22:29 |
| Added | /self-service-* | URL | Out of Scope | 22:29 |
| Added | *.mobile.uscc.net | URL | Out of Scope | 22:29 |
| Added | *.mobile.uscc.com | URL | Out of Scope | 22:29 |
| Added | *.moengage.com | URL | Out of Scope | 22:29 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 22:29 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 22:29 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 22:29 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://demo.adstruc.com | URL | In Scope | 22:29 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 22:29 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://digits.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscellular.com | WILDCARD | In Scope | 22:29 |
| Added | https://www.assurancewireless.com | URL | In Scope | 22:29 |
| Added | assets labeled as in-scope | OTHER | In Scope | 22:29 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 22:29 |
| Added | https://account.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 22:29 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 22:29 |
| Added | https://sprint.com | URL | In Scope | 22:29 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://tess.service-now.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 22:29 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 22:29 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscc.net | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 22:29 |
| Added | /self-service-* | URL | Out of Scope | 22:29 |
| Added | https://t-mobile.com | URL | In Scope | 22:29 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 22:29 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 22:29 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://clients.adstruc.com | URL | In Scope | 22:29 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 22:29 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 22:29 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 22:29 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 22:29 |
| Added | t&p servers | OTHER | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 22:29 |
| Added | https://api.t-mobile.com | URL | In Scope | 22:29 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.uscc.com | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 22:29 |
| Added | internal server via internet network | OTHER | In Scope | 22:29 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 22:29 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 22:29 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 22:29 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 22:29 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 22:29 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 22:29 |
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 22:29 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | /self-service-* | URL | Out of Scope | 19:12 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 19:12 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 19:12 |
| Added | https://demo.adstruc.com | URL | In Scope | 19:12 |
| Added | *.uscc.com | WILDCARD | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 19:12 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 19:12 |
| Added | *.uscellular.com | WILDCARD | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 19:12 |
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 19:12 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://clients.adstruc.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 19:12 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 19:12 |
| Added | t&p servers | OTHER | In Scope | 19:12 |
| Added | https://sprint.com | URL | In Scope | 19:12 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 19:12 |
| Added | https://tess.service-now.com | URL | In Scope | 19:12 |
| Added | https://t-mobile.com | URL | In Scope | 19:12 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 19:12 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 19:12 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 19:12 |
| Added | internal server via internet network | OTHER | In Scope | 19:12 |
| Added | https://api.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 19:12 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://www.assurancewireless.com | URL | In Scope | 19:12 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://account.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://api.vistarmedia.com | URL | In Scope | 19:12 |
| Added | *.uscc.net | WILDCARD | In Scope | 19:12 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 19:12 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 19:12 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 19:12 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 19:12 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 19:12 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 19:12 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 19:12 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 19:12 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 19:12 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 19:12 |
| Added | assets labeled as in-scope | OTHER | In Scope | 19:12 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 19:12 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 19:12 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 19:12 |
| Added | https://digits.t-mobile.com | URL | In Scope | 19:12 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 19:12 |
| Program Removed | — | — | — | 17:22 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 17:01 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 17:01 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 17:01 |
| Added | t&p servers | OTHER | In Scope | 17:01 |
| Added | internal server via internet network | OTHER | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 17:01 |
| Added | https://account.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 17:01 |
| Added | https://sprint.com | URL | In Scope | 17:01 |
| Added | https://t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://tess.service-now.com | URL | In Scope | 17:01 |
| Added | https://digits.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 17:01 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 17:01 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://clients.adstruc.com | URL | In Scope | 17:01 |
| Added | https://demo.adstruc.com | URL | In Scope | 17:01 |
| Added | *.uscc.net | URL | In Scope | 17:01 |
| Added | *.uscc.com | URL | In Scope | 17:01 |
| Added | *.uscellular.com | URL | In Scope | 17:01 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 17:01 |
| Added | https://www.assurancewireless.com | URL | In Scope | 17:01 |
| Added | *.assurancewireless.com | URL | In Scope | 17:01 |
| Added | assets labeled as in-scope | OTHER | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 17:01 |
| Added | https://digits.t-mobile.com/ | OTHER | In Scope | 17:01 |
| Added | *.sprint.net | URL | Out of Scope | 17:01 |
| Added | /self-service-* | URL | Out of Scope | 17:01 |
| Added | *.mobile.uscc.net | URL | Out of Scope | 17:01 |
| Added | *.mobile.uscc.com | URL | Out of Scope | 17:01 |
| Added | *.moengage.com | URL | Out of Scope | 17:01 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 17:01 |
| Added | https://job-svc-b.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://account.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://sprint.com | URL | In Scope | 17:01 |
| Added | https://creatives.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://production-delivery-metrics-svc.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.assurancewireless.com | WILDCARD | In Scope | 17:01 |
| Added | https://docsite.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://www.assurancewireless.com | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | In Scope | 17:01 |
| Added | *.mobile.uscc.com | WILDCARD | Out of Scope | 17:01 |
| Added | any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the in-scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus | OTHER | Out of Scope | 17:01 |
| Added | https://api.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://clients.adstruc.com | URL | In Scope | 17:01 |
| Added | *.sprint.net | WILDCARD | Out of Scope | 17:01 |
| Added | self register account on t-mobile microsoft entra id | OTHER | In Scope | 17:01 |
| Added | *.uscc.net | WILDCARD | In Scope | 17:01 |
| Added | https://devedge.t-mobile.com | URL | In Scope | 17:01 |
| Added | t&p servers | OTHER | In Scope | 17:01 |
| Added | https://api.vistarmedia.eu | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | In Scope | 17:01 |
| Added | https://maps.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.moengage.com | WILDCARD | Out of Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | In Scope | 17:01 |
| Added | https://storybook.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://sfleet.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | In Scope | 17:01 |
| Added | https://metrobyt-mobile.com | URL | In Scope | 17:01 |
| Added | https://packages.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://sflower.cortexpowered.com | URL | In Scope | 17:01 |
| Added | https://demo.adstruc.com | URL | In Scope | 17:01 |
| Added | *.uscellular.com | WILDCARD | In Scope | 17:01 |
| Added | https://dashboard-101.moengage.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | In Scope | 17:01 |
| Added | https://tfb.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | In Scope | 17:01 |
| Added | *.mobile.uscc.net | WILDCARD | Out of Scope | 17:01 |
| Added | https://t-mobile.com | URL | In Scope | 17:01 |
| Added | https://api.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://staging-trafficking.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://audience-builder.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | In Scope | 17:01 |
| Added | https://digits.t-mobile.com/ | URL | In Scope | 17:01 |
| Added | internal server via internet network | OTHER | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | In Scope | 17:01 |
| Added | https://transcodes-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://assets-cdn.vistarmedia.com | URL | In Scope | 17:01 |
| Added | *.uscc.com | WILDCARD | In Scope | 17:01 |
| Added | https://digits.t-mobile.com | URL | In Scope | 17:01 |
| Added | https://production-dynam-creative.vistarmedia.com | URL | In Scope | 17:01 |
| Added | https://docker-staging.adstruc.com | URL | In Scope | 17:01 |
| Added | https://staging-login.vistarmedia.com | URL | In Scope | 17:01 |
| Added | assets labeled as in-scope | OTHER | In Scope | 17:01 |
| Added | https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | In Scope | 17:01 |
| Added | https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | In Scope | 17:01 |
| Added | /self-service-* | URL | Out of Scope | 17:01 |
| Added | cellular network auth bypass via web/mobile app | OTHER | In Scope | 17:01 |
| Added | https://tess.service-now.com | URL | In Scope | 17:01 |