Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
t-mobile
51
In Scope
8
Out of Scope
In-Scope Assets (51)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Assets labeled as in-scope | OTHER | No | - | |
| Cellular Network Auth Bypass via Web/Mobile App | OTHER | No | - | |
| Internal Server via Internet Network | OTHER | No | - | |
| Self Register Account on T-Mobile Microsoft Entra ID | OTHER | No | - | |
| T&P Servers | OTHER | No | - | |
| https://*.uscc.com | URL | No | ||
| https://*.uscc.net | URL | No | ||
| https://*.uscellular.com | URL | No | ||
| https://account.t-mobile.com | URL | No | ||
| https://api.t-mobile.com | URL | No | ||
| https://api.vistarmedia.com | URL | No | ||
| https://api.vistarmedia.eu | URL | No | ||
| https://apps.apple.com/us/app/syncup-drive/id1576574297 | IOS | No | - | |
| https://apps.apple.com/us/app/syncup-kids/id1503394062 | IOS | No | - | |
| https://apps.apple.com/us/app/syncup-tracker/id1526380335 | IOS | No | - | |
| https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 | IOS | No | - | |
| https://apps.apple.com/us/app/t-mobile/id561625752 | IOS | No | - | |
| https://assets-cdn.vistarmedia.com | URL | No | ||
| https://audience-builder.vistarmedia.com | URL | No | ||
| https://clients.adstruc.com | URL | No | ||
| https://creatives.vistarmedia.com | URL | No | ||
| https://dashboard-04.moengage.com | URL | No | ||
| https://demo.adstruc.com | URL | No | ||
| https://devedge.t-mobile.com | URL | No | ||
| https://digits.t-mobile.com | URL | No | ||
| https://digits.t-mobile.com/ | OTHER | No | - | |
| https://docker-staging.adstruc.com | URL | No | ||
| https://docsite.vistarmedia.com | URL | No | ||
| https://job-svc-b.vistarmedia.com | URL | No | ||
| https://maps.vistarmedia.com | URL | No | ||
| https://metrobyt-mobile.com | URL | No | ||
| https://packages.cortexpowered.com | URL | No | ||
| https://play.google.com/store/apps/details?id=com.tmobile.drive | ANDROID | No | ||
| https://play.google.com/store/apps/details?id=com.tmobile.kids | ANDROID | No | ||
| https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile | ANDROID | No | ||
| https://play.google.com/store/apps/details?id=com.tmobile.syncuptag | ANDROID | No | ||
| https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US | ANDROID | No | ||
| https://portal.lrs.t-mobile.com | URL | No | ||
| https://production-delivery-metrics-svc.vistarmedia.com | URL | No | ||
| https://production-dynam-creative.vistarmedia.com | URL | No | ||
| https://sfleet.cortexpowered.com | URL | No | ||
| https://sflower.cortexpowered.com | URL | No | ||
| https://sprint.com | URL | No | ||
| https://staging-login.vistarmedia.com | URL | No | ||
| https://staging-trafficking.vistarmedia.com | URL | No | ||
| https://storybook.vistarmedia.com | URL | No | ||
| https://t-mobile.com | URL | No | ||
| https://tess.service-now.com | URL | No | ||
| https://tfb.t-mobile.com | URL | No | ||
| https://transcodes-cdn.vistarmedia.com | URL | No | ||
| https://www.assurancewireless.com | URL | No |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.mobile.uscc.com | URL | No | |
| *.mobile.uscc.net | URL | No | |
| *.sprint.net | URL | No | |
| /self-service-* | URL | No | |
| Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus. | OTHER | No | |
| eventmanager.uscellular.com | URL | No | |
| events.eventmanager.uscellular.com | URL | No | |
| global.eventmanager.uscellular.com | URL | No |