Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

xfinity-home

BugcrowdView on Bugcrowd
RawAI Enhanced
26
In Scope
31
Out of Scope

In-Scope Assets (26)

AssetCategoryBountyQuick Links
*-cvr-aws-*.sys.comcast.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
*.dh-commerce.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
*.ssr.ccp.xcal.tvURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
*.xfinityhome.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
*.xfiplatform.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
*signalservice.comcast.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
Internet.xfinity.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
Xfinity Android mobile appANDROIDNo-
Xfinity Home Hardware (items listed below in brief)HARDWARENo-
Xfinity Home camerasHARDWARENo-
Xfinity iOS mobile appIOSNo-
aiq-prod.codebig2.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
csp-pci.prod.codebig2.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
gw.api.dh.comcast.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
https://apps.apple.com/us/app/xfinity/id1178765645IOSNo-
https://csp-prod.codebig2.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
https://home.xfinity.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
https://play.google.com/store/apps/details?id=com.xfinity.digitalhome&hl=en_US&gl=USANDROIDNo
Play Store
orc-xfi.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
siorc.xfinity.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
smartinet.xfinity.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
speedtest.xfinity.comURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
xFi Gateways (e.g., XB3, XB6, XB7)HARDWARENo-
xFi PodsHARDWARENo-
xhomeapi-*.cloud.comcast.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
xhomeapi-*.codebig2.netURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotal
Out-of-Scope Assets (31)
AssetCategoryBounty
*.adnxs.comURLNo
*.adobedtm.comURLNo
*.amazon-adsystem.comURLNo
*.appcenter.msURLNo
*.cimcontent.netURLNo
*.criteo.netURLNo
*.demdex.netURLNo
*.fwmrm.netURLNo
*.hfc.comcastbusiness.netURLNo
*.hsd1.*.comcast.netURLNo
*.identity.xfinity.comURLNo
*.kampyle.comURLNo
*.openx.netURLNo
*.pulseinsights.comURLNo
*.webcontentassessor.comURLNo
*.wurfulcloud.comURLNo
*.xerxessecure.comURLNo
10.0.0.0/8OTHERNo
172.26.128.0/18OTHERNo
184.112.0.0/13OTHERNo
184.122.0.0/15OTHERNo
3rd Party Devices (known as Works with Xfinity)HARDWARENo
50.128.0.0/12OTHERNo
50.152.0.0/13OTHERNo
96.201.0.0/16OTHERNo
96.202.128.0/17OTHERNo
96.203.0.0/16OTHERNo
\*\business.comcast.comURLNo
admin.selectwifi.xfinity.comURLNo
https://login.xfinity.comURLNo
oauth.xfinity.comURLNo