Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

expediagroup

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (35)

Asset	Category	Bounty	Quick Links
*.abritel.fr	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.bookabach.co.nz	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.carrentals.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.cheaptickets.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.cruiseshipcenters.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.ean.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.ebookers.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.expedia.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.expediagroup.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.expediapartnercentral.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.expediapartnersolutions.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.fewo-direkt.de	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.flights.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.homeaway.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.hotels.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.hotwire.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.hotwirepartnercentral.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.lastminute.co.nz	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.lastminute.com.au	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.mrjet.se	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.orbitz.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.stayz.com.au	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.travelocity.ca	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.travelocity.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.vrbo.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
*.wotif.com	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
987675995	IOS	No	-
Other Expedia-owned Asset	OTHER	No	-
china.airasiago.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
com.expediapartnercentral	ANDROID	No	Play Store
http://www.cruiseshipcenters.com/api/searchcenter	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
thailand.airasiago.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
www.ebookers.fi	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
www.expedia-aarp.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal
www.vrbo.com	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal

Out-of-Scope Assets (5)

Asset	Category	Bounty
*.egadvertising.com	WILDCARD	No
*.expediaagents.com	WILDCARD	No
*.expediacruises.com	WILDCARD	No
*.hoteis.com	WILDCARD	No
*.hoteles.com	WILDCARD	No