Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

tesco

HackerOneView on HackerOne

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (24)

Asset	Category	Bounty	Quick Links
.itesco.cz/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.itesco.sk/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.ourtesco.com/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco-europe.com/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco.com/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco.hu/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco.ie/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco.org/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tesco.sk/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tescocloud.com/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
.tescoplc.com/	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
389581236	IOS	No	-
857834425	IOS	No	-
API Assets	OTHER	No	-
Cloud Assets	OTHER	No	-
Domain, Subdomain & Zone Takeovers	OTHER	No	-
Exposed Sensitive Documents	OTHER	No	-
Leaked & Default Credentials	OTHER	No	-
Medium, High and Critical Severity Issue on Out-Of-Scope Assets	OTHER	No	-
Third-Party Managed Assets	OTHER	No	-
com.tesco.grocery.view	ANDROID	No	Play Store APKPure APKMirror
https://www.booker.co.uk/*	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.onestop.co.uk/*	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.tescomobile.com/*	WILDCARD	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (3)

Asset	Category	Bounty
Dunnhumby (Non-Critical)	OTHER	No
Tesco Bank	OTHER	No
com.tescobank.mobile	ANDROID	No

Scope Changes (81)

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	medium, high and critical severity issue on out-of-scope assets	OTHER	Out of Scope	19:14
Added	cloud assets	OTHER	In Scope	19:14
Added	api assets	OTHER	In Scope	19:14
Added	dunnhumby (non-critical)	OTHER	Out of Scope	19:14
Added	.tescocloud.com/	WILDCARD	In Scope	19:14
Added	.ourtesco.com/	WILDCARD	In Scope	19:14
Added	.itesco.cz/	WILDCARD	In Scope	19:14
Added	leaked & default credentials	OTHER	In Scope	19:14
Added	https://www.tescomobile.com/*	WILDCARD	In Scope	19:14
Added	com.tesco.grocery.view	ANDROID	In Scope	19:14
Added	https://www.booker.co.uk/*	WILDCARD	In Scope	19:14
Added	exposed sensitive documents	OTHER	In Scope	19:14
Added	857834425	IOS	In Scope	19:14
Added	389581236	IOS	In Scope	19:14
Added	.tesco.sk/	WILDCARD	In Scope	19:14
Added	com.tescobank.mobile	ANDROID	Out of Scope	19:14
Added	.tesco.hu/	WILDCARD	In Scope	19:14
Added	.tesco.com/	WILDCARD	In Scope	19:14
Added	.tesco-europe.com/	WILDCARD	In Scope	19:14
Added	https://www.onestop.co.uk/*	WILDCARD	In Scope	19:14
Added	.itesco.sk/	WILDCARD	In Scope	19:14
Added	third-party managed assets	OTHER	In Scope	19:14
Added	domain, subdomain & zone takeovers	OTHER	In Scope	19:14
Added	.tesco.ie/	WILDCARD	In Scope	19:14
Added	tesco bank	OTHER	Out of Scope	19:14
Added	.tescoplc.com/	WILDCARD	In Scope	19:14
Added	.tesco.org/	WILDCARD	In Scope	19:14

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	857834425	IOS	In Scope	00:44
Added	com.tesco.grocery.view	ANDROID	In Scope	00:44
Added	.itesco.cz/	WILDCARD	In Scope	00:44
Added	api assets	OTHER	In Scope	00:44
Added	medium, high and critical severity issue on out-of-scope assets	OTHER	Out of Scope	00:44
Added	https://www.onestop.co.uk/*	WILDCARD	In Scope	00:44
Added	.ourtesco.com/	WILDCARD	In Scope	00:44
Added	.tesco-europe.com/	WILDCARD	In Scope	00:44
Added	.tesco.com/	WILDCARD	In Scope	00:44
Added	leaked & default credentials	OTHER	In Scope	00:44
Added	third-party managed assets	OTHER	In Scope	00:44
Added	.itesco.sk/	WILDCARD	In Scope	00:44
Added	.tesco.hu/	WILDCARD	In Scope	00:44
Added	.tesco.ie/	WILDCARD	In Scope	00:44
Added	https://www.tescomobile.com/*	WILDCARD	In Scope	00:44
Added	tesco bank	OTHER	Out of Scope	00:44
Added	com.tescobank.mobile	ANDROID	Out of Scope	00:44
Added	.tesco.sk/	WILDCARD	In Scope	00:44
Added	389581236	IOS	In Scope	00:44
Added	cloud assets	OTHER	In Scope	00:44
Added	domain, subdomain & zone takeovers	OTHER	In Scope	00:44
Added	exposed sensitive documents	OTHER	In Scope	00:44
Added	https://www.booker.co.uk/*	WILDCARD	In Scope	00:44
Added	.tescocloud.com/	WILDCARD	In Scope	00:44
Added	.tesco.org/	WILDCARD	In Scope	00:44
Added	.tescoplc.com/	WILDCARD	In Scope	00:44
Added	dunnhumby (non-critical)	OTHER	Out of Scope	00:44

Feb 21, 2026

Change	Asset	Category	Scope	Time
Added	.tesco.sk/	WILDCARD	In Scope	19:12
Added	com.tescobank.mobile	ANDROID	Out of Scope	19:12
Added	tesco bank	OTHER	Out of Scope	19:12
Added	dunnhumby (non-critical)	OTHER	Out of Scope	19:12
Added	.tescoplc.com/	WILDCARD	In Scope	19:12
Added	https://www.tescomobile.com/*	WILDCARD	In Scope	19:12
Added	.tescocloud.com/	WILDCARD	In Scope	19:12
Added	.tesco.org/	WILDCARD	In Scope	19:12
Added	.tesco.ie/	WILDCARD	In Scope	19:12
Added	.tesco.hu/	WILDCARD	In Scope	19:12
Added	.tesco.com/	WILDCARD	In Scope	19:12
Added	.tesco-europe.com/	WILDCARD	In Scope	19:12
Added	.ourtesco.com/	WILDCARD	In Scope	19:12
Added	https://www.onestop.co.uk/*	WILDCARD	In Scope	19:12
Added	.itesco.sk/	WILDCARD	In Scope	19:12
Added	.itesco.cz/	WILDCARD	In Scope	19:12
Added	com.tesco.grocery.view	ANDROID	In Scope	19:12
Added	https://www.booker.co.uk/*	WILDCARD	In Scope	19:12
Added	third-party managed assets	OTHER	In Scope	19:12
Added	medium, high and critical severity issue on out-of-scope assets	OTHER	In Scope	19:12
Added	leaked & default credentials	OTHER	In Scope	19:12
Added	exposed sensitive documents	OTHER	In Scope	19:12
Added	domain, subdomain & zone takeovers	OTHER	In Scope	19:12
Added	cloud assets	OTHER	In Scope	19:12
Added	api assets	OTHER	In Scope	19:12
Added	857834425	IOS	In Scope	19:12
Added	389581236	IOS	In Scope	19:12