alasco-gmbh-bug-bounty-program
4
In Scope
8
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.alasco.de | OTHER | Yes | - | |
| *.alasco.rocks | OTHER | Yes | - | |
| api.alasco.de | URL | Yes | ||
| app.alasco.de | URL | Yes |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| Alasco will not provide access credentials to any system, not for testing and also not for issue validation. | OTHER | Yes | |
| All other domains or subdomains not listed in the above list of 'Scopes'. | OTHER | Yes | |
| However, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program. | OTHER | Yes | |
| Please note that all non-authenticated areas of our systems are in scope for this program. This means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward. | OTHER | Yes | |
| alasco.de | OTHER | Yes | |
| explore.alasco.com | OTHER | Yes | |
| explore.alasco.de | OTHER | Yes | |
| www.alasco.de | OTHER | Yes |
Scope Changes (44)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | explore.alasco.de | URL | Out of Scope | 19:09 |
| Added | www.alasco.de | URL | Out of Scope | 19:09 |
| Added | please note that all non-authenticated areas of our systems are in scope for this program. this means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward | OTHER | Out of Scope | 19:09 |
| Added | however, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program | OTHER | Out of Scope | 19:09 |
| Added | app.alasco.de | URL | In Scope | 19:09 |
| Added | api.alasco.de | URL | In Scope | 19:09 |
| Added | all other domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 19:09 |
| Added | explore.alasco.com | URL | Out of Scope | 19:09 |
| Added | alasco.de | URL | Out of Scope | 19:09 |
| Added | alasco will not provide access credentials to any system, not for testing and also not for issue validation | OTHER | Out of Scope | 19:09 |
| Added | *.alasco.de | WILDCARD | In Scope | 19:09 |
| Added | *.alasco.rocks | WILDCARD | In Scope | 19:09 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | explore.alasco.com | URL | Out of Scope | 00:52 |
| Added | explore.alasco.de | URL | Out of Scope | 00:52 |
| Added | alasco.de | URL | Out of Scope | 00:52 |
| Added | however, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program | OTHER | Out of Scope | 00:52 |
| Added | app.alasco.de | URL | In Scope | 00:52 |
| Added | *.alasco.rocks | WILDCARD | In Scope | 00:52 |
| Added | all other domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 00:52 |
| Added | www.alasco.de | URL | Out of Scope | 00:52 |
| Added | please note that all non-authenticated areas of our systems are in scope for this program. this means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward | OTHER | Out of Scope | 00:52 |
| Added | alasco will not provide access credentials to any system, not for testing and also not for issue validation | OTHER | Out of Scope | 00:52 |
| Added | api.alasco.de | URL | In Scope | 00:52 |
| Added | *.alasco.de | WILDCARD | In Scope | 00:52 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | alasco will not provide access credentials to any system, not for testing and also not for issue validation | OTHER | Out of Scope | 21:40 |
| Removed | *.alasco.rocks | OTHER | In Scope | 21:40 |
| Removed | all other domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 21:40 |
| Removed | explore.alasco.com | OTHER | Out of Scope | 21:40 |
| Removed | explore.alasco.de | OTHER | Out of Scope | 21:40 |
| Removed | www.alasco.de | OTHER | Out of Scope | 21:40 |
| Removed | alasco.de | OTHER | Out of Scope | 21:40 |
| Removed | please note that all non-authenticated areas of our systems are in scope for this program. this means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward | OTHER | Out of Scope | 21:40 |
| Removed | however, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program | OTHER | Out of Scope | 21:40 |
| Removed | app.alasco.de | URL | In Scope | 21:40 |
| Removed | api.alasco.de | URL | In Scope | 21:40 |
| Removed | *.alasco.de | OTHER | In Scope | 21:40 |
| Added | explore.alasco.com | OTHER | Out of Scope | 00:33 |
| Added | explore.alasco.de | OTHER | Out of Scope | 00:33 |
| Added | www.alasco.de | OTHER | Out of Scope | 00:33 |
| Added | alasco.de | OTHER | Out of Scope | 00:33 |
| Added | please note that all non-authenticated areas of our systems are in scope for this program. this means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward | OTHER | Out of Scope | 00:33 |
| Added | however, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program | OTHER | Out of Scope | 00:33 |
| Added | alasco will not provide access credentials to any system, not for testing and also not for issue validation | OTHER | Out of Scope | 00:33 |
| Added | all other domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 00:33 |