bug-bounty-program-blablacar

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (11)

Asset	Category	Bounty	Quick Links
https://api.blablalines.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288	IOS	Yes	-
https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	Yes	-
https://blablacardaily.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://daily.blablacar.fr	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	Yes	-
https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8	IOS	Yes	-
https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	Yes	-
https://play.google.com/store/apps/details?id=com.blablalines	ANDROID	Yes	Play Store APKPure APKMirror
https://play.google.com/store/apps/details?id=com.comuto&hl=en	ANDROID	Yes	Play Store APKPure APKMirror
https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	Yes	-

Out-of-Scope Assets (4)

Asset	Category	Bounty
Any website that is not listed explicitly in the scope.	OTHER	Yes
Finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. Therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. However, a fraud activity enabled by a CSRF exploit for example is valid.	OTHER	Yes
However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty.	OTHER	Yes
Please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope.	OTHER	Yes

Scope Changes (193)

Feb 25, 2026

Change	Asset	Category	Scope	Time
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8	IOS	In Scope	19:08
Added	https://api.blablalines.com	URL	In Scope	19:08
Added	any website that is not listed explicitly in the scope	OTHER	Out of Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://play.google.com/store/apps/details?id=com.comuto&hl=en	ANDROID	In Scope	19:08
Added	https://daily.blablacar.fr	URL	In Scope	19:08
Added	finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. however, a fraud activity enabled by a csrf exploit for example is valid	OTHER	Out of Scope	19:08
Added	https://play.google.com/store/apps/details?id=com.blablalines	ANDROID	In Scope	19:08
Added	however, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working poc. if that convinces us to change our code, we will reward you with a bounty	OTHER	Out of Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	19:08
Added	https://blablacardaily.com	URL	In Scope	19:08
Added	https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288	IOS	In Scope	19:08
Added	please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope	OTHER	Out of Scope	19:08

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	any website that is not listed explicitly in the scope	OTHER	Out of Scope	00:52
Added	finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. however, a fraud activity enabled by a csrf exploit for example is valid	OTHER	Out of Scope	00:52
Added	https://daily.blablacar.fr	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://blablacardaily.com	URL	In Scope	00:52
Added	https://play.google.com/store/apps/details?id=com.blablalines	ANDROID	In Scope	00:52
Added	please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope	OTHER	Out of Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	00:52
Added	https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8	IOS	In Scope	00:52
Added	https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288	IOS	In Scope	00:52
Added	https://play.google.com/store/apps/details?id=com.comuto&hl=en	ANDROID	In Scope	00:52
Added	https://api.blablalines.com	URL	In Scope	00:52
Added	however, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working poc. if that convinces us to change our code, we will reward you with a bounty	OTHER	Out of Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52
Added	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	00:52

Feb 21, 2026

Change	Asset	Category	Scope	Time
Removed	finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. however, a fraud activity enabled by a csrf exploit for example is valid	OTHER	Out of Scope	21:40
Removed	https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288	IOS	In Scope	21:40
Removed	please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope	OTHER	Out of Scope	21:40
Removed	any website that is not listed explicitly in the scope	OTHER	Out of Scope	21:40
Removed	however, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working poc. if that convinces us to change our code, we will reward you with a bounty	OTHER	Out of Scope	21:40
Removed	https://edge.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua))	URL	In Scope	21:40
Removed	https://auth.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	21:40
Removed	https://www.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	21:40
Removed	https://m.blablacar.(fr\|de\|co.uk\|in\|es\|mx\|be\|hr\|hu\|it\|nl\|pl\|com.br\|pt\|ro\|ru\|com\|tr\|com.ua)	URL	In Scope	21:40
Removed	https://play.google.com/store/apps/details?id=com.comuto&hl=en	ANDROID	In Scope	21:40
Removed	https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8	IOS	In Scope	21:40
Removed	https://api.blablalines.com	URL	In Scope	21:40
Removed	https://daily.blablacar.fr	URL	In Scope	21:40
Removed	https://blablacardaily.com	URL	In Scope	21:40
Removed	https://play.google.com/store/apps/details?id=com.blablalines	ANDROID	In Scope	21:40
Added	any website that is not listed explicitly in the scope	OTHER	Out of Scope	00:33
Added	however, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working poc. if that convinces us to change our code, we will reward you with a bounty	OTHER	Out of Scope	00:33
Added	finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. however, a fraud activity enabled by a csrf exploit for example is valid	OTHER	Out of Scope	00:33
Added	please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope	OTHER	Out of Scope	00:33