datadome-bot-bounty
6
In Scope
4
Out of Scope
In-Scope Assets (6)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.captcha-delivery.com | URL | Yes | ||
| api-js.datadome.co | URL | Yes | ||
| https://bounty-fastly.datashield.co | URL | Yes | ||
| https://bounty-nginx.datashield.co | URL | Yes | ||
| https://bounty-nodejs.datashield.co | URL | Yes | ||
| js.datadome.co | URL | Yes |
Out-of-Scope Assets (4)
| Asset | Category | Bounty | |
|---|---|---|---|
| Client-side web vulnerabilities | OTHER | Yes | |
| Denial of service attacks or any technique whose goal is to degrade infrastructure availability. This falls outside the scope of bot protection bypass and will not be rewarded. | OTHER | Yes | |
| Distributed attacks (scraping must be performed from a single IP at a time) | OTHER | Yes | |
| Social engineering of DataDome employees or contractors | OTHER | Yes |
Scope Changes (43)
May 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | client-side web vulnerabilities | OTHER | Out of Scope | 15:26 |
| Removed | * social engineering of datadome employees or contractors | OTHER | Out of Scope | 15:26 |
| Removed | * client-side web vulnerabilities | OTHER | Out of Scope | 15:26 |
| Removed | * distributed attacks (scraping must be performed from a single ip at a time) | OTHER | Out of Scope | 15:26 |
| Removed | * denial of service attacks or any technique whose goal is to degrade infrastructure availability. this falls outside the scope of bot protection bypass and will not be rewarded | OTHER | Out of Scope | 15:26 |
| Added | client-side web vulnerabilities | OTHER | Out of Scope | 15:26 |
| Added | distributed attacks (scraping must be performed from a single ip at a time) | OTHER | Out of Scope | 15:26 |
| Added | social engineering of datadome employees or contractors | OTHER | Out of Scope | 15:26 |
| Added | denial of service attacks or any technique whose goal is to degrade infrastructure availability. this falls outside the scope of bot protection bypass and will not be rewarded | OTHER | Out of Scope | 15:26 |
| Added | distributed attacks (scraping must be performed from a single ip at a time) | OTHER | Out of Scope | 15:26 |
| Added | denial of service attacks or any technique whose goal is to degrade infrastructure availability. this falls outside the scope of bot protection bypass and will not be rewarded | OTHER | Out of Scope | 15:26 |
| Added | social engineering of datadome employees or contractors | OTHER | Out of Scope | 15:26 |
| Added | * distributed attacks (scraping must be performed from a single ip at a time) | OTHER | Out of Scope | 13:26 |
| Added | * denial of service attacks or any technique whose goal is to degrade infrastructure availability. this falls outside the scope of bot protection bypass and will not be rewarded | OTHER | Out of Scope | 13:26 |
| Added | * social engineering of datadome employees or contractors | OTHER | Out of Scope | 13:26 |
| Added | * client-side web vulnerabilities | OTHER | Out of Scope | 13:26 |
| Removed | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | 13:26 |
| Added | * distributed attacks (scraping must be performed from a single ip at a time) | OTHER | Out of Scope | 13:26 |
| Added | * social engineering of datadome employees or contractors | OTHER | Out of Scope | 13:26 |
| Added | * client-side web vulnerabilities | OTHER | Out of Scope | 13:26 |
| Added | * denial of service attacks or any technique whose goal is to degrade infrastructure availability. this falls outside the scope of bot protection bypass and will not be rewarded | OTHER | Out of Scope | 13:26 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | 19:08 |
| Added | https://bounty-nodejs.datashield.co | URL | In Scope | 19:08 |
| Added | https://bounty-fastly.datashield.co | URL | In Scope | 19:08 |
| Added | https://bounty-nginx.datashield.co | URL | In Scope | 19:08 |
| Added | *.captcha-delivery.com | WILDCARD | In Scope | 19:08 |
| Added | js.datadome.co | URL | In Scope | 19:08 |
| Added | api-js.datadome.co | URL | In Scope | 19:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | api-js.datadome.co | URL | In Scope | 00:52 |
| Added | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | 00:52 |
| Added | https://bounty-nodejs.datashield.co | URL | In Scope | 00:52 |
| Added | https://bounty-fastly.datashield.co | URL | In Scope | 00:52 |
| Added | https://bounty-nginx.datashield.co | URL | In Scope | 00:52 |
| Added | *.captcha-delivery.com | WILDCARD | In Scope | 00:52 |
| Added | js.datadome.co | URL | In Scope | 00:52 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://bounty-nodejs.datashield.co | URL | In Scope | 21:40 |
| Removed | https://bounty-fastly.datashield.co | URL | In Scope | 21:40 |
| Removed | https://bounty-nginx.datashield.co | URL | In Scope | 21:40 |
| Removed | *.captcha-delivery.com | URL | In Scope | 21:40 |
| Removed | js.datadome.co | URL | In Scope | 21:40 |
| Removed | api-js.datadome.co | URL | In Scope | 21:40 |
| Removed | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | 21:40 |
| Added | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | 00:33 |