dracoon-bug-bounty-program
12
In Scope
11
Out of Scope
In-Scope Assets (12)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://0-2744452194.s3.nbg01.de.dracoon.io | OTHER | Yes | - | |
| https://bounty-cloud.dracoon.app/ | URL | Yes | ||
| https://bounty-cloud.dracoon.app/api | URL | Yes | ||
| https://bounty-cloud.dracoon.app/mediaserver | OTHER | Yes | - | |
| https://bounty-cloud.dracoon.app/oauth | OTHER | Yes | - | |
| https://bounty-cloud.dracoon.app/reporting/api | URL | Yes | ||
| https://bounty-cloud.dracoon.app/webdav | OTHER | Yes | - | |
| https://bounty-server.dracoon.app/ | URL | Yes | ||
| https://bounty-server.dracoon.app/api | URL | Yes | ||
| https://bounty-server.dracoon.app/oauth | OTHER | Yes | - | |
| https://bounty-server.dracoon.app/reporting/api | URL | Yes | ||
| https://bounty-server.dracoon.app/webdav | OTHER | Yes | - |
Out-of-Scope Assets (11)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Yes | |
| *.dracoon.com | OTHER | Yes | |
| *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Yes | |
| *.dracoon.net | OTHER | Yes | |
| *.dracoon.team | OTHER | Yes | |
| *.fp-sign.com | OTHER | Yes | |
| *.gdata.com | OTHER | Yes | |
| *.retarus.com | OTHER | Yes | |
| *.usersnap.com | OTHER | Yes | |
| Any other host, tenant or service than the ones explicitly stated. | OTHER | Yes | |
| www.dracoon.com | OTHER | Yes |
Scope Changes (151)
Mar 26, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://bounty-cloud.dracoon.app/api | URL | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/oauth | OTHER | In Scope | 17:21 |
| Added | https://0-2744452194.s3.nbg01.de.dracoon.io | OTHER | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/mediaserver | OTHER | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/webdav | OTHER | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/ | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/api | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/oauth | OTHER | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/webdav | OTHER | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/ | URL | In Scope | 17:21 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 17:21 |
| Added | www.dracoon.com | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.com | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.net | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.team | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Out of Scope | 17:21 |
| Added | *.fp-sign.com | OTHER | Out of Scope | 17:21 |
| Added | *.usersnap.com | OTHER | Out of Scope | 17:21 |
| Added | *.gdata.com | OTHER | Out of Scope | 17:21 |
| Added | *.retarus.com | OTHER | Out of Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/oauth | URL | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/ | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/api | URL | In Scope | 17:21 |
| Added | www.dracoon.com | URL | Out of Scope | 17:21 |
| Added | *.dracoon.net | WILDCARD | Out of Scope | 17:21 |
| Added | *.dracoon.team | WILDCARD | Out of Scope | 17:21 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | WILDCARD | Out of Scope | 17:21 |
| Added | *.usersnap.com | WILDCARD | Out of Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/mediaserver | URL | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/webdav | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/oauth | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/webdav | URL | In Scope | 17:21 |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | WILDCARD | Out of Scope | 17:21 |
| Added | *.retarus.com | WILDCARD | Out of Scope | 17:21 |
| Added | https://bounty-cloud.dracoon.app/api | URL | In Scope | 17:21 |
| Added | https://0-2744452194.s3.nbg01.de.dracoon.io | URL | In Scope | 17:21 |
| Added | https://bounty-server.dracoon.app/ | URL | In Scope | 17:21 |
| Added | *.fp-sign.com | WILDCARD | Out of Scope | 17:21 |
| Added | *.gdata.com | WILDCARD | Out of Scope | 17:21 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 17:21 |
| Added | *.dracoon.com | WILDCARD | Out of Scope | 17:21 |
| Program Removed | — | — | — | 16:06 |
Mar 3, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | WILDCARD | Out of Scope | 08:54 |
| Added | https://0-2744452194.s3.nbg01.de.dracoon.io | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/mediaserver | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/ | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 08:54 |
| Added | *.gdata.com | WILDCARD | Out of Scope | 08:54 |
| Added | *.retarus.com | WILDCARD | Out of Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/webdav | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/ | URL | In Scope | 08:54 |
| Added | *.dracoon.net | WILDCARD | Out of Scope | 08:54 |
| Added | *.dracoon.team | WILDCARD | Out of Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/api | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/oauth | OTHER | In Scope | 08:54 |
| Added | https://0-2744452194.s3.nbg01.de.dracoon.io | OTHER | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/mediaserver | OTHER | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/webdav | OTHER | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/ | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/api | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/oauth | OTHER | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/webdav | OTHER | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/ | URL | In Scope | 08:54 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 08:54 |
| Added | www.dracoon.com | OTHER | Out of Scope | 08:54 |
| Added | *.dracoon.com | OTHER | Out of Scope | 08:54 |
| Added | *.dracoon.net | OTHER | Out of Scope | 08:54 |
| Added | *.dracoon.team | OTHER | Out of Scope | 08:54 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Out of Scope | 08:54 |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Out of Scope | 08:54 |
| Added | *.fp-sign.com | OTHER | Out of Scope | 08:54 |
| Added | *.usersnap.com | OTHER | Out of Scope | 08:54 |
| Added | *.gdata.com | OTHER | Out of Scope | 08:54 |
| Added | *.retarus.com | OTHER | Out of Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/api | URL | In Scope | 08:54 |
| Added | https://bounty-server.dracoon.app/oauth | URL | In Scope | 08:54 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 08:54 |
| Added | www.dracoon.com | URL | Out of Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/api | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/oauth | URL | In Scope | 08:54 |
| Added | https://bounty-cloud.dracoon.app/webdav | URL | In Scope | 08:54 |
| Added | *.dracoon.com | WILDCARD | Out of Scope | 08:54 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | WILDCARD | Out of Scope | 08:54 |
| Added | *.fp-sign.com | WILDCARD | Out of Scope | 08:54 |
| Added | *.usersnap.com | WILDCARD | Out of Scope | 08:54 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 13:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://bounty-server.dracoon.app/ | URL | In Scope | 00:51 |
| Added | https://bounty-server.dracoon.app/api | URL | In Scope | 00:51 |
| Added | www.dracoon.com | OTHER | Out of Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/api | URL | In Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/mediaserver | URL | In Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/webdav | URL | In Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/ | URL | In Scope | 00:51 |
| Added | https://bounty-server.dracoon.app/webdav | URL | In Scope | 00:51 |
| Added | *.dracoon.team | WILDCARD | Out of Scope | 00:51 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | WILDCARD | Out of Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/oauth | URL | In Scope | 00:51 |
| Added | https://0-2744452194.s3.nbg01.de.dracoon.io | URL | In Scope | 00:51 |
| Added | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 00:51 |
| Added | *.dracoon.com | WILDCARD | Out of Scope | 00:51 |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | WILDCARD | Out of Scope | 00:51 |
| Added | *.fp-sign.com | WILDCARD | Out of Scope | 00:51 |
| Added | *.usersnap.com | WILDCARD | Out of Scope | 00:51 |
| Added | https://bounty-server.dracoon.app/oauth | URL | In Scope | 00:51 |
| Added | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 00:51 |
| Added | *.dracoon.net | WILDCARD | Out of Scope | 00:51 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 00:51 |
| Added | *.gdata.com | WILDCARD | Out of Scope | 00:51 |
| Added | *.retarus.com | WILDCARD | Out of Scope | 00:51 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://bounty-cloud.dracoon.app/oauth | OTHER | In Scope | 21:40 |
| Removed | https://bounty-cloud.dracoon.app/mediaserver | OTHER | In Scope | 21:40 |
| Removed | https://bounty-cloud.dracoon.app/reporting/api | URL | In Scope | 21:40 |
| Removed | https://bounty-cloud.dracoon.app/webdav | OTHER | In Scope | 21:40 |
| Removed | https://bounty-cloud.dracoon.app/ | URL | In Scope | 21:40 |
| Removed | https://bounty-server.dracoon.app/api | URL | In Scope | 21:40 |
| Removed | https://bounty-server.dracoon.app/oauth | OTHER | In Scope | 21:40 |
| Removed | https://bounty-server.dracoon.app/reporting/api | URL | In Scope | 21:40 |
| Removed | https://bounty-server.dracoon.app/webdav | OTHER | In Scope | 21:40 |
| Removed | https://bounty-server.dracoon.app/ | URL | In Scope | 21:40 |
| Removed | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 21:40 |
| Removed | www.dracoon.com | OTHER | Out of Scope | 21:40 |
| Removed | *.dracoon.com | OTHER | Out of Scope | 21:40 |
| Removed | *.dracoon.net | OTHER | Out of Scope | 21:40 |
| Removed | *.dracoon.team | OTHER | Out of Scope | 21:40 |
| Removed | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Out of Scope | 21:40 |
| Removed | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Out of Scope | 21:40 |
| Removed | *.fp-sign.com | OTHER | Out of Scope | 21:40 |
| Removed | *.usersnap.com | OTHER | Out of Scope | 21:40 |
| Removed | *.gdata.com | OTHER | Out of Scope | 21:40 |
| Removed | *.retarus.com | OTHER | Out of Scope | 21:40 |
| Removed | https://bounty-cloud.dracoon.app/api | URL | In Scope | 21:40 |
| Removed | https://0-2744452194.s3.nbg01.de.dracoon.io | OTHER | In Scope | 21:40 |
| Added | www.dracoon.com | OTHER | Out of Scope | 00:33 |
| Added | *.dracoon.com | OTHER | Out of Scope | 00:33 |
| Added | *.dracoon.net | OTHER | Out of Scope | 00:33 |
| Added | *.dracoon.team | OTHER | Out of Scope | 00:33 |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Out of Scope | 00:33 |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Out of Scope | 00:33 |
| Added | *.fp-sign.com | OTHER | Out of Scope | 00:33 |
| Added | *.usersnap.com | OTHER | Out of Scope | 00:33 |
| Added | *.gdata.com | OTHER | Out of Scope | 00:33 |
| Added | *.retarus.com | OTHER | Out of Scope | 00:33 |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | 00:33 |