Program Removed

This program is no longer available on YesWeHack. The scope data shown below is historical and may not reflect the final state of the program.

dracoon-bug-bounty-program

YesWeHackView on YesWeHack

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (24)

Asset	Category	Bounty	Quick Links
https://0-2744452194.s3.nbg01.de.dracoon.io	OTHER	Yes	-
https://0-2744452194.s3.nbg01.de.dracoon.io	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/mediaserver	OTHER	Yes	-
https://bounty-cloud.dracoon.app/mediaserver	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/oauth	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/oauth	OTHER	Yes	-
https://bounty-cloud.dracoon.app/reporting/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/reporting/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-cloud.dracoon.app/webdav	OTHER	Yes	-
https://bounty-cloud.dracoon.app/webdav	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/oauth	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/oauth	OTHER	Yes	-
https://bounty-server.dracoon.app/reporting/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/reporting/api	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/webdav	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bounty-server.dracoon.app/webdav	OTHER	Yes	-

Out-of-Scope Assets (22)

Asset	Category	Bounty
*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	OTHER	Yes
*.dracoon.com	OTHER	Yes
*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	OTHER	Yes
*.dracoon.net	OTHER	Yes
*.dracoon.team	OTHER	Yes
*.fp-sign.com	OTHER	Yes
*.gdata.com	OTHER	Yes
*.retarus.com	OTHER	Yes
*.usersnap.com	OTHER	Yes
any other host, tenant or service than the ones explicitly stated	OTHER	Yes
any other host, tenant or service than the ones explicitly stated	OTHER	Yes
dracoon.app	WILDCARD	Yes
dracoon.com	WILDCARD	Yes
dracoon.io	WILDCARD	Yes
dracoon.net	WILDCARD	Yes
dracoon.team	WILDCARD	Yes
fp-sign.com	WILDCARD	Yes
gdata.com	WILDCARD	Yes
retarus.com	WILDCARD	Yes
usersnap.com	WILDCARD	Yes
www.dracoon.com	OTHER	Yes
www.dracoon.com	URL	Yes

Scope Changes (152)

Apr 15, 2026

Change	Asset	Category	Scope	Time
Program Removed	—	—	—	08:21

Mar 26, 2026

Change	Asset	Category	Scope	Time
Added	https://bounty-cloud.dracoon.app/api	URL	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/oauth	OTHER	In Scope	17:21
Added	https://0-2744452194.s3.nbg01.de.dracoon.io	OTHER	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/mediaserver	OTHER	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/webdav	OTHER	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/api	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/oauth	OTHER	In Scope	17:21
Added	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/webdav	OTHER	In Scope	17:21
Added	https://bounty-server.dracoon.app/	URL	In Scope	17:21
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	17:21
Added	www.dracoon.com	OTHER	Out of Scope	17:21
Added	*.dracoon.com	OTHER	Out of Scope	17:21
Added	*.dracoon.net	OTHER	Out of Scope	17:21
Added	*.dracoon.team	OTHER	Out of Scope	17:21
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	OTHER	Out of Scope	17:21
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	OTHER	Out of Scope	17:21
Added	*.fp-sign.com	OTHER	Out of Scope	17:21
Added	*.usersnap.com	OTHER	Out of Scope	17:21
Added	*.gdata.com	OTHER	Out of Scope	17:21
Added	*.retarus.com	OTHER	Out of Scope	17:21
Added	https://bounty-cloud.dracoon.app/oauth	URL	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/api	URL	In Scope	17:21
Added	www.dracoon.com	URL	Out of Scope	17:21
Added	*.dracoon.net	WILDCARD	Out of Scope	17:21
Added	*.dracoon.team	WILDCARD	Out of Scope	17:21
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	WILDCARD	Out of Scope	17:21
Added	*.usersnap.com	WILDCARD	Out of Scope	17:21
Added	https://bounty-cloud.dracoon.app/mediaserver	URL	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	17:21
Added	https://bounty-cloud.dracoon.app/webdav	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/oauth	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/webdav	URL	In Scope	17:21
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	WILDCARD	Out of Scope	17:21
Added	*.retarus.com	WILDCARD	Out of Scope	17:21
Added	https://bounty-cloud.dracoon.app/api	URL	In Scope	17:21
Added	https://0-2744452194.s3.nbg01.de.dracoon.io	URL	In Scope	17:21
Added	https://bounty-server.dracoon.app/	URL	In Scope	17:21
Added	*.fp-sign.com	WILDCARD	Out of Scope	17:21
Added	*.gdata.com	WILDCARD	Out of Scope	17:21
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	17:21
Added	*.dracoon.com	WILDCARD	Out of Scope	17:21
Program Removed	—	—	—	16:06

Mar 3, 2026

Change	Asset	Category	Scope	Time
Added	https://bounty-cloud.dracoon.app/oauth	OTHER	In Scope	08:54
Added	https://0-2744452194.s3.nbg01.de.dracoon.io	OTHER	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/mediaserver	OTHER	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/webdav	OTHER	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/api	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/oauth	OTHER	In Scope	08:54
Added	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/webdav	OTHER	In Scope	08:54
Added	https://bounty-server.dracoon.app/	URL	In Scope	08:54
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	08:54
Added	www.dracoon.com	OTHER	Out of Scope	08:54
Added	*.dracoon.com	OTHER	Out of Scope	08:54
Added	*.dracoon.net	OTHER	Out of Scope	08:54
Added	https://bounty-cloud.dracoon.app/api	URL	In Scope	08:54
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	OTHER	Out of Scope	08:54
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	OTHER	Out of Scope	08:54
Added	*.fp-sign.com	OTHER	Out of Scope	08:54
Added	*.usersnap.com	OTHER	Out of Scope	08:54
Added	*.gdata.com	OTHER	Out of Scope	08:54
Added	*.retarus.com	OTHER	Out of Scope	08:54
Added	https://bounty-server.dracoon.app/api	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/oauth	URL	In Scope	08:54
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	08:54
Added	www.dracoon.com	URL	Out of Scope	08:54
Added	https://bounty-cloud.dracoon.app/api	URL	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/oauth	URL	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/webdav	URL	In Scope	08:54
Added	*.dracoon.com	WILDCARD	Out of Scope	08:54
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	WILDCARD	Out of Scope	08:54
Added	*.fp-sign.com	WILDCARD	Out of Scope	08:54
Added	*.usersnap.com	WILDCARD	Out of Scope	08:54
Added	https://0-2744452194.s3.nbg01.de.dracoon.io	URL	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/mediaserver	URL	In Scope	08:54
Added	https://bounty-cloud.dracoon.app/	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	08:54
Added	*.gdata.com	WILDCARD	Out of Scope	08:54
Added	*.retarus.com	WILDCARD	Out of Scope	08:54
Added	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/webdav	URL	In Scope	08:54
Added	https://bounty-server.dracoon.app/	URL	In Scope	08:54
Added	*.dracoon.net	WILDCARD	Out of Scope	08:54
Added	*.dracoon.team	WILDCARD	Out of Scope	08:54
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	WILDCARD	Out of Scope	08:54
Added	*.dracoon.team	OTHER	Out of Scope	08:54

Feb 25, 2026

Change	Asset	Category	Scope	Time
Program Removed	—	—	—	13:08

Feb 22, 2026

Change	Asset	Category	Scope	Time
Added	https://bounty-server.dracoon.app/api	URL	In Scope	00:51
Added	www.dracoon.com	OTHER	Out of Scope	00:51
Added	https://bounty-cloud.dracoon.app/api	URL	In Scope	00:51
Added	https://bounty-cloud.dracoon.app/mediaserver	URL	In Scope	00:51
Added	https://bounty-cloud.dracoon.app/webdav	URL	In Scope	00:51
Added	https://bounty-cloud.dracoon.app/	URL	In Scope	00:51
Added	https://bounty-server.dracoon.app/webdav	URL	In Scope	00:51
Added	*.dracoon.team	WILDCARD	Out of Scope	00:51
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	WILDCARD	Out of Scope	00:51
Added	https://bounty-cloud.dracoon.app/oauth	URL	In Scope	00:51
Added	https://0-2744452194.s3.nbg01.de.dracoon.io	URL	In Scope	00:51
Added	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	00:51
Added	*.dracoon.com	WILDCARD	Out of Scope	00:51
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	WILDCARD	Out of Scope	00:51
Added	*.fp-sign.com	WILDCARD	Out of Scope	00:51
Added	*.usersnap.com	WILDCARD	Out of Scope	00:51
Added	https://bounty-server.dracoon.app/oauth	URL	In Scope	00:51
Added	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	00:51
Added	https://bounty-server.dracoon.app/	URL	In Scope	00:51
Added	*.dracoon.net	WILDCARD	Out of Scope	00:51
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	00:51
Added	*.gdata.com	WILDCARD	Out of Scope	00:51
Added	*.retarus.com	WILDCARD	Out of Scope	00:51

Feb 21, 2026

Change	Asset	Category	Scope	Time
Removed	*.retarus.com	OTHER	Out of Scope	21:40
Removed	https://bounty-server.dracoon.app/	URL	In Scope	21:40
Removed	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	21:40
Removed	www.dracoon.com	OTHER	Out of Scope	21:40
Removed	*.dracoon.com	OTHER	Out of Scope	21:40
Removed	*.dracoon.net	OTHER	Out of Scope	21:40
Removed	*.dracoon.team	OTHER	Out of Scope	21:40
Removed	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	OTHER	Out of Scope	21:40
Removed	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	OTHER	Out of Scope	21:40
Removed	*.fp-sign.com	OTHER	Out of Scope	21:40
Removed	*.usersnap.com	OTHER	Out of Scope	21:40
Removed	*.gdata.com	OTHER	Out of Scope	21:40
Removed	https://bounty-cloud.dracoon.app/api	URL	In Scope	21:40
Removed	https://bounty-cloud.dracoon.app/oauth	OTHER	In Scope	21:40
Removed	https://0-2744452194.s3.nbg01.de.dracoon.io	OTHER	In Scope	21:40
Removed	https://bounty-cloud.dracoon.app/mediaserver	OTHER	In Scope	21:40
Removed	https://bounty-cloud.dracoon.app/reporting/api	URL	In Scope	21:40
Removed	https://bounty-cloud.dracoon.app/webdav	OTHER	In Scope	21:40
Removed	https://bounty-cloud.dracoon.app/	URL	In Scope	21:40
Removed	https://bounty-server.dracoon.app/api	URL	In Scope	21:40
Removed	https://bounty-server.dracoon.app/oauth	OTHER	In Scope	21:40
Removed	https://bounty-server.dracoon.app/reporting/api	URL	In Scope	21:40
Removed	https://bounty-server.dracoon.app/webdav	OTHER	In Scope	21:40
Added	www.dracoon.com	OTHER	Out of Scope	00:33
Added	*.dracoon.com	OTHER	Out of Scope	00:33
Added	*.dracoon.net	OTHER	Out of Scope	00:33
Added	*.dracoon.team	OTHER	Out of Scope	00:33
Added	*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)	OTHER	Out of Scope	00:33
Added	*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)	OTHER	Out of Scope	00:33
Added	*.fp-sign.com	OTHER	Out of Scope	00:33
Added	*.usersnap.com	OTHER	Out of Scope	00:33
Added	*.gdata.com	OTHER	Out of Scope	00:33
Added	*.retarus.com	OTHER	Out of Scope	00:33
Added	any other host, tenant or service than the ones explicitly stated	OTHER	Out of Scope	00:33