infomaniak-bug-bounty-program
40
In Scope
14
Out of Scope
In-Scope Assets (40)
Out-of-Scope Assets (14)
| Asset | Category | Bounty | |
|---|---|---|---|
| Assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Yes | |
| Database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Yes | |
| FTP credentials from our customers, like *.ftp.infomaniak.com | OTHER | Yes | |
| Jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Yes | |
| MySQL credentials from our customers, like *.myd.infomaniak.com | OTHER | Yes | |
| S3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Yes | |
| This domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. This is only office application, an external app to open MS office documents. | OTHER | Yes | |
| User email verification | OTHER | Yes | |
| VPS instances from our customers, like *.vps.infomaniak.com | OTHER | Yes | |
| We do not manage Open Stack dashboard which is therefore out of scope | OTHER | Yes | |
| Websocket IPS-public credentials. Public identifiers that do not allow access to information outside the scope of the user's profile. | OTHER | Yes | |
| https://api.pub1.infomaniak.cloud | OTHER | Yes | |
| newsletter.infomaniak.com | OTHER | Yes | |
| ov-XX.infomaniak.ch and od-XX.infomaniak.ch sub domains | OTHER | Yes |
Scope Changes (182)
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://api.pub1.infomaniak.cloud | URL | Out of Scope | 19:08 |
| Added | newsletter.infomaniak.com | URL | Out of Scope | 19:08 |
| Added | etickets.infomaniak.com | URL | In Scope | 19:08 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | WILDCARD | Out of Scope | 19:08 |
| Added | manager.infomaniak.com/v3/* | URL | In Scope | 19:08 |
| Added | vod.infomaniak.com | URL | In Scope | 19:08 |
| Added | welcome.infomaniak.com | URL | In Scope | 19:08 |
| Added | sms.infomaniak.com | URL | In Scope | 19:08 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 19:08 |
| Added | api.infomaniak.com | URL | In Scope | 19:08 |
| Added | contacts.infomaniak.com | URL | In Scope | 19:08 |
| Added | euria.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 19:08 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 19:08 |
| Added | 5k8vrbdyje.infomaniak.site | URL | In Scope | 19:08 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | WILDCARD | Out of Scope | 19:08 |
| Added | ksuite.infomaniak.com | URL | In Scope | 19:08 |
| Added | calendar.infomaniak.com | URL | In Scope | 19:08 |
| Added | player-radio.infomaniak.com | URL | In Scope | 19:08 |
| Added | www.infomaniak.com | URL | In Scope | 19:08 |
| Added | chk.infomaniak.com | URL | In Scope | 19:08 |
| Added | kmeet.infomaniak.com | URL | In Scope | 19:08 |
| Added | kpaste.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 19:08 |
| Added | *.kdrive.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | shop.infomaniak.com | URL | In Scope | 19:08 |
| Added | mail.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 19:08 |
| Added | fv3lfbdyjh.infomaniak.site | URL | In Scope | 19:08 |
| Added | l75pvbdyjo.infomaniak.site | URL | In Scope | 19:08 |
| Added | sync.infomaniak.com | URL | In Scope | 19:08 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 19:08 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | user email verification | OTHER | Out of Scope | 19:08 |
| Added | login.infomaniak.com | URL | In Scope | 19:08 |
| Added | swiss-backup*.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | *.vod2.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | www.swisstransfer.com | URL | In Scope | 19:08 |
| Added | ai-tools.infomaniak.com | AI | In Scope | 19:08 |
| Added | ix2smbdyjt.infomaniak.site | URL | In Scope | 19:08 |
| Added | invitation.infomaniak.com | URL | In Scope | 19:08 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 19:08 |
| Added | storage*.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | https://github.com/Infomaniak/desktop-kDrive | OTHER | In Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | admin2.infomaniak.com | URL | In Scope | 19:08 |
| Added | *.kchat.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | infomaniak.events | URL | In Scope | 19:08 |
| Added | developer.infomaniak.com | URL | In Scope | 19:08 |
| Added | academy.infomaniak.com | URL | In Scope | 19:08 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 19:08 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 19:08 |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | URL | Out of Scope | 19:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | player-radio.infomaniak.com | URL | In Scope | 00:52 |
| Added | fv3lfbdyjh.infomaniak.site | URL | In Scope | 00:52 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 00:52 |
| Added | academy.infomaniak.com | URL | In Scope | 00:52 |
| Added | *.kdrive.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | login.infomaniak.com | URL | In Scope | 00:52 |
| Added | swiss-backup*.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | *.vod2.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | kpaste.infomaniak.com | URL | In Scope | 00:52 |
| Added | storage*.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | infomaniak.events | URL | In Scope | 00:52 |
| Added | newsletter.infomaniak.com | URL | Out of Scope | 00:52 |
| Added | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 00:52 |
| Added | ksuite.infomaniak.com | URL | In Scope | 00:52 |
| Added | *.kchat.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | calendar.infomaniak.com | URL | In Scope | 00:52 |
| Added | etickets.infomaniak.com | URL | In Scope | 00:52 |
| Added | www.swisstransfer.com | URL | In Scope | 00:52 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 00:52 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 00:52 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | mail.infomaniak.com | URL | In Scope | 00:52 |
| Added | vod.infomaniak.com | URL | In Scope | 00:52 |
| Added | chk.infomaniak.com | URL | In Scope | 00:52 |
| Added | ai-tools.infomaniak.com | AI | In Scope | 00:52 |
| Added | ix2smbdyjt.infomaniak.site | URL | In Scope | 00:52 |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | URL | Out of Scope | 00:52 |
| Added | manager.infomaniak.com/v3/* | URL | In Scope | 00:52 |
| Added | contacts.infomaniak.com | URL | In Scope | 00:52 |
| Added | kmeet.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://github.com/Infomaniak/desktop-kDrive | CODE | In Scope | 00:52 |
| Added | sms.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://api.pub1.infomaniak.cloud | URL | Out of Scope | 00:52 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 00:52 |
| Added | admin2.infomaniak.com | URL | In Scope | 00:52 |
| Added | shop.infomaniak.com | URL | In Scope | 00:52 |
| Added | api.infomaniak.com | URL | In Scope | 00:52 |
| Added | www.infomaniak.com | URL | In Scope | 00:52 |
| Added | sync.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 00:52 |
| Added | 5k8vrbdyje.infomaniak.site | URL | In Scope | 00:52 |
| Added | euria.infomaniak.com | URL | In Scope | 00:52 |
| Added | developer.infomaniak.com | URL | In Scope | 00:52 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 00:52 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 00:52 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | user email verification | OTHER | Out of Scope | 00:52 |
| Added | welcome.infomaniak.com | URL | In Scope | 00:52 |
| Added | l75pvbdyjo.infomaniak.site | URL | In Scope | 00:52 |
| Added | invitation.infomaniak.com | URL | In Scope | 00:52 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 00:52 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | WILDCARD | Out of Scope | 00:52 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | WILDCARD | Out of Scope | 00:52 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | *.kdrive.infomaniak.com | URL | In Scope | 21:40 |
| Removed | api.infomaniak.com | URL | In Scope | 21:40 |
| Removed | login.infomaniak.com | URL | In Scope | 21:40 |
| Removed | manager.infomaniak.com/v3/* | URL | In Scope | 21:40 |
| Removed | admin2.infomaniak.com | URL | In Scope | 21:40 |
| Removed | shop.infomaniak.com | URL | In Scope | 21:40 |
| Removed | *.kchat.infomaniak.com | URL | In Scope | 21:40 |
| Removed | calendar.infomaniak.com | URL | In Scope | 21:40 |
| Removed | contacts.infomaniak.com | URL | In Scope | 21:40 |
| Removed | etickets.infomaniak.com | URL | In Scope | 21:40 |
| Removed | mail.infomaniak.com | URL | In Scope | 21:40 |
| Removed | swiss-backup*.infomaniak.com | URL | In Scope | 21:40 |
| Removed | vod.infomaniak.com | URL | In Scope | 21:40 |
| Removed | *.vod2.infomaniak.com | URL | In Scope | 21:40 |
| Removed | player-radio.infomaniak.com | URL | In Scope | 21:40 |
| Removed | welcome.infomaniak.com | URL | In Scope | 21:40 |
| Removed | www.swisstransfer.com | URL | In Scope | 21:40 |
| Removed | www.infomaniak.com | URL | In Scope | 21:40 |
| Removed | chk.infomaniak.com | URL | In Scope | 21:40 |
| Removed | ai-tools.infomaniak.com | ANDROID | In Scope | 21:40 |
| Removed | kmeet.infomaniak.com | URL | In Scope | 21:40 |
| Removed | kpaste.infomaniak.com | URL | In Scope | 21:40 |
| Removed | sync.infomaniak.com | URL | In Scope | 21:40 |
| Removed | storage*.infomaniak.com | URL | In Scope | 21:40 |
| Removed | euria.infomaniak.com | URL | In Scope | 21:40 |
| Removed | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 21:40 |
| Removed | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 21:40 |
| Removed | https://github.com/Infomaniak/desktop-kDrive | OTHER | In Scope | 21:40 |
| Removed | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 21:40 |
| Removed | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 21:40 |
| Removed | ix2smbdyjt.infomaniak.site | URL | In Scope | 21:40 |
| Removed | 5k8vrbdyje.infomaniak.site | URL | In Scope | 21:40 |
| Removed | fv3lfbdyjh.infomaniak.site | URL | In Scope | 21:40 |
| Removed | l75pvbdyjo.infomaniak.site | URL | In Scope | 21:40 |
| Removed | infomaniak.events | URL | In Scope | 21:40 |
| Removed | sms.infomaniak.com | URL | In Scope | 21:40 |
| Removed | developer.infomaniak.com | URL | In Scope | 21:40 |
| Removed | invitation.infomaniak.com | URL | In Scope | 21:40 |
| Removed | academy.infomaniak.com | URL | In Scope | 21:40 |
| Removed | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 21:40 |
| Removed | https://api.pub1.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 21:40 |
| Removed | newsletter.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | Out of Scope | 21:40 |
| Removed | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | Out of Scope | 21:40 |
| Removed | ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | vps instances from our customers, like *.vps.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | user email verification | OTHER | Out of Scope | 21:40 |
| Removed | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 21:40 |
| Removed | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | ksuite.infomaniak.com | URL | In Scope | 21:40 |
| Added | https://api.pub1.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 00:33 |
| Added | newsletter.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | Out of Scope | 00:33 |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | Out of Scope | 00:33 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 00:33 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | user email verification | OTHER | Out of Scope | 00:33 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 00:33 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | OTHER | Out of Scope | 00:33 |