Program Removed
This program is no longer available on YesWeHack. The scope data shown below is historical and may not reflect the final state of the program.
infomaniak-bug-bounty-program
45
In Scope
26
Out of Scope
In-Scope Assets (45)
Out-of-Scope Assets (26)
| Asset | Category | Bounty | |
|---|---|---|---|
| assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Yes | |
| database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | No | |
| dbaas.infomaniak.cloud | WILDCARD | Yes | |
| ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | No | |
| ftp.infomaniak.com | WILDCARD | Yes | |
| https://api.pub1.infomaniak.cloud | URL | Yes | |
| https://api.pub1.infomaniak.cloud | OTHER | No | |
| https://drive.infomaniak.com/app/office/:folder:/:file: | URL | Yes | |
| jcloud.ik-server.com | WILDCARD | Yes | |
| jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | No | |
| jpc.infomaniak.com | WILDCARD | Yes | |
| jpe.infomaniak.com | WILDCARD | Yes | |
| myd.infomaniak.com | WILDCARD | Yes | |
| mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | No | |
| newsletter.infomaniak.com | OTHER | No | |
| od-xx.infomaniak.ch | URL | Yes | |
| ov-xx.infomaniak.ch | URL | Yes | |
| ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | No | |
| s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | No | |
| s3.pub.infomaniak.cloud | WILDCARD | Yes | |
| this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | No | |
| user email verification | OTHER | Yes | |
| vps instances from our customers, like *.vps.infomaniak.com | OTHER | No | |
| vps.infomaniak.com | WILDCARD | Yes | |
| we do not manage open stack dashboard which is therefore out of scope | OTHER | Yes | |
| websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Yes |
Scope Changes (188)
Mar 27, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 17:21 |
Mar 24, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | newsletter.infomaniak.com | URL | In Scope | 08:39 |
| Added | newsletter.infomaniak.com | URL | In Scope | 08:39 |
Mar 18, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | mail-builder.infomaniak.com | URL | In Scope | 14:39 |
| Added | mail-builder.infomaniak.com | URL | In Scope | 14:39 |
| Removed | newsletter.infomaniak.com | OTHER | Out of Scope | 14:39 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | URL | Out of Scope | 19:08 |
| Added | https://api.pub1.infomaniak.cloud | URL | Out of Scope | 19:08 |
| Added | newsletter.infomaniak.com | URL | Out of Scope | 19:08 |
| Added | etickets.infomaniak.com | URL | In Scope | 19:08 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | WILDCARD | Out of Scope | 19:08 |
| Added | manager.infomaniak.com/v3/* | URL | In Scope | 19:08 |
| Added | vod.infomaniak.com | URL | In Scope | 19:08 |
| Added | welcome.infomaniak.com | URL | In Scope | 19:08 |
| Added | sms.infomaniak.com | URL | In Scope | 19:08 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 19:08 |
| Added | api.infomaniak.com | URL | In Scope | 19:08 |
| Added | contacts.infomaniak.com | URL | In Scope | 19:08 |
| Added | euria.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 19:08 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 19:08 |
| Added | 5k8vrbdyje.infomaniak.site | URL | In Scope | 19:08 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | WILDCARD | Out of Scope | 19:08 |
| Added | ksuite.infomaniak.com | URL | In Scope | 19:08 |
| Added | calendar.infomaniak.com | URL | In Scope | 19:08 |
| Added | player-radio.infomaniak.com | URL | In Scope | 19:08 |
| Added | www.infomaniak.com | URL | In Scope | 19:08 |
| Added | chk.infomaniak.com | URL | In Scope | 19:08 |
| Added | kmeet.infomaniak.com | URL | In Scope | 19:08 |
| Added | kpaste.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 19:08 |
| Added | *.kdrive.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | shop.infomaniak.com | URL | In Scope | 19:08 |
| Added | mail.infomaniak.com | URL | In Scope | 19:08 |
| Added | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 19:08 |
| Added | fv3lfbdyjh.infomaniak.site | URL | In Scope | 19:08 |
| Added | l75pvbdyjo.infomaniak.site | URL | In Scope | 19:08 |
| Added | sync.infomaniak.com | URL | In Scope | 19:08 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 19:08 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | user email verification | OTHER | Out of Scope | 19:08 |
| Added | login.infomaniak.com | URL | In Scope | 19:08 |
| Added | swiss-backup*.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | *.vod2.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | www.swisstransfer.com | URL | In Scope | 19:08 |
| Added | ai-tools.infomaniak.com | AI | In Scope | 19:08 |
| Added | ix2smbdyjt.infomaniak.site | URL | In Scope | 19:08 |
| Added | invitation.infomaniak.com | URL | In Scope | 19:08 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 19:08 |
| Added | storage*.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | https://github.com/Infomaniak/desktop-kDrive | OTHER | In Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 19:08 |
| Added | admin2.infomaniak.com | URL | In Scope | 19:08 |
| Added | *.kchat.infomaniak.com | WILDCARD | In Scope | 19:08 |
| Added | infomaniak.events | URL | In Scope | 19:08 |
| Added | developer.infomaniak.com | URL | In Scope | 19:08 |
| Added | academy.infomaniak.com | URL | In Scope | 19:08 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 19:08 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 19:08 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | l75pvbdyjo.infomaniak.site | URL | In Scope | 00:52 |
| Added | sync.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 00:52 |
| Added | 5k8vrbdyje.infomaniak.site | URL | In Scope | 00:52 |
| Added | euria.infomaniak.com | URL | In Scope | 00:52 |
| Added | developer.infomaniak.com | URL | In Scope | 00:52 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 00:52 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 00:52 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | user email verification | OTHER | Out of Scope | 00:52 |
| Added | welcome.infomaniak.com | URL | In Scope | 00:52 |
| Added | invitation.infomaniak.com | URL | In Scope | 00:52 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 00:52 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | WILDCARD | Out of Scope | 00:52 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | WILDCARD | Out of Scope | 00:52 |
| Added | api.infomaniak.com | URL | In Scope | 00:52 |
| Added | fv3lfbdyjh.infomaniak.site | URL | In Scope | 00:52 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 00:52 |
| Added | academy.infomaniak.com | URL | In Scope | 00:52 |
| Added | *.kdrive.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | login.infomaniak.com | URL | In Scope | 00:52 |
| Added | swiss-backup*.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | *.vod2.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | kpaste.infomaniak.com | URL | In Scope | 00:52 |
| Added | storage*.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | infomaniak.events | URL | In Scope | 00:52 |
| Added | newsletter.infomaniak.com | URL | Out of Scope | 00:52 |
| Added | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 00:52 |
| Added | ksuite.infomaniak.com | URL | In Scope | 00:52 |
| Added | *.kchat.infomaniak.com | WILDCARD | In Scope | 00:52 |
| Added | calendar.infomaniak.com | URL | In Scope | 00:52 |
| Added | etickets.infomaniak.com | URL | In Scope | 00:52 |
| Added | www.swisstransfer.com | URL | In Scope | 00:52 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 00:52 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | URL | Out of Scope | 00:52 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | mail.infomaniak.com | URL | In Scope | 00:52 |
| Added | vod.infomaniak.com | URL | In Scope | 00:52 |
| Added | chk.infomaniak.com | URL | In Scope | 00:52 |
| Added | ai-tools.infomaniak.com | AI | In Scope | 00:52 |
| Added | ix2smbdyjt.infomaniak.site | URL | In Scope | 00:52 |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | URL | Out of Scope | 00:52 |
| Added | manager.infomaniak.com/v3/* | URL | In Scope | 00:52 |
| Added | contacts.infomaniak.com | URL | In Scope | 00:52 |
| Added | kmeet.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://github.com/Infomaniak/desktop-kDrive | CODE | In Scope | 00:52 |
| Added | sms.infomaniak.com | URL | In Scope | 00:52 |
| Added | https://api.pub1.infomaniak.cloud | URL | Out of Scope | 00:52 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | WILDCARD | Out of Scope | 00:52 |
| Added | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 00:52 |
| Added | admin2.infomaniak.com | URL | In Scope | 00:52 |
| Added | shop.infomaniak.com | URL | In Scope | 00:52 |
| Added | player-radio.infomaniak.com | URL | In Scope | 00:52 |
| Added | www.infomaniak.com | URL | In Scope | 00:52 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | ksuite.infomaniak.com | URL | In Scope | 21:40 |
| Removed | api.infomaniak.com | URL | In Scope | 21:40 |
| Removed | login.infomaniak.com | URL | In Scope | 21:40 |
| Removed | manager.infomaniak.com/v3/* | URL | In Scope | 21:40 |
| Removed | admin2.infomaniak.com | URL | In Scope | 21:40 |
| Removed | shop.infomaniak.com | URL | In Scope | 21:40 |
| Removed | *.kchat.infomaniak.com | URL | In Scope | 21:40 |
| Removed | calendar.infomaniak.com | URL | In Scope | 21:40 |
| Removed | contacts.infomaniak.com | URL | In Scope | 21:40 |
| Removed | etickets.infomaniak.com | URL | In Scope | 21:40 |
| Removed | mail.infomaniak.com | URL | In Scope | 21:40 |
| Removed | swiss-backup*.infomaniak.com | URL | In Scope | 21:40 |
| Removed | vod.infomaniak.com | URL | In Scope | 21:40 |
| Removed | *.vod2.infomaniak.com | URL | In Scope | 21:40 |
| Removed | player-radio.infomaniak.com | URL | In Scope | 21:40 |
| Removed | welcome.infomaniak.com | URL | In Scope | 21:40 |
| Removed | www.swisstransfer.com | URL | In Scope | 21:40 |
| Removed | www.infomaniak.com | URL | In Scope | 21:40 |
| Removed | chk.infomaniak.com | URL | In Scope | 21:40 |
| Removed | ai-tools.infomaniak.com | ANDROID | In Scope | 21:40 |
| Removed | kmeet.infomaniak.com | URL | In Scope | 21:40 |
| Removed | kpaste.infomaniak.com | URL | In Scope | 21:40 |
| Removed | sync.infomaniak.com | URL | In Scope | 21:40 |
| Removed | storage*.infomaniak.com | URL | In Scope | 21:40 |
| Removed | euria.infomaniak.com | URL | In Scope | 21:40 |
| Removed | https://play.google.com/store/apps/details?id=com.infomaniak.drive | ANDROID | In Scope | 21:40 |
| Removed | https://apps.apple.com/app/infomaniak-kdrive/id1482778676 | IOS | In Scope | 21:40 |
| Removed | https://github.com/Infomaniak/desktop-kDrive | OTHER | In Scope | 21:40 |
| Removed | https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 | IOS | In Scope | 21:40 |
| Removed | https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US | ANDROID | In Scope | 21:40 |
| Removed | ix2smbdyjt.infomaniak.site | URL | In Scope | 21:40 |
| Removed | 5k8vrbdyje.infomaniak.site | URL | In Scope | 21:40 |
| Removed | fv3lfbdyjh.infomaniak.site | URL | In Scope | 21:40 |
| Removed | l75pvbdyjo.infomaniak.site | URL | In Scope | 21:40 |
| Removed | infomaniak.events | URL | In Scope | 21:40 |
| Removed | sms.infomaniak.com | URL | In Scope | 21:40 |
| Removed | developer.infomaniak.com | URL | In Scope | 21:40 |
| Removed | invitation.infomaniak.com | URL | In Scope | 21:40 |
| Removed | academy.infomaniak.com | URL | In Scope | 21:40 |
| Removed | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 21:40 |
| Removed | https://api.pub1.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 21:40 |
| Removed | newsletter.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | Out of Scope | 21:40 |
| Removed | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | Out of Scope | 21:40 |
| Removed | ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | vps instances from our customers, like *.vps.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | *.kdrive.infomaniak.com | URL | In Scope | 21:40 |
| Removed | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Removed | user email verification | OTHER | Out of Scope | 21:40 |
| Removed | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 21:40 |
| Removed | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Out of Scope | 21:40 |
| Removed | mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | Out of Scope | 21:40 |
| Added | ftp credentials from our customers, like *.ftp.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | vps instances from our customers, like *.vps.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | mysql credentials from our customers, like *.myd.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | user email verification | OTHER | Out of Scope | 00:33 |
| Added | websocket ips-public credentials. public identifiers that do not allow access to information outside the scope of the user's profile | OTHER | Out of Scope | 00:33 |
| Added | s3 credentials from our customers, like s3.pub*.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | database service instances from customers, like *.dbaas.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | newsletter.infomaniak.com | OTHER | Out of Scope | 00:33 |
| Added | we do not manage open stack dashboard which is therefore out of scope | OTHER | Out of Scope | 00:33 |
| Added | https://api.pub1.infomaniak.cloud | OTHER | Out of Scope | 00:33 |
| Added | this domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. this is only office application, an external app to open ms office documents | OTHER | Out of Scope | 00:33 |
| Added | assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward | OTHER | Out of Scope | 00:33 |
| Added | ov-xx.infomaniak.ch and od-xx.infomaniak.ch sub domains | OTHER | Out of Scope | 00:33 |