| + | https://hackerone.com/urbancompany | 6 | 1 | HackerOne |
In Scope Assets:- URL: www.urbancompany.com
- ANDROID: com.urbanclap.provider
- ANDROID: com.urbanclap.urbanclap
- IOS: 1032480595
- IOS: 982922982
- URL: www.urbanclap.com
Out of Scope Assets:- OTHER: Other urbancompany.com subdomains except for the ones in-scope (OOS)
|
| + | https://hackerone.com/valve | 17 | 5 | HackerOne |
In Scope Assets:- URL: www.dota2.com
- OTHER: Steam Servers
- URL: support.steampowered.com
- URL: partner.steampowered.com
- IOS: com.valvesoftware.Steam
- ANDROID: com.valvesoftware.Steam
- URL: store.steampowered.com
- URL: www.valvesoftware.com
- URL: api.steampowered.com
- URL: partner.steamgames.com
- URL: steamcommunity.com
- URL: www.teamfortress.com
- URL: www.counter-strike.net
- URL: developer.valvesoftware.com
- URL: playartifact.com
- URL: help.steampowered.com
- OTHER: Steam Client
Out of Scope Assets:- URL: valvestore.forfansbyfans.com,store.valvesoftware.com (OOS)
- URL: www.steampowered.com (OOS)
- URL: translation.steampowered.com (OOS)
- URL: www.steamgames.com (OOS)
- URL: list.valvesoftware.com (OOS)
|
| + | https://hackerone.com/varonis | 3 | 3 | HackerOne |
In Scope Assets:- WILDCARD: *.varonis.com
- WILDCARD: *.varonis.io
- WILDCARD: *.varonis.net
Out of Scope Assets:- WILDCARD: *.varonis-preprod.com (OOS)
- OTHER: All other assets (OOS)
- WILDCARD: *.cyral.com (OOS)
|
| + | https://hackerone.com/verily_life_sciences | 8 | 0 | HackerOne |
In Scope Assets:- WILDCARD: https://*.verily.com/
- WILDCARD: https://*.onduo.com/
- WILDCARD: https://*.projectbaseline.com/
- WILDCARD: https://*.signalpath.com/
- IOS: https://apps.apple.com/us/app/verily-me/id6448808133
- IOS: https://apps.apple.com/us/app/onduo/id1138490045
- ANDROID: https://play.google.com/store/apps/details?id=com.verily.me
- ANDROID: https://play.google.com/store/apps/details?id=com.google.android.apps.diabetes
|
| + | https://hackerone.com/vimeo | 36 | 32 | HackerOne |
In Scope Assets:- URL: www.vimeo.com
- URL: player.vimeo.com
- URL: api.vimeo.com
- WILDCARD: *.cloud.vimeo.com
- URL: vimeopro.com
- URL: http://vimeo.com/ondemand
- URL: http://vimeo.com/api
- IOS: 425194759
- ANDROID: com.vimeo.android.videoapp
- WILDCARD: *.vimeo.com
- URL: checkout.vimeo.com
- URL: http://vimeo.com/create
- URL: vimeo.magisto.com
- ANDROID: com.vimeocreate.videoeditor.moviemaker
- IOS: 1491791513
- URL: vhx.tv
- URL: embed.vhx.tv
- URL: api.vhx.tv
- WILDCARD: *.vhx.tv
- OTHER: channelstore.roku.com/details/48061/vhx
- OTHER: VHX Branded Customer iOS Apps
- OTHER: VHX Branded Customer Android Apps
- OTHER: VHX Branded Customer Roku Apps
- URL: magisto.com,www.magisto.com
- WILDCARD: *.magisto.com
- URL: staging.magisto.com
- URL: applause1.magisto.com
- ANDROID: com.magisto
- IOS: 486781045
- WILDCARD: *.livestream.com
- URL: www.livestream.com
- WILDCARD: *.new.livestream.com
- URL: donations.livestream.com
- OTHER: Livestream software (Producer, Studio)
- ANDROID: com.livestream.livestream
- IOS: 493086499
Out of Scope Assets:- WILDCARD: *.email.vimeo.com (OOS)
- WINDOWS APP: All (OOS)
- URL: vimeo.atlassian.net (OOS)
- WILDCARD: *.wirewax.com (OOS)
- WILDCARD: *.wirewax.app (OOS)
- WILDCARD: *.wibbitz.com (OOS)
- ANDROID: tv.vhx (OOS)
- IOS: 935740658 (OOS)
- WILDCARD: *.test.magisto.com (OOS)
- WILDCARD: *.dev.magisto.com (OOS)
- URL: applause2.magisto.com (OOS)
- URL: gamma.magisto.com (OOS)
- URL: delta.magisto.com (OOS)
- URL: int001.vimeo.magisto.com (OOS)
- URL: int002.vimeo.magisto.com (OOS)
- URL: int003.vimeo.magisto.com (OOS)
- URL: int004.vimeo.magisto.com (OOS)
- URL: int005vimeo.magisto.com (OOS)
- URL: eta.magisto.com (OOS)
- URL: epsilon.magisto.com (OOS)
- URL: http://www.magisto.com/blog (OOS)
- URL: omega.magisto.com (OOS)
- WILDCARD: *.cdn.magisto.com (OOS)
- URL: livestreamapis.com (OOS)
- WILDCARD: *.boost.livestream.com,boost.livestream.com (OOS)
- URL: store.livestream.com (OOS)
- URL: publishing-api.livestream.com (OOS)
- URL: help.livestream.com (OOS)
- URL: status.livestream.com (OOS)
- OTHER: s3://static.intercast-livestream.com (OOS)
- OTHER: livestream.com/blog, *.livestream.com/blog, blog.livestream.com (OOS)
- HARDWARE: Any previously owned/sold hardware (OOS)
|
| + | https://hackerone.com/visa | 70 | 0 | HackerOne |
In Scope Assets:- URL: aw.visa.com
- URL: bb.visa.com
- URL: bd.visa.com
- URL: bm.visa.com
- URL: bq.visa.com
- URL: cw.visa.com
- URL: ht.visa.com
- URL: www.visa.com.br
- URL: www.visa.com.mx
- URL: www.visa.com.tw
- URL: visa.com.ru
- URL: visa.com.au
- URL: www.visa.com.az
- URL: www.visa.com.cn
- URL: www.visa.com.cy
- URL: www.visa.com.ge
- URL: www.visa.com.hk
- URL: www.visa.com.hr
- URL: visa.com.jm
- URL: www.visa.com.kh
- URL: www.visa.com.kz
- URL: www.visa.com.lc
- URL: www.visa.com.lk
- URL: www.visa.com.ms
- URL: www.visa.com.my
- URL: www.visa.com.ng
- URL: www.visa.com.ph
- URL: www.visa.com.sg
- URL: www.visa.com.tr
- URL: visa.com.ua
- URL: www.visa.com.vn
- URL: www.visa.co.ao
- URL: visa.co.cr
- URL: www.visa.co.id
- URL: www.visa.co.il
- URL: www.visa.co.in
- URL: www.visa.co.jp
- URL: www.visa.co.ke
- URL: visa.co.ni
- URL: www.visa.co.nz
- URL: www.visa.co.th
- URL: www.visa.co.uk
- URL: www.visa.co.ve
- URL: visa.co.za
- URL: www.cybersource.com
- URL: www.authorize.net
- URL: www.cardinalcommerce.com
- URL: www.currencycloud.com
- URL: www.yellowpepper.com
- URL: www.fraedom.com
- URL: usa.visa.com
- URL: www.tink.com
- URL: www.practicalmoneyskills.com
- URL: www.practicalbusinessskills.org
- URL: www.practicalmoneyskills.org
- URL: sandbox.secure.checkout.visa.com
- URL: www.visainfinite.ca
- URL: http://myvisainfinite.com/suntrust/en_us/home.html
- URL: http://www.myvisacardportal.com/welcome/enbd/product/#
- URL: ebctest.cybersource.com
- URL: developer.cybersource.com
- URL: sandbox.authorize.net
- URL: developer.authorize.net
- URL: developer.visa.com
- URL: test.payworks.io
- URL: console.tink.com
- URL: developer.currencycloud.com
- URL: direct-demo.currencycloud.com
- URL: https://www.visa.com.az/az_az/account/registration
- URL: https://ebctest.cybersource.com/merchant-mgmt/
|
| + | https://hackerone.com/vodafone_oman | 7 | 0 | HackerOne |
In Scope Assets:- URL: www.vodafone.om
- URL: apix.vodafone.om
- URL: vfo01.vodafone.om
- URL: vfo02.vodafone.om
- URL: vfo03.vodafone.om
- IOS: 1589071345
- ANDROID: om.vodafone.mva
|
| + | https://hackerone.com/wallet_on_telegram | 4 | 2 | HackerOne |
In Scope Assets:- URL: walletbot.me
- URL: pay.wallet.tg
- URL: wallet.tg
- OTHER: Crypto infrastructure for cold and hot wallets
Out of Scope Assets:- URL: wallet.helpscoutdocs.com (OOS)
- URL: docs.wallet.tg (OOS)
|
| + | https://hackerone.com/watson_group | 174 | 3 | HackerOne |
|
| + | https://hackerone.com/wealthsimple | 4 | 4 | HackerOne |
In Scope Assets:- WILDCARD: *.wealthsimple.com
- IOS: com.wealthsimple.wealthsimple
- ANDROID: com.wealthsimple
- WILDCARD: *.simpletax.ca
Out of Scope Assets:- URL: help.wealthsimple.com (OOS)
- URL: support.wealthsimple.com (OOS)
- URL: work.wealthsimple.com (OOS)
- URL: tldr-archive.wealthsimple.com (OOS)
|
| + | https://hackerone.com/wellsfargo-bbp | 7 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.wellsfargo.com
- URL: connect.secure.wellsfargo.com
- ANDROID: com.wellsfargo.ceomobile
- ANDROID: com.wf.wellsfargomobile
- IOS: com.wf.mobilebanking
- IOS: com.wf.ceomobile
- URL: http://wellsfargo.com
|
| + | https://hackerone.com/whoop_bug_bounty | 7 | 3 | HackerOne |
In Scope Assets:- IOS: com.whoop.iphone
- ANDROID: com.whoop.android
- OTHER: WHOOP 4.0 STRAP
- URL: api.prod.whoop.com
- URL: app.whoop.com
- OTHER: join.whoop.com
- URL: shop.whoop.com
Out of Scope Assets:- OTHER: Support System (OOS)
- URL: okta.whoop.com (OOS)
- OTHER: Azure AD, Google Drive, Link Sharing Websites (OOS)
|
| + | https://hackerone.com/wickr | 12 | 1 | HackerOne |
In Scope Assets:- OTHER: Wickr Pro/Wickr Me (all related technical components) (up to)
- URL: admin.wickr.com
- OTHER: Wickr Pro Android
- OTHER: Wickr Pro iOS
- OTHER: Wickr Pro Linux
- OTHER: Wickr Me iOS
- OTHER: Wickr Me Android
- OTHER: Wickr Me Linux
- OTHER: Wickr Me OS X
- OTHER: Wickr Pro OS X
- OTHER: Wickr Pro Windows
- OTHER: Wickr Me Windows
Out of Scope Assets:- URL: support.wickr.com (OOS)
|
| + | https://hackerone.com/wisdomtree | 3 | 2 | HackerOne |
In Scope Assets:- URL: api.wisdomtreeprimeapp.com
- TESTFLIGHT: com.wisdomtree.wtprime
- ANDROID: com.wisdomtree.wtprime
Out of Scope Assets:- URL: wisdomtree.com (OOS)
- URL: wisdomtree.eu (OOS)
|
| + | https://hackerone.com/wordpress | 22 | 7 | HackerOne |
In Scope Assets:- SOURCE_CODE: WordPress Core
- SOURCE_CODE: BuddyPress Core
- SOURCE_CODE: BBPress Core
- WILDCARD: *.wordpress.org
- URL: api.wordpress.org
- WILDCARD: *.buddypress.org,bbpress.org,profiles.wordpress.org
- WILDCARD: *.wordcamp.org
- URL: codex.wordpress.org,codex.bbpress.org,codex.buddypress.org
- URL: mercantile.wordpress.org
- SOURCE_CODE: *.trac.wordpress.org, *.svn.wordpress.org, *.git.wordpress.org, github.com/WordPress
- URL: irclogs.wordpress.org
- URL: lists.wordpress.org
- URL: planet.wordpress.org
- WILDCARD: *.wordpress.net
- SOURCE_CODE: Gutenberg
- SOURCE_CODE: GlotPress
- SOURCE_CODE: WP-CLI
- SOURCE_CODE: Official WordPress plugins
- URL: wordpressfoundation.org
- WILDCARD: munin-*.wordpress.org
- URL: doaction.org
- URL: gutenberg.run
Out of Scope Assets:- WILDCARD: *.wordpress.com (OOS)
- URL: status.wordpress.org,glotpress.blog,wordpress.tv (OOS)
- IOS: 335703880 (OOS)
- ANDROID: org.wordpress.android (OOS)
- SOURCE_CODE: https://github.com/wordpress-mobile/ (OOS)
- OTHER: Digital Ocean, AWS, etc (OOS)
- OTHER: Archived GitHub repositories (OOS)
|
| + | https://hackerone.com/x | 13 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.twitter.com
- WILDCARD: *.vine.co
- ANDROID: com.twitter.android
- IOS: com.atebits.Tweetie2
- WILDCARD: *.twimg.com
- URL: gnip.com
- URL: x.com
- WILDCARD: *.x.ai
- WILDCARD: *.x.com
- WILDCARD: *.grok.com
- URL: grok.com
- IOS: ai.x.GrokApp
- ANDROID: ai.x.grok
Out of Scope Assets:- URL: status.twitter.com (OOS)
|
| + | https://hackerone.com/xiaomi | 28 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.mi.com
- WILDCARD: *.xiaomi.com
- HARDWARE: Mi/Redmi Phone
- HARDWARE: Mi Band
- HARDWARE: Mi Home Webcam
- HARDWARE: Mi Robot Vacuum
- HARDWARE: Mi TV Box
- HARDWARE: Mi Laser Projector
- HARDWARE: Mi TV
- HARDWARE: Mi Electric Scooter
- ANDROID: com.miui.micloudsync
- ANDROID: com.xiaomi.smarthome
- ANDROID: com.xiaomi.market
- ANDROID: com.mi.global.shop
- ANDROID: com.xiaomi.mibrain.speech
- ANDROID: com.xiaomi.account
- WILDCARD: *.miui.com
- WILDCARD: *.xiaomiyoupin.com
- WILDCARD: *.miwifi.com
- ANDROID: com.xiaomi.payment
- ANDROID: com.xiaomi.mipicks
- ANDROID: com.xiaomi.micloud.sdk
- ANDROID: com.miui.cloudbackup
- ANDROID: com.miui.cloudservice
- ANDROID: com.android.browser
- OTHER: Other APK Assets
- OTHER: Other Hardware Assets
- OTHER: MIUI OS for Xiaomi Phone
|
| + | https://hackerone.com/xverse | 2 | 7 | HackerOne |
In Scope Assets:- IOS: com.secretkeylabs.xverse
- OTHER: https://chrome.google.com/webstore/detail/xverse-wallet/idnnbdplmphpflfnlkomgpfbpcgelopg
Out of Scope Assets:- URL: https://api.xverse.app (OOS)
- URL: https://inscribe.xverse.app/ (OOS)
- URL: https://xverse.app (OOS)
- URL: https://sponsor.xverse.app (OOS)
- URL: https://ord.xverse.app (OOS)
- URL: https://pool.xverse.app/ (OOS)
- URL: https://api-3.xverse.app (OOS)
|
| + | https://hackerone.com/xvideos | 5 | 0 | HackerOne |
In Scope Assets:- URL: www.xvideos.com
- URL: www.xvideos.red
- URL: www.xnxx.com
- URL: https://www.xvideos.net/app/
- URL: www.xnxx.gold
|
| + | https://hackerone.com/yelp | 9 | 6 | HackerOne |
In Scope Assets:- WILDCARD: *.yelp.com
- IOS: 284910350
- IOS: 936983378
- IOS: 542767785
- WILDCARD: *.yelp-support.com
- ANDROID: com.yelp.android.biz
- ANDROID: com.yelp.android
- WILDCARD: *.yelpwifi.com
- URL: yelptop100.com
Out of Scope Assets:- URL: engineeringblog.yelp.com (OOS)
- URL: blog.yelp.com (OOS)
- URL: www.yelp-ir.com (OOS)
- URL: cloud.e.yelp-business.com (OOS)
- URL: yelp-press.com (OOS)
- URL: yelp.careers (OOS)
|
| + | https://hackerone.com/yoti | 10 | 3 | HackerOne |
In Scope Assets:- ANDROID: com.yoti.mobile.android.live
- IOS: 983980808
- URL: core.yoti.com
- URL: api.yoti.com
- URL: ccloud.yoti.com
- URL: code.yoti.com
- URL: www.yotisign.com
- URL: hub.yoti.com
- URL: identity.yoti.com
- OTHER: Yoti Password Manager browser extension
Out of Scope Assets:- URL: www.yoti.com (OOS)
- URL: developers.yoti.com (OOS)
- OTHER: Yoti liveness detection campaign (OOS)
|
| + | https://hackerone.com/yuga_labs | 11 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.boredapeyachtclub.com
- WILDCARD: *.yuga.com
- WILDCARD: *.yugalabs.io
- WILDCARD: *.otherside.xyz
- WILDCARD: *.meebits.app
- WILDCARD: *.cryptopunks.app
- OTHER: 831287358355275877
- OTHER: 961114489414094898
- OTHER: 937011954453721119
- OTHER: 329381334701178885
- WILDCARD: *.mdvmm.xyz
|
| + | https://hackerone.com/zabbix | 1 | 8 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://www.zabbix.com/download_sources
Out of Scope Assets:- URL: https://www.zabbix.com/ (OOS)
- URL: https://blog.zabbix.com/ (OOS)
- URL: https://support.zabbix.com/ (OOS)
- URL: https://translate.zabbix.com/ (OOS)
- URL: https://git.zabbix.com/ (OOS)
- URL: https://space.zabbix.com/ (OOS)
- URL: https://exam.zabbix.com/ (OOS)
- URL: https://cloud.zabbix.com/ (OOS)
|
| + | https://hackerone.com/zendesk | 15 | 0 | HackerOne |
In Scope Assets:- URL: www.zendesk.com
- URL: developer.zendesk.com
- IOS: 1174276185
- ANDROID: com.zendesk.android
- IOS: 549057844
- ANDROID: com.zopim.android
- OTHER: https://developer.zendesk.com/documentation/zendesk-sdks/#ios
- OTHER: https://developer.zendesk.com/documentation/zendesk-sdks/#android
- URL: h1-your-domain.zendesk.com
- URL: zopim.com
- URL: http://h1-your-domain.zendesk.com/sell
- ANDROID: com.futuresimple.base
- IOS: 488534576
- URL: http://h1-your-domain.zendesk.com/wfm/
- URL: http://h1-your-domain.zendesk.com/qa/
|
| + | https://hackerone.com/zerobounce | 2 | 0 | HackerOne |
In Scope Assets:- URL: zerobounce.net
- IOS: 1671793296
|
| + | https://hackerone.com/zomato | 23 | 15 | HackerOne |
In Scope Assets:- WILDCARD: *.zomato.com
- URL: winecellar.zomato.com
- ANDROID: com.application.zomato
- IOS: 434613896
- WILDCARD: *.zdev.net
- WILDCARD: *.zomans.com
- WILDCARD: *.hyperpure.com
- WILDCARD: *.runnr.in
- OTHER: All Assets (other than Blinkit)
- WILDCARD: http://*.grofer.io
- WILDCARD: http://*.grofers.com
- ANDROID: com.grofers.customerapp
- URL: api.grofers.com
- URL: api2.grofers.com
- URL: blinkit.com
- WILDCARD: *.district.in
- WILDCARD: *.edition.in
- WILDCARD: *.ticketnew.com
- WILDCARD: *.insider.in
- OTHER: BlinkIT, Hyperpure assets (in scope)
- OTHER: All Zomato Assets (Other than BlinkIT & Hyperpure)
- WILDCARD: *.tktnew.com
- OTHER: All District Assets (Other than Zomato, BlinkIT & Hyperpure)
Out of Scope Assets:- URL: www.zomatobook.com (OOS)
- URL: business-blog.zomato.com (OOS)
- ANDROID: com.application.zomato.ordering (OOS)
- URL: blog.zomato.com (OOS)
- URL: community.zomato.com (OOS)
- URL: success.zomato.com (OOS)
- URL: dev.hyperpure.com (OOS)
- URL: devapi.hyperpure.com (OOS)
- URL: devpod.hyperpure.com (OOS)
- URL: send.zomato.com (OOS)
- WILDCARD: staging*.runnr.in (OOS)
- WILDCARD: http://*.blinkit.support (OOS)
- WILDCARD: *.zomatoportugal.com (OOS)
- WILDCARD: *.bstro.io (OOS)
- WILDCARD: *.ali.zomans.com (OOS)
|
| + | https://hackerone.com/zooplus | 4 | 34 | HackerOne |
In Scope Assets:- URL: www.zooplus.de
- URL: www.zooplus.co.uk
- URL: www.zooplus.com
- URL: zooplus.net
Out of Scope Assets:- URL: www.zooplus.be (OOS)
- URL: www.zooplus.dk (OOS)
- URL: www.zooplus.fi (OOS)
- URL: www.zooplus.fr (OOS)
- URL: www.zooplus.gr (OOS)
- URL: www.zooplus.ie (OOS)
- URL: www.zooplus.it (OOS)
- URL: www.zooplus.hr (OOS)
- URL: www.zooplus.nl (OOS)
- URL: www.zooplus.no (OOS)
- URL: www.zooplus.at (OOS)
- URL: www.zooplus.pl (OOS)
- URL: www.zooplus.pt (OOS)
- URL: www.zooplus.ro (OOS)
- URL: www.zoochic-eu.ru (OOS)
- URL: www.zooplus.se (OOS)
- URL: www.zooplus.ch (OOS)
- URL: www.zoohit.sk (OOS)
- URL: www.zoohit.si (OOS)
- URL: www.zooplus.es (OOS)
- URL: www.zoohit.cz (OOS)
- URL: www.zooplus.hu (OOS)
- URL: www.bitiba.de (OOS)
- URL: www.matina-gmbh.de (OOS)
- URL: zooplus.io (OOS)
- URL: www.wolf-of-wilderness.com (OOS)
- URL: https://www.zooplus.de/tierarzt (OOS)
- URL: https://www.zooplus.es/veterinarios (OOS)
- URL: https://www.zooplus.fr/veterinaire (OOS)
- URL: https://www.zooplus.hu/allatorvos (OOS)
- URL: https://www.zooplus.it/veterinari (OOS)
- URL: https://www.zooplus.nl/dierenarts (OOS)
- URL: https://www.zooplus.pl/weterynarz (OOS)
- URL: https://www.zoohit.cz/veterinari (OOS)
|
| + | https://yeswehack.com/programs/agora | 5 | 0 | YesWeHack |
In Scope Assets:- ANDROID: Agora for Android (see dowload link for APK file and mobile app GitHub repository in description)
- IOS: Agora for iOS (see dowload link for IPA file and mobile app GitHub repository in description)
- URL: https://app.sandbox.agora.incubateur.net
- URL: https://api.sandbox.agora.incubateur.net (source code available on GitHub, see description)
- OTHER: https://content.agora.beta.gouv.fr
|
| + | https://yeswehack.com/programs/alasco-gmbh-bug-bounty-program | 4 | 0 | YesWeHack |
In Scope Assets:- URL: app.alasco.de
- URL: api.alasco.de
- OTHER: *.alasco.de
- OTHER: *.alasco.rocks
|
| + | https://yeswehack.com/programs/ant-group-security-response-center-bug-bounty-program | 1 | 0 | YesWeHack |
In Scope Assets:- OTHER: In-Scope Applications can be found here: https://mysrc.group/project_detail?id=11
|
| + | https://yeswehack.com/programs/app-suite | 3 | 0 | YesWeHack |
In Scope Assets:- URL: https://sandbox.open-xchange.com
- URL: https://sandbox.open-xchange.com
- OTHER: GitLab and GitHub repos listed on this page
|
| + | https://yeswehack.com/programs/atg-public-bug-bounty-program | 7 | 0 | YesWeHack |
In Scope Assets:- OTHER: *.atg.se
- URL: www.atg.se
- URL: api.atg.se
- URL: iam.atg.se
- IOS: https://apps.apple.com/se/app/atg/id1434660322
- OTHER: https://apps.apple.com/se/app/atg-live/id1608156355
- ANDROID: https://play.google.com/store/apps/details?id=se.atg.live&hl=en&gl=SE
|
| + | https://yeswehack.com/programs/bitoasis-bug-bounty-program | 3 | 0 | YesWeHack |
In Scope Assets:- URL: *.bitoasis.net
- ANDROID: https://play.google.com/store/apps/details?id=com.bitoasis&hl=en
- IOS: https://apps.apple.com/ae/app/bitoasis-buy-bitcoin-crypto/id1521661794
|
| + | https://yeswehack.com/programs/blackbox-bforbank-mobile | 4 | 0 | YesWeHack |
In Scope Assets:- ANDROID: https://play.google.com/store/apps/details?id=com.bforbank.android
- IOS: https://apps.apple.com/us/app/bforbank-banque-en-ligne/id1607839793
- URL: https://gtw-b2capps.bforbank.com/*
- URL: https://gtw-b2capps.bforbank.com/customer-acquisition/access-management/users*
|
| + | https://yeswehack.com/programs/bookbeat | 1 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.bookbeat.com
|
| + | https://yeswehack.com/programs/bug-bounty-program-blablacar | 11 | 0 | YesWeHack |
In Scope Assets:- URL: https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua))
- URL: https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
- URL: https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
- URL: https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
- ANDROID: https://play.google.com/store/apps/details?id=com.comuto&hl=en
- IOS: https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8
- URL: https://api.blablalines.com
- URL: https://daily.blablacar.fr
- URL: https://blablacardaily.com
- ANDROID: https://play.google.com/store/apps/details?id=com.blablalines
- IOS: https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288
|
| + | https://yeswehack.com/programs/bug-bounty-sncf-connect-1 | 4 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.sncf-connect.com
- URL: https://sncf-connect.com
- URL: https//monidentifiant.sncf
- URL: https://www.sncf-connect.com/bff
|
| + | https://yeswehack.com/programs/coindcx-bug-bounty-program | 4 | 0 | YesWeHack |
In Scope Assets:- URL: *.coindcx.com
- URL: api.coindcx.com
- ANDROID: https://play.google.com/store/apps/details?id=com.coindcx.btc
- IOS: https://apps.apple.com/in/app/coindcx-trade-bitcoin-crypto/id1517787269
|
| + | https://yeswehack.com/programs/contentsquare-bug-bounty-program | 5 | 0 | YesWeHack |
In Scope Assets:- URL: *.contentsquare.com
- URL: https://mobile-production.content-square.net/
- URL: https://m.csqtrk.net
- URL: https://s.contentsquare.net
- APPLICATION: Contentsquare SDK (cf : Program Description)
|
| + | https://yeswehack.com/programs/cryptobox-bug-bounty | 3 | 0 | YesWeHack |
In Scope Assets:- URL: https://bounty.cryptobox.com
- ANDROID: https://play.google.com/store/apps/details?id=com.ercom.cryptobox.release&hl=fr
- IOS: https://apps.apple.com/fr/app/cryptobox/id972602802
|
| + | https://yeswehack.com/programs/cybermalveillance-gouv-fr-sensibilization-prevention-and-support-in-terms-of-cybersecurity | 1 | 0 | YesWeHack |
In Scope Assets:- URL: https://pprd.cybermalveillance.gouv.fr
|
| + | https://yeswehack.com/programs/dailymotion-public-bug-bounty | 11 | 0 | YesWeHack |
In Scope Assets:- URL: *.dailymotion.com
- URL: *.api.dailymotion.com
- URL: developer.dailymotion.com
- URL: *.dmcdn.net
- ANDROID: https://play.google.com/store/apps/details?id=com.dailymotion.dailymotion&hl=fr&gl=US
- IOS: https://apps.apple.com/fr/app/dailymotion/id336978041
- URL: ifttt-adaptor.pub.kube.dm.gg
- OTHER: AS41690
- URL: dmxleo.com
- URL: *.dm.gg
- OTHER: Google Cloud Plateform Instances
|
| + | https://yeswehack.com/programs/dana-bug-bounty-program | 1 | 0 | YesWeHack |
|
| + | https://yeswehack.com/programs/datadome-bot-bounty | 6 | 0 | YesWeHack |
In Scope Assets:- URL: https://bounty-nodejs.datashield.co
- URL: https://bounty-fastly.datashield.co
- URL: https://bounty-nginx.datashield.co
- URL: *.captcha-delivery.com
- URL: js.datadome.co
- URL: api-js.datadome.co
|
| + | https://yeswehack.com/programs/datadome-bug-bounty | 8 | 0 | YesWeHack |
In Scope Assets:- URL: https://app.datadome.co
- URL: https://customer-api.datadome.co
- URL: https://api.datadome.co
- URL: https://api-js.datadome.co
- URL: https://*.captcha-delivery.com
- URL: https://auth.datadome.co
- URL: https://datadome.co
- URL: https://bot-tester.datadome.co/
|
| + | https://yeswehack.com/programs/decathlon | 2 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.decathlon.(be|ch|es|fr|hu|pl|pt|ro|cz|com.tr)/
- URL: https://www.decathlon.(co.uk|it|nl|de)/
|
| + | https://yeswehack.com/programs/deezer-bug-bounty-program-2019 | 13 | 0 | YesWeHack |
In Scope Assets:- URL: www.deezer.com
- URL: connect.deezer.com
- URL: api.deezer.com
- URL: payment.deezer.com
- ANDROID: https://play.google.com/store/apps/details?id=deezer.android.app
- IOS: https://apps.apple.com/fr/app/deezer-musique-podcast/id292738169
- URL: zen.deezer.com
- URL: wellbeing.deezer.com
- OTHER: wellbeing.dzcdn.net
- ANDROID: https://play.google.com/store/apps/details?id=com.deezer.zen
- IOS: https://apps.apple.com/be/app/zen-by-deezer-m%C3%A9ditation/id1597326355
- URL: account.deezer.com
- URL: pipe.deezer.com
|
| + | https://yeswehack.com/programs/demarches-simplifiees-public | 5 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.demarches-simplifiees.fr
- URL: https://www.demarches-simplifiees.fr/graphql
- URL: https://www.demarches-simplifiees.fr/api/v2/graphql
- URL: https://static.demarches-simplifiees.fr
- OTHER: DS proxy (see https://github.com/demarches-simplifiees/ds_proxy)
|
| + | https://yeswehack.com/programs/doctolib-public-bug-bounty-program | 9 | 0 | YesWeHack |
In Scope Assets:- URL: www.doctolib.(fr|de|it)
- URL: pro.doctolib.(fr|de|it) (see "Free features for healthcare professionals"))
- URL: Special scenarios (see description)
- URL: *.doctolib.(fr|de|it|com|net)
- IOS: https://apps.apple.com/fr/app/doctolib/id925339063
- ANDROID: http://play.google.com/store/apps/details?id=fr.doctolib.www
- APPLICATION: *.siilo.com
- IOS: https://apps.apple.com/ie/app/doctolib-siilo/id1083002150
- ANDROID: https://play.google.com/store/apps/details?id=com.siilo.android&hl=en
|
| + | https://yeswehack.com/programs/dovecot | 1 | 0 | YesWeHack |
In Scope Assets:- OTHER: Dovecot IMAP Server and Pigeonhole SIEVE (see "Software packages" and "Source code")
|