| + | https://hackerone.com/wallet_on_telegram | 6 | 3 | HackerOne |
In Scope Assets:- URL: walletbot.me
- URL: pay.wallet.tg
- URL: wallet.tg
- OTHER: Crypto infrastructure for cold and hot wallets
- URL: wallettg.com
- URL: wallettg.net
Out of Scope Assets:- URL: wallet.helpscoutdocs.com (OOS)
- URL: docs.wallet.tg (OOS)
- URL: toncenter.walletbot.me (OOS)
|
| + | https://hackerone.com/wealthsimple | 4 | 4 | HackerOne |
In Scope Assets:- WILDCARD: *.simpletax.ca
- WILDCARD: *.wealthsimple.com
- IOS: com.wealthsimple.wealthsimple
- ANDROID: com.wealthsimple
Out of Scope Assets:- URL: help.wealthsimple.com (OOS)
- URL: support.wealthsimple.com (OOS)
- URL: work.wealthsimple.com (OOS)
- URL: tldr-archive.wealthsimple.com (OOS)
|
| + | https://hackerone.com/wellsfargo-bbp | 7 | 0 | HackerOne |
In Scope Assets:- URL: http://wellsfargo.com
- WILDCARD: *.wellsfargo.com
- URL: connect.secure.wellsfargo.com
- ANDROID: com.wellsfargo.ceomobile
- ANDROID: com.wf.wellsfargomobile
- IOS: com.wf.mobilebanking
- IOS: com.wf.ceomobile
|
| + | https://hackerone.com/whoop_bug_bounty | 8 | 4 | HackerOne |
In Scope Assets:- IOS: com.whoop.iphone
- ANDROID: com.whoop.android
- OTHER: WHOOP 4.0 STRAP
- URL: api.prod.whoop.com
- URL: app.whoop.com
- OTHER: join.whoop.com
- URL: shop.whoop.com
- OTHER: WHOOP 5.0/MG STRAP
Out of Scope Assets:- OTHER: Support System (OOS)
- URL: okta.whoop.com (OOS)
- OTHER: Azure AD, Google Drive, Link Sharing Websites (OOS)
- OTHER: Credit/Debit Card Testing (OOS)
|
| + | https://hackerone.com/wickr | 12 | 1 | HackerOne |
In Scope Assets:- OTHER: Wickr Pro/Wickr Me (all related technical components) (up to)
- URL: admin.wickr.com
- OTHER: Wickr Pro Android
- OTHER: Wickr Pro iOS
- OTHER: Wickr Pro Linux
- OTHER: Wickr Me iOS
- OTHER: Wickr Me Android
- OTHER: Wickr Me Linux
- OTHER: Wickr Me OS X
- OTHER: Wickr Pro OS X
- OTHER: Wickr Pro Windows
- OTHER: Wickr Me Windows
Out of Scope Assets:- URL: support.wickr.com (OOS)
|
| + | https://hackerone.com/wisdomtree | 3 | 2 | HackerOne |
In Scope Assets:- URL: api.wisdomtreeprimeapp.com
- TESTFLIGHT: com.wisdomtree.wtprime
- ANDROID: com.wisdomtree.wtprime
Out of Scope Assets:- URL: wisdomtree.com (OOS)
- URL: wisdomtree.eu (OOS)
|
| + | https://hackerone.com/wordpress | 21 | 7 | HackerOne |
In Scope Assets:- SOURCE_CODE: GlotPress
- SOURCE_CODE: WP-CLI
- SOURCE_CODE: Official WordPress plugins
- URL: wordpressfoundation.org
- WILDCARD: munin-*.wordpress.org
- SOURCE_CODE: WordPress Core
- SOURCE_CODE: BuddyPress Core
- SOURCE_CODE: BBPress Core
- WILDCARD: *.wordpress.org
- URL: api.wordpress.org
- WILDCARD: *.buddypress.org,bbpress.org,profiles.wordpress.org
- WILDCARD: *.wordcamp.org
- URL: codex.wordpress.org,codex.bbpress.org,codex.buddypress.org
- URL: mercantile.wordpress.org
- SOURCE_CODE: *.trac.wordpress.org, *.svn.wordpress.org, *.git.wordpress.org, github.com/WordPress
- URL: irclogs.wordpress.org
- URL: lists.wordpress.org
- URL: planet.wordpress.org
- WILDCARD: *.wordpress.net
- URL: doaction.org
- SOURCE_CODE: Gutenberg
Out of Scope Assets:- OTHER: Digital Ocean, AWS, etc (OOS)
- WILDCARD: *.wordpress.com (OOS)
- URL: status.wordpress.org,glotpress.blog,wordpress.tv (OOS)
- IOS: 335703880 (OOS)
- ANDROID: org.wordpress.android (OOS)
- SOURCE_CODE: https://github.com/wordpress-mobile/ (OOS)
- OTHER: Archived GitHub repositories (OOS)
|
| + | https://hackerone.com/x | 15 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.twitter.com
- WILDCARD: *.vine.co
- ANDROID: com.twitter.android
- IOS: com.atebits.Tweetie2
- WILDCARD: *.twimg.com
- URL: gnip.com
- URL: x.com
- WILDCARD: *.x.ai
- WILDCARD: *.x.com
- WILDCARD: *.grok.com
- URL: grok.com
- IOS: ai.x.GrokApp
- ANDROID: ai.x.grok
- WILDCARD: *.twitter.biz
- URL: chat.x.com
Out of Scope Assets:- URL: status.twitter.com (OOS)
|
| + | https://hackerone.com/xiaomi | 28 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.mi.com
- WILDCARD: *.xiaomi.com
- HARDWARE: Mi/Redmi Phone
- HARDWARE: Mi Band
- HARDWARE: Mi Home Webcam
- HARDWARE: Mi Robot Vacuum
- HARDWARE: Mi TV Box
- HARDWARE: Mi Laser Projector
- HARDWARE: Mi TV
- HARDWARE: Mi Electric Scooter
- ANDROID: com.miui.micloudsync
- ANDROID: com.xiaomi.smarthome
- ANDROID: com.xiaomi.market
- ANDROID: com.mi.global.shop
- ANDROID: com.xiaomi.mibrain.speech
- ANDROID: com.xiaomi.account
- WILDCARD: *.miui.com
- WILDCARD: *.xiaomiyoupin.com
- WILDCARD: *.miwifi.com
- ANDROID: com.xiaomi.payment
- ANDROID: com.xiaomi.mipicks
- ANDROID: com.xiaomi.micloud.sdk
- ANDROID: com.miui.cloudbackup
- ANDROID: com.miui.cloudservice
- ANDROID: com.android.browser
- OTHER: Other APK Assets
- OTHER: Other Hardware Assets
- OTHER: MIUI OS for Xiaomi Phone
|
| + | https://hackerone.com/xvideos | 5 | 2 | HackerOne |
In Scope Assets:- URL: www.xvideos.com
- URL: www.xvideos.red
- URL: www.xnxx.com
- URL: https://www.xvideos.net/app/
- URL: www.xnxx.gold
Out of Scope Assets:- URL: www.xvcams.com (OOS)
- URL: www.xvlivecams.com (OOS)
|
| + | https://hackerone.com/yelp | 9 | 6 | HackerOne |
In Scope Assets:- URL: yelptop100.com
- WILDCARD: *.yelp.com
- IOS: 284910350
- IOS: 936983378
- IOS: 542767785
- WILDCARD: *.yelp-support.com
- ANDROID: com.yelp.android.biz
- ANDROID: com.yelp.android
- WILDCARD: *.yelpwifi.com
Out of Scope Assets:- URL: yelp-press.com (OOS)
- URL: yelp.careers (OOS)
- URL: engineeringblog.yelp.com (OOS)
- URL: blog.yelp.com (OOS)
- URL: www.yelp-ir.com (OOS)
- URL: cloud.e.yelp-business.com (OOS)
|
| + | https://hackerone.com/yoti | 10 | 3 | HackerOne |
In Scope Assets:- ANDROID: com.yoti.mobile.android.live
- IOS: 983980808
- URL: core.yoti.com
- URL: api.yoti.com
- URL: ccloud.yoti.com
- URL: code.yoti.com
- URL: www.yotisign.com
- URL: hub.yoti.com
- URL: identity.yoti.com
- OTHER: Yoti Password Manager browser extension
Out of Scope Assets:- URL: www.yoti.com (OOS)
- URL: developers.yoti.com (OOS)
- OTHER: Yoti liveness detection campaign (OOS)
|
| + | https://hackerone.com/zabbix | 1 | 10 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://www.zabbix.com/download_sources
Out of Scope Assets:- URL: https://www.zabbix.com/ (OOS)
- URL: https://blog.zabbix.com/ (OOS)
- URL: https://support.zabbix.com/ (OOS)
- URL: https://translate.zabbix.com/ (OOS)
- URL: https://git.zabbix.com/ (OOS)
- URL: https://space.zabbix.com/ (OOS)
- URL: https://exam.zabbix.com/ (OOS)
- URL: https://cloud.zabbix.com/ (OOS)
- URL: https://shop.zabbix.com (OOS)
- URL: https://academy.zabbix.com/ (OOS)
|
| + | https://hackerone.com/zerobounce | 2 | 0 | HackerOne |
In Scope Assets:- URL: zerobounce.net
- IOS: 1671793296
|
| + | https://hackerone.com/zooplus | 4 | 34 | HackerOne |
In Scope Assets:- URL: zooplus.net
- URL: www.zooplus.de
- URL: www.zooplus.co.uk
- URL: www.zooplus.com
Out of Scope Assets:- URL: www.wolf-of-wilderness.com (OOS)
- URL: www.zooplus.be (OOS)
- URL: www.zooplus.dk (OOS)
- URL: www.zooplus.fi (OOS)
- URL: www.zooplus.fr (OOS)
- URL: www.zooplus.gr (OOS)
- URL: www.zooplus.ie (OOS)
- URL: www.zooplus.it (OOS)
- URL: www.zooplus.hr (OOS)
- URL: www.zooplus.nl (OOS)
- URL: www.zooplus.no (OOS)
- URL: www.zooplus.at (OOS)
- URL: www.zooplus.pl (OOS)
- URL: www.zooplus.pt (OOS)
- URL: www.zooplus.ro (OOS)
- URL: www.zoochic-eu.ru (OOS)
- URL: www.zooplus.se (OOS)
- URL: www.zooplus.ch (OOS)
- URL: www.zoohit.sk (OOS)
- URL: www.zoohit.si (OOS)
- URL: www.zooplus.es (OOS)
- URL: www.zoohit.cz (OOS)
- URL: www.zooplus.hu (OOS)
- URL: www.bitiba.de (OOS)
- URL: www.matina-gmbh.de (OOS)
- URL: https://www.zooplus.de/tierarzt (OOS)
- URL: https://www.zooplus.es/veterinarios (OOS)
- URL: https://www.zooplus.fr/veterinaire (OOS)
- URL: https://www.zooplus.hu/allatorvos (OOS)
- URL: https://www.zooplus.it/veterinari (OOS)
- URL: https://www.zooplus.nl/dierenarts (OOS)
- URL: https://www.zooplus.pl/weterynarz (OOS)
- URL: https://www.zoohit.cz/veterinari (OOS)
- URL: zooplus.io (OOS)
|
| + | https://yeswehack.com/programs/agora | 4 | 0 | YesWeHack |
In Scope Assets:- ANDROID: Agora for Android (see dowload link for APK file and mobile app GitHub repository in description)
- IOS: Agora for iOS (see dowload link for IPA file and mobile app GitHub repository in description)
- URL: https://app.sandbox.agora.incubateur.net
- URL: https://api.sandbox.agora.incubateur.net (source code available on GitHub, see description)
|
| + | https://yeswehack.com/programs/alasco-gmbh-bug-bounty-program | 4 | 0 | YesWeHack |
In Scope Assets:- URL: app.alasco.de
- URL: api.alasco.de
- OTHER: *.alasco.de
- OTHER: *.alasco.rocks
|
| + | https://yeswehack.com/programs/ant-group-security-response-center-bug-bounty-program | 8 | 0 | YesWeHack |
In Scope Assets:- URL: *.alipayplus.com
- URL: *.antom.com
- URL: *.worldfirst.com
- URL: bettrfinancing.com
- URL: anext.com.sg
- URL: alipayhk.com
- URL: antbank.hk
- OTHER: Any Other Applications found here: https://mysrc.group/project_detail?id=11
|
| + | https://yeswehack.com/programs/app-suite | 3 | 0 | YesWeHack |
In Scope Assets:- URL: https://sandbox.open-xchange.com
- URL: https://sandbox.open-xchange.com
- OPEN-SOURCE: GitLab and GitHub repos listed on this page
|
| + | https://yeswehack.com/programs/atg-public-bug-bounty-program | 7 | 0 | YesWeHack |
In Scope Assets:- OTHER: *.atg.se
- URL: www.atg.se
- URL: api.atg.se
- URL: iam.atg.se
- IOS: https://apps.apple.com/se/app/atg/id1434660322
- OTHER: https://apps.apple.com/se/app/atg-live/id1608156355
- ANDROID: https://play.google.com/store/apps/details?id=se.atg.live&hl=en&gl=SE
|
| + | https://yeswehack.com/programs/bigbluebutton-bug-bounty-program | 7 | 0 | YesWeHack |
In Scope Assets:- OPEN-SOURCE: https://github.com/bigbluebutton/bigbluebutton
- OPEN-SOURCE: https://github.com/blindsidenetworks/scalelite
- OPEN-SOURCE: https://github.com/bigbluebutton/bbb-webrtc-sfu
- OPEN-SOURCE: https://github.com/bigbluebutton/bbb-webrtc-recorder
- OPEN-SOURCE: https://github.com/bigbluebutton/greenlight
- OPEN-SOURCE: https://github.com/bigbluebutton/bbb-presentation-video
- OPEN-SOURCE: https://github.com/bigbluebutton/bbb-playback
|
| + | https://yeswehack.com/programs/bind-bug-bounty-program | 1 | 0 | YesWeHack |
In Scope Assets:- OPEN-SOURCE: https://gitlab.isc.org/isc-projects/bind9
|
| + | https://yeswehack.com/programs/bitoasis-bug-bounty-program | 3 | 0 | YesWeHack |
In Scope Assets:- URL: *.bitoasis.net
- ANDROID: https://play.google.com/store/apps/details?id=com.bitoasis&hl=en
- IOS: https://apps.apple.com/ae/app/bitoasis-buy-bitcoin-crypto/id1521661794
|
| + | https://yeswehack.com/programs/bookbeat | 5 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.bookbeat.com
- URL: https://api.bookbeat.com
- URL: https://search-api.bookbeat.com
- ANDROID: https://play.google.com/store/apps/details?id=com.bookbeat.android&hl=en&pli=1
- IOS: https://apps.apple.com/se/app/bookbeat-audiobooks-e-books/id1056652614?l=en-GB
|
| + | https://yeswehack.com/programs/bug-bounty-program-blablacar | 11 | 0 | YesWeHack |
In Scope Assets:- URL: https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|com.br|pt|ro|ru|com|tr|com.ua))
- URL: https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|com.br|pt|ro|ru|com|tr|com.ua)
- URL: https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|com.br|pt|ro|ru|com|tr|com.ua)
- URL: https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|com.br|pt|ro|ru|com|tr|com.ua)
- ANDROID: https://play.google.com/store/apps/details?id=com.comuto&hl=en
- IOS: https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8
- URL: https://api.blablalines.com
- URL: https://daily.blablacar.fr
- URL: https://blablacardaily.com
- ANDROID: https://play.google.com/store/apps/details?id=com.blablalines
- IOS: https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288
|
| + | https://yeswehack.com/programs/bug-bounty-sncf-connect-1 | 4 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.sncf-connect.com
- URL: https://sncf-connect.com
- URL: https//monidentifiant.sncf
- URL: https://www.sncf-connect.com/bff
|
| + | https://yeswehack.com/programs/coindcx-bug-bounty-program | 4 | 0 | YesWeHack |
In Scope Assets:- URL: *.coindcx.com
- URL: api.coindcx.com
- ANDROID: https://play.google.com/store/apps/details?id=com.coindcx.btc
- IOS: https://apps.apple.com/in/app/coindcx-trade-bitcoin-crypto/id1517787269
|
| + | https://yeswehack.com/programs/contentsquare-bug-bounty-program | 5 | 0 | YesWeHack |
In Scope Assets:- URL: *.contentsquare.com
- URL: https://mobile-production.content-square.net/
- URL: https://m.csqtrk.net
- URL: https://s.contentsquare.net
- APPLICATION: Contentsquare SDK (cf : Program Description)
|
| + | https://yeswehack.com/programs/cryptobox-bug-bounty | 3 | 0 | YesWeHack |
In Scope Assets:- URL: https://bounty.cryptobox.com
- ANDROID: https://play.google.com/store/apps/details?id=com.ercom.cryptobox.release&hl=fr
- IOS: https://apps.apple.com/fr/app/cryptobox/id972602802
|
| + | https://yeswehack.com/programs/cyberghost-bug-bounty-program | 12 | 0 | YesWeHack |
In Scope Assets:- URL: *.cyberghostvpn.com
- URL: *.cyberghost.com
- URL: cyberghost.com
- URL: cyberghost.app
- URL: https://api.cyberghostvpn.com
- OTHER: CyberGhost VPN servers
- IOS: https://apps.apple.com/us/app/id583009522
- ANDROID: https://play.google.com/store/apps/details?id=de.mobileconcepts.cyberghost
- APPLICATION: https://www.cyberghostvpn.com/en_US/apps/linux-vpn
- APPLICATION: https://www.cyberghostvpn.com/en_US/apps/windows-vpn
- APPLICATION: https://www.cyberghostvpn.com/en_US/apps/macos-vpn
- APPLICATION: Applications/Extensions under https://www.cyberghostvpn.com/download
|
| + | https://yeswehack.com/programs/cybermalveillance-gouv-fr-sensibilization-prevention-and-support-in-terms-of-cybersecurity | 1 | 0 | YesWeHack |
In Scope Assets:- URL: https://pprd.cybermalveillance.gouv.fr
|
| + | https://yeswehack.com/programs/dailymotion-public-bug-bounty | 17 | 0 | YesWeHack |
In Scope Assets:- URL: *.dailymotion.com
- URL: *.api.dailymotion.com
- URL: developer.dailymotion.com
- URL: *.dmcdn.net
- ANDROID: https://play.google.com/store/apps/details?id=com.dailymotion.dailymotion&hl=fr&gl=US
- IOS: https://apps.apple.com/fr/app/dailymotion/id336978041
- URL: ifttt-adaptor.pub.kube.dm.gg
- OTHER: AS41690
- URL: dmxleo.com
- URL: *.dm.gg
- OTHER: Google Cloud Plateform Instances
- URL: https://n8n-staging.k8s.dm.gg/*
- URL: https://n8n.pub.k8s.dm.gg/*
- APPLICATION: https://airflow-mcp.data.dailymotion.com/*
- OTHER: https://bigquery-mcp.data.dailymotion.com/
- URL: https://mcp.datadoghq.eu/api/unstable/mcp-server/mcp/*
- URL: https://mcp.datadoghq.eu/*
|
| + | https://yeswehack.com/programs/dana-bug-bounty-program | 1 | 0 | YesWeHack |
|
| + | https://yeswehack.com/programs/datadome-bot-bounty | 6 | 0 | YesWeHack |
In Scope Assets:- URL: https://bounty-nodejs.datashield.co
- URL: https://bounty-fastly.datashield.co
- URL: https://bounty-nginx.datashield.co
- URL: *.captcha-delivery.com
- URL: js.datadome.co
- URL: api-js.datadome.co
|
| + | https://yeswehack.com/programs/datadome-bug-bounty | 8 | 0 | YesWeHack |
In Scope Assets:- URL: https://app.datadome.co
- URL: https://api-app.datadome.co/
- URL: https://customer-api.datadome.co
- URL: https://api.datadome.co
- URL: https://api-js.datadome.co
- URL: https://*.captcha-delivery.com
- URL: https://auth.datadome.co
- URL: https://datadome.co
|
| + | https://yeswehack.com/programs/decathlon | 2 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.decathlon.(ch|fr|hu|pl|ro|cz|com.tr)/
- URL: https://www.decathlon.(co.uk|it|nl|de|pt|es|be)/
|
| + | https://yeswehack.com/programs/deezer-bug-bounty-program-2019 | 14 | 0 | YesWeHack |
In Scope Assets:- URL: www.deezer.com
- URL: connect.deezer.com
- URL: api.deezer.com
- URL: payment.deezer.com
- ANDROID: https://play.google.com/store/apps/details?id=deezer.android.app
- IOS: https://apps.apple.com/fr/app/deezer-musique-podcast/id292738169
- URL: zen.deezer.com
- URL: wellbeing.deezer.com
- OTHER: wellbeing.dzcdn.net
- ANDROID: https://play.google.com/store/apps/details?id=com.deezer.zen
- IOS: https://apps.apple.com/be/app/zen-by-deezer-m%C3%A9ditation/id1597326355
- URL: account.deezer.com
- URL: pipe.deezer.com
- URL: ws.deezer.com
|
| + | https://yeswehack.com/programs/demarches-simplifiees-public | 5 | 0 | YesWeHack |
In Scope Assets:- URL: https://www.demarches-simplifiees.fr
- URL: https://www.demarches-simplifiees.fr/graphql
- URL: https://www.demarches-simplifiees.fr/api/v2/graphql
- URL: https://static.demarches-simplifiees.fr
- OTHER: DS proxy (see https://github.com/demarches-simplifiees/ds_proxy)
|
| + | https://yeswehack.com/programs/doctolib-public-bug-bounty-program | 9 | 0 | YesWeHack |
In Scope Assets:- URL: www.doctolib.(fr|de|it)
- URL: pro.doctolib.(fr|de|it) (see "Free features for healthcare professionals"))
- URL: Special scenarios (see description)
- URL: *.doctolib.(fr|de|it|com|net)
- IOS: https://apps.apple.com/fr/app/doctolib/id925339063
- ANDROID: http://play.google.com/store/apps/details?id=fr.doctolib.www
- APPLICATION: *.siilo.com
- IOS: https://apps.apple.com/ie/app/doctolib-siilo/id1083002150
- ANDROID: https://play.google.com/store/apps/details?id=com.siilo.android&hl=en
|
| + | https://yeswehack.com/programs/dovecot | 1 | 0 | YesWeHack |
In Scope Assets:- OPEN-SOURCE: Dovecot IMAP Server and Pigeonhole SIEVE (see "Software packages" and "Source code")
|
| + | https://yeswehack.com/programs/dracoon-bug-bounty-program | 12 | 0 | YesWeHack |
In Scope Assets:- URL: https://bounty-cloud.dracoon.app/api
- OTHER: https://bounty-cloud.dracoon.app/oauth
- OTHER: https://0-2744452194.s3.nbg01.de.dracoon.io
- OTHER: https://bounty-cloud.dracoon.app/mediaserver
- URL: https://bounty-cloud.dracoon.app/reporting/api
- OTHER: https://bounty-cloud.dracoon.app/webdav
- URL: https://bounty-cloud.dracoon.app/
- URL: https://bounty-server.dracoon.app/api
- OTHER: https://bounty-server.dracoon.app/oauth
- URL: https://bounty-server.dracoon.app/reporting/api
- OTHER: https://bounty-server.dracoon.app/webdav
- URL: https://bounty-server.dracoon.app/
|
| + | https://yeswehack.com/programs/expressvpn-bug-bounty-program | 30 | 0 | YesWeHack |
In Scope Assets:- URL: *.expressvpn.com
- URL: app.expressmailguard.com
- URL: expressvpn.jobs
- URL: ExpressVPN APIs
- URL: https://xv-cp.apis-staging.xvtest.net/
- URL: https://cp.expressapisv2.net
- URL: https://api.expressvpn.com
- URL: https://api.enc.kape.com
- URL: https://api.dbs.kape.com
- URL: https://api.dts.kape.com
- URL: https://api.blts.kape.com
- URL: https://api.pcrs.kape.com
- URL: https://api.jwks.kape.com
- OTHER: ExpressVPN VPN servers
- OTHER: ExpressVPN Router
- URL: *.xvtest.net
- URL: *.xvservice.net
- URL: it.xvservice.net
- URL: 1pw-scim.prd.iat.it.xvservice.net
- URL: gatekeeper.prd.iat.it.xvservice.net
- URL: iat.it.xvservice.net
- URL: prd.iat.it.xvservice.net
- URL: vector.prd.iat.it.xvservice.net
- URL: gh-mail.expressvpn.com
- URL: *.polymoon.it
- URL: corp.polymoon.it
- URL: networkguard.com
- APPLICATION: Any Applications under https://www.expressvpn.com/latest
- OTHER: https://github.com/expressvpn/lightway
- OTHER: TrustedServer 100,000 Bonus Award (See Program Policy for Info)
|
| + | https://yeswehack.com/programs/ezviz-bug-bounty-program | 13 | 0 | YesWeHack |
In Scope Assets:- OTHER: Hardware found on https://www.ezviz.com/category/security-wifi-cameras
- OTHER: Hardware found on https://www.ezviz.com/category/smart-home
- URL: api.ezvizlife.com
- URL: open.ys7.com
- URL: www.ezviz.com
- URL: *.ezviz.com
- URL: *.ys7.com
- URL: *.ezvizlife.com
- URL: *.eziot.com
- URL: *.ezviz7.com
- URL: *.hicloudcam.com,
- URL: *.hikops.com,
- URL: *.ezvizru.com
|
| + | https://yeswehack.com/programs/fdj-united-online-betting-gaming-bug-bounty-program | 34 | 0 | YesWeHack |
In Scope Assets:- URL: www.unibet.(com|it|se|co.uk|be|nl|dk|ro|ee|ie|com.au|mt)
- URL: fi.unibet.com
- URL: payment.unibet.(com|it|se|co.uk|be|nl|dk|ro|ee|ie|com.au|mt)
- URL: www.mariacasino.(com|se|ee|dk)
- URL: fi.mariacasino.com
- URL: payment.mariacasino.(com|se|ee|dk)
- URL: int.32red.com
- URL: www.bingo.com
- URL: (se|fi|uk).bingo.com
- URL: payment.bingo.com
- URL: www.ottokasino.com
- URL: en.ottokasino.com
- URL: payment.ottokasino.com
- URL: www.ottocasino.se
- URL: payment.ottocasino.se
- URL: www.kolikkopelit.com
- URL: en.kolikkopelit.com
- URL: payment.kolikkopelit.com
- URL: www.storspiller.com
- URL: payment.storspiller.com
- URL: www.storspelare.se
- URL: payment.storspelare.se
- URL: www.casinohuone.com
- URL: en.casinohuone.com
- URL: payment.casinohuone.com
- URL: www.vladcazino.ro
- URL: payment.vladcazino.ro
- URL: https://pci.kindredgroup.com
- URL: https://www.32red.com/
- URL: /blog/ (or translated equivalent) endpoints on our sites
- IOS: https://itunes.apple.com/gb/app/unibet-live-sports-betting/id463335337
- IOS: https://itunes.apple.com/gb/app/unibet-casino-slots-games/id905382680
- ANDROID: https://cdn.unicdn.net/apk/UnibetCasino.apk
- URL: www.unibet.fr
|
| + | https://yeswehack.com/programs/franceconnect-proconnect-public | 5 | 0 | YesWeHack |
In Scope Assets:- OTHER: Specific scenarios (see program description)
- URL: FranceConnect+ (see program description for github link)
- URL: FranceConnect (see program description for github link)
- URL: eIDAS Bridge (see program description for github link)
- URL: User Dashboard (see program description for github link)
|
| + | https://yeswehack.com/programs/gnome-bug-bounty-program | 3 | 0 | YesWeHack |
In Scope Assets:- OPEN-SOURCE: GLib
- OPEN-SOURCE: glib-networking
- OPEN-SOURCE: SoupSession (libsoup client)
|
| + | https://yeswehack.com/programs/gojek-bug-bounty-program | 12 | 0 | YesWeHack |
In Scope Assets:- WILDCARD: *.gojekapi.com
- URL: api.gojek.co.id
- ANDROID: https://play.google.com/store/apps/details?id=com.gojek.app
- IOS: https://apps.apple.com/id/app/gojek/id944875099
- URL: gofood.co.id
- URL: api.gobiz.co.id
- WILDCARD: *.gofood.co.id
- WILDCARD: *.gobiz.co.id
- URL: portal.gofoodmerchant.co.id
- WILDCARD: *.gojek.com
- WILDCARD: *.golabs.io
- WILDCARD: *.gofoodmerchant.co.id
|
| + | https://yeswehack.com/programs/goto-financial-public-bounty-program | 14 | 0 | YesWeHack |
In Scope Assets:- IOS: https://apps.apple.com/id/app/gopay-transfer-pulsa-bills/id6446321594
- ANDROID: https://play.google.com/store/apps/details?id=com.gojek.gopay&hl=id
- WILDCARD: *.gopayapi.com
- URL: gopaymerchant.midtrans.com
- URL: mokapos.com
- WILDCARD: *.go-pay.co.id
- URL: api.midtrans.com
- URL: app.midtrans.com
- URL: www.midtrans.com
- WILDCARD: *.gaming.gopayapi.com
- WILDCARD: *.gofin.io
- WILDCARD: *.findaya.com
- WILDCARD: *.findaya.co.id
- WILDCARD: *.gtflabs.io
|
| + | https://yeswehack.com/programs/grw-trading-fze-bug-bounty-program | 2 | 0 | YesWeHack |
In Scope Assets:- OTHER: https://*.grwtrading.com
- URL: https://*.dropxl.com
|
| + | https://yeswehack.com/programs/harman-international-public-bug-bounty | 24 | 0 | YesWeHack |
In Scope Assets:- OTHER: Device: JBL Bar 500MK2
- OTHER: Device: JBL Bar 700MK2
- OTHER: Device: JBL Bar 800MK2
- URL: events.onecloud.harman.com
- URL: ota.onecloud.harman.com
- URL: apis.onecloud.harman.com
- URL: edgeapis.onecloud.harman.com
- OTHER: Device: JBL PartyBox Encore 2
- OTHER: Device: JBL Live Beam 3
- OTHER: Device: JBL Flip 7
- OTHER: Device: JBL Tour One M3
- OTHER: Device: JBL Charge 5
- OTHER: Device: JBL Bar 300MK2
- OTHER: Device: JBL Bar 1000MK2
- OTHER: Device: JBL Bar 1300MK2
- OTHER: Device: JBL Authentics 200
- OTHER: Device: JBL Authentics 300
- OTHER: Device: JBL Authentics 500
- OTHER: Device: JBL Boombox 3 Wi-Fi
- OTHER: Device: JBL Charge 5 Wi-Fi
- IOS: https://apps.apple.com/fr/app/jbl-one/id1610239857
- ANDROID: https://play.google.com/store/apps/details?id=com.jbl.oneapp&hl=fr&gl=US
- URL: https://tms.onecloud.harman.com
- URL: https://quantum-events.onecloud.harman.com
|