Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | *.fp-sign.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.dracoon.team | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.dracoon.net | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.dracoon.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any other host, tenant or service than the ones explicitly stated | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | www.dracoon.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | smart contracts | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains, subdomains or assets not listed in the above list of 'scopes' must be considered as out of the scope of this program | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.louisvuitton.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | only the list of modules in the description is in scope. we may add more modules in the future | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | soupserver | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | the local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | the production environment (*.gouv.fr) is out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://fcp.integ01.dev-franceconnect.fr | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | domains not listed in scope are by default all out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |