Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://buy.paddle.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://checkout-service.paddle.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains, subdomains or assets not listed in the above list of 'scopes' must be considered as out of the scope of this program | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | www.swapcard.com (static corporate website) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | survey.swapcard.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | sentry.swapcard.com (except if you notice a miss-configuration) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | c.swapcard.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | l.swapcard.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | books.swapcard.com (zoho) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | help.swapcard.com (zoho) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | aide.swapcard.com (zoho) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | blog.swapcard.com (hubspot) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | page.swapcard.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *dev.swapcard.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | by default all the endpoints that are not listed in the allowed scopes are out of scope of the program | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains, subdomains or assets not listed in the above list of 'scopes' must be considered as out of the scope of this program | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains or subdomains not listed in the above list of 'scopes' should be considered to be out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | distributed attacks (scraping must be done using only 1 ip at a time) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | demo environment (for example: ezcpcloudiot.eziot.com) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | pre-release environment(for example: pb.ys7.com) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | test environment(for example: test.ys7.com) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any local implementation of the project/implementation belonging to third parties | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | any third parties’ or community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |