alasco-gmbh-bug-bounty-program
4
In Scope
8
Out of Scope
In-Scope Assets (4)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.alasco.de | OTHER | Yes | - | |
| *.alasco.rocks | OTHER | Yes | - | |
| api.alasco.de | URL | Yes | ||
| app.alasco.de | URL | Yes |
Out-of-Scope Assets (8)
| Asset | Category | Bounty | |
|---|---|---|---|
| Alasco will not provide access credentials to any system, not for testing and also not for issue validation. | OTHER | Yes | |
| All other domains or subdomains not listed in the above list of 'Scopes'. | OTHER | Yes | |
| However, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program. | OTHER | Yes | |
| Please note that all non-authenticated areas of our systems are in scope for this program. This means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward. | OTHER | Yes | |
| alasco.de | OTHER | Yes | |
| explore.alasco.com | OTHER | Yes | |
| explore.alasco.de | OTHER | Yes | |
| www.alasco.de | OTHER | Yes |
Scope Changes (12)
Apr 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | app.alasco.de | URL | In Scope | 18:33 |
| Added | api.alasco.de | URL | In Scope | 18:33 |
| Added | *.alasco.de | OTHER | In Scope | 18:33 |
| Added | *.alasco.rocks | OTHER | In Scope | 18:33 |
| Added | all other domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 18:33 |
| Added | explore.alasco.com | OTHER | Out of Scope | 18:33 |
| Added | explore.alasco.de | OTHER | Out of Scope | 18:33 |
| Added | www.alasco.de | OTHER | Out of Scope | 18:33 |
| Added | alasco.de | OTHER | Out of Scope | 18:33 |
| Added | please note that all non-authenticated areas of our systems are in scope for this program. this means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward | OTHER | Out of Scope | 18:33 |
| Added | however, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program | OTHER | Out of Scope | 18:33 |
| Added | alasco will not provide access credentials to any system, not for testing and also not for issue validation | OTHER | Out of Scope | 18:33 |