govtech-vrp
47
In Scope
34
Out of Scope
In-Scope Assets (47)
Out-of-Scope Assets (34)
| Asset | Category | Bounty | |
|---|---|---|---|
| 2FA OTP for digital services is out of scope for vrl.lta.gov.sg | OTHER | Yes | |
| All Relying Parties (real entities/businesses) are out of scope from https://api.myinfo.gov.sg/ | OTHER | Yes | |
| All domains or subdomains not listed in the above list of 'Scopes' | OTHER | Yes | |
| Any Open Redirect vulnerability that is used as part of Singpass or Corppass SAML integration is out of scope - https://saml.singpass.gov.sg | OTHER | Yes | |
| Any digital services that do not belong to vrl.lta.gov.sg domain is out of scope | OTHER | Yes | |
| Candidates Services under app.eservice.eld.gov.sg | OTHER | Yes | |
| Domain/subdomain takeover is currently out of scope for GovTech DNS FQDN | OTHER | Yes | |
| ESA functions not in-scope (using netrust token) for vrl.lta.gov.sg | OTHER | Yes | |
| Message Hub Module from https://www.tradenet.gov.sg/ | OTHER | Yes | |
| Testing of the payment portal is out of scope for vrl.lta.gov.sg | OTHER | Yes | |
| Uploading of the training record into the system, as the data will be used by other dependency system on service2.mom.gov.sg | OTHER | Yes | |
| https://*.wogaa.sg/ | OTHER | Yes | |
| https://auth.nehr.sg/ | OTHER | Yes | |
| https://c.go-mpulse.net/ | OTHER | Yes | |
| https://elis.moh.gov.sg/ | OTHER | Yes | |
| https://halp.moh.gov.sg/ | OTHER | Yes | |
| https://housing.cpf.gov.sg/ | OTHER | Yes | |
| https://onemotoring.lta.gov.sg | OTHER | Yes | |
| https://portal.nehr.sg/reports/ | OTHER | Yes | |
| https://prs.moh.gov.sg/ | OTHER | Yes | |
| https://s.go-mpulse.net/ | OTHER | Yes | |
| https://smsgw.saasconnect.com/obh/SendSMSLegacyBC | OTHER | Yes | |
| https://sso-c.moh.gov.sg/esso/oidc/authorize | OTHER | Yes | |
| https://www.asean-ssa.org/ | OTHER | Yes | |
| https://www.cpf.gov.sg/caye/ | OTHER | Yes | |
| https://www.customs.gov.sg/ | OTHER | Yes | |
| https://www.google-analytics.com/ | OTHER | Yes | |
| https://www.govpayouts.gov.sg | OTHER | Yes | |
| https://www.singpass.gov.sg/main | OTHER | Yes | |
| https://www.singpass.gov.sg/myinfobusiness | OTHER | Yes | |
| https://www.tradenet.gov.sg/tradenet/portal/resetrequest | OTHER | Yes | |
| https://www.vcc.bizfile.gov.sg/ | OTHER | Yes | |
| https://www.youtube.com/ | OTHER | Yes | |
| https://www2.cpf.gov.sg/ | OTHER | Yes |
Scope Changes (81)
Apr 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://www.cpf.gov.sg/bin | URL | In Scope | 18:33 |
| Added | https://www.singpass.gov.sg | URL | In Scope | 18:33 |
| Added | https://saml.singpass.gov.sg | URL | In Scope | 18:33 |
| Added | https://bio-stream.singpass.gov.sg | URL | In Scope | 18:33 |
| Added | https://bio-api.singpass.gov.sg | URL | In Scope | 18:33 |
| Added | https://play.google.com/store/apps/details?id=sg.ndi.sp | ANDROID | In Scope | 18:33 |
| Added | https://apps.apple.com/app/singpass/id1340660807 | IOS | In Scope | 18:33 |
| Added | https://api.myinfo.gov.sg | URL | In Scope | 18:33 |
| Added | https://www.corppass.gov.sg | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/workpass/sat | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/workpass/whp | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/workpass/whvp | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/workpass/ep | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/spcspsso | URL | In Scope | 18:33 |
| Added | https://service2.mom.gov.sg/cpcspsso | URL | In Scope | 18:33 |
| Added | https://www.vendors.gov.sg | URL | In Scope | 18:33 |
| Added | https://www.eld.gov.sg | URL | In Scope | 18:33 |
| Added | https://app.eservice.eld.gov.sg/Voter | URL | In Scope | 18:33 |
| Added | https://ntf.singpass.gov.sg | URL | In Scope | 18:33 |
| Added | https://register.id.gov.sg | URL | In Scope | 18:33 |
| Added | https://api.id.gov.sg | URL | In Scope | 18:33 |
| Added | https://vrl.lta.gov.sg | URL | In Scope | 18:33 |
| Added | http://www.cdlens.moh.gov.sg/cdlens | URL | In Scope | 18:33 |
| Added | https://mohalert.moh.gov.sg | URL | In Scope | 18:33 |
| Added | https://portal.nehr.sg | URL | In Scope | 18:33 |
| Added | https://mytax.iras.gov.sg/ESVWeb/default.aspx | URL | In Scope | 18:33 |
| Added | https://www.tradenet.gov.sg | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/member | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/crpsonline | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/employer | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/eservices | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/etc | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/libs | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/api/assets | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/etc.clientlibs | URL | In Scope | 18:33 |
| Added | https://www.cpf.gov.sg/content | URL | In Scope | 18:33 |
| Added | ns12.gdnsec.com | OTHER | In Scope | 18:33 |
| Added | ns9.gdnsec.com | OTHER | In Scope | 18:33 |
| Added | ns10.gdnsdef.com | OTHER | In Scope | 18:33 |
| Added | ns3.gdnsec.com | OTHER | In Scope | 18:33 |
| Added | ns7.gdnsdef.com | OTHER | In Scope | 18:33 |
| Added | a1-6.akam.net | OTHER | In Scope | 18:33 |
| Added | a20-66.akam.net | OTHER | In Scope | 18:33 |
| Added | a9-65.akam.net | OTHER | In Scope | 18:33 |
| Added | a8-64.akam.net | OTHER | In Scope | 18:33 |
| Added | a3-67.akam.net | OTHER | In Scope | 18:33 |
| Added | a2-65.akam.net | OTHER | In Scope | 18:33 |
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | 18:33 |
| Added | https://www.singpass.gov.sg/main | OTHER | Out of Scope | 18:33 |
| Added | https://www.singpass.gov.sg/myinfobusiness | OTHER | Out of Scope | 18:33 |
| Added | candidates services under app.eservice.eld.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | all relying parties (real entities/businesses) are out of scope from https://api.myinfo.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | any open redirect vulnerability that is used as part of singpass or corppass saml integration is out of scope - https://saml.singpass.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | domain/subdomain takeover is currently out of scope for govtech dns fqdn | OTHER | Out of Scope | 18:33 |
| Added | https://onemotoring.lta.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | any digital services that do not belong to vrl.lta.gov.sg domain is out of scope | OTHER | Out of Scope | 18:33 |
| Added | 2fa otp for digital services is out of scope for vrl.lta.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | testing of the payment portal is out of scope for vrl.lta.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | esa functions not in-scope (using netrust token) for vrl.lta.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | https://www.vcc.bizfile.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://smsgw.saasconnect.com/obh/SendSMSLegacyBC | OTHER | Out of Scope | 18:33 |
| Added | https://prs.moh.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://elis.moh.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://sso-c.moh.gov.sg/esso/oidc/authorize | OTHER | Out of Scope | 18:33 |
| Added | https://halp.moh.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://portal.nehr.sg/reports | OTHER | Out of Scope | 18:33 |
| Added | https://auth.nehr.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://c.go-mpulse.net/ | OTHER | Out of Scope | 18:33 |
| Added | https://s.go-mpulse.net/ | OTHER | Out of Scope | 18:33 |
| Added | https://www.tradenet.gov.sg/tradenet/portal/resetrequest | OTHER | Out of Scope | 18:33 |
| Added | message hub module from https://www.tradenet.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | https://www2.cpf.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://www.cpf.gov.sg/caye | OTHER | Out of Scope | 18:33 |
| Added | https://housing.cpf.gov.sg/ | OTHER | Out of Scope | 18:33 |
| Added | https://www.govpayouts.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | https://www.asean-ssa.org/ | OTHER | Out of Scope | 18:33 |
| Added | https://www.youtube.com/ | OTHER | Out of Scope | 18:33 |
| Added | https://www.google-analytics.com/ | OTHER | Out of Scope | 18:33 |
| Added | *.wogaa.sg | OTHER | Out of Scope | 18:33 |
| Added | uploading of the training record into the system, as the data will be used by other dependency system on service2.mom.gov.sg | OTHER | Out of Scope | 18:33 |
| Added | https://www.customs.gov.sg/ | OTHER | Out of Scope | 18:33 |