pictet-group-bug-bounty-program

YesWeHackView on YesWeHack

RawAI Enhanced

8

In Scope

3

Out of Scope

In-Scope Assets (8)

Asset	Category	Bounty	Quick Links
https://am.pictet.com/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://documents.am.pictet/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://edge.pictet.co.jp	OTHER	Yes	-
https://go.pictet.co.jp	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://pamj.my.site.com	OTHER	Yes	-
https://pictet.co.jp	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://portal.am.pictet.com/it/login	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.pictet.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (3)

Asset	Category	Bounty
All domains or subdomains not listed in the above list of 'Scopes' are automatically out of scope.	OTHER	Yes
Attacks on administrative and surrounding systems that are not used for the in-scope services are not permitted (this includes DNS, NTP, routers, systems of the ISP, etc.).	OTHER	Yes
Specifically, the https://private.pictet.com/ login page is out of scope.	OTHER	Yes

Scope Changes (11)

Apr 16, 2026

Change	Asset	Category	Scope	Time
Added	https://www.pictet.com	URL	In Scope	18:33
Added	https://am.pictet.com/	URL	In Scope	18:33
Added	https://documents.am.pictet/	URL	In Scope	18:33
Added	https://pictet.co.jp	URL	In Scope	18:33
Added	https://pamj.my.site.com	OTHER	In Scope	18:33
Added	https://edge.pictet.co.jp	OTHER	In Scope	18:33
Added	https://go.pictet.co.jp	URL	In Scope	18:33
Added	https://portal.am.pictet.com/it/login	URL	In Scope	18:33
Added	all domains or subdomains not listed in the above list of 'scopes' are automatically out of scope	OTHER	Out of Scope	18:33
Added	specifically, the https://private.pictet.com/ login page is out of scope	OTHER	Out of Scope	18:33
Added	attacks on administrative and surrounding systems that are not used for the in-scope services are not permitted (this includes dns, ntp, routers, systems of the isp, etc.)	OTHER	Out of Scope	18:33