telefonica
10
In Scope
22
Out of Scope
In-Scope Assets (10)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| *.digitalsec.telefonica.com | URL | Yes | ||
| *.globalsap.telefonica.com | URL | Yes | ||
| *.telefonica.com | URL | Yes | ||
| *.tgies.telefonica.com | URL | Yes | ||
| apis.telefonica.com | URL | Yes | ||
| intranet.telefonica.com | URL | Yes | ||
| jobs.telefonica.com | URL | Yes | ||
| search.telefonica.com | URL | Yes | ||
| www.telefonica.com | URL | Yes | ||
| www.telefonica.es | URL | Yes |
Out-of-Scope Assets (22)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.ar | OTHER | Yes | |
| *.br | OTHER | Yes | |
| *.cl | OTHER | Yes | |
| *.co | OTHER | Yes | |
| *.de | OTHER | Yes | |
| *.ec | OTHER | Yes | |
| *.pe | OTHER | Yes | |
| *.uk | OTHER | Yes | |
| *.uk is forbidden for vulnerability scanning and asset discovery. O2 UK assets should not receive traffic related to any of our programs. | OTHER | Yes | |
| *.uy | OTHER | Yes | |
| Any campaign that collects customer information such as http://www.movistar.co/preventa-samsung-s10 | OTHER | Yes | |
| Any subdomain of: | OTHER | Yes | |
| Anything that is not listed in the scope section should be considered as out of the scope of this program | OTHER | Yes | |
| Please note that some assets belonging to Telefonica Germany, UK, El Salvador, Costa Rica, Peru, Ecuador, Uruguay and Argentina might be located under *.telefonica.com | OTHER | Yes | |
| Telefonica Brazil has its own program within Yes We Hack. | OTHER | Yes | |
| Telefonica El Salvador, Telefonica Costa Rica, Telefonica Peru, Telefonica Ecuador, Telefonica Colombia, Telefonica Uruguay, Telefonica Chile and Telefonica Argentina are out of scope, as they are no longer part of the Telefonica Group. | OTHER | Yes | |
| The following assets are temporarily out of scope: | OTHER | Yes | |
| Vulnerabilities in assets related to Telefonica Germany should be reported at https://bugcrowd.com/telefonicavdp | OTHER | Yes | |
| adminpos.mpos.telefonica.com | OTHER | Yes | |
| consultasfinanzas.telefonica.com | OTHER | Yes | |
| lanzarote.iotplatform.telefonica.com | OTHER | Yes | |
| podium.telefonica.com | OTHER | Yes |
Scope Changes (32)
Apr 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | www.telefonica.es | URL | In Scope | 18:33 |
| Added | www.telefonica.com | URL | In Scope | 18:33 |
| Added | *.digitalsec.telefonica.com | URL | In Scope | 18:33 |
| Added | apis.telefonica.com | URL | In Scope | 18:33 |
| Added | *.globalsap.telefonica.com | URL | In Scope | 18:33 |
| Added | jobs.telefonica.com | URL | In Scope | 18:33 |
| Added | intranet.telefonica.com | URL | In Scope | 18:33 |
| Added | *.tgies.telefonica.com | URL | In Scope | 18:33 |
| Added | search.telefonica.com | URL | In Scope | 18:33 |
| Added | *.telefonica.com | URL | In Scope | 18:33 |
| Added | anything that is not listed in the scope section should be considered as out of the scope of this program | OTHER | Out of Scope | 18:33 |
| Added | telefonica el salvador, telefonica costa rica, telefonica peru, telefonica ecuador, telefonica colombia, telefonica uruguay, telefonica chile and telefonica argentina are out of scope, as they are no longer part of the telefonica group | OTHER | Out of Scope | 18:33 |
| Added | vulnerabilities in assets related to telefonica germany should be reported at https://bugcrowd.com/telefonicavdp | OTHER | Out of Scope | 18:33 |
| Added | telefonica brazil has its own program within yes we hack | OTHER | Out of Scope | 18:33 |
| Added | *.uk is forbidden for vulnerability scanning and asset discovery. o2 uk assets should not receive traffic related to any of our programs | OTHER | Out of Scope | 18:33 |
| Added | please note that some assets belonging to telefonica germany, uk, el salvador, costa rica, peru, ecuador, uruguay and argentina might be located under *.telefonica.com | OTHER | Out of Scope | 18:33 |
| Added | any campaign that collects customer information such as http://www.movistar.co/preventa-samsung-s10 | OTHER | Out of Scope | 18:33 |
| Added | the following assets are temporarily out of scope: | OTHER | Out of Scope | 18:33 |
| Added | podium.telefonica.com | OTHER | Out of Scope | 18:33 |
| Added | adminpos.mpos.telefonica.com | OTHER | Out of Scope | 18:33 |
| Added | consultasfinanzas.telefonica.com | OTHER | Out of Scope | 18:33 |
| Added | lanzarote.iotplatform.telefonica.com | OTHER | Out of Scope | 18:33 |
| Added | any subdomain of: | OTHER | Out of Scope | 18:33 |
| Added | *.pe | OTHER | Out of Scope | 18:33 |
| Added | *.ar | OTHER | Out of Scope | 18:33 |
| Added | *.uy | OTHER | Out of Scope | 18:33 |
| Added | *.ec | OTHER | Out of Scope | 18:33 |
| Added | *.uk | OTHER | Out of Scope | 18:33 |
| Added | *.de | OTHER | Out of Scope | 18:33 |
| Added | *.br | OTHER | Out of Scope | 18:33 |
| Added | *.co | OTHER | Out of Scope | 18:33 |
| Added | *.cl | OTHER | Out of Scope | 18:33 |