Kindred Group

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.bingo.com URL high high high critical
**Platform 1**
*.casinohuone.com URL high high high critical
**Platform 2**
*.igame.com URL high high high critical
**Platform 2**
*.kolikkopelit.com URL high high high critical
**Platform 2**
*.mariacasino.com URL high high high critical
**Platform 2** The only other localized TLD eligible for bounties is .se
*.storspiller.com URL high high high critical
**Platform 2** *.storspelare.se is also in scope.
*.unibet.com URL high high high critical
**Platform 1** This includes all localized TLDs and localized subdomains, for example: * unibet.se * be.unibet.com **NOTE** softgames.unibet.com is operated by a third-party. Vulnerabilities in Flash applications on that site are not currently eligible for a bounty.
463335337 APPLE_STORE_APP_ID high high high critical
Unibet - Live Sports Betting https://itunes.apple.com/gb/app/unibet-live-sports-betting/id463335337
905382680 APPLE_STORE_APP_ID high high high critical
Unibet Casino - Slots & Games https://itunes.apple.com/gb/app/unibet-casino-slots-games/id905382680
Components OTHER high high high critical
The following gaming components are in-scope: * https://www.unibet.co.uk/betting/racing#/
com.unibet.casino OTHER_APK high high high critical
Unibet Casino - Slots & Games https://cdn.unicdn.net/apk/UnibetCasino.apk
com.unibet.unibetpro OTHER_APK high high high critical
Unibet - Live Sports Betting https://cdn.unicdn.net/apk/UnibetSports.apk
relaxcdn.unibet.com URL none none low low
Operated by a third-party. Reports for this domain will be triaged but are ineligible for a bounty.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*nj.unibet.com URL none
*pa.unibet.com URL none
a1s.unibet.com URL none
ads*.unibet.com URL none low none none
Operated by a third-party. This includes: * ads.unibet.com * ads-cdn.unibet.com * adserving.unibet.com
cdn2.unibet.com URL none
kindredaffiliates.com URL none
kindredgroup.com URL none
link.bingo.com URL none
PLEASE NOTE: All link/linkki subdomains are operated by a third-party and are considered out of scope
livechat.unibet.com URL none low none none
PLEASE NOTE: All livechat subdomains are operated by a third-party and are considered out of scope
unibet.fr URL high high high none
*.in.unibet.com URL none
*.nj.unibet.com URL none
*.pa.unibet.com URL none