Kindred Group

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.bingo.com URL high high high critical
**Platform 1**
*.casinohuone.com URL high high high critical
**Platform 2**
*.igame.com URL high high high critical
**Platform 2**
*.kolikkopelit.com URL high high high critical
**Platform 2**
*.mariacasino.com URL high high high critical
**Platform 2** The only other localized TLD eligible for bounties is .se
*.storspiller.com URL high high high critical
**Platform 2** *.storspelare.se is also in scope.
*.unibet.com URL high high high critical
**Platform 1** This includes all localized TLDs and localized subdomains, for example: * unibet.se * be.unibet.com **NOTE** softgames.unibet.com is operated by a third-party. Vulnerabilities in Flash applications on that site are not currently eligible for a bounty.
463335337 APPLE_STORE_APP_ID high high high critical
Unibet - Live Sports Betting https://itunes.apple.com/gb/app/unibet-live-sports-betting/id463335337
905382680 APPLE_STORE_APP_ID high high high critical
Unibet Casino - Slots & Games https://itunes.apple.com/gb/app/unibet-casino-slots-games/id905382680
Components OTHER high high high critical
The following gaming components are in-scope: * https://www.unibet.co.uk/betting/racing#/
com.unibet.casino OTHER_APK high high high critical
Unibet Casino - Slots & Games https://cdn.unicdn.net/apk/UnibetCasino.apk
com.unibet.unibetpro OTHER_APK high high high critical
Unibet - Live Sports Betting https://cdn.unicdn.net/apk/UnibetSports.apk
relaxcdn.unibet.com URL none none low low
Operated by a third-party. Reports for this domain will be triaged but are ineligible for a bounty.
*.vladcazino.ro URL high high high critical
**Platform 1**
maria.casino URL high high high critical
unibet.me, maria.casino, stly.eu share the same platform, we will only reward the initial report for any bug, as one fix will solve the bug on all three domains.
stly.eu URL high high high critical
unibet.me, maria.casino, stly.eu share the same platform, we will only reward the initial report for any bug, as one fix will solve the bug on all three domains.
unibet.me URL high high high critical
unibet.me, maria.casino, stly.eu share the same platform, we will only reward the initial report for any bug, as one fix will solve the bug on all three domains.
*.ottokasino.com URL high high high critical
**Platform 2** Registration requires a Finnish SSN. Please do not conduct any testing against Trustly, the identity provider for this application.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*nj.unibet.com URL none
*pa.unibet.com URL none
a1s.unibet.com URL none
ads*.unibet.com URL none low none none
Operated by a third-party. This includes: * ads.unibet.com * ads-cdn.unibet.com * adserving.unibet.com
cdn2.unibet.com URL none
kindredaffiliates.com URL none
kindredgroup.com URL none
link.bingo.com URL none
PLEASE NOTE: All link/linkki subdomains are operated by a third-party and are considered out of scope
livechat.unibet.com URL none low none none
PLEASE NOTE: All livechat subdomains are operated by a third-party and are considered out of scope
unibet.fr URL high high high none
*.in.unibet.com URL none
*.nj.unibet.com URL none
*.pa.unibet.com URL none