Rockstar Games

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
lifeinvader.com URL low low low medium
media.rockstargames.com URL critical
patches.rockstargames.com URL critical
prod.cloud.rockstargames.com URL critical
prod.conductor.ros.rockstargames.com URL critical
prod.hosted.cloud.rockstargames.com URL critical
prod.ros.rockstargames.com URL critical
prod.telemetry.ros.rockstargames.com URL critical
rockstarnorth.com URL none none low low
socialclub.rockstargames.com URL critical
support.rockstargames.com URL critical
Vulnerability reports for support.rockstargames.com may not be awarded bounties if it is discovered that the root vulnerability lies in Zendesk's code. Hackers are encouraged to submit such reports to [Zendesk's bug bounty program](https://hackerone.com/zendesk).
www.rockstargames.com URL critical
*.rockstargames.com URL high high high critical
Some subdomains excluded. See the rest of the scope table below.
Rockstar Games Launcher DOWNLOADABLE_EXECUTABLES high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
cdn.sc.rockstargames.com URL none
downloads.rockstargames.com URL none
faspex.rockstargames.com URL none
lync.rockstargames.com URL none
remote.rockstargames.com URL none
rockstarwarehouse.com URL critical
We do not own the domain www.rockstarwarehouse.com; it is owned and managed by our partners at Digital River. If you have found a vulnerability on the Rockstar Warehouse site, you are encouraged to contact Digital River about the issue.
sip.rockstarnorth.com URL none
updates.rockstargames.com URL none