Instruction: Fortress is one of our leading e-commerce websites in Hong Kong and Macau.
Customers could shop for electrical appliances after paying their electricity bills. If you are testing functionalities that require you to be authenticated,
please ensure you register with your @wearehackerone.com email address.
In Scope
=========
>https://www.fortress.com.hk
>Mobile app retail (Android and iOS)
Integrity requirements: high
Max severity: critical
Asset identifier: Fortress (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Fortress's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
> *.fortress.com.hk/
Integrity requirements: high
Max severity: critical
Asset identifier: ICI Paris XL
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is our Benelux perfume retail website. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In scope
=====================
>https://www.iciparisxl.nl/
>https://www.iciparisxl.be/
>https://www.iciparisxl.lu/
>https://app.iciparisxl.nl/
>https://app.iciparisxl.be/
>https://app.iciparisxl.lu/
>Mobile app retail (Android and iOS)
*Not eligible for bounty*
>https://www.iciparisxl.nl/blog
>https://www.iciparisxl.be/blog
>https://www.iciparisxl.lu/blog
Integrity requirements: high
Max severity: critical
Asset identifier: ICI Paris XL (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: ICI Paris XL (subdomains)
This asset is specifically for ICI Paris XL's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In scope
=====================
>\*.iciparisxl.nl/
>\*.iciparisxl.be/
>\*.iciparisxl.lu/
Integrity requirements: high
Max severity: critical
Asset identifier: Kruidvat
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is our Benelux online retail platform for health and beauty products. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In scope
=====================
>https://www.kruidvat.nl/
>https://www.kruidvat.be/
>https://app.kruidvat.nl/
>https://app.kruidvat.be/
>Mobile app retail (Android and iOS)
*Not eligible for bounty*
>https://www.kruidvat.nl/persoonlijk/
>https://www.kruidvat.nl/blog/
>https://www.kruidvat.be/blog/
Integrity requirements: high
Max severity: critical
Asset identifier: Kruidvat (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Kruidvat's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In scope
=====================
>\*.kruidvat.nl/
>\*.kruidvat.be/
Integrity requirements: high
Max severity: critical
Asset identifier: Marionnaud
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is one of our main perfumeries. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In scope
=====================
>https://www.marionnaud.it/
>https://www.marionnaud.at/
>https://www.marionnaud.ch/
>https://www.marionnaud.ro/
>https://www.marionnaud.sk/
>https://www.marionnaud.cz/
>https://app.marionnaud.it/
>https://app.marionnaud.at/
>https://app.marionnaud.ch/
>https://app.marionnaud.ro/
>https://app.marionnaud.sk/
>https://app.marionnaud.cz/
>Mobile app retail (Android and iOS)
*Not eligible for bounty*
>\*.marionnaud.it/
>\*.marionnaud.at/
>\*.marionnaud.ch/
>\*.marionnaud.ro/
>\*.marionnaud.sk/
>\*.marionnaud.cz/
>https://www.marionnaud.it/blog/
>https://www.marionnaud.at/blog/
>https://www.marionnaud.ch/blog/
>https://www.marionnaud.ro/blog/
>https://www.marionnaud.sk/blog/
>https://www.marionnaud.cz/blog/
Integrity requirements: high
Max severity: critical
Asset identifier: MoneyBack
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: MoneyBack has turned shopping into fantastic rewards for families across Hong Kong. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In Scope
=========
>www.moneyback.com.hk
>Mobile app retail (Android and iOS)
Integrity requirements: high
Max severity: critical
Asset identifier: Moneyback (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Moneyback's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
> *.moneyback.com.hk/
Integrity requirements: high
Max severity: critical
Asset identifier: PNS
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: PNS is our leading e-commerce website for every day items in Hong Kong. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In Scope
=========
>https://www.pns.hk
>https://www10.pns.hk
>api.pns.hk
>Mobile app retail (Android and iOS)
Integrity requirements: high
Max severity: critical
Asset identifier: PNS (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for PNS's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
> *.pns.hk/
> *.parknshop.com/
Integrity requirements: high
Max severity: critical
Asset identifier: Superdrug
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Superdrug is one of our leading e-commerce websites in health and beauty. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In scope
=====================
>https://www.superdrug.com/
>https://app.superdrug.com/
>Superdrug.App.IOS
>Superdrug.App.Android
*Not eligible for bounty*
>https://www.superdrug.com/blog
Integrity requirements: high
Max severity: critical
Asset identifier: Superdrug (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Superdrug's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In scope
=====================
>*.superdrug.com/
Out of scope
=====================
>https://appt.healthclinics.superdrug.com/
>https://healthclinics.superdrug.com/
Integrity requirements: high
Max severity: critical
Asset identifier: The Perfume Shop
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The Perfume Shop is one of our leading e-commerce perfumery websites. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In scope
=====================
>https://www.theperfumeshop.com/
>https://apptps.theperfumeshop.com/
>ThePerfumeShop.App.IOS
>ThePerfumeShop.App.Android
*Not eligible for bounty*
>https://www.theperfumeshop.com/blog
>https://www.theperfumeshop.com/ie/blog
>https://apptps.theperfumeshop.com/blog
>https://apptps.theperfumeshop.com/ie/blog
>*.theperfumeshop.com (See separate subdomain asset)
Integrity requirements: high
Max severity: critical
Asset identifier: The Perfume Shop (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The Perfume Shop (subdomains)
This asset is specifically for The Perfume Shop's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In scope
=====================
>\*.theperfumeshop.com/
Integrity requirements: high
Max severity: critical
Asset identifier: Watsons
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: There are 7 regions of Watsons online retail platforms. They share the same source code, we only accept one report for one issue across the following domains. If you are testing functionalities that require you to be authenticated, please ensure you register with your @wearehackerone.com email address.
In Scope
=========
>https://www.watsons.com.my
>https://www.watsons.com.ph
>https://www.watsons.co.th
>https://www.watsons.com.tw
>https://www.watsons.com.hk
>https://www.watsons.co.id
>https://www.watsons.com.sg
>https://www10.watsons.com.my
>https://www10.watsons.com.ph
>https://www10.watsons.co.th
>https://www20.watsons.co.th
>https://www10.watsons.com.tw
>https://www10.watsons.com.hk
>https://www10.watsons.co.id
>https://www10.watsons.com.sg
>api.watsons.com.my
>api.watsons.com.ph
>api.watsons.com.th
>api.watsons.com.tw
>api.watsons.com.hk
>api.watsons.co.id
>api.watsons.com.sg
>Mobile app retail (Android and iOS)
*Not eligible for bounty*
> \*.watsons.co.th
>\*.watsons.co.id
>\*.watsons.com.sg
Integrity requirements: high
Max severity: critical
Asset identifier: Watsons HK (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Watsons HK's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
>*.watsons.com.hk/
Integrity requirements: high
Max severity: critical
Asset identifier: Watsons MY (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Watsons Malaysia subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
>*.watsons.com.my/
Integrity requirements: high
Max severity: critical
Asset identifier: Watsons PH (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Watsons Philippines subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
>*.watsons.com.ph/
Integrity requirements: high
Max severity: critical
Asset identifier: Watsons TW (subdomains)
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is specifically for Watsons TW's subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In Scope
=========
>*.watsons.com.tw/
