Bug Bounties

Endless Group

Powered by: 

Allows bounty splitting: 

Average time to first program response: 

Average time to bounty awarded null: 

Average time to report resolved: 

Handle endless_group

Managed program: false

Name: Endless Group

Offers bounties: false

Offers swag: false

Response efficiency percentage: 75

Submission state: open

Url: https://hackerone.com/endless_group

Website: https://theendlessweb.com

In scope:

  • Asset identifier: (*).endlessgroup.org
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: (*).itsendless.org
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: (*).theendlessweb.com
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Excluding ns1/ns2/autodiscover/autoconfig (no sites are served from these subdomains)
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: 185.86.231.0/24
  • Asset type: CIDR
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Both customer and corporate services live on this range. Exercise caution when attempting to target specific addresses, as you may be targeting services not owned by Endless Group, which are out of scope.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://github.com/EndlessHosting
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: A decent portion of our public code lives here. Our bigger and more noteworthy projects are currently private, but we hope to change that soon.
  • Integrity requirements: 
  • Max severity: critical