GoodRx icon GoodRx HackerOne

Target Policy
https://hackerone.com/goodrx?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • api.heydoctor.com

    All tickets that involve api.heydoctor.com must be tied to a request stemming from an action on www.goodrx.com. (https://www.goodrx.com/care)

    URL
    none
  • com.goodrx

    Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx

    GOOGLE_PLAY_APP_ID
    critical
  • www.goodrx.com

    This our primary site. Our mobile site m.goodrx.com is also covered by this scope. Only issues regarding the frontend of https://www.goodrx.com/care will be considered in-scope. Any backend issue is belonging to a partner of ours.

    URL
    critical
  • com.goodrx.doctors

    Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.doctors

    GOOGLE_PLAY_APP_ID
    none
  • com.goodrx.gold

    iOS Download: https://itunes.apple.com/app/id1249717355

    APPLE_STORE_APP_ID
    none
  • com.goodrx.iphone

    iOS Download: https://itunes.apple.com/app/id485357017

    APPLE_STORE_APP_ID
    critical
  • support.goodrx.com

    This subdomain is managed by Zendesk. Any issues on this page would be covered by Zendesk's bug bounty program.

    URL
    none
  • 10.0.0.0/8
    CIDR
    critical
  • investors.goodrx.com

    This subdomain is not managed by GoodRx.

    URL
    none
  • sso.identity.goodrx.com

    This sub-domain is manged by Auth0. Bugs hosted on this domain would be covered by Auth0's bug bounty program and not GoodRx's.

    URL
    none
Target Scope Domains
  • www.goodrx.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
2 weeks, 2 days ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 35 Seconds
  • Finished: 2 weeks, 2 days ago