hostinger icon hostinger HackerOne

Target Policy
https://hackerone.com/hostinger?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • logo.zyro.com

    A tool for logo creation where you can visually create logo, make adjustments and export for your usage. This endpoint doesn't store any confidential information or client related records, however it's important to us to keep this endpoint secure without getting compromised.

    URL
    critical
  • www.zyro.com

    A landing product page where user can login register and manage their websites - upgrade and manage subscriptions and view product pricing. This endpoint doesn't store any confidential information, however it's important to keep it secure and not compromised as it's communicating with other endpoints which stores confidential user data.

    URL
    critical
  • editor.zyro.com

    A website builder tool that allows Zyro users to build, edit and publish Zyro sites in json format. Tool can be used unauthenticated, only website template must be chosen from zyro.com/templates When logged in there is site-settings for that particular site to connect domains, add integrations and update site SEO. This endpoint doesn't store any confidential information, however it's important to keep this endpoint secure and compromised as it's communicating with other servers which are storing confidential information.

    URL
    critical
  • partner.niagahoster.co.id
    URL
    critical
  • www.niagahoster.co.id
    URL
    critical
  • cpanel.hosting24.com

    This is Hosting24 customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, etc. Servers and databases under this domain contain confidential and client data.

    URL
    critical
  • www.hosting24.com

    This is Hosting24 main web application meant for service presentation and client account registration. No confidential information or client data is stored on these systems. However, gaining access to these assets might help attacker to access confidential information on other servers.

    URL
    critical
  • hpanel.hosting24.com

    This is Hosting24 customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, etc. Servers and databases under this domain contain confidential and client data.

    URL
    critical
  • payments.hosting24.com

    This is Hosting24 payment microservice gateway. Assets under this domain stores only depersonalized data, however, it is important to us that unverified operations wouldn't occur and integrity of the records wouldn't be affected by an unauthorized individuals.

    URL
    critical
  • horizons.hostinger.com
    URL
    critical
  • backend.zyro.com

    Main endpoint for zyro.com and editor functionalities, like authentication, subscriptions, publishing and 3party tools integrations. It is Node.js application meant for website publishing. It provides REST service to zyro.com web pages and website builder (editor.zyro.com), it handles user sessions, stores users and sites info to MySql database and integrates other applications (like Redis, PowedDNS, Amazon S3, and etc.)
    It very important to us to keep this endpoint secure and not compromised as it contains confidential client data.

    URL
    critical
  • builder.hostinger.com
    URL
    critical
  • www.hostinger.com

    This is Hostinger's main web application meant for service presentation and client account registration. No confidential information or client data is stored on these systems. However, gaining access to these assets might help attacker to access confidential information on other servers.

    URL
    critical
  • *.000webhost.com

    000Webhost is free webhosting service and learning platform for beginners starting their journey on the internet.

    WILDCARD
    critical
  • payments.hostinger.com

    This is Hostinger's payment microservice gateway. Assets under this domain stores only depersonalized data, however, it is important to us that unverified operations wouldn't occur and integrity of the records wouldn't be affected by an unauthorized individuals.

    URL
    critical
  • hpanel.hostinger.com

    This is Hostinger's customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, windows_vps, logibox email, gsuite, cloudflare, marketgoo, flockmail. Servers and databases under this domain contain confidential and client data.

    URL
    critical
  • H5G

    We are introducing a new testing scope for our Hosting Infrastructure tailored for WordPress websites.

    OTHER
    critical
  • reach.hostinger.com
    URL
    critical
  • cpanel.hostinger.com

    This is Hostinger's customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, windows_vps, logibox email, gsuite, cloudflare, marketgoo, flockmail. Servers and databases under this domain contain confidential and client data.

    URL
    critical
Target Scope Domains
  • 000webhost.com
  • backend.zyro.com
  • builder.hostinger.com
  • cpanel.hosting24.com
  • cpanel.hostinger.com
  • editor.zyro.com
  • horizons.hostinger.com
  • hpanel.hosting24.com
  • hpanel.hostinger.com
  • logo.zyro.com
  • partner.niagahoster.co.id
  • payments.hosting24.com
  • payments.hostinger.com
  • reach.hostinger.com
  • www.hosting24.com
  • www.hostinger.com
  • www.niagahoster.co.id
  • www.zyro.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
3 weeks, 3 days ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 25 Seconds
  • Finished: 3 weeks, 3 days ago