LifeOmic HackerOne

Target Policy
https://hackerone.com/lifeomic?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • api.dev.lifeomic.com/graphql
    URL
    critical
  • apps.dev.lifeomic.com/precision-ocr
    URL
    critical
  • connect-console.dev.lifeomic.com
    URL
    critical
  • https://lifeapps.io
    URL
    none
  • fed.*.skillspring.com
    WILDCARD
    none
  • DMARC, SPF, DKIM

    We do not add DMARC, SPF, DKIM on all domains since not all domains originate email. Reports with this reason for all domains outside of the lifeomic.com may not be accepted.

    OTHER
    none
  • https://apps.wellness.dev.lifeomic.com
    URL
    critical
  • https://lifeology.dev.lifeomic.com
    URL
    critical
  • apps.dev.lifeomic.com/phc
    URL
    critical
  • info.lifeomic.com

    Please DO NOT test against this domain.

    URL
    none
  • http://apps.dev.lifeomic.com/phc
    URL
    critical
  • http://*.infra.lifeomic.com
    WILDCARD
    critical
  • http://*.dev.lifeomic.com
    WILDCARD
    critical
  • https://github.com/lifeomic/cli

    Only the opensource codebases developed by LifeOmic are included as in-scope. Forks, etc are not in scope.

    SOURCE_CODE
    critical
  • Scope Not Listed (See Instruction)

    If you identify a bug on a scope not listed here, you can use this asset. Please indicate in the report any relevant information about that asset (e.g. domain name, etc.) so we can determine if we'd like to add it to the scope of the program.
    **PLEASE DO NOT TEST AGAINST OR SUBMIT BUGS ON ANYTHING EXPLICITLY LISTED AS OUT OF SCOPE.**

    OTHER
    critical
  • *.dev.lifeomic.com
    WILDCARD
    critical
  • ga4gh.dev.lifeomic.com
    URL
    critical
  • api.dev.lifeomic.com
    URL
    critical
  • http://api.dev.lifeomic.com/graphql
    URL
    critical
  • com.lifeomic.lifefasting

    Life Fasting App in the Google Play Store

    GOOGLE_PLAY_APP_ID
    none
  • lifeology.dev.lifeomic.com
    URL
    critical
  • marketplace.dev.lifeomic.com
    URL
    critical
  • *.us.lifeomic.com

    Please note: Our dev instance is identical to this (plus a few new features) so please only test in dev (*.dev.lifeomic.com).

    WILDCARD
    none
  • com.lifeomic.life
    APPLE_STORE_APP_ID
    none
  • lifeomic.com

    Do not hack against our Wordpress sites or any contact forms.

    URL
    none
  • com.lifeomic.lifeextend

    LifeExtend in the Android App Store

    GOOGLE_PLAY_APP_ID
    none
  • com.lifeomic.LIFEExtend

    LifeExtend in the iOS App Store.

    APPLE_STORE_APP_ID
    none
  • fed.*.lifeomic.com
    WILDCARD
    none
  • apps.dev.skillspring.com
    URL
    critical
  • fhir.dev.lifeomic.com
    URL
    critical
  • *.infra.lifeomic.com
    WILDCARD
    critical
  • apps.wellness.dev.lifeomic.com
    URL
    critical
  • http://apps.dev.lifeomic.com/precision-ocr
    URL
    critical
Target Scope Domains
  • api.dev.lifeomic.com
  • apps.dev.lifeomic.com
  • apps.dev.skillspring.com
  • apps.wellness.dev.lifeomic.com
  • connect-console.dev.lifeomic.com
  • dev.lifeomic.com
  • fhir.dev.lifeomic.com
  • ga4gh.dev.lifeomic.com
  • infra.lifeomic.com
  • lifeology.dev.lifeomic.com
  • marketplace.dev.lifeomic.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 17.67 Minutes
  • Finished: 1 year, 1 month ago