LY Corporation icon LY Corporation HackerOne

Target Policy
https://hackerone.com/line?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • https://prod-fido-fido2-server.line-apps.com/

    This domain is a FIDO API endpoint for testing integrations. It has no user data and is purely for testing implementations. As such, it is out of scope for this program.

    URL
    none
  • 9wzdncrfj2g6

    **_Tier A_ Asset**

    [Microsoft Windows Store](https://www.microsoft.com/ja-jp/p/line/9wzdncrfj2g6)

    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    WINDOWS_APP_STORE_APP_ID
    critical
  • http://recruit.linepluscorp.com
    URL
    critical
  • LINE Messenger - VOOM

    **_Tier A_ Asset**

    Social media feature that can share contents in LINE Messengers > Voom Tab and related servers.

    The website (https://linevoom.line.me) is also included.

    OTHER
    critical
  • *.line.me

    **_Tier B_ Asset**

    Previous standalone web domains such as live.line.me, music.line.me, news.line.me, store.line.me are now included in this wildcard.

    URLs that contain `nvapis.line.me` will be out of scope.

    WILDCARD
    critical
  • http://*.line.me

    **_Tier B_ Asset**

    Previous standalone web domains such as live.line.me, music.line.me, news.line.me, store.line.me are now included in this wildcard.

    URLs that contain `nvapis.line.me` will be out of scope.

    WILDCARD
    critical
  • http://*.line-apps.com

    **_Tier B_ Asset**

    WILDCARD
    critical
  • http://*.line.naver.jp

    **_Tier B_ Asset**

    WILDCARD
    critical
  • http://*.line.biz

    **_Tier B_ Asset**

    WILDCARD
    critical
  • Windows Executable

    **_Tier A_ Asset**

    https://desktop.line-scdn.net/win/new/LineInst.exe
    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    DOWNLOADABLE_EXECUTABLES
    critical
  • Chrome Extension

    **_Tier A_ Asset**

    https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc

    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    OTHER
    critical
  • 539883307

    **_Tier A_ Asset**

    macOS: [Apple Mac App Store](https://apps.apple.com/id/app/line/id539883307)

    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    APPLE_STORE_APP_ID
    critical
  • 443904275

    **_Tier A_ Asset**

    [Apple App Store](https://apps.apple.com/jp/app/line/id443904275)

    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    APPLE_STORE_APP_ID
    critical
  • Other Assets

    If you found a vulnerability in LINE's website or applications that are not explicitly listed in `Scopes`, it can still be submitted and the report will be triaged by LINE and evaluated on case by case basis.

    Depending on the outcome of the triage, it may not qualify for monetary reward, for example if it is not developed or maintained by LINE.

    Even for LINE domains, rewards may not be paid for assets developed/managed by 3rd party vendors (types of SaaS or solution products).
    * Any assets that are not managed by LINE and any LINE domains/sub-domains developed by third-party vendors will be carefully scrutinized. A bounty or reward may only be considered on a case-by-case basis and depending on the privacy and business impact

    OTHER
    critical
  • *.line.biz

    **_Tier B_ Asset**

    WILDCARD
    critical
  • *.line-apps.com

    **_Tier B_ Asset**

    WILDCARD
    critical
  • com.linecorp.linelite

    **_Tier A_ Asset**

    LINE Lite on the [Google Play Store](https://play.google.com/store/apps/details?id=com.linecorp.linelite)

    GOOGLE_PLAY_APP_ID
    critical
  • *.line.naver.jp

    **_Tier B_ Asset**

    WILDCARD
    critical
  • *.linecorp.com
    WILDCARD
    critical
  • LINE Messenger - VoIP

    **_Tier A_ Asset**

    Voice and Video call service in LINE Messengers > Calls tab or call menu in a chat room and related servers.

    OTHER
    critical
  • LINE Messenger - Chat

    **_Tier A_ Asset**

    Chat and Group Chat feature that can send texts, images, stickers and so on in LINE Messengers > Chats Tab and related servers. Supplementary services such as Album, Notes are also included.

    OTHER
    critical
  • jp.naver.line.android

    **_Tier A_ Asset**

    [Google Play Store](https://play.google.com/store/apps/details?id=jp.naver.line.android)

    Please make sure you are testing the latest version. Only the latest version is considered in scope.

    GOOGLE_PLAY_APP_ID
    critical
  • LINE Pay

    Please refrain from testing any functionality that is related to financial transactions. **This includes LINE Pay functionality within the LINE Application and Rabbit Pay for Thailand.**

    OTHER
    none
  • LINE Messenger - Keep

    **_Tier A_ Asset**

    A storage service that lets you save photos, videos, text and files in LINE Messengers > Keep feature and related servers.

    OTHER
    critical
  • LINE Messenger - News

    **_Tier A_ Asset**

    News service in LINE Messengers > News Tab and related servers.

    Please note that this is available in Japan Only.

    OTHER
    critical
  • *nvapis.line.me

    URLs that contain `nvapis.line.me` will be out of scope.

    Example: `dev-nvapis.line.me`, `kr-nvapis.line.me` etc

    OTHER
    none
  • LINE Messenger - OpenChat

    **_Tier A_ Asset**

    Anonymous chat service in LINE Messengers > OpenChat and related servers.

    OTHER
    critical
Target Scope Domains
  • line-apps.com
  • line.biz
  • line.me
  • line.naver.jp
  • linecorp.com
  • recruit.linepluscorp.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
1 year, 1 month ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 1.99 Hours
  • Finished: 1 year, 1 month ago