Malwarebytes icon Malwarebytes HackerOne

Target Policy
https://hackerone.com/malwarebytes?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • oneview.malwarebytes.com

    The Malwarebytes OneView multi-tenant dashboard enables you to grow revenue while lowering costs with a single pane of glass to centrally manage customer and partner accounts, cloud subscriptions for servers and workstations, invoicing, and integrations. The admin console provides direct linkage to the Malwarebytes internal team for rapid creation and resolution of support tickets.

    * Product page: https://www.malwarebytes.com/partners/managed-service-providers
    * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057491-OneView

    URL
    critical
  • www.malwarebytes.com
    URL
    critical
  • Malwarebytes Anti-Ransomware
    DOWNLOADABLE_EXECUTABLES
    none
  • Malwarebytes Device Control

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/business/cloud
    * Documentation: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula

    OTHER
    critical
  • Malwarebytes Incident Response

    Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. The solution bolsters your enterprise cyber resilience and incident response process by compressing response times with fast and complete remediation.

    * Product page: https://www.malwarebytes.com/business/incident-response
    * Documentation: https://www.malwarebytes.com/business/incident-response

    DOWNLOADABLE_EXECUTABLES
    critical
  • cloud.malwarebytes.com

    Platform that support most of Malwarebytes for business products.

    * Product page: https://cloud.malwarebytes.com
    * Documentation: https://www.malwarebytes.com/business/cloud

    URL
    critical
  • http://*.mbamupdates.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • http://*.cloud.malwarebytes.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • http://*.mwbsys.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • http://*.malwarebytes.com

    Domains supporting many Malwarebytes services and products.

    Exclusions:

    * academy.malwarebytes.com

    WILDCARD
    critical
  • http://*.mb-cosmos.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • http://*.mwb-threatintel.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • my.malwarebytes.com

    Portal to manage your subscriptions and billing.

    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458094-My-Account-Billing

    URL
    critical
  • Malwarebytes Endpoint Protection

    Comprehensive security that keeps your devices safe and teams productive.

    * Product page: https://www.malwarebytes.com/business/endpoint-protection / https://www.malwarebytes.com/business/endpoint-protection/server-security

    OTHER
    critical
  • Malwarebytes Privacy (VPN)

    With a single click, our next-generation VPN helps protect your online privacy, secures your WiFi connection, and delivers speeds way faster than older VPNs.

    * Product page: https://www.malwarebytes.com/vpn
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360003545953-Malwarebytes-Privacy

    **Note**: The scope of the bug bounty program is limited to **ONLY** the VPN client installed on desktop/endpoint. **Server-side** is strictly **NOT** in scope, but your feedback is appreciated, **NOT** rewarded. The primary goal of this bug bounty program is to explore if there are any IP leak, DNS leak, and Data leak vulnerabilities present or not. As a researcher and creative thinker, you are welcome to explore for any other vulnerabilities if they are applicable to the client.

    OTHER
    critical
  • Malwarebytes ToolSet (MBTS)

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/techbench
    * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057875-Toolset

    DOWNLOADABLE_EXECUTABLES
    critical
  • Any other Malwarebytes asset

    Please use this category to report vulnerabilities in any other assets not listed in other categories.

    Note: Due to the broad scope of this category, eligibility and rewards will decided on the case-by-case basis.

    OTHER
    critical
  • *.threatdown.com
    WILDCARD
    critical
  • Malwarebytes Support Tool (MBST)

    The Support Tool troubleshoots and repairs issues with Malwarebytes Desktop Security for Windows devices.
    Product page: https://help.malwarebytes.com/hc/en-us/articles/31589431159579-Repair-Desktop-Security-with-the-Support-Tool

    DOWNLOADABLE_EXECUTABLES
    critical
  • Malwarebytes Remediation for CrowdStrike

    Malwarebytes Remediation for CrowdStrike works seamlessly with CrowdStrike Real Time Response (RTR) functionality. It provides automated remediation that thoroughly removes malware on machines where CrowdStrike Falcon has stopped an attack.

    * Product page: https://www.malwarebytes.com/business/crowdstrike
    * Documentation: https://service.malwarebytes.com/hc/en-us/articles/4413798516627-Malwarebytes-Remediation-for-CrowdStrike-integration-guide

    DOWNLOADABLE_EXECUTABLES
    critical
  • *.mwbsys.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • *.cloud.malwarebytes.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • Malwarebytes for Windows

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/premium
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows

    DOWNLOADABLE_EXECUTABLES
    critical
  • BrowserGuard (Firefox/Chrome/Safari browser extension)

    Malwarebytes Browser Guard crushes unwanted and unsafe content, giving you a safer and faster browsing experience. Not only that, it is the world’s first browser extension that can identify and stop tech support scams.

    * Product page: https://www.malwarebytes.com/browserguard
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468293-Malwarebytes-Browser-Guard

    OTHER
    critical
  • Malwarebytes Windows Firewall Control

    Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better. It runs in the system tray and allows the user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall.

    * Product page: https://www.binisoft.org/wfc
    * Documentation: https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf

    DOWNLOADABLE_EXECUTABLES
    medium
  • *.malwarebytes.com

    Domains supporting many Malwarebytes services and products.

    Exclusions:

    * academy.malwarebytes.com

    WILDCARD
    critical
  • org.malwarebytes.antimalware

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/android / https://www.malwarebytes.com/chromebook
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458034-Malwarebytes-for-Android-Chrome-OS

    GOOGLE_PLAY_APP_ID
    critical
  • Malwarebytes Endpoint Detection and Response (EDR)

    Cross-platform threat prevention and remediation for Windows, Mac, and Linux

    * Product page: https://www.malwarebytes.com/business/edr / https://www.malwarebytes.com/business/edr/server-security/

    OTHER
    critical
  • AdwCleaner

    **AdwCleaner** is the world’s most popular adware cleaner finds and removes unwanted programs and junkware so your online experience stays optimal and hassle-free.

    * Product page: https://www.malwarebytes.com/adwcleaner
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468313-Malwarebytes-AdwCleaner

    Note that this product is being deprecated, and is no longer eligible for bounty.

    DOWNLOADABLE_EXECUTABLES
    critical
  • Malwarebytes Anti-Exploit

    Standalone Anti-Exploit, for Windows.

    * Product page: https://forums.malwarebytes.com/forum/126-anti-exploit-beta/
    * Documentation: https://support.malwarebytes.com/hc/en-us/sections/4416574256915-Malwarebytes-Anti-Exploit-for-Windows

    DOWNLOADABLE_EXECUTABLES
    medium
  • Malwarebytes for Teams

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/business/teams
    * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4414671777043-For-Teams

    DOWNLOADABLE_EXECUTABLES
    critical
  • Vulnerability & Patch Management

    Understand risks quickly and strengthen defenses across your digital ecosystem with modules for our cloud-based security management platform.

    * Product page: https://www.malwarebytes.com/business/vulnerability-patch-management
    * Documentation: https://www.malwarebytes.com/business/vulnerability-patch-management

    OTHER
    critical
  • Malwarebytes for Mac

    Advanced antivirus and anti-malware with faster, safer web browsing.

    * Product page: https://www.malwarebytes.com/mac
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468253-Malwarebytes-for-Mac

    DOWNLOADABLE_EXECUTABLES
    critical
  • *.mwb-threatintel.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • *.mb-cosmos.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
  • com.malwarebytes.Malwarebytes

    Get all the extra iOS security you need in one app. Protect yourself from online threats and put a stop to annoying spam calls and texts. Browse the web with confidence and focus on the messages that matter.

    * Product page: https://www.malwarebytes.com/ios
    * Appstore: https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431
    * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS

    APPLE_STORE_APP_ID
    critical
  • *.cyrus-security.com
    WILDCARD
    critical
  • *.mbamupdates.com

    Domains supporting many Malwarebytes services and products.

    WILDCARD
    critical
Target Scope Domains
  • cloud.malwarebytes.com
  • cyrus-security.com
  • malwarebytes.com
  • mb-cosmos.com
  • mbamupdates.com
  • mwb-threatintel.com
  • mwbsys.com
  • my.malwarebytes.com
  • oneview.malwarebytes.com
  • threatdown.com
  • www.malwarebytes.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kxss
allkxss
2 weeks, 6 days ago
Finished
auto-gausubs-2-kxss
  • Fleet: allkxss
  • Duration: 18.18 Minutes
  • Finished: 2 weeks, 6 days ago