Target Policy

https://hackerone.com/poloniex?type=team

---

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• https://public.poloniex.com

  URL

  medium
• https://api.poloniex.com

  ---

  **Poloniex API documentation**
  https://poloniex.com/support/api

  Example Request:

  POST /tradingApi HTTP/1.1
  Host: poloniex.com
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0
  Accept: application/json, text/javascript, */*; q=0.01
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate, br
  Key: API_KEY
  Sign: ```<COMMAND_SIGNED_WITH_SECRET>```
  Referer: https://poloniex.com/apiKeys
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  X-Requested-With: XMLHttpRequest
  Connection: close
  Content-Length: 30

  command=returnBalances&nonce=```<NONCE_VALUE>```

  URL

  critical
• https://m.poloniex.com

  URL

  critical
• https://www.poloniex.com

  URL

  critical
• https://api2.poloniex.com

  URL

  high
• api.poloniex.com

  ---

  **Poloniex API documentation**
  https://poloniex.com/support/api

  Example Request:

  POST /tradingApi HTTP/1.1
  Host: poloniex.com
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0
  Accept: application/json, text/javascript, */*; q=0.01
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate, br
  Key: API_KEY
  Sign: ```<COMMAND_SIGNED_WITH_SECRET>```
  Referer: https://poloniex.com/apiKeys
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  X-Requested-With: XMLHttpRequest
  Connection: close
  Content-Length: 30

  command=returnBalances&nonce=```<NONCE_VALUE>```

  URL

  critical
• m.poloniex.com

  URL

  critical
• www.poloniex.com

  URL

  critical
• api2.poloniex.com

  URL

  high
• public.poloniex.com

  URL

  medium

Target Scope Domains

• api.poloniex.com
• api2.poloniex.com
• m.poloniex.com
• public.poloniex.com
• www.poloniex.com

• 7 Subdomains
• Download wordlist

---

Last Finished Scan:

---