SIX Group icon SIX Group HackerOne

Target Policy
https://hackerone.com/six-group?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • 153.46.30.0/23
    CIDR
    critical
  • https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB
    APPLE_STORE_APP_ID
    critical
  • 153.46.34.0/23
    CIDR
    critical
  • https://apps.apple.com/mx/app/debix/id1581440132
    APPLE_STORE_APP_ID
    critical
  • www.bolsasymercados.es
    URL
    critical
  • 194.209.121.0/24
    CIDR
    critical
  • 153.46.32.0/23
    CIDR
    critical
  • 153.46.96.0/20
    CIDR
    critical
  • 146.109.8.0/22
    CIDR
    critical
  • https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta
    GOOGLE_PLAY_APP_ID
    critical
  • https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps
    GOOGLE_PLAY_APP_ID
    critical
  • 193.110.154.0/24
    CIDR
    critical
  • 153.46.108.0/22
    CIDR
    critical
  • https://www.sdx.com/
    URL
    critical
  • https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871
    APPLE_STORE_APP_ID
    critical
  • 153.46.111.0/24
    CIDR
    critical
  • https://web3.sdx.com
    URL
    high
  • 153.46.104.0/22
    CIDR
    critical
  • https://apps.apple.com/us/app/bme-conecta/id6443938949
    APPLE_STORE_APP_ID
    critical
  • 62.192.20.16/29
    CIDR
    critical
  • https://play.google.com/store/apps/details?id=com.sixgroup.debixplus
    GOOGLE_PLAY_APP_ID
    critical
  • https://apps.apple.com/mx/app/six-id/id1620496931
    APPLE_STORE_APP_ID
    critical
  • 153.46.240.0/20

    ## Known Issues

    The following vulnerabilities have been identified and are currently being addressed. Reports of these issues will be closed as duplicates:

    - Cross-Site Scripting (XSS) vulnerabilities on `secure.tkfweb.com`.
    - This includes any reflected or stored XSS in input parameters on any endpoint within this domain.

    CIDR
    critical
  • https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1
    GOOGLE_PLAY_APP_ID
    critical
  • 193.109.229.0/24

    ## Known Issues
    The following vulnerabilities have been identified and are currently being addressed. Reports of these issues will be closed as duplicates:
    - Cross-Site Scripting (XSS) vulnerabilities on `*.bmeinntech.es`.
    - This includes any reflected or stored XSS in input parameters on any endpoint within this domain.

    CIDR
    critical
  • www.six-group.com
    URL
    critical
Target Scope Domains
  • web3.sdx.com
  • www.bolsasymercados.es
  • www.sdx.com
  • www.six-group.com
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-dnsenum-threaded
allsubs
2 weeks, 2 days ago
Finished
auto-dnsenum-threaded
  • Fleet: allsubs
  • Duration: 53 Seconds
  • Finished: 2 weeks, 2 days ago