Superbet icon Superbet HackerOne

Target Policy
https://hackerone.com/superbet?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • *.superbet.com
    WILDCARD
    critical
  • *.superbet.pl
    WILDCARD
    critical
  • http://*.superbet.rs

    This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip's, so please use a VPN.

    WILDCARD
    critical
  • http://*.superbet.com
    WILDCARD
    critical
  • http://*.superbet.ro

    For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    WILDCARD
    critical
  • https://superbet.rs

    Website available only from Serbia.

    URL
    critical
  • https://napoleondice.be

    Website available only from Belgium.
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • https://napoleoncasino.be/en-be/game/hogamba-crash?demo=false

    slot game available on be/ro platforms and on BR in the future.

    URL
    critical
  • *.napoleongames.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • https://superbet.ro

    For our main application superbet.ro You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    Or use a test account from this list( some of them might not work so try multiple ones):
    hackeronesuperbet02 - jV%J5ypt9mJVe$
    hackeronesuperbet03 - CSK2ZhG3LetSD8O
    hackeronesuperbet04 - qKSi52$YkdXv58
    hackeronesuperbet05 - ZgZc9jbgZ82Bh&
    hackeronesuperbet06 - !u#^ogsrh9vt9N

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    URL
    critical
  • *.superbet.rs

    This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip's, so please use a VPN.

    WILDCARD
    critical
  • https://napoleongames.be

    Website available only from Belgium
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • https://superbet.pl

    Website available only from Poland

    URL
    critical
  • https://napoleoncasino.be

    Website available only from Belgium
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • *.napoleoncasino.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • superbet.bet.br

    Website available only for Brazil.
    hackeronesuperbet01 - 7Es3tkFrDaUfw#
    hackeronesuperbet02 - &$6i@Co$iMcn&S
    hackeronesuperbet03 - Uz5S#Eu32@w4yQ
    hackeronesuperbet04 - xb9^^aTAw83Ec&
    hackeronesuperbet05 - m54C9u^%J87oie
    hackeronesuperbet07 - jFat!DHhn4XcpL
    hackeronesuperbet08 - sc#N9w7Dx*76^X
    hackeronesuperbet09 - R6ifcvTZTv%v%Y

    URL
    critical
  • *.luckydays.com

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • https://napoleonsports.be

    Website available only from Belgium. You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • *.superbet.ro

    For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    Or use a test account from this list( some of them might not work so try multiple ones):
    synack1 - rNc7pGnzxaWRaK
    synack2 - tQWdwGX4B5agoe
    synack3 - 2hZHsnFhZPTT3D
    synack4 - 6qE8ZG8JQgSWCU
    synack5 - yfjzvoWLYZn4GM
    synack6 - JUKzSYr626V7zZ
    synack7 - VMs8C4txt3hNzQ
    synack8 - LyEb8vuuRRgiXd
    synack9 - KZkfiVXrHZ3JxX
    synack10 - 6sphJVv3PFp8mB

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    WILDCARD
    critical
  • ro.superbet.sport

    Make sure you set the location to your google play account to Romania so you can access the app
    https://play.google.com/store/apps/details?id=ro.superbet.sport&hl=ro&gl=RO

    GOOGLE_PLAY_APP_ID
    critical
  • ro.superbet.games

    Make sure you change your google play country to Romania so you can access the app.
    https://play.google.com/store/apps/details?id=ro.superbet.games&hl=ro&gl=RO

    GOOGLE_PLAY_APP_ID
    critical
  • *.napoleondice.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • *.spinaway.com

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • *.luckydays.ca

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • *.magicjackpot.ro

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    WILDCARD
    critical
  • *.napoleonsports.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
Target Scope Domains
  • luckydays.ca
  • luckydays.com
  • magicjackpot.ro
  • napoleoncasino.be
  • napoleondice.be
  • napoleongames.be
  • napoleonsports.be
  • spinaway.com
  • superbet.bet.br
  • superbet.com
  • superbet.pl
  • superbet.ro
  • superbet.rs
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kcrlf
allkxss
2 weeks, 2 days ago
Finished
auto-gausubs-2-kcrlf
  • Fleet: allkxss
  • Duration: 17.95 Minutes
  • Finished: 2 weeks, 2 days ago