Superbet icon Superbet HackerOne

Target Policy
https://hackerone.com/superbet?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • *.superbet.ro

    For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    Or use a test account from this list( some of them might not work so try multiple ones):
    synack1 - rNc7pGnzxaWRaK
    synack2 - tQWdwGX4B5agoe
    synack3 - 2hZHsnFhZPTT3D
    synack4 - 6qE8ZG8JQgSWCU
    synack5 - yfjzvoWLYZn4GM
    synack6 - JUKzSYr626V7zZ
    synack7 - VMs8C4txt3hNzQ
    synack8 - LyEb8vuuRRgiXd
    synack9 - KZkfiVXrHZ3JxX
    synack10 - 6sphJVv3PFp8mB

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    WILDCARD
    critical
  • https://napoleonsports.be

    Website available only from Belgium. You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • https://superbet.rs

    Website available only from Serbia.

    URL
    critical
  • *.superbet.com
    WILDCARD
    critical
  • http://*.superbet.rs

    This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip's, so please use a VPN.

    WILDCARD
    critical
  • http://*.superbet.com
    WILDCARD
    critical
  • http://*.superbet.ro

    For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    WILDCARD
    critical
  • WGP Slot Games

    All games from WGP provider are in scope for testing.
    You can find them by filtering for WGP provider on Napoleon platform. Make sure you use VPN for BE.
    https://napoleoncasino.be/en-be/games/search?query=wgp

    OTHER
    critical
  • https://napoleondice.be

    Website available only from Belgium.
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • *.luckydays.com

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • https://superbet.pl

    Website available only from Poland

    URL
    critical
  • *.napoleoncasino.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • https://superbet.ro

    For our main application superbet.ro You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    Or use a test account from this list( some of them might not work so try multiple ones):
    hackeronesuperbet02 - jV%J5ypt9mJVe$
    hackeronesuperbet03 - CSK2ZhG3LetSD8O
    hackeronesuperbet04 - qKSi52$YkdXv58
    hackeronesuperbet05 - ZgZc9jbgZ82Bh&
    hackeronesuperbet06 - !u#^ogsrh9vt9N

    ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.

    URL
    critical
  • https://napoleoncasino.be/en-be/game/hogamba-crash?demo=false

    slot game available on be/ro platforms and on BR in the future.

    URL
    critical
  • *.superbet.pl
    WILDCARD
    critical
  • *.napoleongames.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • *.superbet.rs

    This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip's, so please use a VPN.

    WILDCARD
    critical
  • https://napoleoncasino.be

    Website available only from Belgium
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • superbet.bet.br

    Website available only for Brazil.
    hackeronesuperbet01 - 7Es3tkFrDaUfw#
    hackeronesuperbet02 - &$6i@Co$iMcn&S
    hackeronesuperbet03 - Uz5S#Eu32@w4yQ
    hackeronesuperbet04 - xb9^^aTAw83Ec&
    hackeronesuperbet05 - m54C9u^%J87oie
    hackeronesuperbet07 - jFat!DHhn4XcpL
    hackeronesuperbet08 - sc#N9w7Dx*76^X
    hackeronesuperbet09 - R6ifcvTZTv%v%Y

    URL
    critical
  • https://napoleongames.be

    Website available only from Belgium
    You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    URL
    critical
  • ro.superbet.sport

    Make sure you set the location to your google play account to Romania so you can access the app
    https://play.google.com/store/apps/details?id=ro.superbet.sport&hl=ro&gl=RO

    GOOGLE_PLAY_APP_ID
    critical
  • ro.superbet.games

    Make sure you change your google play country to Romania so you can access the app.
    https://play.google.com/store/apps/details?id=ro.superbet.games&hl=ro&gl=RO

    GOOGLE_PLAY_APP_ID
    critical
  • *.napoleondice.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
  • *.spinaway.com

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • *.luckydays.ca

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    WILDCARD
    critical
  • *.magicjackpot.ro

    we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.

    You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.

    WILDCARD
    critical
  • *.napoleonsports.be

    You need a real/fake Belgium ID to register an account on the main casino/sport app.
    You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution

    WILDCARD
    critical
Target Scope Domains
  • luckydays.ca
  • luckydays.com
  • magicjackpot.ro
  • napoleoncasino.be
  • napoleondice.be
  • napoleongames.be
  • napoleonsports.be
  • spinaway.com
  • superbet.bet.br
  • superbet.com
  • superbet.pl
  • superbet.ro
  • superbet.rs
Tech Stack
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kor
allkxss
1 month, 3 weeks ago
Finished
auto-gausubs-2-kor
  • Fleet: allkxss
  • Duration: 26 Seconds
  • Finished: 1 month, 3 weeks ago