Trip.com icon Trip.com HackerOne

Target Policy
https://hackerone.com/trip_com?type=team
Structured Scope
  • Asset Identifier
    Asset Type
    Max Severity
  • *.trainpal.com

    Low priority Scope

    WILDCARD
    critical
  • *.mytrainpal.com

    Low priority Scope

    WILDCARD
    critical
  • *.triplinkintl.com
    WILDCARD
    critical
  • *.trainpal.com,*.mytrainpal.com

    Low priority Scope

    WILDCARD
    critical
  • *.tyo-masters.co.jp
    WILDCARD
    critical
  • *.flugladen.de
    WILDCARD
    critical
  • *.vayama.com
    WILDCARD
    critical
  • trip.biz
    URL
    critical
  • app.blueskytravelvietnam.com
    URL
    critical
  • *.trip.biz
    WILDCARD
    critical
  • *.budgetair.com
    WILDCARD
    critical
  • *.vliegwinkel.nl
    WILDCARD
    critical
  • *.cheaptickets.nl

    Low priority Scope

    WILDCARD
    critical
  • *.trip.com

    Except for the domain name of <local>. trip.com
    Low priority Scope

    WILDCARD
    critical
  • *.travix.com

    Low priority Scope

    WILDCARD
    critical
  • com.trip.ios

    High priority Scope

    APPLE_STORE_APP_ID
    critical
  • com.trip.android

    High priority Scope

    GOOGLE_PLAY_APP_ID
    critical
  • *.travix.io

    Low priority Scope

    WILDCARD
    critical
  • <locale>.trip.com

    Trip Main Sites
    High priority Scope

    OTHER
    critical
Target Scope Domains
  • app.blueskytravelvietnam.com
  • budgetair.com
  • cheaptickets.nl
  • flugladen.de
  • mytrainpal.com
  • trainpal.com
  • trainpal.com,mytrainpal.com
  • travix.com
  • travix.io
  • trip.biz
  • trip.com
  • triplinkintl.com
  • tyo-masters.co.jp
  • vayama.com
  • vliegwinkel.nl
Tech Stack
  • Akamai
  • Amazon S3
  • Amazon Web Services
  • Ant Design
  • Apache Http Server
  • Bootstrap
  • Bootstrap:5
  • Cloudflare
  • Cloudflare Bot Management
  • Envoy
  • Express
  • Fastly
  • Github Pages
  • Google Analytics
  • Google Cloud
  • Google Cloud Cdn
  • Google Cloud Trace
  • Google Tag Manager
  • Hsts
  • Http/3
  • Java
  • Jquery
  • Jquery Ui
  • Next.Js
  • Nginx:1.20.1
  • Node.Js
  • Php
  • React
  • Requirejs
  • Ruby
  • Ruby On Rails
  • Stimulus
  • Trustpilot
  • Twitter Emoji (Twemoji)
  • Varnish
  • Varnish:6.0
  • Webpack
  • Youtube
  • Zepto
Running Scans:
auto-gausubs-2-httpx-fast
  • Fleet: allhttpx
  • State: Parsing Results
  • Started: 6 months ago
Last Finished Scan:
Scan Name
Fleet
Finished
State
auto-gausubs-2-kor
allkxss
1 day, 9 hours ago
Finished
auto-gausubs-2-kor
  • Fleet: allkxss
  • Duration: 26 Seconds
  • Finished: 1 day, 9 hours ago