• $50 – $8,000 per vulnerability
  • Partial safe harbor

Out of Scope update for HotDoc

Hi Researchers,

This is a friendly reminder that only in scope domains are to be tested for this program.

To clarify, we've explicitly listed the following endpoint in the out of scope table:

To create a profile, you'll need to use the following URL which is also listed on the brief:

Please re-review the bounty brief in detail and adjust your testing, and all scanners accordingly to make sure you are only testing and submitting in-scope bugs.

Any pending submissions submitted before the out of scope changes will be reviewed and processed accordingly.

If you have any questions on the change in the scope, please reach out to