Amazon Vulnerability Research Program

Summary

Amazon Vulnerability Research Program seems to have a Bug Bounty or Vulnerability Disclosure program managed at HackerOne. Our bots had reported us they appear to be offering rewards 💸 💰 👀.

As this page is programmatically generated, we do not guarantee the accuracy or completeness of the data and cannot be held liable for any errors or omissions. Users are advised to verify the information directly from the official sources before taking any action based on the content found on this website.

References

https://hackerone.com/amazonvrp

In Scope

*.amazon.ae

*.amazon.ca

*.amazon.cl

*.amazon.cn

*.amazon.co.jp

*.amazon.co.uk

*.amazon.co.za

*.amazon.com

*.amazon.com.au

*.amazon.com.be

*.amazon.com.br

*.amazon.com.co

*.amazon.com.mx

*.amazon.com.ng

*.amazon.com.tr

*.amazon.de

*.amazon.eg

*.amazon.es

*.amazon.fr

*.amazon.in

*.amazon.it

*.amazon.nl

*.amazon.pl

*.amazon.sa

*.amazon.se

*.amazon.sg

297606951

Amazon Subsidiaries (Please only actively test explicitly stated scope)

Other Amazon Retail Assets (Please only actively test explicitly stated scope)

Other Amazon Retail Mobile Apps (Please only actively test explicitly stated scope)

Other Amazon Retail Sites (Please only actively test explicitly stated scope)

amazonpayinsurance.in

com.amazon.mShop.android.shopping

https://www.amazonpay.in/*

www.amazon.*

Out of Scope

"Contact Us" Functionality

*.aws.*

*.dev

.*a2z*.

AWS and AWS customer assets are strictly out of scope

Amazon Web Services (AWS) ( Currently, anything related to AWS should be considered out of scope and should be reported directly to AWS: https://aws.amazon.com/security/vulnerability-reporting/ )

Anything considered a non-prod asset

Anything which redirects to AWS

amazongames.com

learning.logistics.amazon.com