Blog: Security and Pentesting

Scope:

• All our Domains and Subdomains:

  • timedin.net – (www.timedin.net, static.timedin.net, api.timedin.net, autodiscover.timedin.net)– (Out of scope: status.timedin.net)
  • timedin.org – (www.timedin.org)
  • timedin.de – (www.timedin.de, api.timedin.de) – (Out of scope: status.timedin.de)
  • 2t0.de – (Out of scope: redirect targets)

  Out of scope: redirects to other websites, Cloudflare content (/cgi-cdn/*).

• Apps and Plugins

  • Shortlink-Creator (https://www.timedin.net/tools/shortlink/, iOS-Shortcut and Android-App)

• Unapproved Vulnerabilities

  • (D)DoSing
  • Port Scanning
  • Brute Force Attacks
  • Minor Security Headers
  • Issues detected by common scanners (OWASP ZAP)

  If you want to pentest for these issues, please contact us first to get authorization and, if applicable, specified scopes (domains/servers) and timespans.

Contact:

Please use security@timedin.net or Matrix for contacting. Please share severe, private information only via matrix or the pgp-key (soon).