Scope:
All our Domains and Subdomains:
- timedin.net – (www.timedin.net, static.timedin.net, api.timedin.net, autodiscover.timedin.net)– (Out of scope: status.timedin.net)
- timedin.org – (www.timedin.org)
- timedin.de – (www.timedin.de, api.timedin.de) – (Out of scope: status.timedin.de)
- 2t0.de – (Out of scope: redirect targets)
Out of scope: redirects to other websites, Cloudflare content (/cgi-cdn/*).
Apps and Plugins
- Shortlink-Creator (https://www.timedin.net/tools/shortlink/, iOS-Shortcut and Android-App)
Unapproved Vulnerabilities
- (D)DoSing
- Port Scanning
- Brute Force Attacks
- Minor Security Headers
- Issues detected by common scanners (OWASP ZAP)
If you want to pentest for these issues, please contact us first to get authorization and, if applicable, specified scopes (domains/servers) and timespans.
Contact:
Please use security@timedin.net or Matrix for contacting. Please share severe, private information only via matrix or the pgp-key (soon).