bugcrowd
Bugcrowd ek mashhoor bug bounty aur crowdsourced security platform hai, jo beginners se le kar advanced security researchers tak sab ke liye design ki gayi hai. Neeche detail mein jaaniyeβfrom shuruaat karne walon ke liye to professional level ke liye:
π Beginners ke liye (Basic / Starter Level)
Bugcrowd University
Bugcrowd apna free educational portal chalata hai β Bugcrowd University β jahan beginners web hacking, vulnerability methodology, aur bug hunting techniques seekh sakte hain Wikipedia+3Techjockey+3Bugcrowd+3We Live Security.Public Bug Bounty Programs
Aap easily public programs me register kar sakte hain, jahan aap beginner level (niche severity) bugs report kar ke pehla experience hasil karte hain. Reddit par experienced hunters suggest karte hain ke βstart with one ya do technique, baar baar try karo aur code labs practice karoβ Reddit+7Reddit+7Reddit+7.Learning Resources
PortSwigger Web Security Academy, HackerOne aur Bugcrowd ke tutorials se aap vulnerabilities ko practice kar sakte hain. Ek user advice deta hai:βfocus on one or two vulnerabilities β¦ practice on PortSwigger Academy until Practitioner level β¦ then test live targetsβ Reddit+3Reddit+3Wikipedia+3.
π Intermediate / Advance Level Features aur Uses
Crowdsourced Bug Bounty Platform
Bugcrowd 2012 mein San Francisco me shuru hua. Aaj worldβwide 500,000+ vetted security researchers ke saath connect karta hai companies ko vulnerabilities report karwane ke liye, jaise ke Tesla, Mastercard, Atlassian, Fitbit etc. Axios+15Wikipedia+15securityweek.com+15Reddit+15venturebeat.com+15Techjockey+15.Managed Bug Bounty aur Attack Surface Management
CrowdMatchβ’ AI: Yeh AIβpowered system relevant expert hackers ko match karta hai based on hundreds of criteria, jise organizations ko highβquality findings milte hain Reddit+9Bugcrowd+9Wikipedia+9.
Engineered Triage: Submissions ko validate aur prioritize karta hai, aur critical bugs ko ek din ke andar escalate karta hai Bugcrowd+1Reddit+1.
Enterprise Integrations & Insights
Bugcrowd platform tools jaise Jira, Slack, Github, ServiceNow etc. ke saath integrate hota hai, jise developers easily vulnerability fixes track kar sakte hain Bugcrowd+1Bugcrowd+1. Saath hi analytics dashboard se organizations ko bounty spend, bug trends aur program performance ka insight milta hai Bugcrowd.Penetration Testing as a Service (PTaaS) & VDPs
Ye platform vulnerability disclosure programs (VDP), Managed Bug Bounty, Red Team as a Service, aur Pen testing services bhi provide karta hai jo compliance aur continuous risk reduction enable karte hain Bugcrowd+7HostingAdvice.com+7Bugcrowd+7.
π§ Beginner se Advanced takβStep-by-Step Guide
| Stage | Aapke Liye Top Resources | Aap Seekhenge |
|---|---|---|
| Shuruaat / Beginner | Bugcrowd University, PortSwigger Web Academy, GitHub labs | Web vulnerabilities, report format, basic tools |
| Intermediate | Public programs Bugcrowd par, challenge forums | Real targets pe practice, report writing, earning credibility |
| Advanced / Pro | CrowdMatch hunts, private programs, triage feedback | Complex web/IoT/mobiles testing, high payout bugs, enterprise integrations |
π¬ Reddit Feedback (Community ke experiences)
Ek beginner ne kaha:
βBugcrowd and other sites have beginner programs. Good hai agar aap ek technique ya do par focus karo aur baarβbaar practice karo. Aap bohot saari bounties dhund sakte ho.β
Advance levels pe users mention karte hain ke Bugcrowd mein competition kaafi tough hota hai kyunki platform bohot purana hai aur bohot professionals involve hote hain Reddit.
π― SummaryΒ
Beginners ke liye: Bugcrowd University, public programs, tutorials aur practice labs se aap starting skills build kar sakte hain.
Intermediate: Realβworld web testing, report submissions aur community feedback se improve karein.
Advanced professionals ke liye: CrowdMatch powered managed bounties, triage workflows, enterprise tools integration, aur analytics se highβimpact vulnerabilities track karein.
Agar aap kisi specific topic (jaise SQL injection, authentication flaws, scope selection etc.) pe practice tips ya resources chahte hain, to bataiye. Main aap ko uske liye tailored suggestions de sakta hoon!
π₯οΈ Dashboard β Kya Hota Hai?
Dashboard ek central screen hota hai jahan tumhare saare important activities ka overview milta hai β jaise:
Tumhari performance
Active projects
Payments
Notifications
Leaderboard stats
Invites ya naye tasks
Ye ek control center ki tarah hota hai, jahan se tum har cheez ka track rakh sakte ho.
| 𧩠Section Name | π Kya Hota Hai?Β |
|---|---|
| Dashboard | Main screen β yahan tumhari total earnings, submissions, aur alerts dikhte hain. |
| Engagements | Jo programs ya companies ke saath tum connected ho β jahan tum bugs report kar sakte ho. |
| Invites | Private programs ke invitations milte hain β sirf selected hackers ko milta hai. |
| Work | Jitna kaam tumne kiya hai β reports, status (pending, accepted, rejected) sab yahan hota hai. |
| Payments | Tumhe kitna paisa mila, pending hai ya transfer ho chuka β sab dikhai deta hai. |
| Leaderboards | Top hackers ka scorecard β tumhare points, rank, aur position show hoti hai. |
| CrowdStream | Live feed jaisa β doosre researchers kya kar rahe hain, naye programs kaunse aaye, etc. |
π€Β (Bugcrowd style):
Socho tum ek hacker ho aur tum Bugcrowd pe ho. Tum Dashboard pe login karte ho β tumhe yeh sab dikhega:
$500 bounty mila tumhare report pe
2 naye private invites
Ek bug triaged ho gaya (accepted for review)
Tumhara rank Top 100 me aa gaya
Ek naye program ne bounty start kiya (CrowdStream me dikh gaya)
CVSS Score Rating
Common Vulnerability Scoring System (CVSS)Β
CVSS ek system hai jo security ki problems (vulnerabilities) ko 0 se 10 tak ek number deta hai, jisse uski seriousness (kitni dangerous hai) samjhi ja sake. Data security teams is score ka use karti hain taaki wo decide kar sakein kaunsi weakness ko pehle fix karna chahiye.
FIRST (Forum of Incident Response and Security Teams) ek US-based organization hai jiske 500+ members hai worldwide. Ye log CVSS system ko maintain karte hain aur ye ek open platform hai β matlab koi bhi ise use kar sakta hai.
CVSS ka use karna helpful hai kyunki ye ek standard way deta hai security issues ko score karne ka. Lekin, iske kuch limitations bhi hain β jaise ki har situation mein accurate result nahi deta. Isliye ye samajhna zaroori hai ki aapka team CVSS ka sahi use kar raha hai ya nahi.
CVSS 2.0 aur 3.0 ke comparison mein, CVSS 3.0 naya aur updated version hai. Isme kuch naye improvements kiye gaye hain jaise:
Score banane mein zyada consistency (ek jaisa hona)
βScoring Tipsβ ko replace karke better guidance dena users ko
Poore system ka review kiya gaya hai taaki aaj ke modern security challenges ko better handle kiya ja sake.
CVSS ka pehla version 2005 mein aaya tha, jo ek research project ka result tha jise NIAC ne handle kiya tha.
Lekin jab pehli baar experts ne (FIRST ke professionals ne) is version ka review kiya, toh unhone kuch serious problems find kiye. Isliye FIRST ne decide kiya ki CVSS ko aur accurate aur practical banaya jaaye.
Is process mein, kai companies aur experts ko mauka diya gaya taaki wo vulnerabilities ko score karein. Saath hi, ek SIG (Special Interest Group) committee banayi gayi.
Aaj ke time mein, CVSS-SIG hi CVSS ke naye versions ko maintain, test aur improve karta hai β regular research aur feedback ke through.
CVSS Base Metric
Ye metric kisi vulnerability ke kuch aise core features ka analysis karta hai jo time ke sath nahi badalte ya jinhe uske environment ka asar nahi padta. Base score do parts me divided hota hai: Exploitability Subscore aur Impact Subscore, jisme har ek alag-alag parameters pe based hota hai.
Exploitability Subscore ye batata hai ki kisi vulnerability ka fayda uthana kitna aasaan hai. Jitna aasaan hota hai exploit karna, utna zyada score hota hai. Ye metric numerical nahi hoti, balki har factor ka apna value set hota hai.
Attack Vector (AV): Ye batata hai ki ek attacker ko vulnerability exploit karne ke liye kis level ka access chahiye. Agar physical presence chahiye to score kam hoga, agar local ya network ke through possible ho to score badhta jayega.
Attack Complexity (AC): Ye batata hai ki exploit successful karne ke liye attacker ko kitni preparation chahiye. Low complexity ka matlab hai ki koi special condition nahi chahiye, jabki high complexity me attacker ko specific knowledge ya environment ki zarurat padti hai.
Privileges Required (PR): Is metric me ye dekha jata hai ki exploit karne ke liye attacker ko kitni access ya permissions chahiye. Low privilege ka matlab basic user level ka access se bhi exploit ho sakta hai, aur high ka matlab administrative ya elevated access chahiye.
User Interaction (UI): Ye batata hai ki exploit ke liye kisi dusre user ki madad chahiye ya nahi. Ye metric sirf do values le sakti hai: required ya not required.
CVSS Temporal Metric
Ye score teen factors pe based hota hai aur ye batata hai ki attackers real-world me kaise exploit kar rahe hain, aur aapke paas kya options hain usse fix karne ke liye.
Exploit Code Maturity (E): Ye dikhata hai ki exploit code kitna mature ya available hai. Isme values hoti hain:
Unproven (koee exploit nahi mila),
Proof of Concept (initial code available),
Functional (kaam karta hua exploit),
High (exploit asani se available aur use ho raha hai).
Remediation Level (RL): Ye batata hai ki vulnerability ko fix karna kitna asaan hai. Isme values hoti hain:
Official fix (manufacturer ka patch),
Temporary fix,
Workaround,
Unavailable (abhi koi fix nahi hai).
Report Confidence (RC): Ye metric define karta hai ki vulnerability kitni confirm hai.
Unknown (conflicting reports),
Reasonable (reproduce ho sakti hai par root cause unclear),
Confirmed (clearly identified aur reproduce ho sakti hai).
CVSS Environmental Metric
Ye score organization-specific hota hai aur Confidentiality, Integrity, aur Availability ke impact ko us specific environment me judge karta hai. Ye bhi base metrics ko modify karta hai based on environment.
Security Requirement Score: Ye teen values me define hota hai:
Low: Vulnerability ka effect minor hai.
Medium: Effect significant hai.
High: Effect devastating hai.
Base scores ko same tarike se recalculate kiya jata hai, lekin environment-specific conditions ko consider kiya jata hai.
CVE vs CVSSΒ
Security aur vulnerabilities ko samajhne ke liye bahut saare abbreviations hote hain β jaise CVE, CVSS, NVD, aur NIST.
CVE ka matlab hota hai Common Vulnerabilities and Exposures. Isse 1999 me MITRE ne launch kiya tha as a public list jisme sabhi known vulnerabilities ka record hota hai β jisme CVE ID, description, date, aur comments included hote hain.
NIST ne 2005 me National Vulnerability Database (NVD) banaya, jo direct data MITRE ke CVE list se leta hai.
Security teams NVD par har CVE ka CVSS score dekh sakti hain β agar available ho. NVD useful isliye hai kyunki yeh aapko alag-alag parameters (product, vendor, OS, type, etc.) ke basis par vulnerabilities search karne ka option deta hai.
Toh summary me:
Jab koi vulnerability detect hoti hai, usse ek CVE ID diya jata hai. Agar possible ho, to uske saath ek CVSS score bhi assign kiya jata hai.
Scoring kaise hoti hai?
Yeh jaanna important hai ki kaunsi cheezein vulnerable hain, aur agar exploit hoti hain to kitna nuksaan ho sakta hai. CVSS scoring system ka base metric isi purpose ke liye bana hai.
Achi baat ye hai ki aap NVD ke calculator ka use karke khud bhi score nikal sakte ho, based on factors jaise exploitability aur impact.
Agar kisi system pe koi badi vulnerability ho, par uska exploit hone se aapke organization ko koi farak nahi padta, to score technically high ho sakta hai β par real-world me risk low ho sakta hai. CVSS 3.0 me API support bhi hoti hai, jisse aap command line ya scripts ke through score calculate kar sakte ho.
CVSS Score Rating
Agar CVSS score high ya critical ho, to aapki VTM ya infosec team alert ho sakti hai. Lekin zaroori ye hai ki aap samjho ki vulnerability actual me aapki organization ke liye kitna risk create karti hai.
Example ke liye:
Agar ek purana web server vulnerable hai, jo sensitive data store nahi karta, VPN ke peeche hai, aur exploit bhi exist karta hai β fir bhi wo aapke liye high priority risk nahi ho sakta. Is case me CVSS ka base score high ho, par actual environment ke hisab se overall risk low ho sakta hai.
Lekin agar aapka ek internet-facing critical system vulnerable hai aur patch nahi laga hua, to turant action lena zaroori hai. Agar wo exploit ho gaya, to organization hack ho sakti hai, aur customer data leak hone ka risk bhi ho sakta hai β jisse aap news me aa sakte ho.
Organizations CVSS ko kaise adopt aur use karti hain?Β
Chahe CVSS base score dekhne me simple lage, lekin organizations ko isse sirf starting point (BASE) ke roop me use karna chahiye. Base score ek general idea deta hai kisi vulnerability ke baare me, lekin environmental factors ko regularly update karna zaroori hai taaki aap real risk ko acche se samajh paayein.
Agar aap Wallarm jaise threat intelligence tools (jaise GoTestWAF, API Security Platform) ka use kar rahe hain, to aap CVEs ko aur bhi valuable bana sakte ho β jisme milte hain simplified descriptions, updated exploitability scores, aur live proof-of-concept (POC) exploits.
Jab aapne apne system me CVSS scores ko update kar liya hai, to vulnerabilities ko priority ke hisaab se order karo β sabse zyada dangerous se leke sabse kam risky tak (agar wo exploit ho jayein).
Agar aapki organization kisi compliance audit (jaise PCI-DSS) ke under aati hai, to aapko additional security requirements bhi meet karni pad sakti hain.
Isliye, ek smart vulnerability risk management team ya risk governance team ye sab aspects ko consider karti hai β CVSS scores, environment-specific risks, compliance demands, aur business priorities β taaki security controls implement kiye ja sakein aur patching efforts ko correctly prioritize kiya ja sake.
β FAQΒ
Q1: CVSS kya hai?
A: CVSS ka full form hai Common Vulnerability Scoring System. Ye ek standard framework hai jo vulnerabilities ko score karta hai 0 se 10 tak, taaki unki severity samjhi ja sake.
Q2: CVSS score ka kya matlab hai?
A: Ye score batata hai ki koi vulnerability kitni serious hai β jitna zyada score, utna zyada risk. Score ke basis par teams decide karti hain ki kis vulnerability ko pehle fix karna hai.
Q3: CVSS score calculate kaise hota hai?
A: CVSS score teen parts pe based hota hai:
Base Score (vulnerability ki core nature)
Temporal Score (exploit ka maturity level)
Environmental Score (aapke specific environment me impact)
Q4: CVSS v3.1 Calculator kya hai?
A: Ye ek tool hai jisse aap CVSS version 3.1 ke rules ke base par score calculate kar sakte hain. Aap metrics choose karke customized risk score nikal sakte ho.
Q5: CVSS ka main purpose kya hai?
A: CVSS ka main goal hai ek standardized aur consistent method provide karna jisse organizations vulnerabilities ko assess kar saken aur risk-based prioritization decide kar saken.
Chime Managed Bug Bounty Engagement
Last Updated: 15 Jul 2025 21:36:24 UTCΒ Link
Changes dekhne ke liye yahaan click karo
Is page par kya hai
Overview
Description
Targets
Known issues
Whatβs new
Recent activity
Crowd highlights
Things to know
Vulnerabilities rewarded: 8
Validation within: 5 din ke andar
Pichle 3 mahine mein 75% submissions ko 5 din ke andar accept ya reject kiya gaya hai
Average payout: $86.11
Pichle 3 mahine ka average
π¨ Chime Bug Bounty Bonus Alert!
16 June se lekar 31 July tak ham ek naye promotion ke sath aaye hain Chime Bug Bounty Program mein!
π€ 2X Bounties for Critical & High Severity Findings
Kuch time ke liye, agar aap koi valid P1 (Critical) ya P2 (High) severity vulnerability report karte ho, toh standard payout ka double milega:
P1 (Critical): Ab $20,000 β $40,000 (pehle $10,000 β $20,000 tha)
P2 (High): Ab $10,000 (pehle $4,500 β $5,000 tha)
π Note: SaltLabs-related assets is promotion mein include nahi hain.
Focus kaha karein?
π΄ Critical Severity (P1):
Bina authorization ke dusre users ke sensitive data tak access (jaise PII via API)
Dusre accounts se unauthorized fund transfer
Race condition jisse financial gain ho jaye (jaise double-spending)
Remote Code Execution on Chime servers (Kubernetes, prod server)
Major data leaks (SSN ya documents ka access)
Wormable ya multi-user attacks (e.g., stored XSS jo replicate ho)
Critical injection flaws (e.g., SQLi jo prod DB ka access de)
Server-Side Request Forgery (SSRF) jisse AWS account compromise ho
π High Severity (P2):
Ek user ka account takeover via XSS
Non-rooted mobile device par app vuln jisse user ka session access ho
Privilege escalation jisse ek user dusre user ke data tak pohonch jaye
Non-production RCE (staging/dev env)
Internal tools ka compromise bina social engineering ke
π‘οΈ Introduction β Swagat hai!
Welcome to Chime ke Bug Bounty Program mein!
Chime ek fintech leader hai, jiska main focus security pe hai. Hum apne members ko ek secure aur reliable banking experience dene ke liye committed hain. Aur iss mission mein aap jaise security researchers ka bada important role hai.
Chime ka goal hai financial peace of mind sab tak pahuchana. Humne millions of Americans ko madad ki haiβno hidden fees, auto-savings, fee-free overdrafts, early paycheck access (MyPay), credit building tools, aur Chime@Workplace jaise features ke through. Par ye sab tabhi valuable hain jab secure ho. Aur yahin pe aap help karte ho!
Is bug bounty program ka part ban ke, aap humari team ko naye threats ke against strong banate ho, members ki security protect karte ho, aur unka trust maintain karte ho.
Thank you! Aapke efforts se Chime aur bhi secure ban raha hai.
π Severity Kaise Decide Hoti Hai?
Hum har vulnerability ki severity Impact + Exploitability dekh ke decide karte hain:
Agar bug se kai users ke financial data ya sensitive info affect ho sakti hai β Critical
Agar sirf ek user ya non-sensitive data affect ho β High ya Medium
Agar exploit karne ke liye rare condition chahiye ya system already secure hai β Low ya Informational
Agar aapko lagta hai ki humne aapka report galat classify kiya hai, toh aap discussion ke liye welcome ho.
π― Targets (Kya Test Kar Sakte Ho?)
β Primary Targets β Max Payout: $40,000
Inmein aate hain sabhi Chime ke core domains aur mobile apps:
*.chime.com,*.chimepayments.com,*.1debit.cometc.Chime Android/iOS apps (Prod & Beta)
Production web apps:
www.chime.com,app.chime.com
π Reward Structure:
P1: $20,000 β $40,000
P2: $10,000 β $20,000
P3: $250 β $500
P4: $50 β $100
π§ͺ Secondary Targets β Max Payout: $7,000
Salt Labs:
*.saltlabs.com, mobile apps, and staging environments.
π Reward Structure:
P1: $4,500 β $7,000
P2: $2,500 β $4,000
P3: $200 β $400
P4: $50 β $100
β Out of Scope
Kuch domains jaise chimescholars.org, chime.financial ya jo Chime ke owned nahi hain, unpe testing allowed nahi hai.
π Participation Rules
Aap tabhi participate kar sakte ho agar:
Aap 18+ ho.
Aap kisi U.S. sanctioned country mein nahi ho.
Aap U.S. ki restricted lists (SDN, Entity List) pe nahi ho.
Aap Chime ya unke vendors ke current employee ya family member nahi ho.
π Disclosure Policy
Kisi bhi vulnerability ko public ya social media pe discuss mat karo.
Agar aapko doubt ho, Chime team se contact karo.
π Testing Guidelines (Kaise Shuru Karein?)
π§ͺ Production Testing (Only US Residents)
Apna Chime account banayein using your Bugcrowd alias (e.g.,
yourname@bugcrowdninja.com)KYC ke liye ye info chahiye:
Full Name, SSN, DOB, Address, Phone number (non-VoIP), Email
π Credit check nahi hota. Sirf identity verify hoti hai.
π§ͺ Salt Labs Testing
No SSN or KYC needed.
Sirf U.S. mobile number se test account ban jaata hai.
π΅ Reimbursement & Money Handling
Testing mein real money use karein (apne accounts mein), par small amounts ($50 se kam) rakhein.
Agar kuch galti se chala gaya, Chime reasonable losses reimburse karega.
Kabhi bhi system overload ya DoS testing mat karo.
π± Mobile App Testing
Chime ke APK/IPA files available hain.
Ya phir Play Store/App Store se bhi download kar sakte ho.
Jailbreak/root ke bina wale issues pe focus karein.
π οΈ Valid Vulnerabilities Examples
π¨ Critical (P1)
Kisi aur ke account se paisa transfer kar paana.
Race condition ke zariye financial fraud.
PII (Social Security Number, etc.) access bina auth.
RCE on prod servers.
SQLi that gives DB access.
β οΈ High (P2)
Single-account takeover via XSS.
Access control bugs jo ek aur user ka data dikhayein.
RCE on staging/development.
Agent tools compromise.
βοΈ Medium (P3)
Limited data leaks (email, account type).
Non-sensitive info API exposure.
π Low (P4)
Subdomain takeover (agar harmful na ho).
Minor misconfigs.
π« Out of Scope Issues (Ignore These)
Public API keys.
Debug info in dev.
Rate limiting on non-auth endpoints.
Issues needing jailbroken/rooted device.
CSRF on non-sensitive forms.
Tabnabbing, Clickjacking, outdated browser issues.
Scanner-generated issues bina PoC.
Third-party owned domains.
Social engineering attempts.
ποΈ Safe Harbor Policy
Agar aap good faith mein testing karte ho:
Legal protection milega under CFAA, DMCA.
Chime aap pe case nahi karega for accidental issues.
Aapko rules follow karne hain, aur agar doubt ho toh Chime ko contact karo.
Agar aapko kisi bhi step mein confusion ho, ya koi help chahiye, simply contact kro:
π§ bugbounty@chime.com
Aap ready ho β happy hacking aur safe testing! β‘
Out of Scope Assets (Scope ke bahar ke assets)
Koi bhi asset jo Chime ka owned nahi hai, wo scope ke bahar maana jayega. Kripya ensure karein ki aap jis asset par testing kar rahe hain, wo Chime ka owned ho.
Shuruaat karne mein madad ke liye, yahaan kuch third-party assets ki list hai jo currently scope ke bahar hain:
_acme-challenge.chime.com
_acme-challenge.chimebank.com
_acme-challenge.interchange.chime.com
_acme-challenge.wp-ci.chime.com
_acme-challenge.wp-dev1.chime.com
_acme-challenge.wp-dev2.chime.com
_acme-challenge.wp-dev3.chime.com
_acme-challenge.wp-dev4.chime.com
_acme-challenge.wp-dev5.chime.com
_acme-challenge.wp-integ.chime.com
_acme-challenge.wp-qa.chime.com
_acme-challenge.www.chime.com
_acme-challenge.www.chimebank.com
16002407.account.chime.com
16002407.notify.chime.com
attachments.chime.com
bounce.accounts.chime.com
bounce.chime.com
bounce.chimebank.com
bounce.updates.chime.com
bounces.chimecard.com
careers.chime.com
developer.chime.com
em.account.chime.com
em.notify.chime.com
email.checkr-mail.chime.com
email.ethnio.chime.com
email.gh-mail.chime.com
email.gh-mail.ext.chime.com
email.mail.saltlabs.com
email.mail.staging.saltlabs.com
email.mg.chime.com
email.mg.chimecard.com
email.news.chime.com
email.talent.chime.com
email.teamable.chime.com
enterpriseenrollment.chime.com
enterpriseenrollment.ext.chime.com
enterpriseregistration.chime.com
ftp.1debit.com
go.chm.life
gt._domainkey.ext.chime.com
gt2._domainkey.ext.chime.com
gtmail.chime.com
gtmail.ext.chime.com
handbooks.chime.com
help-test.chime.com
help.chime.com
help.saltlabs.com
hs1-45050040._domainkey.hubspot.chime.com
hs2-45050040._domainkey.hubspot.chime.com
interchange.chime.com
jqldc44xpu3j.chimecard.com
links.account.chime.com
links.notify.chime.com
nd.chime.com
p.chime.com
p.chimecard.com
research.chime.com
s1._domainkey.account.chime.com
s1._domainkey.chime.com
s1._domainkey.chimecard.com
s1._domainkey.notify.chime.com
s2._domainkey.account.chime.com
s2._domainkey.chime.com
s2._domainkey.chimecard.com
s2._domainkey.notify.chime.com
safetyandsecurity.chime.com
static-attachments.chime.com
status.chime.com
status.chimebank.com
status.saltlabs.com
transaction-qa.chime.com
transaction.chime.com
www.saltlabs.com
Note: Yeh list complete nahi bhi ho sakti. Agar aapko kisi asset ke scope ko lekar doubt ho ya koi question ho, toh please bugbounty[at]chime[dot]com par contact karein.
