StopTheHacker + CloudFlare

StopTheHacker is part of the CloudFlare family. Before submitting an issue to us, please make certain you have read CloudFlare's Vulnerability Disclosure Policy.

Scope

Any domains accessible under *.stopthehacker.com are in scope for the program.

Eligibility and Disclosure

In order for your submission to be eligible:

• You must agree to our Vulnerability Disclosure Policy.
• You must be the first person to responsibly disclose an unknown issue.

All legitimate reports will be reviewed and assessed by our security team to determine if it is eligible.

Rewards

For each eligible vulnerability report, the reporter will receive:

• Recognition on our Hall of Fame.
• A limited edition CloudFlare bug hunter t-shirt. CloudFlare employees don't even have this shirt. It's only for you all. Wear it with pride: you're part of an exclusive group.
• 12 months of CloudFlare's Pro or 1 month of Business service on us.

Monetary compensation is not offered under the program.

#Exclusions

The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

• Automated vulnerability scanners are not permitted.
• Physical attacks against StopTheHacker employees, offices, and data centers.
• Social engineering of StopTheHacker employees, contractors, vendors, or service providers.
• Knowingly posting, transmitting, uploading, linking to, or sending any malware.
• Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages.
• Any vulnerability obtained through the compromise of a StopTheHacker customer or employee accounts. If you need to test a vulnerability, please create an account.
• Being an individual on, or residing in any country on, any U.S. sanctions lists.