Support Payment Methods
Client area

Report a Vulnerability — Help Us Keep Our Services Secure

If you’ve found a potential vulnerability in our applications, systems, or assets, please report it by submitting your findings in the HackerOne form below. Your contribution helps us maintain top-level security and protect our users. Thank you for your support!

Before reporting, please view the full Vulnerability Disclosure Policy.

Please note that is*hosting does not operate a public bug bounty program, and we offer no reward or compensation in exchange for submitting potential issues through this disclosure program.

Vulnerability Disclosure Program with HackerOne

At is*hosting, we value the efforts of the security community to help us maintain the highest security standards for our products and services. Our Vulnerability Disclosure Program (VDP) allows researchers to safely report identified vulnerabilities that can compromise our systems' integrity, availability, or confidentiality. We are committed to working with the community to resolve identified issues promptly.

Disclosure Policy

  • Please do not discuss this program or any vulnerabilities (even resolved ones) outside of the VDP program without express consent from is*hosting.
  • Follow HackerOne's disclosure guidelines.

Program Rules

In connection with your participation in this Program, you agree to comply with is*hosting Terms of Use, is*hosting Privacy Policy, and all applicable laws and regulations, including any laws or regulations governing data privacy or the lawful processing of data.

  • Please provide detailed reports with reproducible steps, including screenshots, code snippets, and environment details. If the report is not detailed enough to reproduce the issue, it may not be considered valid.
  • Submit one vulnerability per report. If chaining vulnerabilities to demonstrate impact, clearly explain the interdependencies and overall impact in a single report.
  • When duplicates occur, we only triage the first received report, which can be fully reproduced.
  • Multiple vulnerabilities caused by one underlying issue will be consolidated into one report and treated as a single submission.
  • Social engineering attacks (e.g., phishing, vishing, smishing) are strictly prohibited and will result in disqualification.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or have explicit permission to use. Unauthorized access to any account or data is strictly prohibited.

Core Ineligible Vulnerabilities

When reporting potential vulnerabilities, please consider (1) realistic attack scenarios, and (2) the security impact of the behavior. Below, you will find the most common false positives we encounter:

Safe Harbor