Program Overview
Axel Springer National Media & Tech runs a bug bounty program on Intigriti with a maximum payout of $2,500. The program has 40 in-scope assets.
40
In-Scope Assets
$2,500
Max Payout
In-Scope Assets
| Asset | Type | Max Severity | Eligible |
|---|---|---|---|
| politico.eu | URL | ||
| adtechnology.axelspringer.com | URL | ||
| *.asadcdn.com | WILDCARD | ||
| bild.de | URL | ||
| welt.de | URL | ||
| epaper.welt.de | URL | ||
| cancellation.prod.ps.welt.de | URL | ||
| digital.welt.de | URL | ||
| signin.auth.welt.de | URL | ||
| m.bild.de | URL | ||
| *.hey.bild.de | WILDCARD | ||
| go.welt.de | URL | ||
| *.auth.bild.de | WILDCARD | ||
| *.sportbild.de | WILDCARD | ||
| meinkonto.bild.de | URL | ||
| *.bild.tv | WILDCARD | ||
| *.computerbild.de | WILDCARD | ||
| 18.184.198.198, 18.185.214.59, 18.194.109.179, 3.121.117.72, 3.121.138.10, 3.121.138.128, 3.121.138.134, 3.121.138.170, 3.121.138.33, 3.121.138.43, 3.124.248.208, 35.156.137.39 | IPRANGE | ||
| dealer.prod.ps.axelspringer.de/purchases/* | WILDCARD | ||
| *.germany.politico.eu | WILDCARD | ||
| *.welt.de | WILDCARD | ||
| *.bild.de | WILDCARD | ||
| *.bild.design | WILDCARD | ||
| *.autobild.de | WILDCARD | ||
| *.bz-berlin.de | WILDCARD | ||
| *.spring-media.de | WILDCARD | ||
| *.springtools.de | WILDCARD | ||
| editorial.one | URL | ||
| *.as-nmt.de | WILDCARD | ||
| *.ein-herz-fuer-kinder.de | WILDCARD | ||
| *.fitbook.de | WILDCARD | ||
| *.myhomebook.de | WILDCARD | ||
| *.petbook-magazine.com/ | WILDCARD | ||
| *.petbook.de | WILDCARD | ||
| *.stylebook.de | WILDCARD | ||
| *.techbook.de | WILDCARD | ||
| *.travelbook.de | WILDCARD | ||
| *.wissen-sie-mehr.de | WILDCARD | ||
| technik.autobild.de | URL | ||
| technik.beta.autobild.de | URL |
Out-of-Scope Assets
- *.axelspringer.com
Tips for Hacking Axel Springer National Media & Tech
- Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
- Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
- Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
- Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
- Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.
Frequently Asked Questions
How do I start hacking Axel Springer National Media & Tech?
Sign up on Intigriti, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.
Does Axel Springer National Media & Tech pay bounties?
Yes, Axel Springer National Media & Tech offers monetary rewards for valid security vulnerabilities.
What types of vulnerabilities does Axel Springer National Media & Tech accept?
Axel Springer National Media & Tech accepts reports for vulnerabilities found in their 40 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.