Security Research Infrastructure

BUG BOUNTY SECURITY RESEARCH

This server hosts infrastructure used for authorized security research and bug bounty testing on programs listed at HackerOne, Bugcrowd, Immunefi, and Cantina.

If you are a security engineer or blue-team member who observed traffic from this host or domain in your logs, this page confirms the activity is part of in-scope security research, not malicious activity.

What you may see

• DNS queries to *.canary.howtoget.me — out-of-band verification of server-side request forgery (SSRF) findings on programs that authorize it.
• HTTP callbacks to cb.howtoget.me / c.howtoget.me — webhook and notification endpoints for bounty testing.
• Port scans or connection attempts from 138.201.62.22 within the scope of authorized research.

All testing is conducted within the scope and rules of the respective bug bounty programs. No unauthorized access, data exfiltration, or service disruption is performed.

Contact

• HackerOne: hackerone.com/itko69
• Security policy: /.well-known/security.txt

For urgent coordination (e.g., to have us stop a specific test), please reach out via HackerOne.