T-Mobile

In Scope

• Self Register Account on T-Mobile Microsoft Entra ID other bounty-eligible
• Cellular Network Auth Bypass via Web/Mobile App other bounty-eligible
• T&P Servers other bounty-eligible
• Internal Server via Internet Network other bounty-eligible
• T-Life - iOS mobile bounty-eligible
• T-Life - Android mobile bounty-eligible
• account.t-mobile.com web bounty-eligible
• metrobyt-mobile.com web bounty-eligible
• sprint.com web bounty-eligible
• t-mobile.com web bounty-eligible
• *.api.t-mobile.com api bounty-eligible
• tfb.t-mobile.com web bounty-eligible
• devedge.t-mobile.com web bounty-eligible
• tess.service-now.com web bounty-eligible
• digits.t-mobile.com web bounty-eligible
• *.metrobyt-mobile.com web bounty-eligible
• *.t-mobile.com web bounty-eligible
• *.sprint.com web bounty-eligible
• api.vistarmedia.com web bounty-eligible
• packages.cortexpowered.com web bounty-eligible
• and 65 more targets

Out of Scope

*.sprint.net, /self-service-*, *.mobile.uscc.net, *.mobile.uscc.com, *.moengage.com, Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus.