Anunciarse

Gane

Programa de recompensas
por errores en cripto

The security of our operations is our highest priority. Whether you are a professional security researcher or a beginner, we welcome your security reports

Security report guidelines

Tell us how the vulnerability could be used in both theory and practice

Explain how to exploit the vulnerability and reproduce it

Use any language if English isn’t your preference; our team will review it

Tell us how the vulnerability could be used in both theory and practice

Explain how to exploit the vulnerability and reproduce it

Use any language if English isn’t your preference; our team will review it

Please remember

Known Issues

We don't reward you for the already known vulnerabilities, please check it be

Check the list

Third-Party Issues

Vulnerabilities affecting other major websites are out of scope and won’t be rewarded

No Security Risk

Our SPF record is valid, and account deletion is not considered a security vulnerability

Hall of fame

Thanks to the researchers who have already reported important security issues! Learn the history of our rewards

Open the list

List of already known vulnerabilities we do not reward for:

A missing DNS CAA record

Some IPs of our servers are exposed to the internet

Most of the information about our publishers' sites and advertisers' campaigns is public

HTTP security headers-related issues (unless there is a way to exploit them)

There is a way to terminate a browser session of another user

Ticket Trick vulnerability

Plain text passwords are sent to our users via email

You can press the back button in your browser after logging off and continue to see your logged in user pages

Rate limit for APIs

click.a-ads.com domain can potentially be used for spoofing but it's a separate domain created specifically for link redirection

The presence of JPEG EXIF metadata

HTTP headers injections/forgery —we use SSL for all critical servers

Software versions being exposed unless this could lead to a working exploit against our infrastructure

It is possible to find out if a particular email address is already signed up

Our blog config.yml is publicly accessible

A missing DNS CAA record

Some IPs of our servers are exposed to the internet

Most of the information about our publishers' sites and advertisers' campaigns is public

HTTP security headers-related issues (unless there is a way to exploit them)

There is a way to terminate a browser session of another user

Ticket Trick vulnerability

Plain text passwords are sent to our users via email

You can press the back button in your browser after logging off and continue to see your logged in user pages

Rate limit for APIs

click.a-ads.com domain can potentially be used for spoofing but it's a separate domain created specifically for link redirection

The presence of JPEG EXIF metadata

HTTP headers injections/forgery —we use SSL for all critical servers

Software versions being exposed unless this could lead to a working exploit against our infrastructure

It is possible to find out if a particular email address is already signed up

Our blog config.yml is publicly accessible

La red de publicidad criptográfica AADS ha estado trabajando con sitios web, tanto criptográficos como no criptográficos, desde 2011, ofreciendo soluciones de banners publicitarios. Como una red de publicidad Bitcoin de confianza, nos enfocamos en ofrecer anuncios criptográficos de alta calidad para maximizar el impacto de su campaña. Si está buscando comprar tráfico de criptomonedas o atraer visitantes interesados en las criptomonedas, nuestro servicio es ideal para usted. ¡Únase a nuestra plataforma de publicidad de criptomonedas y descubra el servicio excepcional que ofrecemos!

Anunciarse

Publicidad de banners

Publicación de anuncios de contenido

Programa de afiliados

Gane

Monetización del tráfico de banners

Ganancias por publicación de anuncios

Programa de referencia

Colaboraciones

Marketing agencies

Startups

Recompensa por errores