ICELINE HOSTING Where Performance Meets Passion

Bug Bounty Program

Help us improve Iceline Hosting and our infrastructure. Report bugs and vulnerabilities responsibly, whether security, reliability, data integrity, or other impactful issues, and we’ll work with you to fix them and recognize your contribution.

Responsible Disclosure
Safe Harbor
5-Day Response
Recognition

How It Works

Report bugs and vulnerabilities (security, reliability, or other) and get recognized

Find a bug

Test in-scope systems within the rules. We welcome security, reliability, and other impactful bugs; no production abuse.

Report privately

Send details via our support portal or email with steps to reproduce. We aim to acknowledge within 5 business days.

Get recognized

We fix the issue and may recognize you for your contribution. Rewards at our discretion based on severity and impact.

Examples

What counts as a bug vs a vulnerability

Bug examples

  • Broken flows (checkout, signup, or settings not working)
  • Wrong or missing data (incorrect totals, broken links)
  • Crashes or errors that block use of a feature
  • Critical UI breakage (layout, accessibility, or display bugs)
  • Incorrect behaviour (features not matching docs or expected behaviour)

Vulnerability examples

  • XSS, CSRF, or injection (SQL, command, etc.)
  • IDOR or access to another user’s data or account
  • Auth bypass, session or privilege escalation
  • Data exposure (sensitive data leaked or guessable)
  • Misconfiguration or weak controls (permissions, crypto, or secrets)

Scope

What we welcome and what we don’t

In scope

Iceline main website (iceline-hosting.com)
Iceline Shield (shield.iceline-hosting.com)
Iceline Game Panel (game.iceline-hosting.com)
Iceline billing (billing.iceline-hosting.com)
Iceline VPS panel (vps.iceline-hosting.com)
Status page (status.iceline-hosting.com)
Auth (auth.iceline-hosting.com)
Auth/session, IDOR, XSS, CSRF, injection, OWASP Top 10 on above
Other impactful bugs (reliability, data integrity, critical UX breakage)

Out of scope

Third-party services we don’t control (e.g. CDN, infrastructure providers) Social engineering, phishing, DoS/DDoS Known dependency issues without a working exploit Low-impact issues with no demonstrable impact

Rules

For everyone reporting bugs or vulnerabilities

All reports

  • Only demonstrate the issue to the extent needed; no unnecessary disruption, damage, or abuse of production.
  • Do not use real user data beyond what’s needed to show the bug or vulnerability.
  • Report in good faith. No extortion or threats.
  • Give us reasonable time to fix before public disclosure.

When testing for security issues

  • Do not access, modify, or delete data that isn’t yours.
  • Do not perform denial-of-service or resource-exhaustion attacks.

Safe harbor: We will not pursue legal action against anyone who follows these rules and reports in good faith, whether you’re reporting a bug or a vulnerability. We may work with law enforcement if we detect malicious activity.

Report a bug or vulnerability

Email reply@support.iceline-hosting.com with subject line Bug Bounty Report, or open a ticket at our support portal. Include a clear description, steps to reproduce, and impact (security, reliability, or other).

Open support ticket

This program is offered at Iceline Hosting’s discretion. We may change scope, rewards, or eligibility at any time. Submission of a report does not guarantee a reward or response timeline. By participating, you agree to act in good faith and in line with this policy.