Orbia/Orbia Responsible Disclosure/Detail
Detail Updates Leaderboard
sort by
Last published
Rules of Engagement Reminder
10/17/2025, 2:04:11 PM (11 days ago)

Dear Researchers

We want to express our gratitude for your active participation and assistance to our disclosure program, which plays a crucial role in ensuring the security and resilience of our systems.

As you continue engaging with us we kindly remind you to follow the rules of engagement:

  • @intigriti.me
  • User-Agent: Intigriti - <username> - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
  • Automated tooling: max. 2 requests /sec
  • Request header: X-Intigriti-Username: {Username}

Maintaining fairness and integrity in the disclosure program is of utmost importance to provide a balanced and positive experience for all participants. We kindly urge your cooperation in strictly adhering to the specified rules of engagement for the program.

We sincerely appreciate your continued efforts in assisting us in upholding a secure environment. Keep up the good testing work, but please ensure compliance with the rules!

Orbia Cybersecurity Team

Scope expansion
2/8/2024, 12:52:03 PM (over 1 year ago)
2/8/2024, 12:52:23 PM

The responsible disclosure program's scope has been expanded. Below scope added :

  • *.naiad.cloud
  • *.naiad.ninja
  • Aqora.*
  • aqora.naiad.*
  • *.polderroof.com
  • *.metropolder.com

Thank you for your ongoing efforts in helping us maintain a secure environment. Happy testing (with the current rules!)

Scope update
1/19/2024, 2:26:58 PM (almost 2 years ago)

The program's scope has been modified to exclude anything under *.vectus.in.

Thank you!
Orbia.

Rules of Engagement Reminder
1/18/2024, 2:25:39 PM (almost 2 years ago)

We want to express our gratitude for your active participation and assistance to our disclosure program, which plays a crucial role in ensuring the security and resilience of our systems.

However, we've observed instances where the testing has surpassed the allowed maximum requests per second, leading to a direct impact on our business. It is essential to emphasize the strict adherence to the program's rules and guidelines, particularly the specified rate limits for requests (2 req/second). We have also made updates to the rules, now requiring the use of the registered email address in addition to the request header fields.

Maintaining fairness and integrity in the disclosure program is of utmost importance to provide a balanced and positive experience for all participants. We kindly urge your cooperation in strictly adhering to the specified rules of engagement for the program.

We sincerely appreciate your continued efforts in assisting us in upholding a secure environment. Keep up the good testing work, but please ensure compliance with the rules!