SecurityTrails Data Bounty Program

Here at SecurityTrails we hold over 30 TB of current and historical domain and IP related data such as DNS records, WHOIS records and even technologies used. Working with the data is our day-to-day business and we occasionally find interesting things while researching.

But we know there is more to be discovered. As of writing this, we are tracking over 220,000,000 domains which potentially qualify for our data bounty program.

We are looking for particularly interesting cases in our data set. It can be anything from funny to security related findings.



Any particular interesting domain or IP WHOIS data, DNS zone data, correlated contact data (e.g. Domain relationships) or registrar related data on the SecurityTrails API, SecurityTrails Forensics or DNSTrails.

Stories can include data outside the SecurityTrails API or DNSTrails platform, however, our platforms must play a significant role.


You must be the original finder. Do not submit anything you have found on other platforms such as twitter.

It must be a finding that matters to a broad audience. Think about it this way: will a news release about it be picked up in information technology related news? If yes: Your finding most likely qualifies. Send in any similar cases that had already been released on news sites if there are any.

Responsible disclosure: IT security related findings will be reported to the affected companies through us while giving credit to the person who reported the issue as part of the data bounty program; disclosing the data bounty to the company without talking to us however, will make the finding invalid for our data bounty program.

Only the first reporter will be rewarded. Public disclosure prior official release from our side will result in disqualification from our data bounty program.

What we expect

Please note that we are looking for interesting data and associated stories. Don’t expect us to know anything in the field you are reporting data within — be very descriptive and let us know the full story. A program submission will usually be a complete written up story so we can understand what you found and why it is interesting.


The minimum reward for a story we publish is $50 USD + 150,000 SecurityTrails API queries for 3 months. In advance we will publicly thank you if you wish to. The maximum payout is currently $ 250 USD.

Found something interesting?

Submit it to us now!
Fine print

We may modify or change the terms in this program at any time and at our sole discretion. You are responsible to pay any associated taxes for the reward you receive.