SECURITY POLICY
MIXR LTD offers a wide range of services that are used by millions of people around the world.
Focusing on AR and location detection, MIXR LTD stores valuable data that we want to protect
from malicious threats. Security reports help us ensure the security of our data and players.
Thank you for your help!
Report a vulnerability
We appreciate the work of security researchers and would like to invite everyone who is willing to
take the time to help MIXR LTD to improve security to share their opinion with us. MIXR LTD is
committed to interacting with the community and is grateful for your contribution!
If you would like to report a security issue that you have discovered, be sure to read our terms and
conditions and comply with them before submitting reports to us.
Domains
*.mixr.tech
*.metatrace.me
*.mytrc.me
Services and corresponding servers
MetaTrace
TraceWallet
TraceMarket
MetaFora
Types of vulnerabilities
Disclosure of information such as application and version banners, stack traces, server errors, inter-
nal IP addresses, or path disclosure;
Brute force attacks using a username/password, account blocking, listing a username/email
address (attacks that go beyond blind testing may be considered);
Any physical attacks on MIXR LTD Facilities or Property or employees;
Any social engineering attacks (e.g. phishing, email spoofing or self-XSS);
Open redirects;
Problems with TLS/SSL;
Any exhaustion и disruptive атаки, such as (Distributed) denial of service, spam requests, slow-lo-
ris, etc.;
Click-jacking;
CSRF Issues Affecting Account Integrity;
Cookie security (e.g. secure flag);
Outdated or known vulnerable software (problems of high severity can still be considered depend-
ing on the possible impact);
Fraud incidents or problems related to in-game exploits.
We will make every reasonable effort to investigate and resolve the reported problem within 90
days. However, in some cases MIXR LTD may need more time, but we will contact you. Do not
share information about the report until MIXR LTD informs you that the problem has been solved,
so that attackers cannot use your information and do not harm the ecosystem of Services and
other users of these Services.
Do not change any data that you have accessed as a result of your investigation, so as not to harm
the ecosystem of Services and other users of these Services.
Avoid privacy violations and disruptions, including (but not limited to) affecting the quality of
service through (D)DoS, data deletion, or access to personal accounts (for example, through phish-
ing). You remain personally responsible for any privacy violations, failures, or any violations of
applicable laws or regulations that you commit, even if you participate in the search for security
vulnerabilities. Don't try to exploit the vulnerability (for example, don't try to access a machine or
perform a pivot/scan of an already compromised one to demonstrate additional risk).
Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a
pivot/scan of an already compromised one to demonstrate additional risk).
Do not violate any other applicable laws or regulations.
You acknowledge that any report or information you provide to MIXR LTD constitutes a "Review"
as defined in our user agreement of the Terms of Service, and you agree to the said user agreement
of the Terms of Service.
You acknowledge that providing us with a report or any feedback does not entitle you to any remu-
neration, compensation or remuneration of any kind.