So, I almost submit my first valid bug report… What Happened The other night, I finally decided to give bug bounty a try. I found a VDP program and let ChatGPT write me a recon script. That recon script returned with several subdomains, and when I went through them, a weird domain caught my eye. What the hell is ‘whoami.xx.xx.com’? Out of curiosity, I opened that in my browser. Holy cow, it looks like a debugging page with an internal IP!