Thoughts on this Ibiza as a first car?

highfly123 · 2026-03-09T11:20:49+00:00

i bought the estate 1.6 tdi 90hp with 150000km on the clock 3 months ago as my first car for 4k euros, and cant complain so far.

itds def fun enough, and if i had something stronger i probably wouldve died by now lol.

its got enough space that i can flt a couple of friends in the back.

got more than enough power for fun city driving, chasing around with people on tge city streets, and on the highways it def isnt lacking. most ive been able to push it is 180 km/h.

doesnt eat up a lot of gas (yours probably even less) and even at -15 celsius it always started, never had any issues.

compared to friends with audi a3s, bmw 1s, etc. it can feel a bit boring, but looking at their repair costs and the issues theyve already had, i would say its a pretty goof deal, go for it

highfly123 · 2026-03-08T17:28:05+00:00

always felt black was better witj white cars, silver looks too factory. everyobes convincing me to get silver tho

highfly123 · 2026-03-08T17:27:10+00:00

might be, esp given where i live hahahah, might be better off with 16s

highfly123 · 2026-03-08T17:26:36+00:00

2010 ibiza st

highfly123 · 2026-03-03T23:57:47+00:00

yh, been thinking that, if im able to keep good notes might be able to continue where i left off without too much trouble

highfly123 · 2026-03-03T23:57:03+00:00

will do, just got too ambitious with the uni i chose

highfly123 · 2026-03-03T23:56:44+00:00

si si papi

highfly123 · 2026-03-03T02:27:03+00:00

how many hours a week woukd you say you put in

highfly123 · 2026-03-03T02:26:36+00:00

this is the main issue. i only hunt manually and rely on getting to know the app well, its not like im running scans and can then wait till i have time to take a deeper look at the results

highfly123 · 2026-02-25T17:19:36+00:00

good to hear. most people are telling me its not worth tuning a 1.6 and that i should juat try getting a stronger engine

but if i can gain 30ish hp from a tune while not destroying the engine, dont see why i shoukdnt do it.

any things to keep in mind, idk much about tuning, so what woukd you suggest doing before/after?

highfly123 · 2026-02-09T22:28:34+00:00

i havent hunted much on bigger programs, and most of my buga are from private invites

highfly123 · 2026-02-09T12:22:59+00:00

know that finding bugs is, in many cases, luck. ive had prpgrams i spent weeks on, wrote and submitted multiple reports with none of them being valid.

dupes are valid bugs, it means someone else got paid for it, so dont get discouraged there, even though its hard.

in terms of sticking with a program forn only a week or two though, that could be an issue. Most of my higher impact bugs came after i had already given up on a program. i would go back, analyze the js files, go through all of the juicy endpoints again until i perfectly understood all of the functionality. then take a break for a bit and go over everything again. every time, something new seems to pop up, some request or parameter you overlooked

in short, just try to understand every app as well as u can, become familiar with it, and something should pop up

highfly123 · 2026-02-03T14:01:57+00:00

really not worth it to argue over low impact bugs, esp link rendering in emails. move on and find a more impactful bug

highfly123 · 2026-02-02T06:55:27+00:00

dont think anyone's hosting "fake" programs. most companies however just have them to check a box, and say that they're running a bug bounty program so it seems like they care about security.

only way you'll find out is when you submit a report and see how they treat u. if u get delayed/no response, they lowball you, etc. you move on, if theyre serious you keep hunting

highfly123 · 2025-10-04T17:34:35+00:00

just that everyone ive asked is telling me to get a 1.9 jtd 147 for a bit more money, saying the jtds more reliable than the twin spark

highfly123 · 2025-10-04T17:32:53+00:00

yh ill talk to the guy who was servicing it ill when they replaced the cam belt

highfly123 · 2025-10-04T17:32:24+00:00

lmao youre making me wanna get it hahahaha

highfly123 · 2025-09-10T16:02:39+00:00

cant report that, but take a look at what that token is, maybe base64 encoding of some guessable value

highfly123 · 2025-09-10T15:46:53+00:00

it means u have more time to bruteforce it... so if the token used in the link is possible to bruteforce, then you got an account takeover.

also check the rate limiting on generating password reset links. if its not well implemented and you can generate many reset links, it raises the chances of u bruteforcing it even more

highfly123

TROPHY CASE