Regular Expressions 101

Save & Share

  • Regex Version: ver. 1
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

$re = '/(\*\.?[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,})/m'; $str = 'https://acorns.com/ *.acorns.com/ https://apps.apple.com/us/app/acorns-invest-spare-change/id883324671 Acorns for iOS https://graphql.acorns.com https://play.google.com/store/apps/details?id=com.acorns.android&hl=en_US&gl=US Acorns for Android https://www.gohenry.com/ https://www.pixpay.fr/ https://apps.apple.com/au/app/afterpay-shop-now-pay-later/id1230286588 Afterpay iOS App https://play.google.com/store/apps/details?id=com.afterpaymobile.us&hl=en_US&gl=US Afterpay Android App https://portal.afterpay.com portal.afterpay.com https://afterpay.com *.afterpay.com https://mobileapi.afterpay.com mobileapi.afterpay.com https://portalapi.us.afterpay.com portalapi.*.afterpay.com https://developers.afterpay.com developers.afterpay.com https://apps.apple.com/gb/app/clearpay-buy-now-pay-later/id1474022186 Clearpay iOS App https://play.google.com/store/apps/details?id=com.afterpaymobile.uk Clearpay Android App https://clearpay.co.uk clearpay.co.uk https://clearpay.com clearpay.com https://portal.clearpay.com portal.clearpay.com https://portal.clearpay.co.uk portal.clearpay.co.uk https://mobileapi.clearpay.com mobileapi.clearpay.com https://portalapi.eu.clearpay.co.uk portalapi.eu.clearpay.co.uk https://api.clearpay.com api.clearpay.com Aiven for Clickhouse Aiven for Dragonfly Aiven for Metrics Aiven for Valkey Aiven for Apache Cassandra Aiven for AlloyDB Omni Aiven for OpenSearch Aiven for Grafana Aiven for Apache Kafka Aiven for M3 Aiven for PostgreSQL Aiven for Caching Aiven for MySQL Aiven for Apache Flink https://aiven.io/ aiven.io https://console.aiven.io/login console.aiven.io https://api.aiven.io/login api.aiven.io https://github.com/Aiven-Open github.com/Aiven-Open https://github.com/Aiven github.com/Aiven http://falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com/ falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com https://ampol.com.au/ Ampol Website https://apps.apple.com/au/app/caltex-australia/id1314768594 Ampol iOS mobile app https://play.google.com/store/apps/details?id=au.com.ampol.flagship&hl=en_AU&gl=US Ampol Android mobile app https://ampcharge.ampol.com.au/ Ampcharge https://ampolenergy.com.au Ampol Energy https://play.google.com/store/apps/details?id=au.com.ampol.teamapp Work@ampol https://my.ampol.com.au/ My Ampol https://carbonneutral.ampol.com.au/ Carbon Neutral Fuel https://cards.ampol.com.au Ampol Card Arlo Safe Android App Arlo Safe iOS App Arlo Secure Android App null Arlo Secure iOS App Arlo Arlo All-In-One Sensor (Home Security System) Arlo Baby Arlo Base Station Arlo Bridge Arlo Cellular & Battery Backup (Home Security System) Arlo Chime / Chime 2 Arlo Essential Arlo Floodlight Arlo Go / Go 2 Arlo Home Security System Arlo Pro Arlo Pro 2 Arlo Pro 3 Arlo Pro 4 Arlo Pro 5S Arlo Q / Q+ Arlo Safe Button Arlo Security Light Arlo Ultra Arlo Video Doorbell Arlo Wireless Video Doorbell Arlo Wire-Free Outdoor Siren (Home Security System) *.arlo.com *.arloxcld.com https://*-prod.arlo.com https://arlo-device.messaging.netgear.com https://beta.arlo.com https://community.arlo.com https://downloads.arlo.com https://mcs.arlo.com https://my.arlo.com https://myapi.arlo.com https://www.arlo.com https://updates.arlo.com Aruba Wireless – ArubaOS and Aruba Instant Aruba ClearPass Policy Manager ArubaOS-CX Wired Switches Aruba EdgeConnect Enterprise Orchestrator Aruba EdgeConnect Enterprise Aruba InstantOn APs and supporting backend infrastructure Aruba Fabric Composer Aruba NetEdit *.central.arubanetworks.com Aruba InstantOn Switches Aruba AirWave AMP https://www.arubanetworks.com/products/networking/analytics-and-assurance/user-experience-insight-sensors/ Aruba User Experience Insight Sensors asp-stg-develop.eks-stg-use1.getaws.arubanetworks.com lms-stg-develop.eks-stg-use1.getaws.arubanetworks.com www.arubanetworks.com www.arubainstanton.com mspshowcase.arubanetworks.com ase.arubanetworks.com blogs.arubanetworks.com aed.arubanetworks.com connect.arubanetworks.com devhub.arubanetworks.com https://app.asana.com app.asana.com https://asana.com asana.com https://asana.com/apps?category=made-by-asana *.asana.plus *.asana.biz https://asana.com/download Asana Desktop App https://apps.apple.com/us/app/asana-mobile/id489969512 Asana iOS app https://play.google.com/store/apps/details?id=com.asana.app&hl=en Asana Android app https://form.asana.com form.asana.com *.app.asana.com https://admin.atlassian.com/atlassian-access Atlassian Access (https://admin.atlassian.com/atlassian-access) https://admin.atlassian.com/ Atlassian Admin (https://admin.atlassian.com/) https://id.atlassian.com/login Atlassian Identity (https://id.atlassian.com/login) https://start.atlassian.com Atlassian Start (https://start.atlassian.com) https://bitbucket.org Bitbucket Cloud including Bitbucket Pipelines (https://bitbucket.org) https://www.atlassian.com/software/confluence Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki) https://www.atlassian.com/software/confluence/premium Confluence Cloud Premium (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki) https://play.google.com/store/apps/details?id=com.atlassian.android.confluence.core&hl=en_US&gl=US Confluence Cloud Mobile App for Android https://apps.apple.com/us/app/confluence-cloud/id1006971684 Confluence Cloud Mobile App for iOS https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&hl=en_US&gl=US Jira Cloud Mobile App for Android https://apps.apple.com/us/app/jira-cloud-by-atlassian/id1006972087 Jira Cloud Mobile App for iOS https://www.atlassian.com/software/jira/service-management Jira Service Management Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net) https://www.atlassian.com/software/jira Jira Software Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net) https://www.atlassian.com/software/jira/work-management Jira Work Management Cloud formerly Jira Core (bugbounty-test-<bugcrowd-name>.atlassian.net) Any associated *.atlassian.com or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance https://www.atlassian.com/software/rovo Rovo https://www.atlassian.com/software/compass Atlassian Compass https://marketplace.atlassian.com Atlassian Marketplace (https://marketplace.atlassian.com) https://www.atlassian.com/software/atlas Atlassian Atlas https://www.atlassian.com/enterprise/data-center/bitbucket Bitbucket Data Center https://www.atlassian.com/enterprise/data-center/confluence Confluence Data Center https://www.atlassian.com/enterprise/data-center/crowd Crowd https://www.atlassian.com/enterprise/data-center/jira Jira Core Data Center https://www.atlassian.com/enterprise/data-center/jira/service-management Jira Service Management Data Center Jira Software Data Center https://*.atlastunnel.com *.atlastunnel.com Any other *.atlassian.com or *.atl-paas.net domain that cannot be exploited directly from a *.atlassian.net instance https://www.atlassian.com/software/bamboo Bamboo https://confluence.atlassian.com/doc/install-atlassian-companion-992678880.html Confluence Companion App for macOS and Windows https://play.google.com/store/apps/details?id=com.atlassian.confluence.server Confluence Data Center Mobile App for Android https://apps.apple.com/us/app/confluence-server/id1288365159 Confluence Data Center Mobile App for iOS https://www.atlassian.com/software/crucible Crucible https://www.atlassian.com/software/fisheye FishEye https://play.google.com/store/apps/details?id=com.atlassian.jira.server&hl=en_US&gl=US Jira Data Center Mobile App for Android https://apps.apple.com/us/app/jira-server/id1405353949 Jira Data Center Mobile App for iOS https://www.sourcetreeapp.com/ Sourcetree for macOS and Windows (https://www.sourcetreeapp.com/) Other - (all other Atlassian targets) https://www.atlassian.com/software/jira/product-discovery Jira Product Discovery Forge Platform GraphQL API (bugbounty-test-<bugcrowd-name>.atlassian.net/gateway/api/graphql) https://www.npmjs.com/package/@forge/cli https://www.npmjs.com/package/@forge/cli https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud Jira Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud Jira Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud Jira Service Management Widget - Cloud - https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud Embedded Marketplace for Jira - Cloud - https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud Statuspage for Jira - Cloud - https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud Spreadsheets for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud Opsgenie - Cloud - https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud Confluence Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud Confluence Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud Embedded Marketplace for Confluence - Cloud - https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud Analytics for Confluence - Cloud - https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud Automation for Jira - Cloud - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud Opsgenie Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud Opsgenie Incident Timeline EU - Cloud - https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud Jira Cloud for Outlook (Official) - Cloud - https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server Project transfer for Crucible - Server - https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server Reconcile unknown attachments - Server - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud Training for Jira - Cloud - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter Training for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server Training for Jira - Server - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter Reconcile unknown attachments - Data Center - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server Change Management Workflow for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud Admin Kit for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud Form macro builder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud Admin Kit for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud GitHub for Jira - Cloud - https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloudhttps://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloud Confluence Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams-official?hosting=cloud https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter Bitbucket Server Protect Unmerged Hook - Data Center - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter Change Management Workflow for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud Confluence recent edits overview - Cloud - https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server Bitbucket Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams?hosting=cloud Jira Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams-official?hosting=cloud https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter Cloud Compatibility for Jira - DataCenter - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud Decisions Helper for Confluence - Cloud - https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server Jira Enterprise Scale Assessment Tool - Server - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter Troubleshooting and Support - Bamboo - Data Center - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter Bitbucket Cloud Migration Assistant - Data Center - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud Hackathon Workflow Alan - Cloud - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter Hackathon Workflow Alan - Data Center - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server Application tunnels - Server - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter Application tunnels - DataCenter - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud Comms Dashboard - Cloud - https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud Ipython Notebook Viewer - Cloud - https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview Atlas for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview Jira Enterprise Scale Assessment Tool - DataCenter - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud Add watchers at issue creation - Cloud - https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud https://marketplace.atlassian.com/apps/1212137/assets?hosting=server Assets - Server - https://marketplace.atlassian.com/apps/1212137/assets?hosting=server https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud Developer Assistant for Confluence - Cloud - https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud Developer Assistant for Jira - Cloud - https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud Cloud Migration Planner - Cloud - https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud Team Calendars for Confluence - Cloud - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=datacenter Automation for Jira - DataCenter - https://marketplace.atlassian.com/apps/1215460/automation-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server Automation for Jira - Data Center and Server - Server - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter Team Calendars for Confluence - DataCenter - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server Team Calendars for Confluence - Server - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter Advanced Roadmaps (formerly Portfolio) - DataCenter - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server Advanced Roadmaps (formerly Portfolio) - Server - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server Atlassian Universal Plugin Manager - Server - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter Atlassian Universal Plugin Manager - DataCenter - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter Questions for Confluence - DataCenter - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server Questions for Confluence - Server - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud Questions for Confluence - Cloud - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter Troubleshooting and Support - Jira - DataCenter - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server Troubleshooting and Support - Jira - Server - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter Troubleshooting and Support - Confluence - DataCenter - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server Troubleshooting and Support - Confluence - Server - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter Confluence Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server Confluence Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter SSO for Atlassian Server and Data Center - DataCenter - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server SSO for Atlassian Server and Data Center - Server - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server Jira Calendar Plugin - Server - https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server Automation for Jira - Server Lite - Server - https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter Jira Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server Jira Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud Google Drive for Confluence (Official) - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter Auto Unapprove for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server Auto Unapprove for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server Troubleshooting and Support - Bamboo - Server - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server Web Post Hooks for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server Look and Feel for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server Icons for Jira - Server - https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server Troubleshooting and Support - FeCru - Server - https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud Jira Cloud for CRM (Official) - Cloud - https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server Trello Connector for Jira Server - Server - https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter Confluence Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server Confluence Server for Slack (Official) - Sever - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server Statuspage for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter Statuspage for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud Statuspage for Jira Service Management - Cloud - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server Reviewer Suggester for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server Mobile Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server Jira Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter Bitbucket Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server Bitbucket Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server Bitbucket Server Protect Unmerged Hook - Server - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server Advanced Roadmaps for Jira in Confluence - Server - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter Advanced Roadmaps for Jira in Confluence - DataCenter - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud Microsoft OneDrive for Business - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server Centralized license visibility - Server - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter Centralized license visibility - DataCenter - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server Atlassian Team Playbook blueprints - Server - https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server Troubleshooting and Support - Crowd - Server - https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server Jet by Jira Align - Server - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter Jet by Jira Align - DataCenter - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud Jet by Jira Align - Cloud - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server Pre-Post Build Command Runner - Server - https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter Permission Lockdown for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server Permission Lockdown for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server Directory Scanning Plugin - Server - https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud AWS Service Catalog for JSM Cloud - Cloud - https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server VFS for Git for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server Delegated Directory Pruning for Crowd - Server - https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server Cloud Compatibility for Jira - Server - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server Xcode for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview Jira Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud Confluence Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server Jenkins integration for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server Atlassian Plugin SDK - Mac OS X - Server - https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server Atlassian Plugin SDK - TGZ - Server - https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud Jira Cloud Power-Up for Trello - Cloud - https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud Jira Cloud for Google Sheets (Official) - Cloud - https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server Atlassian Plugin SDK - Windows - Server - https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud Bitbucket Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server Atlassian Plugin SDK - RPM - Server - https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server Atlassian Plugin SDK - DEB - Server - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud Atlassian Plugin SDK - DEB - Cloud - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server Bitbucket Server Backup Client - Server - https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud Jira Cloud for Excel (official) - Cloud - https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud Jenkins for Jira (official) - Cloud - https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud Atlassian Cloud for Gmail - Cloud - https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud Bitbucket Pipelines for Jira - Cloud - https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter Mobile Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server Confluence Source Editor - Server - https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server AutoLink Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=server Assets Tempo Integration - Server - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=server https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=datacenter Assets - Tempo Integration - DataCenter - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=server Assets - Jamf Integration - Server - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=server https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=datacenter Assets - Jamf Integration - DataCenter - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=datacenter https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server JMeter Aggregator for Bamboo - Server - https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=server Assets - Device42 Integration - Server - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=server https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=datacenter Assets - Device42 Integration - DataCenter - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1212137/insight-asset-management?hosting=datacenter Assets - DataCenter - https://marketplace.atlassian.com/apps/1212137/assets?hosting=datacenter https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=server Assets - AWS Integration - Server - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=server https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=datacenter Assets - AWS Integration - DataCenter - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=datacenter Assets - Google Cloud Integration - DataCenter - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=server Assets - Google Cloud Integration - Server - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=server https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=datacenter Assets - NVD Integration - DataCenter - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=server Assets - NVD Integration - Server - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=server https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server Variable tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server Change Management for JSM - Server - https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server Microsoft Teams for Jira - Server - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter Microsoft Teams for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server Disable Referer for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=datacenter Assets Discovery - DataCenter - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server Jira to Jira Issue Copy - Server - https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud JavaScript Charts for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud Entity Property Tool for Jira - Cloud - https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server Confluence Issue Tab Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud My Reminders for Jira - Cloud - https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server Code Coverage for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server Agent Usage Visualization for Bamboo - Server - https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=server Assets - ServiceNow Integration - Server - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=server https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=datacenter Assets - ServiceNow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server Asana Importer Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server Announcement Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server GitHub webhooks for Fisheye - Server - https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server Assign Reviewer Groups - Server - https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server Mandatory Reviewers for Crucible - Server - https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server Release Report for Fisheye - Server - https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server Archive Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud Rich Text Gadget for Jira - Cloud - https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server Continuous Plugin Deployment for Bamboo - Server - https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud Previous/next navigation - Cloud - https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud Hackathon for Jira - Cloud - https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud Who\'s Looking for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server Predator Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server SBT Task Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server Dependency Graph Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server Agent Notifications for Bamboo - Server - https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server Conditional tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server Build Times for Bamboo 5.10+ - Server - https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server Fail Build Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server After Deployment Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server Queue Priority Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=server Assets - Confluence Macro - Server - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=server https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=datacenter Assets - Azure Integration - DataCenter - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=server Assets - SCCM Integration - Server - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=server https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=datacenter Assets - SCCM Integration - DataCenter - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=datacenter Assets - Snow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=datacenter Assets - Jira & Bitbucket Integration - DataCenter - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=datacenter https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=server Assets - Snow Integration - Server - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=server https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=datacenter Assets - Confluence Macro - DataCenter - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=datacenter https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=server Assets - Azure Integration - Server - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=server https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=server Assets - Jira & Bitbucket Integration - Server - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=server https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server Mobile Plugin for Confluence Data Center and Server - Server - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter Mobile Plugin for Confluence Data Center and Server - Data Center - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server Inbox Hook for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server Release Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server Image Paste for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server Copy Source for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server Look and Feel for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server Repository QuickAdd for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server Review Creator for Fisheye - Server - https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server Bulk delete review files for Crucible - Server - https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server File Tagging Plugin for Crucible - Server - https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server Copy Space for Confluence - Server - https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server Favorites Dialog for Confluence - Server - https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server Jira Charting Plugin - Server - https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server Workflow Screenshot for Jira - Server - https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server Toolkit Plugin for Jira - Server - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server Mobile Connect Plugin for Jira - Server - https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server SSL for Jira - Server - https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server Data Generator for Jira - Server - https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter Jira Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server Thready - Give Tomcat threads a name - Server - https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server Atlassian REST API Browser - Server - https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server Issue Edit Notifications for Jira - Server - https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud Sticker Printer for Jira - Cloud - https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud Better Code Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud Microsoft Teams for Bitbucket Cloud - Cloud - https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud Microsoft Teams for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter Disable Referer for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server opsgenie-bamboo-plugin - Server - https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter Look and Feel for Bitbucket Server - Datacenter - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=cloud Assets Discovery - Cloud - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=cloud https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server Bamboo build status notifier - Server - https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server Crucible build status - Server - https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server ProForma Lite: Forms & Checklists - Server - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server ProForma: Forms & Checklist for Jira - Server - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter ProForma: Forms & Checklist for Jira - Datacenter - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter ProForma Lite: Forms & Checklists - Datacenter - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud JSM Assets - Microsoft Entra ID (Azure AD) Beta Integration - Cloud - https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud Mermaid diagrams viewer-Cloud-https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud Extension Point Finder for Jira - Cloud - https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud Extension Point Finder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud Issue Status Helper - Cloud - https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud Databricks Visualization - Cloud - https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud Audio Recorder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud Localised Date Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter Bump Build Number - DataCenter - https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud Event Sign-up for Confluence - Cloud - https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud Data Manager Clients for JSM Assets - Cloud - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter Data Manager Clients for JSM Assets - DataCenter - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter App Usage for Jira - DatCenter - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server App Usage for Jira - Server - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud Azure DevOps for Jira (Official) - Cloud - https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud JSM Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud Sentry for Compass - Cloud - https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud GitHub for Compass - Cloud - https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud GitLab for Compass - Cloud - https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud Bitbucket for Compass - Cloud - https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud Snyk for Compass - Cloud - https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud Slack for Compass - Cloud - https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud Opsgenie for Compass - Cloud - https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud Statuspage for Compass - Cloud - https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud New Relic for Compass - Cloud - https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud CircleCI for Compass - Cloud - https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud Swagger UI for Compass - Cloud -https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud PagerDuty for Compass - Cloud - https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud Jira & Confluence Smart Chips for Google Docs Slides Sheets - Cloud - https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter Confluence Mail Archiving Plugin - DataCenter - https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter AutoLink Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud Confluence Widget for Figma (Beta) - Cloud - https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud Jira Board Buddy - Cloud - https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter Toolkit Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud Bitbucket Cloud - https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud https://trello.com/power-ups/55a5d915446f517774210001/box Box - https://trello.com/power-ups/55a5d915446f517774210001/box https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater Card Repeater - https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze Card Snooze - https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud Confluence Cloud - https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields Custom Fields - https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields https://trello.com/power-ups/55a5d915446f517774210003/evernote Evernote - https://trello.com/power-ups/55a5d915446f517774210003/evernote https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy Giphy - https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy https://trello.com/power-ups/55a5d916446f517774210004/github GitHub - https://trello.com/power-ups/55a5d916446f517774210004/github https://trello.com/power-ups/55a5d916446f517774210006/google-drive Google Drive - https://trello.com/power-ups/55a5d916446f517774210006/google-drive https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts Google Hangouts - https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align- Jira Align - https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align- https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp MailChimp - https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive OneDrive - https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker Package Tracker - https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me Read Me - https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me https://trello.com/power-ups/55a5d917446f517774210009/salesforce Salesforce - https://trello.com/power-ups/55a5d917446f517774210009/salesforce https://trello.com/power-ups/55a5d917446f51777421000a/slack Slack - https://trello.com/power-ups/55a5d917446f51777421000a/slack https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey SurveyMonkey - https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey https://trello.com/power-ups/55a5d917446f51777421000b/twitter Twitter - https://trello.com/power-ups/55a5d917446f51777421000b/twitter https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk Zendesk - https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards Dashcards - https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira Jira - https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira Third Party Marketplace Apps https://app.aurory.io https://store.epicgames.com/en-US/p/seekers-of-tokane-a5986d Seekers of Tokane https://play.google.com/store/apps/details?id=io.aurory.seekersoftokane&hl=en_CA Android Mobile - Testing https://testflight.apple.com/join/FuaxsScP IOS Mobile - Testing https://www.australiansuper.com/ www.australiansuper.com https://portal.australiansuper.com/ portal.australiansuper.com https://business.australiansuper.com/ business.australiansuper.com https://adviser.australiansuper.com/ adviser.australiansuper.com https://apis.australiansuper.com/ apis.australiansuper.com https://apis-v5.australiansuper.com/ apis-v5.australiansuper.com config.cic-bug-bounty.auth0app.com https://manage.cic-bug-bounty.auth0app.com/ manage.cic-bug-bounty.auth0app.com (Management Dashboard) *.cic-bug-bounty.auth0app.com https://play.google.com/store/apps/details?id=com.auth0.guardian&hl=en_US&gl=US Auth0 Guardian Android https://apps.apple.com/us/app/auth0-guardian/id1093447833 Auth0 Guardian IoS https://marketplace.auth0.com marketplace.auth0.com (Auth0 Marketplace) MFA Integrations https://github.com/auth0/auth0.js https://github.com/auth0/auth0.js (Auth0 SDK for Web) https://github.com/auth0/lock https://github.com/auth0/lock (Lock for Web) https://github.com/auth0/auth0-spa-js https://github.com/auth0/auth0-spa-js (Auth0 Single Page App SDK) https://github.com/auth0/Auth0.Net https://github.com/auth0/Auth0.Net (.NET SDK) https://github.com/auth0/nextjs-auth0 https://github.com/auth0/nextjs-auth0 (Next.js SDK) https://github.com/auth0/auth0-java https://github.com/auth0/auth0-java (Java SDK) https://github.com/auth0/react-native-auth0 https://github.com/auth0/react-native-auth0 (react-native SDK) https://github.com/auth0/auth0-php https://github.com/auth0/auth0-php (PHP SDK) https://dashboard.fga.dev/ https://api.us1.fga.dev/ https://customers.us1.fga.dev/ https://play.fga.dev/ auth0.com samltool.io webauthn.me openidconnect.net jwt.io auth0.net https://195.60.68.241 Bounty Cam1 https://195.60.68.242 Bounty Cam2 https://195.60.68.243 Bounty Cam3 https://195.60.68.244 Bounty Cam4 https://195.60.68.245 Bounty Cam5 https://195.60.68.246 Bounty Cam6 https://195.60.68.247 Bounty Cam7 https://195.60.68.248 Bounty Cam8 https://195.60.68.249 Bounty Cam9 https://195.60.68.250 Bounty Cam10 https://www.pornhub.com/ https://mobile.pornhub.com/ https://api.pornhub.com/ https://www.pornhubpremium.com/ https://www.redtube.com/ https://www.redtubepremium.com/ https://www.youporn.com/ https://www.youpornpremium.com/ https://pornhub.mainhub.com https://*.tube8.com *. tube8.com https://www.thumbzilla.com/ https://*.trafficjunky.com *.trafficjunky.com https://*.adultforce.com *.adultforce.com https://play.google.com/store/apps/details?id=com.backblaze.android&hl=en_US&gl=US Backblaze Android mobile application https://apps.apple.com/us/app/backblaze/id628638330 Backblaze iOS mobile application Mac Personal Backup Clients Windows Personal Backup Clients Mac Restore Downloaders Windows Restore Downloaders Git Repositories (b2-sdk-java & B2 Command Line Tool) https://*.backblazeb2.com B2 APIs (*.backblazeb2.com) https://backblaze.com Backblaze Website (*.backblaze.com) Balsamiq Cloud Balsamiq Wireframes for Desktop https://marketplace.atlassian.com/apps/1213404/balsamiq-wireframes-for-confluence-cloud?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1212796/balsamiq-wireframes-for-jira-cloud?hosting=cloud&tab=overview https://balsamiq.com https://marketplace.atlassian.com/apps/5161/balsamiq-wireframes-for-jira?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/256/balsamiq-wireframes-for-confluence?hosting=datacenter&tab=overview https://www.barracuda.com/products/messagearchiver Barracuda Message Archiver https://www.barracuda.com/products/websecuritygateway Barracuda Web Security Gateway https://www.barracuda.com/products/loadbalancer?utm_source=google&utm_medium=search_cpc&utm_campaign=387189501&utm_adgroup=116181947964&utm_term=&utm_position=&utm_matchtype=b&utm_device=c&utm_content=484352050459&_bt=484352050459&_bk=&_bm=b&_bn=g&_bg=116181947964&gclid=Cj0KCQjwvr6EBhDOARIsAPpqUPFtfKELYb2ysp1O29NyBMwStaYpYAxq1oso9BaXpcPo9yrcy13uuc0aAtQDEALw_wcB Barracuda ADC https://www.barracuda.com/products/webapplicationfirewall Barracuda Web Application Firewall https://www.barracuda.com/products/emailsecuritygateway Barracuda Email Security Gateway https://www.barracuda.com/products/cloudgenfirewall Barracuda CloudGen Firewall https://*.<researcher-store>.mybigcommerce.com https://www.bigcommerce.com *.bigcommerce.com login.bigcommerce.com https://apps.apple.com/au/app/bigcommerce/id1418570678 BigCommerce iOS https://play.google.com/store/apps/details?id=com.bigcommerce.mobile BigCommerce Android https://github.com/bigcommerce/ BigCommerce\'s Open Source Code https://bigcommerce.com/make-it-big https://bigcommerce.com/blog https://*.bigcommerce.net api.coinmarketcap.com pro-api.coinmarketcap.com https://www.binance.com/ *.binance.com Binance Desktop Application Binance Mobile Application for Android Binance Mobile Application for iOS api.binance.com Binance macOS Application pro.coinmarketcap.com CoinMarketCap Android app Trustwallet Android App Trustwallet iOS App https://github.com/trustwallet/wallet-core/ CoinMarketCap iOS app portal-api.coinmarketcap.com coinmarketcap.com 3rdparty-apis.coinmarketcap.com https://www.binance.us/ *.binance.us https://binance.tr binance.tr Trustwallet Chrome Extension Bitdefender Total Security *.bitdefender.net Bitdefender Antimalware Engines *.bitdefender.com https://www.bitdefender.com/business/smb-products/business-security.html?cid=ppc|b|google|smb&s_kwcid=AL!6076!3!514235572261!p!!g!!bitdefender%20business&utm_term=bitdefender%20business&utm_campaign=USA+SMB+Branded+30&utm_source=adwords&utm_medium=ppc&hsa_acc=8155205354&hsa_cam=7848657822&hsa_grp=124745713150&hsa_ad=514235572261&hsa_src=g&hsa_tgt=kwd-308396066873&hsa_kw=bitdefender%20business&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwqIiFBhAHEiwANg9szk-Rr3iSn4mrwsvAUOn-pzrO12ufWDmyCLopWigaLQW0t_xtlBE65RoCr6kQAvD_BwE Bitdefender GravityZone Business Security Bitdefender BOX v2 https://www.bitgo.com *.bitgo.com https://app.bitgo.com app.bitgo.com https://app.bitgo-test.com app.bitgo-test.com https://web.bitpanda.com https://www.bitpanda.com/ https://www.bitpanda.com https://api.bitpanda.com wss://socket.bitpanda.com All the Blockchain Infrastructure https://account.bitpanda.com https://play.google.com/store/apps/details?id=com.bitpanda.bitpanda Bitpanda Broker Android App https://apps.apple.com/app/bitpanda-buy-bitcoin-crypto/id1449018960 Bitpanda Broker iOS App https://blog.bitpanda.com/en https://blog.bitpanda.com https://www.bitpanda.com/academy/en/ https://www.bitpanda.com/academy/ https://www.bitstamp.net/ www.bitstamp.net - Bitstamp Application & API *.bitstamp.net - Bitstamp Supporting Services https://apps.apple.com/us/app/bitstamp/id1406825640 Bitstamp Mobile Application for iOS https://play.google.com/store/apps/details?id=net.bitstamp.app Bitstamp Pro Mobile Application for Android https://play.google.com/store/apps/details?id=net.bitstamp.appgo Bitstamp Mobile Application For Android https://bug-bounty-api.k8s.tools-001.d-use-1.braze-dev.com https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com/ https://docs.bugcrowd.com/ docs.bugcrowd.com https://bugcrowd.com/programs bugcrowd.com https://tracker.bugcrowd.com Crowdcontrol https://api.bugcrowd.com api.bugcrowd.com https://identity.bugcrowd.com/ https://identity.bugcrowd.com/ *.bugcrowd.com/auth/* https://bullish.com/ https://investor.bullish.com/ https://investor.bullish.com https://simnext.bullish-test.com https://api.simnext.bullish-test.com ████████████████████████ ████████████████████████████ ███████████████████████████ ███████████████████████ ████████████ ███████████████████ █████████████████████████████ ██████████████████████████ *.canva.cn Canva (Android) Canva (Chrome Extension) Canva (iOS) *.canva.com *.canva-apps.com *.canva-apps.cn https://canva.com/developers Canva Developer Platform https://*.canva.tech *.canva.tech Canva Desktop (macOS / Windows) https://itunes.apple.com/app/carrefour-uae/id626805470 Carrefour UAE iOS https://play.google.com/store/apps/details?id=com.aswat.carrefouruae Carrefour UAE Android https://www.carrefouruae.com/ carrefouruae.com https://api-prod.retailsso.com https://itunes.apple.com/us/app/cash-app/id711923939?mt=8 Cash App Mobile Application for iOS https://play.google.com/store/apps/details?id=com.squareup.cash Cash App Mobile Application for Android https://cash.app *.cash.app *.cashstaging.app https://www.foreignaffairs.com/ https://www.cfr.org/ https://thinkglobalhealth.org https://education.cfr.org/ *.meraki.com *.ikarem.io Cisco Meraki Systems Manager Cisco Meraki Virtual Security Appliances *.network-auth.com Cisco Meraki Dashboard Mobile Application (iOS and Android) Cisco Meraki MX Security Appliances Cisco Meraki MS Switches Cisco Meraki MR Access Points Cisco Meraki MV Security Cameras Cisco Meraki Z Series (Z1,Z3(C)) https://meraki.cisco.com meraki.cisco.com apps.meraki.io https://apps.apple.com/us/app/classdojo/id552602056 IoS App https://api.classdojo.com https://play.google.com/store/apps/details?id=com.classdojo.android Android App https://teach.classdojo.com https://student.classdojo.com https://www.classdojo.com https://home.classdojo.com https://dev.tutoring.classdojo.com https://ws.multiplayer.classdojo.com/ wss://ws.multiplayer.classdojo.com https://ticket.multiplayer.classdojo.com https://clients.multiplayer.classdojo.com/launcher/prod/latest https://monster-customizer.classdojo.com/cf6dfa68-1a81-4c6d-bc0b-38f3666b37d6/index.html *.classdojo.com *.classdojo.co.uk *.doj.io *.dojo.me https://clickhou.se/bugcrowd ClickHouse Cloud environment hosted by ClickHouse https://github.com/ClickHouse/ClickHouse https://cloudinary.com/console https://api.cloudinary.com https://res.cloudinary.com https://mediaflows.cloudinary.com/ mediaflows.cloudinary.com https://dimensions.cloudinary.com dimensions.cloudinary.com https://marketplace.atlassian.com/apps/1218652/deep-clone-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1219514/merge-agent-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1220136/quick-filters-for-jira-dashboards?hosting=cloud https://marketplace.atlassian.com/apps/1219476/comment-custom-fields-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1221733/external-data-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1219288/comment-history-log-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1215055/slack-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1219807/version-sync-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1218211/secure-google-calendar-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1219994/external-data-for-jira-fields?hosting=cloud https://marketplace.atlassian.com/apps/1232630/external-data-for-jira-fields-extension?hosting=cloud https://marketplace.atlassian.com/apps/1222978/dynamic-fields-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1223455/advanced-bulk-edit-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1226627/prime-custom-fields-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1230689/easy-confluence-gadget-for-jira-dashboards?hosting=cloud https://adhoc-bugcrowd.cdn-code.org adhoc-bugcrowd.cdn-code.org https://adhoc-bugcrowd-studio.cdn-code.org adhoc-bugcrowd-studio.cdn-code.org staging.coindesk.com staging.auth.coindesk.com *.xfinity.com *.comcast.com *.xcal.tv Staging, QA, Dev, and Test Environments *.sys.comcast.net https://business.comcast.com/account TV - Xfinity hardware and services Flex - Xfinity hardware and services Voice - Hardware and service https://www.xfinity.com/apps Mobile Apps iOS and Android https://www.contrastsecurity.com/ www.contrastsecurity.com https://contrastsecurity.dev/ contrastsecurity.dev https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?tab=overview&hosting=server https://marketplace.atlassian.com/apps/1223249/mailto-wiki-email-for-confluence?hosting=datacenter&tab=overview CyberGhost VPN servers https://apps.apple.com/us/app/id583009522 CyberGhost iOS application https://play.google.com/store/apps/details?id=de.mobileconcepts.cyberghost CyberGhost Android application https://www.cyberghostvpn.com/en_US/apps/linux-vpn CyberGhost Linux application https://www.cyberghostvpn.com/en_US/apps/macos-vpn CyberGhost macOS application https://www.cyberghostvpn.com/en_US/apps/windows-vpn CyberGhost Windows application https://addons.mozilla.org/en-US/firefox/addon/cyberghost-vpn-free-proxy/ CyberGhost Firefox extension https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb CyberGhost Chrome extension CyberGhost APIs CyberGhost PS3+PS4 apps CyberGhost Xbox One + Xbox360 apps https://cyberghost.com cyberghost.com *.cyberghost.com cyberghost.app https://www.cyberghostvpn.com/ *.cyberghostvpn.com *.dell.com/* *.delltechnologies.com/* https://console.delltechnologies.com/nav/administration https://console.delltechnologies.com/nav/invoice https://console.delltechnologies.com/nav/billing Any Verified Dell-Controlled Endpoint (domains/IP space/etc.) Actively Supported, Bounty Eligible Dell Products Actively Supported, Non-Reward Eligible Dell Products app.sandbox.directly.com *.sandbox.directly.com/ https://sandbox.directly.com/dashboard/index api.dropboxapi.com *.dropbox.com *.hellosign.com *.helloworks.com *.hellofax.com *.dropboxforum.com *.docsend.com *.dropboxer.net https://www.dash.ai/ dash.ai https://dropboxpartners.com *.dropboxpartners.com https://reclaim.ai *.reclaim.ai https://play.google.com/store/apps/details?id=com.dropbox.paper&hl=en_US&gl=US Dropbox Paper Android App https://apps.apple.com/us/app/dropbox-secure-cloud-storage/id327630330 Dropbox iOS app https://apps.apple.com/us/app/paper-by-dropbox/id1126623662 Dropbox Paper iOS app https://apps.apple.com/us/app/dropbox-emm/id1080074001 Dropbox EMM iOS https://www.dropbox.com/desktop Dropbox Desktop Application https://www.dropbox.com/capture Dropbox Capture Windows Desktop App Dropbox Capture macOS Desktop App https://play.google.com/store/apps/details?id=com.dropbox.android&hl=en_US&gl=US Dropbox Android App https://play.google.com/store/apps/details?id=com.dropbox.app.hellosign&hl=en_US&gl=US Dropbox Sign (formerly HelloSign) Android App https://www.dropbox.com/paper Paper Desktop Application https://dropbox.com/dash/download Dropbox Dash App https://app.reclaim.ai Reclaim.ai App https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=server https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=datacenter https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=server https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=datacenter https://docs.eazybi.com/ docs.eazybi.com https://my.electroneum.com/ https://electroneum.com/ https://api.electroneum.com/ https://play.google.com/store/apps/details?id=com.electroneum.mobile&hl=en_US Electroneum Android App https://apps.apple.com/us/app/electroneum/id1270774992 Electroneum iOS App https://api.anytask.com/ https://www.anytask.com/ https://github.com/electroneum/electroneum-sc/ Smartchain Blockchain https://blockexplorer.electroneum.com Smartchain Block Explorer https://my.thesecurityteam.rocks/ https://anytask.thesecurityteam.rocks/ https://elementor.com/ https://elementor.com/* https://my.elementor.com/ https://go.elementor.com/ https://translate.elementor.com/ https://developers.elementor.com/ https://he.elementor.com/ https://code.elementor.com/ https://library.elementor.com/ https://app.strattic.com app.strattic.com https://casino.partycasino.com https://casino.bwin.com https://casino.sportingbet.com https://www.ladbrokes.com/en/games https://www.coral.co.uk/en/games https://casino.*.betmgm.com/en/games (read "Find a Game to test on our targets") https://www.partypoker.com Partypoker Website (and all its subdomains) https://www.ladbrokes.com Ladbrokes Digital (and all its subdomains) https://www.coral.co.uk Coral Sports (and all its subdomains) https://www.galabingo.com Gala Bingo (and all its subdomains) https://www.partycasino.com Partycasino Website (and all its subdomains) https://www.bwin.com Bwin Website (and all its subdomains) http://media.itsfogo.com/media/upload/mobile/android/apk/partycasino_com.apk Partycasino APK https://apps.apple.com/gb/app/bwin-poker-and-casino-games/id410242773 Bwin Poker-Casino iOS https://apps.apple.com/gb/app/bwin-sports-betting/id393760245 Bwin Sports iOS https://apps.apple.com/gb/app/partycasino-play-casino-games/id818432894 Partycasino iOS https://apps.apple.com/gb/app/partypoker-texas-holdem-poker/id687740281 Partypoker iOS https://www.galacasino.com Gala Casino Website (and all its subdomains) https://www.epam.com/ *.epam.com https://projects.epam.com *.projects.epam.com https://lab.epam.com *.lab.epam.com https://opensource.epam.com *.opensource.epam.com *.emakina.nl *.emakina.group *.emakina.com *.emakina.ch *.emakina.fr *.emakina.us *.emakina.at https://*.epam.com Subdomain takeover open redirect at *.epam.com Open redirect at *.projects.epam.com, *.lab.epam.com, *.opensource.epam.com In Scope - Points only https://www.etsy.com www.etsy.com https://www.etsy.com/mobile Etsy Mobile Application (Android) Etsy Mobile Application (iPhone) https://www.etsy.com/developers/documentation/getting_started/api_basics Etsy API (see documentation below) https://etsypayments.com etsypayments.com https://blog.etsy.com blog.etsy.com https://careers.etsy.com careers.etsy.com https://help.etsy.com help.etsy.com https://community.etsy.com community.etsy.com *.etsy.com Virtualisation layer https://sks-ch-gva-2.exo.io SKS Clusters https://portal.exoscale.com/ Web Portal https://api-ch-gva-2.exoscale.com/v2 API https://sos-ch-gva-2.exo.io/ Simple Object Storage (SOS) https://internal.exoscale.ch Internal Web services - https://*.internal.exoscale.ch Managed Scalable Kubernetes Service (SKS) Database as a Service (DBaaS) VPN servers ExpressVPN iOS application ExpressVPN Android application ExpressVPN Linux application ExpressVPN macOS application ExpressVPN Windows application ExpressVPN Router ExpressVPN Firefox extension ExpressVPN Chrome extension MediaStreamer DNS servers ExpressVPN APIs https://www.expressvpn.com www.expressvpn.com *.expressvpn.com *.xvservice.net *.xvtest.net http://expressobutiolem.onion expressobutiolem.onion Google Play (com.expressvpn.vpn) Apple App Store (886492891) https://github.com/expressvpn/lightway-core Lightway Core ExpressVPN Keys Browser Extension https://financialforce.com *.financialforce.com https://*.certinia.com *.certinia.com Any FIS asset is in scope https://flo.uri.sh flo.uri.sh https://flourish.studio/ *.flourish.studio https://xyzbmojn.net/ *.xyzbmojn.net flourish-user-templates.com flourish-user-preview.com https://*.kiln.it *.kiln.it █████████████████████████████████████ ███████████████████████████████████ ████████████████████████████████ ██████████████████████ █████████████████████████ █████████████████████ ██████████████████████████████████████████████ ██████████████████████████████████████████████████ *-bugcrowd.foxycart.com (read below for details) https://admin.foxycart.com admin.foxycart.com https://admin.foxy.io/ admin.foxy.io https://auth.foxy.io/ auth.foxy.io https://foxycart-demo.foxycart.com/cart foxycart-demo.foxycart.com https://api.foxycart.com/ api.foxycart.com https://github.com/freedomofpress/securedrop https://github.com/freedomofpress/securedrop-log https://github.com/freedomofpress/securedrop-proxy https://github.com/freedomofpress/securedrop-sdk https://github.com/freedomofpress/securedrop-workstation https://github.com/freedomofpress/securedrop-client https://github.com/freedomofpress/securedrop-export https://github.com/freedomofpress/securedrop-debian-packaging ██████████████████ ███████████ https://staging.gearset.com/ staging.gearset.com staging-api.gearset.com https://hipaa.staging.gearset.com/ hipaa.staging.gearset.com https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1 Frontend portal: https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1 Backend endpoint: bug-bounty-be.glean.com https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview Scio Search Crawler for Confluence- https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview Scio Search Crawler for Jira- https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview Glean Activity Plugin for Jira Cloud- https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview https://www.hostgator.com.br/ hostgator.com.br/ https://financeiro.hostgator.com.br https://bugcrowd.hotdoc.com.au https://bugcrowd.hotdoc.com.au (Patients) https://bugcrowd.hotdoc.com.au/api https://bugcrowd.hotdoc.com.au/dashboard https://bugcrowd.hotdoc.com.au/dashboard (Clinic Dashboard) https://app.hubspot.com/ app.hubspot.com https://app-eu1.hubspot.com app-eu1.hubspot.com https://api.hubspot.com/ api.hubspot.com https://developers.hubspot.com/docs/api/overview api.hubapi.com https://chatspot.ai chatspot.ai https://connect.com connect.com *.hubspotemail.net *.hs-sites(-eu1)?.com *.hubspotpagebuilder.com *.hubspotpagebuilder.eu https://knowledge.hubspot.com/inbox/set-up-a-customer-portal Customer Portal (1) Customer connected domain (2) https://play.google.com/store/apps/details?id=com.hubspot.android&hl=en_US&gl=US HubSpot Android Mobile App https://apps.apple.com/us/app/hubspot/id1107711722 HubSpot iOS Mobile App https://knowledge.hubspot.com/connected-email/get-started-with-the-hubspot-sales-office-365-add-in HubSpot Sales Office 365 add-in Other HubSpot-owned (sub)domains not listed as Out of Scope . Please make sure to exercise due diligence before testing. You must include proof that the subdomain is registered to HubSpot to be eligible for a reward. Special Conditions https://www.ameliorate.com/ https://*.ameliorate.com/ https://www.beautyexpert.com/ https://*.beautyexpert.com/ https://www.cultbeauty.co.uk/ https://www.dermstore.com https://*.dermstore.com https://www.espaskincare.com/ https://*.espaskincare.com/ https://www.exantediet.com/ https://*.exantediet.com/ https://www.eyeko.com/ https://*.eyeko.com/ https://www.glossybox.com/ https://*.glossybox.com/ https://www.growgorgeous.com/ https://*.growgorgeous.com/ https://www.hqhair.com/ https://*.hqhair.com/ https://www.illamasqua.com/ https://*.illamasqua.com/ https://www.mioskincare.com/ https://*.mioskincare.com/ https://www.mankind.co.uk/ https://*.mankind.co.uk/ https://www.mybag.com/ https://*.mybag.com/ https://www.myvitamins.com/ https://*.myvitamins.com/ https://www.powerman.co.uk/ https://*.powerman.co.uk/ https://www.skinstore.com/ https://*.skinstore.com/ https://www.thehut.com/ https://*.thehut.com/ https://checkout.myvitamins.com https://checkout.eyeko.com https://checkout.glossybox.com https://chrome.google.com/webstore/detail/ibotta-browser-extension/mfaedmjlefifhnhpgipjjiiekchaimpk?hl=en-US Chrome Extension http://market.android.com/details?id=com.ibotta.android http://itunes.apple.com/us/app/ibotta/id559887125 https://content-server.ibotta.com/graphql https://api.ibotta.com https://api.ibops.net https://api.int.ibops.net https://api.int.ibops.net/customer-loyalty-service https://api.ibops.net/ad-management https://api.ibops.net/ad-management Ibotta App Data & Memory https://app.ibotta.com/sign-in
 Web v2 http://ibotta.com https://backend.ibotta.com/ https://www.ifood.com.br https://*.movilepay.com *.movilepay.com https://*.movilepay.com.br *.movilepay.com.br https://shop.ifood.com.br https://marketplace.ifood.com.br https://wsloja.ifood.com.br https://wslatam.ifood.com.br https://static-images.ifood.com.br https://gestordepedidos.ifood.com.br Gestor de pedidos - Web ONLY https://developer.ifood.com.br https://api.fstr.rocks https://rc.fstr.rocks https://play.google.com/store/apps/details?id=br.com.brainweb.ifood&hl=pt_BR iFood Customer Android Application https://apps.apple.com/br/app/ifood-pedir-comida-e-mercado/id483017239 iFood Customer iOS Application https://guildofguardians.com guildofguardians.com *.guildofguardians.com https://passport.immutable.com/ passport.immutable.com - Passport web3 wallet https://auth.immutable.com auth.immutable.com - Passport authentication backend https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport/ Passport SDK https://hub.immutable.com/ hub.immutable.com - Developer Hub https://api.immutable.com https://api.x.immutable.com/ *.immutable.com *.imtbl.com testnet.immutable.com *.testnet.immutable.com https://link.x.immutable.com/ https://market.immutable.com/ https://docs.immutable.com/ imx.community https://*.imperva.com https://www.cloudvector.com/ https://*.cloudvector.com/ https://*.incapsula.com PTaaS Reference https://*.indeed.com https://*.indeedflex.com https://apis.indeed.com/graphql https://play.google.com/store/apps/details?id=com.indeed.android.jobsearch Indeed Job Search Android https://apps.apple.com/us/app/indeed-job-search/id309735670 Indeed Job Search iOS https://play.google.com/store/apps/details?id=com.syftapp.android Android Indeed Flex App https://apps.apple.com/gb/app/indeed-flex-job-search/id1013812731 iOS Indeed Flex App https://*.indeed.tech https://*.indeed.net https://resume.com https://wowjobs.ca https://apps.apple.com/us/app/%E5%B1%A5%E6%AD%B4%E6%9B%B8%E4%BD%9C%E6%88%90-%E3%82%A4%E3%83%B3%E3%83%87%E3%82%A3%E3%83%BC%E3%83%89/id1484451230 履歴書作成 (Universal Resume) iOS https://play.google.com/store/apps/details?id=com.indeed.resume 履歴書作成 (Universal Resume) Android https://apps.apple.com/us/app/indeed-connect-for-employers/id6443822731 Indeed Connect for Employers https://chromewebstore.google.com/detail/indeed-recruiter-extensio/kiodpphbmnmcmnfgpnmkkhmkllnlflef Indeed Recruiter Extension (Chrome) Any host/web property/mobile app verified to be owned by Indeed https://developers.intercom.com/installing-intercom/docs/about-the-sdk-ios iOS SDK https://api.intercom.com https://api.intercom.io https://app.intercom.com *.intercomassets.com / *.intercomcdn.com https://app.intercom.io/ https://app.intercom.io https://developers.intercom.com/installing-intercom/docs/about-the-sdk-android Android SDK https://www.intercom.com/ https://www.intercom.com iRobot cloud-connected robot that you own (i.e. j7, s9, i7, 980, 960, 690, Braava, etc.) https://play.google.com/store/apps/details?id=com.irobot.home https://itunes.apple.com/us/app/irobot-home/id1012014442?mt=8 https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements/{entitlement_id} https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/notifications/raas https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/users/{user_id}/entitlements iRobot API Endpoint https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/robots/{robot_id}/entitlements *.jora.com *.jora.xyz https://apps.apple.com/us/app/jora-jobs-job-search-app/id917565665 https://play.google.com/store/apps/details?id=com.jora.android&hl=en_US restaurant-api.takeaway.com *.lieferando.at *.yourdelivery.de *.takeaway.com *.scoober.com *.citymeal.com *.lieferando.de *.thuisbezorgd.nl https://itunes.apple.com/us/app/lieferando-de/id419724490?l=es&mt=8 https://play.google.com/store/apps/details?id=com.yopeso.lieferando&hl=en_US https://takeawaypay.azurefd.net/en/takeawaypay/ *.bistro.sk *.just-eat.fr *.eat.ch *.just-eat.no *.just-eat.dk *.pyszne.pl https://www.justeattakeaway.com *.justeattakeaway.com https://www.justeat.it/rider https://status-takeaway.com/status https://status-takeaway.com/status. *.10bis.co.il https://www.takeaway.com/foodwiki/ www.takeaway.com/foodwiki/ https://www.takeaway.com/drivers www.takeaway.com/drivers https://www.takeaway.com/deals www.takeaway.com/deals https://www.thuisbezorgd.nl/aanmelden www.thuisbezorgd.nl/aanmelden https://shop.thuisbezorgd.nl shop.thuisbezorgd.nl https://tv.takeaway.com tv.takeaway.com static.thuisbezorgd.nl dev.takeaway.com/html/ intranet.takeaway.com atarkasher.co.il https://brand.takeaway.com brand.takeaway.com https://careers.takeaway.com careers.takeaway.com https://newsletter.thuisbezorgd.nl newsletter.thuisbezorgd.nl https://www.status-takeaway.com/status www.status-takeaway.com/status https://www.lieferando.de/thetakeaway/ cloud.update.takeaway.com cloud.connect.takeaway.com cloud.connect.justeattakeaway.com cloud.update.justeattakeaway.com *.beta.scoober.com *.just-data.io https://api.justeat-int.com *.justeat-int.com https://www.just-eat.co.uk *.just-eat.co.uk - UK food ordering https://www.just-eat.ie *.just-eat.ie - Ireland food ordering https://menulog.co.nz *.menulog.co.nz - New Zealand food ordering https://menulog.com.au *.menulog.com.au - Australia food ordering *.just-eat.com https://public.je-apis.com *.je-apis.com - UK legacy API https://just-eat.it *.just-eat.it - Italy food ordering https://just-eat.es *.just-eat.es - Spain food ordering https://skipthedishes.com *.skipthedishes.com - Canada food ordering https://just-eat.io/ *.just-eat.io https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1217037/scroll-exporter-extensions?hosting=cloud https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=cloud https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1210818/scroll-versions-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1211616/scroll-translations-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=datacenter https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=cloud https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=datacenter https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence?hosting=cloud https://www.remove.bg *.remove.bg https://www.designify.com *.designify.com https://www.kaleido.ai *.kaleido.ai https://www.unscreen.com *.unscreen.com https://www.keepersecurity.com/download.html Keeper Browser Extension (Chrome, Safari, Firefox, Edge) Keeper for iOS https://www.microsoft.com/en-us/p/keeperchat/9pdqtcpn4kxn#activetab=pivot:overviewtab KeeperChat for Windows https://keepersecurity.com Keeper Security Website Keeper for Mac, PC, Linux https://keepersecurity.com/vault Keeper Web Vault (US, EU, AU, CA, JP, GovCloud) https://docs.keeper.io/keeper-bridge/ Keeper AD / LDAP Bridge https://apps.apple.com/app/id1216446440 KeeperChat for iOS https://play.google.com/store/apps/details?id=com.keepersecurity.chat&hl=en_US&gl=US KeeperChat for Android https://apps.apple.com/us/app/keeperchat/id1273303729?mt=12 KeeperChat for Mac https://play.google.com/store/apps/details?id=com.callpod.android_apps.keeper&hl=en_US&gl=US Keeper for Android https://docs.keeper.io/kcm Keeper Connection Manager (KCM) https://keepersecurity.com/console Keeper Admin Console (US, EU, AU, CA, JP, GovCloud) https://docs.keeper.io/en/v/secrets-manager Keeper Secrets Manager and Keeper Commander APIs https://docs.keeper.io/sso-connect-guide/ SSO Connect On-Prem https://docs.keeper.io/sso-connect-cloud/ SSO Connect Cloud and Automator Service ██████████████████████████████████████████ ██████████████████████████████████████████████████████████████ https://kw-bugcrowd-pub.bounty.kiteworks.dev/ Kohl’s entire public digital footprint that is not Out-Of-Scope(See list below) https://www.kohls.com www.kohls.com https://www.kohls.com/feature/app.jsp Kohl\'s Mobile Application for iOS Kohl\'s Mobile Application for Android https://kucoin.com https://apps.apple.com/us/app/kucoin-buy-bitcoin-crypto/id1378956601?mt=8 Kucoin IOS App https://play.google.com/store/apps/details?id=com.kubi.kucoin Kucoin Android https://lastpass.com https://lastpass.com/misc_download2.php LastPass browser extensions (Chrome / Safari / Edge / Firefox) Local computer apps (UWP application / Windows installer (MSI) / MacOS) https://support.lastpass.com Workstation MFA (WMFA) https://blog.lastpass.com https://admin.lastpass.com https://auth.lastpass.com https://accounts.lastpass.com https://www.lastpass.com https://play.google.com/store/apps/details?id=com.lastpass.lpandroid LastPass Password Manager (Android) https://play.google.com/store/apps/details?id=com.lastpass.authenticator&hl=en_US&gl=US LastPass Authenticator (Android) https://apps.apple.com/us/app/lastpass-password-manager/id324613447 LastPass Password Manager (iOS) https://apps.apple.com/us/app/lastpass-authenticator/id1079110004 LastPass Authenticator (iOS) https://api.test.latitudefinancial.com https://master.servicecentre.digitalservicing-np.lfscnp.com/ https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/ https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/ https://28degreescard.com.au *.28degreescard.com.au https://buyersedge.co.nz *.buyersedge.com.au https://carecredit.com.au *.carecredit.com.au https://gemcreditline.co.nz *.gemcreditline.co.nz https://gemfinance.co.nz *.gemfinance.co.nz https://gemvisa.com.au *.gemvisa.com.au *.genoapay.co.nz *.genoapay.com https://gomastercard.com.au *.gomastercard.com.au https://interestfree.com.au *.interestfree.com.au *.latitudefinancial.co.nz *.latitudefinancial.com *.latitudefinancial.com.au https://latitudeinfinity.com.au *.latitudeinfinity.com.au *.latitudepay.com.au *.latitudepay.com https://umiloans.com.au *.umiloans.com.au https://images.latitudepayapps.com/ images.latitudepayapps.com https://app.latitudepayapps.com/ app.latitudepayapps.com *.test.*.lfscnp.com *.dev.*.lfscnp.com *.sandbox.*.lfscnp.com *.-np.*.lfscnp.com https://manager.trial.lsk.lightspeed.app/ https://manager.trial.lsk.lightspeed.app/ https://hq.breadcrumb.com/hq/restaurants/bounty-cafe-2/ https://secure.vendhq.com secure.vendhq.com https://developers.vendhq.com/ developers.vendhq.com https://payment-connectors.vendhq.com/ payment-connectors.vendhq.com https://www.vendhq.com/ www.vendhq.com https://store.retail.lightspeed.app store.retail.lightspeed.app https://apps.apple.com/us/app/ecwid-ecommerce/id626731456 https://play.google.com/store/apps/details?id=com.ecwid.android&pli=1 https://app.ecwid.com/api/v3/ proxy-production.lime.bike web-message.lime.bike web-message-high.lime.bike https://apps.apple.com/ca/app/lime-supply/id1620058457 Supply iOS web-production.lime.bike external-api.lime.bike Data.lime.bike https://apps.apple.com/ca/app/lime-ridegreen/id1199780189 Rider iOS https://play.google.com/store/apps/details?id=com.limebike Rider Android https://play.google.com/store/apps/details?id=com.lime.supply&hl=en_US Supply Android admintool.lime.bike juicer.lime.bike https://data.limeinternal.com Data portal help.lime.bike https://admintool.lime.bike Admintool ops.lime.bike https://lp.lime.bike/ LP dashboard https://orchard.limeinternal.com Inhouse deployment pipeline https://www.li.me/ Lime website https://gpt.lime.bike Lime GPT https://linktr.ee *.linktr.ee https://linktree.com *.linktree.com https://tr.ee *.tr.ee *.linktree-extensions.com https://odesli.co *.odesli.co https://odesli.com *.odesli.com https://song.link *.song.link https://songlink.io *.songlink.io https://album.link *.album.link https://artist.link *.artist.link https://pods.link *.pods.link https://playlist.link *.playlist.link https://mylink.page *.mylink.page https://*.plannthat.com plannthat.com https://linktree.app.link/LinktreeWebsite?utm_medium=Linktree_Footer Linktree iOS app Linktree Android app https://apps.apple.com/au/app/plann-preview-for-instagram/id1106201141 Plann iOS app https://play.google.com/store/search?q=plann&c=apps Plann Android app ███████████████ https://play.google.com/store/apps/details?hl=en&id=co.bitx.android.wallet Luno Android Application https://apps.apple.com/app/bitx-wallet/id927362479 Luno iOS Application https://mobileapi.staging.luno.com/ https://staging.luno.com/ https://ajax.staging.luno.com/ https://api.staging.luno.com/ https://app.staging.luno.com/ https://www.crateandbarrel.me www.crateandbarrel.me https://api-prod.thatconceptstore.com/ https://apps.apple.com/app/id1503045795 THAT Concept Store iOS https://play.google.com/store/apps/details?id=com.maf.thatandroid THAT Concept Store Android https://thatconceptstore.com https://www.cb2.ae/en https://www.allsaints.me/ https://www.lululemon.me www.lululemon.me https://lapi.yellowblocks.me lapi.yellowblocks.me https://www.shiseido.me/ lego.me psychobunny.me fashion4less.me https://www.sharerewards.com/ https://apps.apple.com/us/app/share-rewards/id1465450657 Share Rewards Programme iOS App https://play.google.com/store/apps/details?id=com.maf.share&hl=en_US&gl=US Share Rewards Android App https://www.vtcprodapi.maf.ae/svc/svcHifi.svc/SaveOCRReceipt https://production.maf.auth0.com/api/v2/ https://production.maf.auth0.com https://maf-holding-prod.apigee.net https://www.malloftheemirates.com https://play.google.com/store/apps/details?id=com.belongi.moe https://apps.apple.com/app/mall-of-the-emirates-moe/id1449578693 https://api.mafshoppingmalls.com/ https://www.premogiftcards.com https://www.premogiftcards.com/ https://identity.majidalfuttaim.com https://www.simplify.com/commerce/ Simplify Commerce - www.simplify.com/commerce/ https://www.mastercard.us/en-us.html MasterCard.us - www.mastercard.us/en-us.html https://www.mastercard.ch/de-ch.html MasterCard.ch - (German) - www.mastercard.ch/de-ch.html https://www.mastercard.ch/fr-ch.html MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html https://www.mastercard.com.au/en-au.html MasterCard.com.au - www.mastercard.com.au/en-au.html https://www.mastercard.nl/nl-nl.html MasterCard.nl - www.mastercard.nl/nl-nl.html https://developer.mastercard.com https://donate.mastercard.com donate.mastercard.com https://demo.priceless.com/ Core Priceless.com - demo.priceless.com https://europe.priceless.com/shb https://priceless.com/golf/ https://pricelesssurprises.com/ https://priceless.com/aa/ https://priceless.com/aviator/ https://priceless.com/citiaadvantage/ https://performancemarketing.mastercard.com/portal/ https://src.mastercard.com/profile/enroll https://src.mastercard.com/* SRC integration on https://masterpassteststore.com/. Only the Masterpass checkout functionality is in scope Finicity Connect Finicity- Data Services Finicity Decisioning https://www.finicity.com https://consumer.finicityreports.com Finicity- Open Banking Payment History application Finicity - OBB (Open Banking Business Service) Public Others Target https://play.google.com/store/search?q=mattermost&c=apps Mattermost Mobile Android https://apps.apple.com/us/app/mattermost/id1257222717 Mattermost Mobile iOS https://mattermost.com/apps/ Mattermost Desktop Apps https://bugcrowd-*your-own-instance*.cloud.mattermost.com/ https://github.com/mattermost/mattermost-plugin-jira Mattermost Jira Plugin https://github.com/mattermost/mattermost-plugin-zoom Mattermost Zoom Plugin https://github.com/mattermost/mattermost-plugin-github Mattermost Github Plugin https://github.com/mattermost/mattermost-plugin-gitlab Mattermost Gitlab Plugin https://github.com/mattermost/mattermost-plugin-calls Mattermost Calls Plugin https://github.com/mattermost/mattermost-plugin-playbooks Mattermost Playbooks Plugin https://github.com/mattermost/mattermost-plugin-boards Mattermost Boards Plugin https://github.com/mattermost/mattermost-plugin-ai Mattermost Copilot Plugin https://github.com/mattermost/mattermost-plugin-mscalendar Mattermost Microsoft Calendar Plugin https://github.com/mattermost/mattermost-plugin-msteams-meetings Mattermost Plugin for Microsoft Teams Meetings ██████████████████████████████ ██████████████████████████████████ https://identity.monash.edu/ identity.monash.edu mix.monash.edu https://connect.monash.edu connect.monash.edu https://identity.monash.edu identity.monash.edu https://www.monash.edu monash.edu https://staff.monash Staff.monash http://apps.connect.monash.edu/ apps.connect.monash.edu/ VPN: vpn.monash.edu eassessment.monash.edu https://fileshare.ze.monash.edu fileshare.ze.monash.edu https://cms.mobile.monash/ cms.mobile.monash https://mobile.monash/ mobile.monash https://status.mobile.monash/ status.mobile.monash https://monashcollege.edu.au https://online.monash.edu/ https://apps.apple.com/us/app/monash-study/id1462126829 Monash Study iOS App https://play.google.com/store/apps/details?id=edu.monash.monashmobile Monash Study Android app https://myapp.monash.edu/ https://alumni-friends.monash.edu https://agent.apps.monash.edu/ https://compulsoryunits.monash.edu/ https://monash.app.nutrip.com monash.app.nutrip.com https://studentplacements.monash.edu studentplacements.monash.edu https://unihub.monash.edu/ unihub.monash.edu https://interviews.monash.edu/ interviews.monash.edu https://shop.monash.edu/ shop.monash.edu https://mlivetickets.monash.edu mlivetickets.monash.edu alumni-friends.monash.edu https://partner.apps.monash.edu partner.apps.monash.edu https://play.google.com/store/apps/details?id=com.scu.bsafe bSafe Android App https://apps.apple.com/au/app/monash-bsafe/id1462241951 bSafe iPhone App https://forms.apps.monash.edu/ forms.apps.monash.edu https://formative.eassessment.monash.edu/ formative.eassessment.monas.edu https://www.monashprofessional.edu.au/ monashprofessional.edu.au https://account-registration.monash.edu/ account-registration.monash.edu http://pay.monashcollege.edu.au/ pay.monashcollege.edu.au https://evigilation.monash.edu Monash e-Vigilation https://student.monash student.monash https://mids.monash.edu/ mids.monash.edu https://ims.monash.edu ims.monash.edu https://research.monash.edu/ research.monash.edu https://researchmgt.monash.edu/ researchmgt.monash.edu https://move.monash.edu/ move.monash.edu mix-qat.monash.edu/* mix-dev.monash.edu/* https://apps.apple.com/vc/app/moneytree-finance-made-easy/id586847189 Moneytree iOS Mobile Application (production; see below) https://wwws-staging.moneytree.jp/link/ https://vault-staging.getmoneytree.com https://redash-staging.getmoneytree.com/ https://app-staging.getmoneytree.com https://wwws-staging.moneytree.jp/link/mobile/ https://wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh https://myaccount-staging.getmoneytree.com https://jp-api-staging.getmoneytree.com https://jp-api-staging.getmoneytree.com https://business-staging.getmoneytree.com/ https://play.google.com/store/apps/details?id=jp.moneytree.moneytree&hl=en_AU&gl=US Moneytree staging Android Mobile Application (see below) All Motorola Devices running Android 13 and above. https://staging-prime.navan.com https://secure.neogov.com https://login.neogov.com https://performance.neogov.com https://learn.neogov.com https://api.neogov.com https://onboard.neogov.com https://unified.neogov.com https://eforms.neogov.com https://cdn.neogov.com https://www.governmentjobs.com https://analytics.neogov.com https://powerdms.com/ https://secure.cuehit.net https://secure.cuehit.net/ https://app.agency360.com https://app.agency360.com/ https://securesignin.neogov.com https://securesignin.neogov.com/ https://securesignin.powerdms.com/ https://hr.neogov.com Nighthawk Pro Gaming Switch Nighthawk Router Nighthawk Switch Nighthawk iOS App Nighthawk Android App Orbi Orbi iOS App Orbi Android App Insight Managed Smart Cloud Wireless Access Point https://api.netgear.com Insight iOS App Insight Android App CHP Cloud Portal Meural https://one.newrelic.com https://play.google.com/store/apps/details?id=com.newrelic.rpm New Relic Android Application https://apps.apple.com/ie/app/new-relic/id594038638 New Relic iOS Application *.nr-data.net *.nr-ops.net https://docs.newrelic.com/ https://newrelic.com/ https://newrelic.com/* https://newrelic.com/blog https://support.newrelic.com/ https://forum.newrelic.com https://knowledge.newrelic.com/ https://learn.newrelic.com/ https://developer.newrelic.com/ ████████████████████████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████████████████████████████████ ███████████████████████████████████████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Anything Owned by Northwestern Mutual on the Public Internet Not Listed as Out of Scope 216.20.176.0/20 https://northwesternmutual.com *.northwesternmutual.com https://*.nml.com *.nml.com https://*.nmfn.com *.nmfn.com https://play.google.com/store/apps/details?id=com.nm.nm&hl=en_US&gl=US NM Android Mobile App https://apps.apple.com/us/app/northwestern-mutual/id1132579006 NM iOS Mobile App Anything that Clearly Affects Northwestern Mutual But is Not Own by Northwestern Mutual https://play.google.com/store/apps/details?id=com.nu.production&hl=pt_BR&gl=US&pli=1 Nubank Android: Playstore https://apps.apple.com/br/app/nubank-conta-e-cart%C3%A3o/id814456780 Nubank iOS App prod-*.nubank.com.br prod-*.nu.com.mx prod-*.nu.com.co https://nubank.com.br/ *nubank.com.br https://nubank.com.mx *nu.com.mx https://nubank.com.co *nu.com.co https://www.nuinvest.com.br/ *.nuinvest.com.br https://octopus.com/downloads Octopus Tentacle Octopus Server *.octopus.com https://github.com/OctopusDeploy Octopus Deploy Git Repo https://octopus.com octopus.com bugcrowd-pam-###.oktapreview.com bugcrowd-pam-###.pam.oktapreview.com https://bugcrowd-oie-%username%-1.workflows.oktapreview.com https://bugcrowd-oie-%username%-2.workflows.oktapreview.com https://bugcrowd-pam-###.workflows.oktapreview.com Desktop MFA for Windows Desktop MFA for macOS Password Sync for macOS https://support.okta.com support.okta.com bugcrowd-oie-%username%-1.at.oktapreview.com bugcrowd-oie-%username%-2.at.oktapreview.com https://bugcrowd-pam-###.at.oktapreview.com bugcrowd-oie-%username%-1.oktapreview.com bugcrowd-oie-%username%-2.oktapreview.com https://bugcrowd-pam-###.oktapreview.com https://www.okta.com/fastpass/ Okta Verify Fastpass bugcrowd-oie-%username%-1-admin.oktapreview.com bugcrowd-oie-%username%-2-admin.oktapreview.com https://www.okta.com/products/advanced-server-access/ Advanced Server Access (ASA) / (ScaleFT) http://app.scaleft.com/ https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm Advanced Server Access Client / Agents https://apps.apple.com/us/app/okta-verify/id490179405 Okta Verify (iOS) https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US Okta Verify (Android) Okta Verify (Mac OS) Okta Verify (Windows) Okta On-Prem Agents ( AD, LDAP, RDP, IWA ) https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm Okta Agent Windows https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm Okta Browser Plugin (IE / Firefox / Chrome) https://pentest-app.onetrust.com/ https://api.openai.com api.openai.com https://chat.openai.com ChatGPT ChatGPT Plugins Third Party Targets OpenAI API Keys https://*.openai.org https://openai.org *.openai.org https://openai.com/ openai.com *.openai.com https://platform.openai.com/playground Developer Platform Playground Other https://opensea.io/ opensea.io https://pro.opensea.io/ pro.opensea.io http://wallets.opensea.io/ https://play.google.com/store/apps/details?id=io.opensea&hl=en_US&gl=US io.opensea - Android App https://apps.apple.com/us/app/opensea-nft-marketplace/id1582861796 io.opensea - iOS App https://github.com/ProjectOpenSea/seaport#deployments https://etherscan.io/address/0x0000a26b00c1F0DF003000390027140000fAa719 https://etherscan.io/address/0x00005EA00Ac477B1030CE78506496e8C2dE24bf5 Broken Link https://auth.opera.com auth.opera.com https://accounts.opera.com accounts.opera.com https://flow.opera.com flow.opera.com https://autoupdate.geo.opera.com autoupdate.geo.opera.com https://net.geo.opera.com net.geo.opera.com https://download.opera.com download.opera.com https://speeddials.opera.com speeddials.opera.com https://browser-notifications.opera.com browser-notifications.opera.com https://www.opera.com/ www.opera.com https://www.opera.com/computer/thanks?ni=stable&os=windows Opera PC https://www.opera.com/computer/thanks?ni=eapgx&os=windows Opera GX https://get.geo.opera.com get.geo.opera.com https://play.google.com/store/apps/details?id=com.opera.browser Opera for Android https://play.google.com/store/apps/details?id=com.opera.app.news Opera News https://play.google.com/store/apps/details?id=com.opera.gx Opera GX for Android https://play.google.com/store/apps/details?id=com.opera.mini.native Opera Mini https://play.google.com/store/apps/details?id=com.opera.app.sports Apex Football https://cryptowallet.opera-api.com cryptowallet.opera-api.com https://suggestions.opera-api.com suggestions.opera-api.com *.opera.software weather.opera-api.com push.opera.com *.osp.opera.software https://bugs.opera.com/ bugs.opera.com *.opera.technology https://gx.games https://create.gx.games Loomi.tv https://features.opera-api.com features.opera-api.com https://cdn-store.opera-api.com cdn-store.opera-api.com *.sec-tunnel.com *.opera.com exchange.opera.com merchandise.opera-api.com blocklist.opera-api.com https://gx.opera-api.com gx.opera-api.com 37.228.104.0/21 77.111.244.0/22 82.145.208.0/20 91.203.96.0/22 102.23.96.0/22 103.83.120.0/22 107.167.96.0/19 141.0.8.0/21 185.26.180.0/22 195.189.143.0/24 203.89.100.0/22 marketplace.gamemaker.io *.opera-mini.net *.opera.news *.operanewsapp.com GameMaker Studio 2 *.yoyogames.com https://www.gamemaker.io www.gamemaker.io https://cashback.opera.com/ cashback.opera.com *.apex-football.com *.operafootball.com *.feednews.com *.dailyadvent.com api.gx.games/gxc api.gx.games/dc api.gx.games/dev api.gx.games/profile api.gx.games/session https://app.opsgenie.com app.opsgenie.com https://mobileapp.opsgenie.com mobileapp.opsgenie.com *.opsgenie.com Opsgenie (IoS) Opsgenie (Android) https://app.optimizely.com/ https://cdn.optimizely.com/ https://cdn-pci.optimizely.com/ https://optimizely-edge.com https://api.optimizely.com/ https://dxc.episerver.net/ https://paasportal.episerver.net/ https://paasportal.episerver.net/api/v1.0/ https://app.welcomesoftware.com/ https://accounts.welcomesoftware.com/ https://api.welcomesoftware.com/ https://api.welcomesoftware.com/ https://cdn-app.welcomesoftware.com/ https://analytics.welcomesoftware.com/ https://flags.expeng.optimizely.com https://accounts.cmp.optimizely.com/ https://orderly.network/ https://api.orderly.org/ https://api-evm.orderly.org/ https://www.originenergy.com.au/ *.origindigital-pac.com.au *.odcdn.com.au https://dataportal.originenergy.com.au dataportal.originenergy.com.au *.support.originenergy.com.au *.api.originenergy.com.au *.download.originenergy.com.au https://api.rx.originenergy.com.au/v1/gateway/schema/graphql https://api.rx.originenergy.com.au/v1/gateway/schema/kraken/graphql https://api.rx.originenergy.com.au/v1/lpg/graphql https://www.winconnect.com.au/moving-out/ https://www.winconnect.com.au/get-connected/ https://customerportal.winconnect.com.au/login signup.myconnect.com.au portal.myconnect.com.au myconnect.com.au portal.myconnect.com.au/new-connection ssu.myconnect.com.au/signup/get-connected hub.myconnect.com.au https://dashboard.pantheon.io https://devstaging.pcapcloud.com/* https://www.pexels.com/ *.pexels.com ██████████████ api.pinterest.com *.pinterest.com Web Apps https://apps.apple.com/us/app/pinterest/id429047995 Pinterest iOS Mobile Application https://play.google.com/store/apps/details?id=com.pinterest&hl=en_US&gl=US Pinterest Android Mobile Application https://play.google.com/store/apps/details?id=com.pinterest.twa&hl=en_US&gl=US Pinterest Lite Android Mobile Application https://microsoftedge.microsoft.com/addons/detail/pinterest-save-button/bkgoflemacdadndiohhdnphcmdhacabg Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b ) https://chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en) https://addons.mozilla.org/en-US/firefox/addon/pinterest/ Firefox extension (download at: https://addons.mozilla.org/firefox/addon/pinterest/) https://github.com/pinterest/ Open source projects(non-forked) listed at github.com/pinterest/ https://pixabay.com/ *.pixabay.com/ https://my.planethoster.com my.planethoster.com https://api.planethoster.net api.planethoster.net https://world.planethoster.net world.planethoster.net https://mg.n0c.com/ https://www.planethoster.com www.planethoster.com https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud&tab=overview https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter&tab=overview https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter *.points.com PIA VPN servers https://apps.apple.com/us/app/private-internet-access-anonymous/id955626407 PIA iOS application https://play.google.com/store/apps/details?id=com.privateinternetaccess.android&hl=en PIA Android application https://www.privateinternetaccess.com/download/linux-vpn PIA Linux application https://www.privateinternetaccess.com/download/mac-vpn PIA macOS application https://www.privateinternetaccess.com/download/windows-vpn PIA Windows application https://addons.mozilla.org/en-US/firefox/addon/private-internet-access-ext/ PIA Firefox extension https://chrome.google.com/webstore/detail/private-internet-access/jplnlifepflhkbkgonidnobkakhmpnmh PIA Chrome extension https://addons.opera.com/en/extensions/details/private-internet-access-extension/ PIA Opera extension PIA APIs https://www.privateinternetaccess.com/ privateinternetaccess.com *.privateinternetaccess.com piaservers.com https://dealflow.prosus.com dealflow.prosus.com https://dealflowapi.prosus.com dealflowapi.prosus.com https://analytics-admin.prosus.com analytics-admin.prosus.com http://analytics.prosus.com analytics.prosus.com https://data.prosus.com/ data.prosus.com https://hr.prosus.com/ hr.prosus.com https://tracker.naspers.com/ tracker.naspers.com https://cfc.naspers.com/ cfc.naspers.com https://peopleview.naspers.com peopleview.naspers.com http://nav.naspers.com/ nav.naspers.com https://*.quizlet.com https://itunes.apple.com/us/app/quizlet-flashcards/id546473125 IoS https://play.google.com/store/apps/details?id=com.quizlet.quizletandroid Android 3.0 API api.rapyd.net https://dashboard.rapyd.net/ dashboard.rapyd.net verify.rapyd.net checkout.rapyd.net *.rapyd.net *.neatcommerce.com *.korta.is *.neattest.com https://jointhemoment.net/ jointhemoment.net *.rapyd.com *.rapyd.org *.neat.com.hk *.kortathjonustan.is *.neat.hk *.neat.wtf ████████████████ █████████████████ ████████████████████ https://rec.net/download Rec Room PC Standalone App https://store.steampowered.com/app/471710/Rec_Room/ Steam: PC Game for Windows https://www.oculus.com/experiences/quest/2173678582678296 Oculus Quest: All-in-one gaming system for VR https://www.oculus.com/experiences/rift/1257029974329451 Oculus Rift: VR headset https://www.nintendo.com/us/store/products/rec-room-switch/ Nintendo Switch https://apps.apple.com/app/id1450306065 iOS https://play.google.com/store/apps/details?id=com.AgainstGravity.RecRoom https://store.playstation.com/en-us/product/UP2662-PPSA05532_00-6681199027107223 PlayStation 5 https://store.playstation.com/en-us/product/UP2662-CUSA08481_00-RECROOM000000001 PlayStation 4 https://www.xbox.com/en-us/games/store/rec-room/9pgpqk0xthrz Xbox https://recroom.com/studio Rec Room Studio https://rec.net/ https://*.rec.net/* https://api.rec.net https://api.rec.net/ https://devportal.rec.net/ SAP SuccessFactors SAP S/4HANA Cloud Public Edition SAP S/4HANA Cloud Private Edition SAP Integrated Business Planning for Supply Chain SAP Cloud ALM SAP Customer Data Cloud portfolio from Gigya SAP S/4HANA migration cockpit SAP Risk and Assurance Management SAP Order Management for Sourcing and Availability SAP Continuous Integration and Delivery SAP Business Network for Logistics SAP Order Management foundation SAP Signavio SAP Revenue Growth Optimization SAP Enable Now SAP Omnichannel Promotion Pricing https://api.thesecurityteam.rocks api.thesecurityteam.rocks https://api.anytask.thesecurityteam.rocks api.anytask.thesecurityteam.rocks https://anytask.thesecurityteam.rocks anytask.thesecurityteam.rocks https://my.thesecurityteam.rocks my.thesecurityteam.rocks https://github.com/electroneum/electroneum/ Legacy Blockchain https://legacy-blockexplorer.electroneum.com Legacy Block Explorer https://public.thesecurityteam.rocks/resources/app/android/etnapp-5.2.2-staging.apk Staging Electroneum Android App *.seek.com.au https://seekcdn.com https://apps.apple.com/au/app/seek-jobs-job-search/id520400855 SEEK mobile app for iOS https://play.google.com/store/apps/details?id=au.com.seek&hl=en_AU&gl=US SEEK mobile app for Android *.skinfra.xyz *.outfra.xyz *.sol-data.com *.jobapi.net *.seekpass.co *.seekpass-staging.com *.aips-internal.com *.certsy.com *.certsynonprod.com https://apps.apple.com/au/app/certsy/id1617796159 SEEK Pass Mobile App for iOS https://play.google.com/store/apps/details?id=com.certsy.app SEEK Pass Mobile App for Android https://graphql.seek.com graphql.seek.com https://auth.seek.com auth.seek.com https://dashboard.sendbird.com/ https://dashboard.sendbird.com https://gate.sendbird.com https://api-{app-id}.sendbird.com https://ws-{app-id}.sendbird.com https://desk-api-{region}.sendbird.com https://ws-{app-id}.calls.sendbird.com https://api-{app-id}.calls.sendbird.com https://api-{app-id}.notifications.sendbird.com https://sendbird.com/docs https://sendbird.com https://1shoppingcart.com 1shoppingcart.com https://mcssl.com mcssl.com *.mcssl.com https://www.skroutz.gr/ Skyscanner iOS App Skyscanner Android App gateway.skyscanner.net/* skyscanner.net/hotels/book/* skyscanner.net/* partnerportal.skyscanner.net/* *.skyscanner.net Skyscanner Android app Skyscanner iOS app AWS Infrastructure https://smartmockups.com/ *.smartmockups.com/ https://snapnames.com/ https://www.namejet.com/ https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial Intercept X Endpoint (Windows) - Zero-click RCE https://central.sophos.com/ Sophos Central (Production) - Special Target Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCE https://central.sophos.com Sophos Central (Production) https://www.sophos.com/en-us/products/next-gen-firewall Sophos Firewall (XG/XGS, SFOS) https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial Intercept X Endpoint (Windows) Intercept X Endpoint (MacOS) Intercept X Endpoint (Linux) https://www.sophos.com/en-us/products/mobile-control/free-trial Intercept X Mobile (iOS) Intercept X Mobile (Android) https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/Sophos/NDR/index.html Sophos NDR Appliances (NDR, Investigation Console) https://www.sophos.com/en-us/products Other Sophos Appliances (RED, Switch, Access Points, ...) https://www.sophos.com/ Sophos-owned IT infrastructure (*.sophos.com) 3rd party services hosted at *.sophos.com Sophos IT Infrastructure (all other Sophos domains) Any Other Sophos Product or Service https://play.google.com/store/apps/details?id=com.soundcloud.android&hl=en&gl=US SoundCloud Android app https://soundcloud.com soundcloud.com *.soundcloud.org *.s-cloud.net https://apps.apple.com/us/app/soundcloud-music-audio/id336353151 SoundCloud iOS app https://connect.soundcloud.com *.soundcloud.com *.services.repostnetwork.com api-*.soundcloud.com http://artists.soundcloud.com/ artists.soundcloud.com https://soundcloud.org soundcloud.org SpaceX and Starlink assets (target information and rewards detailed above on the brief) *.square.com *.squareup.com https://square.online square.online https://www.weebly.com/ weebly.com https://play.google.com/store/apps/details?id=com.squareup&hl=en_US&gl=US Square Point of Sale Mobile Application for Android https://apps.apple.com/us/app/square-point-of-sale-pos/id335393788 Square Point of Sale Mobile Application for iOS Square Register Square Terminal ███████████████████████████████████████ █████████████████████████████████ ████████████████████████████████████ ███████████████████████████████ https://manage.statuspage.io manage.statuspage.io *.statuspage.io Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against https://www.driveuconnect.com www.driveuconnect.com https://www.driveuconnect.eu www.driveuconnect.eu https://play.google.com/store/apps/details?id=com.acn.uc&hl=en https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8 https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8 https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8 https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1214110/courses-and-quizzes-lms-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=cloud https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=server https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=datacenter https://marketplace.atlassian.com/apps/1222084/spreadsheet-issue-field-editor?hosting=cloud https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=datacenter https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=server https://marketplace.atlassian.com/apps/1212507/smart-attachments-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1212531/customer-case-jira-support-feedback?hosting=cloud https://marketplace.atlassian.com/apps/1210766/teamcity-integration-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1214971/handy-macros-for-confluence?hosting=cloud https://marketplace.atlassian.com/apps/1222102/webhook-manager-for-confluence-cloud?hosting=cloud https://marketplace.atlassian.com/apps/1222001/employee-performance-ratings?hosting=cloud https://marketplace.atlassian.com/apps/1224994/poll-maker-for-confluence?hosting=cloud Self Register Account on T-Mobile Microsoft Entra ID Cellular Network Auth Bypass via Web/Mobile App T&P Servers Internal Server via Internet Network https://portal.lrs.t-mobile.com portal.lrs.t-mobile.com https://account.t-mobile.com account.t-mobile.com https://metrobyt-mobile.com metrobyt-mobile.com https://sprint.com sprint.com https://t-mobile.com t-mobile.com https://api.t-mobile.com *.api.t-mobile.com https://tfb.t-mobile.com tfb.t-mobile.com https://devedge.t-mobile.com devedge.t-mobile.com https://tess.service-now.com tess.service-now.com https://digits.t-mobile.com digits.t-mobile.com *.t-mobile.com *.metrobyt-mobile.com *.sprint.com Assets labeled as in-scope https://apps.apple.com/us/app/t-mobile/id561625752 T-Mobile - iOS https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile T-Mobile - Android https://apps.apple.com/us/app/syncup-drive/id1576574297 SyncUP DRIVE - iOS https://play.google.com/store/apps/details?id=com.tmobile.drive SyncUP DRIVE - Android https://apps.apple.com/us/app/syncup-kids/id1503394062 SyncUP KIDS - iOS https://play.google.com/store/apps/details?id=com.tmobile.kids SyncUP KIDS - Android https://apps.apple.com/us/app/syncup-tracker/id1526380335 SyncUP TRACKER - iOS https://play.google.com/store/apps/details?id=com.tmobile.syncuptag SyncUP TRACKER - Android https://digits.t-mobile.com/ DIGITS - Mobile & Desktop https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388 T-Life - iOS https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US T-Life - Android https://biocorellc.com https://tempus-ex.com https://infiniteathlete.ai https://platform.infiniteathlete.ai https://docs.tempus-ex.com https://github.com/tempus-ex *.tesla.cn *.tesla.services https://apps.apple.com/us/app/tesla/id582007913 Official Tesla iOS apps *.tesla.com *.teslamotors.com Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.) *.solarcity.com *.teslainsuranceservices.com https://play.google.com/store/apps/details?id=com.teslamotors.tesla&hl=en_US&gl=US Official Tesla Android apps Tesla Energy hardware you own Tesla vehicle hardware that you own https://www.thefork.com/ https://m.thefork.com https://blog.thefork.com/ https://api.thefork.com https://api.lafourchette.com https://review-api.lafourchette.com https://google-reserve-api.thefork.io https://google-reserve-api.thefork.io https://m-api.lafourchette.com https://play.google.com/store/apps/details?id=com.lafourchette.lafourchette The Fork Android App https://apps.apple.com/app/thefork-restaurants-bookings/id424850908 The Fork iOS App https://*.tools.thefork.tech *.tools.thefork.tech https://www.restaurant-information.com www.restaurant-information.com https://widget.thefork.com widget.thefork.com https://api.thousandeyes.com/ https://app.thousandeyes.com/ https://www.thousandeyes.com/ ThousandEyes Enterprise Agent ThousandEyes Endpoint Agent https://tidal.com/ *.tidal.com *.wimpmusic.com *.tidalhifi.com api.tidal.com *tidalhi.fi *.tdl.sh Tidal Client for iOS Tidal Client for Android https://offer.tidal.com/download Tidal Desktop Client Tidal Official Clients (e.g. Sonos integration, Tesla integration, etc.) trello.com api.trello.com *.trello.services Trello Desktop Client Trello Mobile App for Android Trello Mobile App for iOS https://butlerfortrello.com/ Butler for Trello https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up Calendar Power-Up https://trello.com/power-ups/55a5d917446f517774210012/card-aging Card Aging Power-Up https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits List Limits Power-Up https://trello.com/power-ups/55a5d917446f517774210013/voting Voting Power-Up https://trello.com/power-ups/6052d130068a8c0de7b022b4 Microsoft Teams Integration Trello Third Party Powerups https://api.production.cde.tamg.cloud api.production.cde.tamg.cloud https://partnerapi.tapayments.com partnerapi.tapayments.com https://partnerapi1.tapayments.com partnerapi1.tapayments.com https://partnerapi2.tapayments.com partnerapi2.tapayments.com https://walletproxy.tapayments.com walletproxy.tapayments.com https://walletproxy1.tapayments.com walletproxy1.tapayments.com https://walletproxy2.tapayments.com walletproxy2.tapayments.com https://www.tripadvisor.com www.tripadvisor.com Localized versions of www.tripadvisor.com available from the site\'s header or footer https://api.tripadvisor.com api.tripadvisor.com https://service.platform.tripadvisor.com service.platform.tripadvisor.com https://gwapi.tripadvisor.com gwapi.tripadvisor.com https://gwapi1.tripadvisor.com gwapi1.tripadvisor.com https://gwapi2.tripadvisor.com gwapi2.tripadvisor.com Any publicly accessible Tripadvisor web asset or host (domains, ip space, etc) - except for assets listed as Out-of-Scope below. Tripadvisor Android App Tripadvisor iOS App https://rentals.tripadvisor.com rentals.tripadvisor.com https://*.vacationhomerentals.com *.vacationhomerentals.com https://*.holidaylettings.com *.holidaylettings.com https://*.flipkey.com *.flipkey.com https://*.niumba.com *.niumba.com https://*.housetrip.com *.housetrip.com https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8 Tripadvisor Owner APP (https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8) http://marlo.ext.tripadvisor.com marlo.ext.tripadvisor.com https://*.bokundemo.com *.bokundemo.com https://*.bokuntest.com *.bokuntest.com https://www.20min.ch https://coral.20min.ch/ https://cm.20min.ch/ https://api.20min.ch/ https://videoplayer.20min.ch https://partner-feeds.20min.ch https://screenplayer.20min.ch https://audio.20min.ch/ https://audio.20min.ch https://api.twilio.com api.twilio.com Twilio APIs https://tsock.us1.twilio.com tsock.us1.twilio.com *.sip.*.twilio.com https://www.twilio.com/blog/get-started-webrtc Twilio WebRTC Client https://www.twilio.com/wireless Twilio Wireless https://www.twilio.com/docs/libraries Twilio SDKs https://www.twilio.com/console Twilio Console Twilio Helper Libraries Twilio CDNs (static*.twilio.com) https://twilio.com/blog twilio.com/blog https://build.twilio.com/s/ https://sendgrid.com https://app.sendgrid.com/ https://signup.sendgrid.com/ https://api.sendgrid.com api.sendgrid.com https://mc.sendgrid.com/ smtp.sendgrid.net https://authy.com/download/ Authy iOS app Authy Android App Authy Desktop app https://www.twilio.com/authy Twilio Authy - https://api.authy.com https://www.twilio.com/docs/verify/api Twilio Verify - https://verify.twilio.com https://www.twilio.com/docs/authy/api Twilio Authy API https://www.twilio.com/docs/authy/api/dashboard Twilio Authy Dashboard API Any host/web property verified to be owned by Twilio https://app.segment.com/ app.segment.com https://api.segment.io/ api.segment.io https://segment.com/docs/sources/ Source code of Website, Mobile, or Server Libraries (https://segment.com/docs/sources/) Any host / web property verified to be owned by Segment (domains/IP space/etc.) https://opendata-demo.test-socrata.com https://opendata.test-socrata.com https://opendata.test-socrata.com/admin/gateway https://mintmobile.com https://www.mintmobile.com https://ultramobile.com https://www.ultramobile.com https://web-retailer-portal.ultramobile.com Web Retailer Portal https://www.underarmour.com www.underarmour.com https://www.underarmour.co.uk www.underarmour.co.uk https://apps.apple.com/us/app/under-armour/id1092704571 UA Shop iOS https://play.google.com/store/apps/details?id=com.ua.shop&hl=en UA Shop Android https://api.shop.ua.com/graphql https://www.underarmournext.co.uk/ https://underarmournext.com/ https://*.api.ua.com/ *.api.ua.com https://consumer-sustainability.underarmour.com/en https://apphouse.underarmour.com/ apphouse.underarmour.com http://ourhouse.underarmour.com/ ourhouse.underarmour.com https://transfer.underarmour.com/ transfer.underarmour.com https://vpe-us.underarmour.com/ vpe-us.underarmour.com https://snc.underarmour.com/ snc.underarmour.com https://snctest-s.underarmour.com/ snctest-s.underarmour.com https://snctest-c.underarmour.com/ snctest-c.underarmour.com https://supplier.underarmour.com/ supplier.underarmour.com https://vtxapp9p.underarmour.com/ vtxapp9p.underarmour.com https://vtxapp9q.underarmour.com/ vtxapp9q.underarmour.com https://vtxapp9d.underarmour.com/ vtxapp9d.underarmour.com https://vtxappd.underarmour.com/ vtxappd.underarmour.com 204.29.196.0/23 3.223.149.182 3.230.219.249 34.237.130.2 34.239.5.227 52.220.158.49 52.76.174.107 52.67.69.35 52.44.176.187 52.86.17.52 54.83.32.16 13.58.121.166 3.133.230.28 3.19.172.158 https://id.unity.com id.unity.com https://api.unity.com api.unity.com https://cloud.unity.com cloud.unity.com https://store.unity.com store.unity.com https://pay.unity.com pay.unity.com https://syncsketch.dev syncsketch.dev player-login.unity.com https://unity3d.com/get-unity/download/archive Latest Supported LTS versions of the Unity Editor ( 2020.x / 2021.x / 2022.x ) https://unity3d.com/get-unity/download Unity Hub https://www.upwork.com www.upwork.com Upwork - Android Application Upwork - iOS Application Upwork Dash Messenger Desktop Version (www.upwork.com/downloads) www.upwork.com/api Direct Contracts api.upwork.com/graphql Upwork - Marketplace Portal Upwork - Messages Upwork - Mobile Application IOS Upwork - Mobile Application Android Upwork - api.upwork.com/graphql https://www.usaa.com usaa.com https://mobile.usaa.com mobile.usaa.com https://api.usaa.com/ api.usaa.com https://partners.usaa.com partners.usaa.com https://play.google.com/store/apps/details?id=com.usaa.mobile.android.usaa&hl=en USAA Mobile Application for Android https://apps.apple.com/us/app/usaa-mobile/id312325565 USAA Mobile Application for iOS https://aemdam.usaa360.com/ aemdam.usaa360.com https://api-a.usaa.com api-a.usaa.com https://authn.usaa.com/ authn.usaa.com https://b2bapi-a.usaa.com b2bapi-a.usaa.com https://b2bapi.usaa.com b2bapi.usaa.com https://b2blsapi-a.usaa.com b2blsapi-a.usaa.com https://b2blsapi.usaa.com b2blsapi.usaa.com https://content.usaa.com content.usaa.com https://d1.utv.usaa.com d1.utv.usaa.com https://d2.utv.usaa.com d2.utv.usaa.com https://externalconnect.usaa.com/ externalconnect.usaa.com https://guest.usaa.com/ guest.usaa.com https://l.usaa.com/ l.usaa.com https://liveassist.usaa.com/ liveassist.usaa.com https://liveassist11.usaa.com/ liveassist11.usaa.com https://liveassist12.usaa.com/ liveassist12.usaa.com https://liveassist21.usaa.com/ liveassist21.usaa.com https://liveassist22.usaa.com/ liveassist22.usaa.com https://liveassist23.usaa.com liveassist23.usaa.com https://liveassist24.usaa.com liveassist24.usaa.com https://mapi-a.usaa.com mapi-a.usaa.com https://mapi.usaa.com/ mapi.usaa.com https://mguest.usaa.com/ mguest.usaa.com https://mobileapps.usaa.com/ mobileapps.usaa.com https://mstatic.usaa.com mstatic.usaa.com https://mydesktop.usaa.com mydesktop.usaa.com https://myvpn.usaa.com myvpn.usaa.com https://nice.wfmusaa.com nice.wfmusaa.com https://nvoice.usaa.com/ nvoice.usaa.com https://s.usaa.com/ s.usaa.com https://s1.utv.usaa.com s1.utv.usaa.com https://s2.utv.usaa.com s2.utv.usaa.com https://securemail.usaa.com securemail.usaa.com https://static.usaa.com static.usaa.com https://www.usaainsurance.com/ usaainsurance.com https://utv.usaa.com utv.usaa.com https://v.utv.usaa.com v.utv.usaa.com https://vendorss.usaa.com vendorss.usaa.com https://vlagg.usaa.com vlagg.usaa.com https://vlapi.usaa.com vlapi.usaa.com https://webmail.usaa.com webmail.usaa.com https://ws.usaa.com ws.usaa.com https://wsmbr.usaa.com/ wsmbr.usaa.com epptool-ctld.verisign-grs.com (EPP service; DNS related) a.root-servers.net (DNS service; DNS related) j.root-servers.net (DNS service; DNS related) *.gtld-servers.net (DNS service; DNS related) https://www.verisign.com www.verisign.com (Website; non-DNS related) https://youcouldbe.com *.youcouldbe.com https://blog.verisign.com blog.verisign.com (Website; non-DNS related) https://namestudioforsocial.com/ *.namestudioforsocial.com https://namestudio.com *.namestudio.com *.verisign.com *.verisign-grs.com (DNS service; DNS related) https://apps.apple.com/us/app/viator-tours-activities/id434832826 iOS Viator Tours & Activities App https://play.google.com/store/apps/details?id=com.viator.mobile.android&hl=en_US&gl=US Android Viator Tours & Activities App https://supplier.viator.com/ https://viatorapi.viator.com/service/directory https://www.toursgds.com/ https://www.toursgds.com/ToursGdsService?wsdl https://www.toursgds.com/SupplierService?wsdl https://partners.viator.com https://travelagents.viator.com travelagents.viator.com https://help.supplier.viator.com/en https://kiwi.partner.viator.com kiwi.partner.viator.com https://*.viatorinc.com *.viatorinc.com https://selector.viator.com selector.viator.com https://partnerhelp.viator.com/ partnerhelp.viator.com/ https://*.viator.com *.viator.com Vox Cinemas iOS Vox Cinemas Android https://uae.voxcinemas.com/ https://www.skidxb.com/ https://www.magicplanetmena.com/ https://www.web.com www.web.com http://www.register.com www.register.com https://www.networksolutions.com www.networksolutions.com https://uk.web.com uk.web.com https://www.bluehost.com/ https://www.hostgator.com/ ██████████████████████████████████████ ██████ █████████████████████████████████████████████████████████████████████████ https://transferwise.com transferwise.com *.transferwise.com https://wise.com wise.com *.wise.com https://apps.apple.com/us/app/wise-ex-transferwise/id612261027 Latest version of Wise iOS App https://play.google.com/store/apps/details?id=com.transferwise.android&hl=en_US&gl=US Latest version of Wise Android App AWS infrastructure and services in use by Wise (eg: S3 buckets) https://github.com/transferwise/* github.com/transferwise/* https://api.woox.io/ https://woox.io/ https://play.google.com/store/apps/details?id=network.woo.mobile&hl=en&gl=US&pli=1 WOO X: Buy Crypto & BTC (Android) https://apps.apple.com/mt/app/woo-x-buy-crypto-btc/id1576648404 WOO X: Buy Crypto & BTC (IOS) Any Worldpay asset is in scope https://auth.wyze.com https://my.wyze.com https://api.wyzecam.com Wyze Cam V3 https://home.xfinity.com Home.xfinity.com (see below) Internet.xfinity.com *-cvr-aws-*.sys.comcast.net *signalservice.comcast.net *.dh-commerce.com *.ssr.ccp.xcal.tv orc-xfi.com *.xfiplatform.com https://apps.apple.com/us/app/xfinity/id1178765645 Xfinity Home iOS mobile app Xfinity iOS mobile app https://play.google.com/store/apps/details?id=com.xfinity.digitalhome&hl=en_US&gl=US Xfinity Home Android mobile app Xfinity Android mobile app xhomeapi-*.codebig2.net xhomeapi-*.cloud.comcast.net Xfinity Home Hardware (items listed below in brief) Xfinity Home cameras speedtest.xfinity.com siorc.xfinity.com smartinet.xfinity.com gw.api.dh.comcast.com xFi Gateways (e.g., XB3, XB6, XB7) xFi Pods https://csp-prod.codebig2.net csp-pci.prod.codebig2.net aiq-prod.codebig2.net *.xfinityhome.com https://bc.yieldstreet.net bc.yieldstreet.net staging-app.bany.dev share.acorns.com grow.acorns.com store.acorns.com https://afterpaytechblog.com afterpaytechblog.com https://genderfree.afterpay.com genderfree.afterpay.com https://www.moneybyafterpay.com/ moneybyafterpay.com aquarium.aiven.io uptime.aiven.io video.aiven.io https://aiven.io/community aiven.io/community https://aiven.io/contact aiven.io/contact Customer services you did not create *.aiven.fi github.com/Aiven-Labs *.avns.net https://events.aiven.io events.aiven.io ideas.aiven.io https://aivenhelp.zendesk.com aivenhelp.zendesk.com https://support.aiven.io support.aiven.io Creation of support tickets https://regatta.aiven.io/ regatta.aiven.io Microsoft Azure B2C null Commonwealth Bank - CommWeb MasterCard MPGS First Data xTP SendGrid Twilio Diebold Nixdorf Services - *.dieboldnixdorf.com *.arubanetworks.com not in scope above - see in scope *.hpe.com http://outdoorplanner.arubanetworks.com/ *.atl.arubanetworks.com *.getaws.arubanetworks.com asp-notifications.arubanetworks.com quickconnect.arubanetworks.com community.arubanetworks.com https://*.iot.developer.arubanetworks.com *.iot.developer.arubanetworks.com innovate.arubanetworks.com *.isb.arubanetworks.com enews.arubanetworks.com sirt.arubanetworks.com *.arubademo.net news.arubanetworks.com demos.arubanetworks.com supportcase.arubanetworks.com https://community.arubainstanton.com/home community.arubainstanton.com action.arubainstanton.com chat.arubainstanton.com asp.arubanetworks.com lms.arubanetworks.com afp.arubanetworks.com csaf.arubanetworks.com Other subdomains of asana.com Social engineering against Asana Support or Asana Employees jira*.integrations.asana.plus asana.okta.com assets.asana.biz Forms that you do not own Any internal or development services. https://bugcrowd.com/atlassianapps First and third party apps and plugins from the marketplace are excluded from this bounty but may be in scope for https://bugcrowd.com/atlassianapps https://shop.atlassian.com shop.atlassian.com bytebucket.org *.bitbucket.io https://blog.bitbucket.org HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile) Stride (inc. Stride Video, Stride Desktop, Stride Mobile) https://support.atlassian.com support.atlassian.com Any customer instance. Do not test customer instances or affect customer data. Customer cloud instances may be in the form of <customer>.atlassian.net or <customer>.jira.com. Test only your own instances. Any repository that you are not an owner of - do not impact Atlassian customers in any way. https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud Halp - Slack and Microsoft Teams Jira Integration - Cloud - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud Confluence Slack Automation Integration by Halp - Cloud - https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server Halp - Slack and Microsoft Teams Jira Integration - Server - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up Calendar Power-Up https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits List Limits Power-Up https://trello.com/power-ups/55a5d917446f517774210012/card-aging Card Aging Power-Up https://trello.com/power-ups/55a5d917446f517774210013/voting Voting Power-Up https://marketplace.atlassian.com (Website) https://trello.com/power-ups/* https://blog.aurory.io https://docs.aurory.io/ australiansuper.atlassian.net australiansuper.sharepoint.com *.australiansuper.com auth0.auth0.com manage.auth0.com accounts.auth0.com webtask.io phenix.rocks Auth0 Docs (including quickstarts) sharelock.io goextend.io https://support.auth0.com/tickets/new support.auth0.com community.auth0.com https://www.youporn.com/information/#support *.pornhub.com/live *.pornhub.com/insights *.pronstore.com *.pornhub.com/jobs *.pornhub.com/sex *.redtube.com *.redtubepremium.com *.pornhub.com *.pornhubpremium.com cms.pornhub.com cms.redtube.com *.youporn.com *.youpornpremium.com http://*.pornmd.com *.youporn.com/world blog.tube8.com http://www.tube8.com/contact.html *.thumbzilla.com *.pornhubapparel.com *.pornhub.org www.tube8vip.com https://www.trafficjunky.com/blog/ https://www.adultforce.com/#/blog/ *.<not-researcher-store>.mybigcommerce.com support.bigcommerce.com partners.bigcommerce.com start.bigcommerce.com grc.bigcommerce.com careers.bigcommerce.com events.bigcommerce.com security.bigcommerce.com partnernews.bigcommerce.com content.product.bigcommerce.com dam.bigcommerce.com jobs.coinmarketcap.com support.binance.* binance.sg *.trustwallet.com *.trustwalletapp.com *.binance.org blog.coinmarketcap.com support.coinmarketcap.com blockchain.coinmarketcap.com *.coinmarketcap.com partner-marketing.bitdefender.com/ businessinsights.bitdefender.com businessemail.bitdefender.com businessresources.bitdefender.com oemhub.bitdefender.com oemresources.bitdefender.com community.bitdefender.com/ resellerportal.bitdefender.com/ brand.bitdefender.com/ stats.bitdefender.com/ sstats.bitdefender.com/ lsems.gravityzone.bitdefender.com/ ssems.gravityzone.bitdefender.com/ https://crp.bitdefender.com crp.bitdefender.com https://telcosuccess.bitdefender.com telcosuccess.bitdefender.com demo.bitdefender.com Bitdefender Central (iOS App) Bitdefender Central (Android App) central.bitdefender.com https://support.bitpanda.com https://maintenance.bitpanda.com https://beta.bitpanda.com https://developers.bitpanda.com http://partners.whitelabel.bitpanda.com/ http://status.bitpanda.com https://requests.bitpanda.com https://*.exchange.bitpanda.com *.exchange.bitpanda.com https://perps-test.bitstamp.net https://*.appboy.com/ *.appboy.com https://*.braze.eu/ *.braze.eu https://*.braze.com/ *.braze.com Any Braze Owned Host not listed as in Scope bugcrowd*.freshdesk.com https://www.bugcrowd.com www.bugcrowd.com blog.bugcrowd.com researcherdocs.bugcrowd.com pages.bugcrowd.com forum.bugcrowd.com email.bugcrowd.com email.forum.bugcrowd.com https://go.bugcrowd.com go.bugcrowd.com events.bugcrowd.com https://assetinventory.bugcrowd.com assetinventory.bugcrowd.com https://community.bugcrowd.com community.bugcrowd.com trust.bugcrowd.com https://*.bullish.com *.bullish.com https://simnext.bullish-test.com *.bullish.com/ ███████████████████████████ ████████████████████████████████████████████████████ █████████████████████ *.0.canva.cn *.0.canva-apps.cn https://cwingsfe.mafrservices.com/login https://subs.foreignaffairs.com https://subscribe.foreignaffairs.com https://world101.cfr.org/ https://modeldiplomacy.cfr.org merakipartners.com developers.meraki.com smhelp.meraki.com community.meraki.com community-staging.meraki.com *.cisco.com meraki.cisco.com/form/contact Customer API Keys Meraki MC Phones documentation.meraki.com New support cases, Chat, Request new integration form Share feedback form Vulnerability scanners https://learn.clickhouse.com/ learn.clickhouse.com https://support.cloudinary.com wiki.cloudinary.com hourofcode.com advocacy.code.org https://www.coindesk.com/ coindesk.com https://uat.coindesk.com/indices CoinDesk Indices https://uat.coindesk.com/events CoinDesk Events https://events.coindesk.com Production CoinDesk Events https://consensus2023.coindesk.com/ Consensus2023 Site https://consensus2024.coindesk.com/ Consensus2024 Site https://consensus2025.coindesk.com/ Consensus2025 Site https://consensus-hongkong2025.coindesk.com/ Consensus HK Site https://uat.coindesk.com/ uat.coindesk.com https://uat.accounts.coindesk.com uat.accounts.coindesk.com *.hfc.comcastbusiness.net *.hsd1.*.comcast.net *business.comcast.com 10.0.0.0/8 50.128.0.0/12 50.152.0.0/13 96.201.0.0/16 96.202.128.0/17 96.203.0.0/16 172.26.128.0/18 184.112.0.0/13 184.122.0.0/15 NBC Universal Sky *.sys.comcast.net admin.selectwifi.xfinity.com https://www.comcastbiz.net/ Comcastbiz.net *.contrast.ninja Any Contrast Corporate Asset runner.contrastsecurity.com https://status.contrastsecurity.com status.contrastsecurity.com https://www.facebook.com/contrastsec/ Contrast Official Facebook Account https://www.twitter.com/contrastsec/ Contrast Official Twitter Account https://twitter.com/ContrastEMEA/ Contrast Official Twitter EMEA Account https://www.twitter.com/ContrastSecHelp/ Contrast Official Twitter Help Account https://www.youtube.com/channel/UColYZvBpgxXaLlqD2E4QC0g Contrast Official Youtube Account https://www.linkedin.com/company/contrast-security Contrast Official Linkedin Account https://www.instagram.com/contrast__security/ Contrast Official Instagram Account Purposefully Vulnerable WebGoat Application WebGoat with Contrast Agent https://console.delltechnologies.com/ https://console.delltechnologies.com/nav/catalog https://console.delltechnologies.com/nav/support https://console.delltechnologies.com/nav/subscriptions educate.dell.com console.dell.com console-test.dell.com salesproductivity.dell.com *.dell.com/* *.delltechnologies.com/* Virtual Appliance (vApp) Manager Dell ObjectScale Dell Digital Delivery www.directly.com resources.directly.com/* *.sandbox.directly.com/schedule-a-demo/* OR /product/* OR /careers/* OR /about/* OR /legal/* OR /trust/* https://ethics.epam.com/ ethics.epam.com https://profile.epam.com profile.epam.com https://carbon.epam.com/ carbon.epam.com https://www.infongen.com/ infongen.com http://ebn.epam.com/ ebn.epam.com https://solutionshub.epam.com/ solutionshub.epam.com https://www.telescopeai.com/ telescopeai.com https://wearecommunity.io/ wearecommunity.io https://cami.lab.epam.com/ cami.lab.epam.com https://ellie.lab.epam.com/ ellie.lab.epam.com https://apex.lab.epam.com/ apex.lab.epam.com https://investors.epam.com/ investors.epam.com https://ecsd00300769.epam.com/ ecsd00300769.epam.com https://display.epam.com/ display.epam.com https://info.epam.com info.epam.com https://admin-ui.preship.gcp.gnrg-osdu.projects.epam.com admin-ui.preship.gcp.gnrg-osdu.projects.epam.com https://support.epam.com/ support.epam.com/ https://customersupport.epam.com/ customersupport.epam.com https://supportnow.epam.com/ supportnow.epam.com https://anywhere.epam.com/ anywhere.epam.com icht.etsysecure.com https://www.exoscale.com Public Website https://community.exoscale.com Public Documentation Website Marketplace products https://academy.exoscale.com Exoscale Academy CDN service https://jobs.exoscale.com Job Board https://changelog.exoscale.com Changelog https://openapi-v2.exoscale.com/ OpenAPI V2 Documentation http://zammad.internal.exoscale.ch/ Zammad https://exoscalestatus.com/ Runstatus gslink.financialforce.com CVE-2021-26086 Limited Remote File Read/Include on Jir https://apuat-aaa.fisglobal.com Reference above out of scope targets https://training.flourish.studio training.flourish.studio ████████████████ api.gearset.com app.gearset.com us.app.gearset.com eu.app.gearset.com ap.app.gearest.com gearset.com ███████████████ Anything not explicitly listed as "In Scope". Android App IoS App https://try.hotdoc.com.au/hotdoc-profiles https://try.hotdoc.com.au/hotdoc-profiles https://shop.hubspot.com shop.hubspot.com https://trust.hubspot.com trust.hubspot.com https://thespot.hubspot.com thespot.hubspot.com https://ir.hubspot.com ir.hubspot.com Out of Scope Vulnerabilities https://www.cultbeauty.co.uk/matchme https://matchme.cultbeauty.co.uk/ http://sampling.ibotta.com/ https://backend.ibotta.com/duplicate_receipt_moderation https://ir.ibotta.com https://trust.ibotta.com legal.ibotta.com *dev.ibotta.com blog-empresas.ifood.com.br blog-parceiros.ifood.com.br *.ecomanda.com.br *.ecomanda.app *.allin.movilepay.com *.starsoft.movilepay.com Gestor de Pedidos - Desktop Client *.godsunchained.com *.gogbackend.com gogbackend.com godsunchained.com Anything that does not belong to Immutable Any data exposure bug that are classified as Public Data such as Ethereum Wallet Address, NFT Purchase activity, or other public blockchain activity. *.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions) http://docs.imperva.com/ http://docs-be.imperva.com/ https://www.irobot.com https://homesupport.irobot.com https://global.irobot.com/My%20Privacy irobot.in https://homesupport.irobot.com/app/chat/chat_launch *.joralocal.com.au https://www.lieferando.at/en/vouchercode/new-customer https://www.lieferando.at/gutschein/neukunde www.integration-takeaway.com rain-of-gifts.10bis.co.il treatmas.takeaway.com orderandwin.takeaway.com orderandwin.lieferando.de orderandwin.thuisbezorgd.nl wow-nachten.lieferando.at december-surprises.takeaway.com dekemvriiski-iznenadi.takeaway.com wow-nachten.lieferando.de december-cadeautjes.thuisbezorgd.nl pyszne-prezenty.pyszne.pl vianocne-prekvapenia.bistro.sk so-schmeckt-der-sommer.lieferando.at taste-the-summer.takeaway.com so-schmeckt-der-sommer.lieferando.de proef-de-zomer.thuisbezorgd.nl smak-lata.pyszne.pl schmeckt-wie-sommer.lieferando.at schmeckt-wie-sommer.lieferando.de orderandwin.pyszne.pl orderandwin.bistro.sk orderandwin.pizza.be orderandwin.lieferando.at *.takeawayriders.com/ Any other subdomains of k15t.com, including but not limited to www.k15t.com, www.k15t.de and help.k15t.com https://marketplace.atlassian.com/* ████████████████████████████████████████████████████████ █████████████████████████████ https://bugcrowd-pub.bounty.kiteworks.dev apply.kohls.com *kohls.com/kohlscredit/prequal *kohlsecommerce.com/kohlscredit/prequal corporate.kohls.com productchampions.kohls.com link-preprod.kohls.com developer.kohls.com lclive.kohls.com author-mykohls.kohls.com mykohls-origin.kohls.com origin-stage65-corporate.kohls.com origin-stage65-mykohls.kohls.com author-stage65-mykohls.kohls.com stage65-corporate.kohls.com stage65-mykohls.kohls.com author-qa65-mykohls.kohls.com mykohls.kohls.com any domain with archaius.json endoint is out of scope *kohls.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter *kohls.com/checkout/prequal_inquiry.jsp#/preQualEligible *kohlsecommerce.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter *kohlsecommerce.com/checkout/prequal_inquiry.jsp#/preQualEligible vp-*.kohls.com *qa*.kohls.com wfh*.kohls.com kconnect.kohls.com connection.kohls.com kohlsmerch.kohls.com/ support.kucoin.plus store.kucoin.com docs.kucoin.com intro.kucoin.com cert.kucoin.com sandbox.kucoin.com passport.kucoin.com *-sdb.kucoin.com *-sandbox.kucoin.com https://identity.lastpass.com Lastpass CLI tool https://info.lastpass.com https://forums.lastpass.com https://investors.latitudefinancial.com.au https://auth.latitudefinancial.com https://auth.*.latitudefinancial.com *.latitudefs.com https://*.my.latitudepay.com/ https://*.sg.latitudepay.com/ https://my.latitudepay.com https://sg.latitudepay.com https://t.latitudefinancial.com/* https://t.latitudefinancial.com https://p.latitudefinancial.com https://lightspeedhq.com/trial lightspeedhq.com/trial https://pos-admin.trial.lsk.lightspeed.app pos-admin.trial.lsk.lightspeed.app x-series-support.lightspeedhq.com vendhq.force.com vendimageuploadcdn.global.ssl.fastly.net partners.vendhq.com track.api.vendhq.com your-store.vendecommerce.com partnerportal.vendhq.com https://support.ecwid.com/hc/en-us https://www.ecwid.com/ community.li.me https://help.li.me (zendesk) *.limeinternal.com *.lime.bike https://li.me (hubspot) https://filestack.com *.filestack.com https://freshdesk.com *.freshdesk.com https://blstr.xyz *.blstr.xyz https://blstr.co *.blstr.co https://community.linktr.ee community.linktr.ee ██████████████ ██████████████████████████ ██████████████████████████████ ████████████ ███████████ www.americangirlmena.com moneytree.jp Any production asset of Moneytree KK (excepting the iOS app) getmoneytree.com Vulnerabilities related to web-app related issues tripactions.com https://status.newrelic.com New Relic open source software repos in github.com not in the list of agents or on docs.newrelic.com; New Relic Example Code, New Relic Experimental and Archived repos are explicitly out of scope. https://iopipe.com northwesternmutual.com/find-a-financial-advisor/ northwesternmutual.com/financial/advisor/* northwesternmutual.com/careers-apply/ northwesternmutual.com/report-a-death/ northwesternmutual.com/notice-of-long-term-care-form/ northwesternmutual.com/financial-professionals/?name=* northwesternmutual.com/notice-of-disability-form/ northwesternmutual.com/notice-of-group-disability-form/ calculator.northwesternmutual.com clientwise.com cloud.em.northwesternmutual.com events.nmfn.com eventscloud.com ftph1.northwesternmutual.com gbpwealth.com icims.com ideas.northwesternmutual.com m3.nml.com metrics.northwesternmutual.com metricssecure.northwesternmutual.com mynmcu.com nmcreative.space nmis-stage.netxinvestor.com nmresearchlibrary.nml.com pugetsound.nmfn.com sparks-financial.com theandersonfinancialgroupnm.com themint.org nwm.benselect.com *nuinternational.com *nat-a.nubank.com.br *.octopus.app artifactorysample.octopus.com bamboosample.octopus.com jenkinssample.octopus.com teamcitysample.octopus.com nexussample.octopus.com myget.octopus.com partners.octopus.com trust.octopus.com bugcrowd-%username%-1.oktapreview.com bugcrowd-%username%-2.oktapreview.com *.okta.com *.trexcloud.com login.okta.com pages.okta.com developer.okta.com trust.okta.com www.okta.com (static site) https://scaleft.com https://app.scaleft.com/p/signup https://github.com/oktadev Backend Okta non-app infrastructure Network layer issues AtSpoke - Okta Workflows actions in access requests AtSpoke - Entitlement bundles as a resource in access requests Anything not explicitly called out above as in-scope https://*.onetrust.com https://store.onetrust.com https://*.convercent.com https://*.dataguidance.com https://app.vendorpedia.com https://*.preferencechoice.com https://*.redacted.ai https://*.sharedassessments.org https://developer.onetrust.com https://my.onetrust.com https://*.vendorpedia.com https://*.onetrustgrc.com https://*.cookiepro.com https://tv.onetrust.com/ https://*.cookielaw.org https://*.onetrustpro.com https://*.privacyconnect.com https://*.onetrust.de https://*.onetrust.se https://*.onetrust.es https://*.onetrust.fr https://*.onetrust.it https://*.privacytech.com https://*.privacypedia.com https://*.esgiq.com https://*.trustweek2021.com concurso.opera.com investor.opera.com help.yoyogames.com bugs.yoyogames.com admanager.opera.com accountsstage.yoyogames.com control.gx-servers.opera.com help.gx-servers.opera.com verizon-us-seattle.opera-mini.net s2{1,2}-05-08-v09.opera-mini.net verizon-us-lvs-seattle.opera-mini.net 107.167.127.4{0,1} jobs.opera.com verizon-us-lvs-ashburn.opera-mini.net interstitial.opera-mini.net certs.opera.com checkout.opera.com contest.opera.com catch.opera.com wallpaper.opera.com tabfulness.opera.com Opsgenie Production (billing systems, third parties) https://www.optimizely.com/ https://www.originenergy.com.au/moving/ https://auth.api.originenergy.com.au/** https://origin-energy.formstack.com/** https://www.compareandconnect.com.au/ https://agent.compareandconnect.com.au/ https://fastconnect.co.nz https://Yourporter.com.au https://raywhitehomenow.com/ ███████████████████ ██████████████████ 2.0 API https://help.quizlet.com/hc/en-us help.quizlet.com (zendesk) community.rapyd.net support.rapyd.net docs.rapyd.net sandbox.rapyd.net 3rd party services ghost.rapyd.net ████████████████████ █████████████████ All submissions reported to this program will be marked as Not Applicable *.1shoppingcart.com Corporate Email (*@skyscanner.net) community.sophos.com Any Cyberoam Product or Service sophos.atlassian.net (Public service desk) SPF/DKIM/DMARC issues blog.soundcloud.com status.soundcloud.com help.soundcloud.com community.soundcloud.com copyright.soundcloud.com advertising.soundcloud.com https://soundcloudmail.com soundcloudmail.com press.soundcloud.com https://scdrops.soundcloud.com scdrops.soundcloud.com https://promote.soundcloud.com promote.soundcloud.com contest.soundcloud.com playback.soundcloud.com jobs.soundcloud.com playerone.soundcloud.com support.soundcloud.org https://afterpay.com *.afterpay.com https://cash.me *.cash.me https://designers.weebly.com/ designers.weebly.com https://tidal.com/ *.tidal.com https://play.google.com/store/apps/details?id=com.squareup.cash Cash App Mobile Application for Android https://itunes.apple.com/us/app/cash-app/id711923939?mt=8 Cash App Mobile Application for iOS Any vulnerabilities found in Third-party software Any host/web property or products verified to be owned by Stellantis (domains/IP space/etc.) but not listed in Primary targets. https://*.atlassian.com *.atlassian.com https://sprint.net *.sprint.net https://techapps.t-mobile.com techapps.t-mobile.com Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus. ████████████████████████████ ███████████████████████████████ employeefeedback.tesla.com energysupport.tesla.com (you can report vulnerabilities to bugbounty.zoho.com) https://engage.tesla.com/ engage.tesla.com *.engage.tesla.com feedback.tesla.com feedback.teslamotors.com ir.tesla.com ir.teslamotors.com mkto.teslamotors.com shop.eu.teslamotors.com service.tesla.com/docs/* service.tesla.cn/docs/* Any domains from acquisitions, such as maxwell.com Any other third-party websites hosted by non-Tesla entities https://*.eltenedor.* https://www.thefork.* Customer semi-login / PartialLogin feature https://module.thefork.com module.thefork.com https://www.lafourchette.com https://blog.thousandeyes.com/ https://app.thousandeyes.com/sfdc/community https://developer.tidal.com developer.tidal.com https://embed.tidal.com embed.tidal.com http://bugcrowd.com/atlassianapps First party (made-by-trello) power-ups other than those inscope are excluded from this program but can be reported to http://bugcrowd.com/atlassianapps e.trello.com help.trello.com trello-attachments.s3.amazonaws.com ir.tripadvisor.com *.tripadviser.at *.tripadvisor.cn www.tripadvisor.*/Trips www.tripadvisor.*/Mobile* www.tripadvisor.*/engineering www.tripadvisor.*/WidgetEmbed-* spotlight-dev.tripadvisor.com spotlight.tripadvisor.* careers.tripadvisor.com *.tripadvisoradexpress.* *.tripadvisorwifi.* *.bokun.io *.bokun.is *.bokun.com *.bokun.app *.bokun.eu *.bokun.team *.bokun.tools *.bokun.website *.bokunmobile.website *.experiences.zone https://tgt.tamedia.ch http://auth.20min.ch https://cre-api.tamedia.ch https://track.20min.ch Social Media Links (older than 2 years) Subdomain Takeover DMARC, SPF, DKIM https://*.connect.ringier.ch *.onelog.ch *.20min-tv.ch *.newsnetz.tv *.appuser.ch *.iagentur.ch *.streamboat.ch *.streamboatserver.ch Other Domains and Subdomains not specifically in scope support.twilio.com s.signal.twilio.com ahoy-eloqua.twilio.com Ytica and its assets TwimlBins store.twilio.com Demo websites e.g. lab.authy.com https://dashboard.authy.com All Kurento domains twiliotraining.com www.twilio.com/labs www.twilio.com/quest surveys.twilio.com support.sendgrid.com status.sendgrid.com Third-party services used by SendGrid issues-sendgrid.dev.twilio.com https://www.zipwhip.com/ zipwhip.com All Twilio acquisitions until explicitly noted under the in-scope targets community.segment.com segment.com/contact segment.com/jobs http://twil.io/ twil.io www.underarmour.<country> www.underarmour.com/en-us/affiliate-home www.uabiz.com, investor.underarmour.com productsafety.underarmour.com uabusiness.force.com www.underarmour.jobs blog.underarmour.com www.uateamcatalogs.com www.uaretail.com www.plankindustries.com investor.underarmour.com careers.underarmour.com www.underarmour.<country> www.uabiz.com www.uaretail.com uaallaccess.com Social media hijacking Any subdomain/domain/property not listed in the \'in scope\' section, is out of scope. Any Third-party Services support.upwork.com community.stage.upwork.com community.upwork.com stage.upwork.com e.upwork.com status.upwork.com signature.upwork.com careers.upwork.com tip.upwork.com tip.upwork.com pardot.upwork.com *.rc.viator.com *.sandbox.viator.com *.partner.viator.com https://agentcenter.viator.com agentcenter.viator.com https://operatorresources.viator.com operatorresources.viator.com https://partnerresources.viator.com partnerresources.viator.com partner.viator.com http://www.theplaymania.com/ *.web.com *.register.com *.networksolutions.com https://app.gator.com/ *.bluehost.com *.hostgator.com app.web.com █████████████████████████ ████████████████████████████████████████ █████████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████████████████████████████ Wise Affiliate Program Third party services not hosted by Wise Any Github asset not under the “transferwise” organization Third party authentication services (eg: Facebook and Google) https://transferwise.com/help/contact https://wise.com/help/contact *.tw.com *.tw.ee Non-current version of the Android app Non-current version of the iOS app *.transferwise.tech brand.wise.com links.wise.com widgets.transferwise.com brand.transferwise.com bootstrap.transferwise.com links.transferwise.com status.wise.com status.transferwise.com tech.transferwise.com 3rd Party Devices (known as Works with Xfinity) oauth.xfinity.com https://login.xfinity.com login.xfinity.com *.xerxessecure.com *.cimcontent.net *.identity.xfinity.com \\*\\business.comcast.com *.pulseinsights.com *.wurfulcloud.com *.appcenter.ms *.kampyle.com *.demdex.net *.openx.net *.criteo.net *.webcontentassessor.com *.amazon-adsystem.com *.adobedtm.com *.adnxs.com *.fwmrm.net https://app.ynab.com/ Any previous version of the desktop apps: YNAB 4, YNAB 3, YNAB Pro, YNAB Basic (Spreadsheet) https://develop-app.ynab.com https://support.ynab.com ██████████████████████████████████████ https://bugbounty-ctf.1password.com/ null <Your own 1Password account> —> Latest stable, beta, or nightly Browser Extension (Chrome, Brave, Firefox, Edge, and Safari) <Your own 1Password account> —> Latest stable, beta, or nightly Command Line Interface (CLI) http://--your-own-1password-account--.1password.com https://events.1password.com/ Arc on Mac Arc on Window arc.net bcny.com company.thebrowser.arc id6472513080 thebrowser.company https://*.granularinsurance.com/ https://*.onduo.com/ https://*.projectbaseline.com/ https://*.signalpath.com/ https://*.verily.com/ https://apps.apple.com/us/app/onduo/id1138490045 https://apps.apple.com/us/app/verily-me/id6448808133 https://play.google.com/store/apps/details?id=com.google.android.apps.diabetes https://play.google.com/store/apps/details?id=com.verily.me http://bumba.global Starbucks Japan Android Download the App: https://play.google.com/store/apps/details?id=com.starbucks.jp Starbucks Japan iOS https://apps.apple.com/jp/app/%E3%82%B9%E3%82%BF%E3%83%BC%E3%83%90%E3%83%83%E3%82%AF%E3%82%B9-%E3%82%B8%E3%83%A3%E3%83%91%E3%83%B3%E5%85%AC%E5%BC%8F%E3%83%A2%E3%83%90%E3%82%A4%E3%83%AB%E3%82%A2%E3%83%97%E3%83%AA/id1113037275?l=en-US cart.starbucks.co.jp gift.starbucks.co.jp login.starbucks.co.jp www.cart.starbucks.co.jp/ Starbucks Japan www.starbucks.co.jp Starbucks Australia Android https://play.google.com/store/apps/details?id=com.starbucks.au Starbucks Australia iOS https://apps.apple.com/au/app/starbucks-australia/id653757988 Starbucks Cambodia Android https://play.google.com/store/apps/details?id=com.starbucks.kh Starbucks Cambodia iOS https://apps.apple.com/kh/app/starbucks-cambodia/id1456402324 Starbucks Hong Kong Android https://play.google.com/store/apps/details?id=com.starbucks.hk Starbucks Hong Kong iOS https://apps.apple.com/hk/app/starbucks-hong-kong/id636266448 Starbucks India Android https://play.google.com/store/apps/details?id=com.starbucks.in Starbucks India iOS https://apps.apple.com/in/app/starbucks-india/id1210203958 Starbucks Indonesia Android https://play.google.com/store/apps/details?id=com.starbucks.id Starbucks Indonesia iOS https://apps.apple.com/id/app/starbucks-indonesia/id1126488844 Starbucks Korea Android https://play.google.com/store/apps/details?id=com.starbucks.co Starbucks Malaysia Android https://play.google.com/store/apps/details?id=com.starbucks.my Starbucks Malaysia iOS https://apps.apple.com/my/app/starbucks-malaysia/id888509698 Starbucks New Zealand Android https://play.google.com/store/apps/details?id=com.starbucks.nz Starbucks New Zealand iOS https://apps.apple.com/nz/app/starbucks-new-zealand/id1534351477 Starbucks Philippines Android https://play.google.com/store/apps/details?id=com.starbucks.ph Starbucks Philippines iOS https://apps.apple.com/ph/app/starbucks-philippines/id1363216428 Starbucks Singapore Android https://play.google.com/store/apps/details?id=com.starbucks.singapore Starbucks Singapore iOS https://apps.apple.com/sg/app/starbucks-singapore/id574621564 Starbucks Taiwan Android https://play.google.com/store/apps/details?id=com.starbucks.tw Starbucks Taiwan iOS https://apps.apple.com/tw/app/starbucks-tw/id829317669 Starbucks Thailand Android https://play.google.com/store/apps/details?id=com.starbucks.thailand Starbucks Thailand iOS https://apps.apple.com/th/app/starbucks-thailand/id898062370 Starbucks Vietnam Android https://play.google.com/store/apps/details?id=com.starbucks.vn Starbucks Vietnam iOS https://apps.apple.com/vn/app/starbucks-vietnam/id1410451879 www.starbucks.co.id/ Starbucks Indonesia www.starbucks.co.kr/ Starbucks Korea www.starbucks.co.nz/ Starbucks New Zealand www.starbucks.co.th/ Starbucks Thailand www.starbucks.com.au/ Starbucks Australia www.starbucks.com.bn/ Starbucks Brunei www.starbucks.com.hk/ Starbucks Hong Kong www.starbucks.com.kh/ Starbucks Cambodia www.starbucks.com.my/ Starbucks Malaysia www.starbucks.com.sg/ Starbucks Singapore www.starbucks.com.tw/ Starbucks Taiwan www.starbucks.in/ Starbucks India www.starbucks.la/ Starbucks Laos www.starbucks.ph/ Starbucks Philippines www.starbucks.vn/ Starbucks Vietnam Starbucks Austria Android App Download the app here: https://play.google.com/store/apps/details?id=com.starbucks.at Starbucks Austria iOS Download the app here: https://apps.apple.com/at/app/starbucks-%C3%B6sterreich/id976355440 Starbucks Czech Republic https://apps.apple.com/cz/app/starbucks-czechia/id6476321104 Starbucks Czech Republic https://play.google.com/store/apps/details?id=com.starbucks.cz&hl Starbucks France Android https://play.google.com/store/apps/details?id=com.starbucks.fr Starbucks France iOS https://apps.apple.com/fr/app/starbucks-france/id943993603 Starbucks Germany Android https://play.google.com/store/apps/details?id=com.starbucks.de Starbucks Germany iOS https://apps.apple.com/de/app/starbucks-deutschland/id948562829 Starbucks Ireland Android https://play.google.com/store/apps/details?id=com.starbucks.ie Starbucks Ireland iOS https://apps.apple.com/ie/app/starbucks-ireland/id1532285370 Starbucks Poland iOS https://apps.apple.com/pl/app/starbucks-cee/id1048524289 Starbucks Portugal Android https://play.google.com/store/apps/details?id=com.starbucks.pt Starbucks Portugal iOS https://apps.apple.com/pt/app/starbucks-portugal/id6447920609 Starbucks Romania Android https://play.google.com/store/apps/details?id=com.starbucks.ro Starbucks Romania iOS https://apps.apple.com/ro/app/starbucks-romania/id6472733341 Starbucks South Africa Android https://play.google.com/store/apps/details?id=com.starbucks.za Starbucks South Africa iOS https://apps.apple.com/za/app/starbucks-south-africa/id1137700631 Starbucks Spain Android https://play.google.com/store/apps/details?id=com.starbucks.es Starbucks Spain iOS https://apps.apple.com/es/app/starbucks-espa%C3%B1a/id6447769086 Starbucks Switzerland Android https://play.google.com/store/apps/details?id=com.starbucks.ch&hl=en_US Starbucks Switzerland iOS https://apps.apple.com/ch/app/starbucks-switzerland/id976349872 Starbucks Turkey Android https://play.google.com/store/apps/details?id=com.starbucks.tr Starbucks Turkey iOS https://apps.apple.com/tr/app/starbucks-t%C3%BCrkiye/id1100698915 Starbucks United Kingdom Android https://play.google.com/store/apps/details?id=com.starbucks.uk&hl=en_US Starbucks United Kingdom iOS https://apps.apple.com/gb/app/starbucks-uk/id1499149941 card.starbucks.com.cy/ Starbucks Cyprus card.starbucks.com.gr/ Starbucks Greece https://www.starbucks.at Starbucks Austria www.roastery.starbucks.it Starbucks Reserve™ Roastery Milano www.starbucks.ae Starbucks United Arab Emirates www.starbucks.be Starbucks Belgium www.starbucks.bg Starbucks Bulgaria www.starbucks.ch Starbucks Switzerland www.starbucks.co.ma Starbucks Morocco www.starbucks.co.uk/ Starbucks United Kingdom www.starbucks.co.za Starbucks South Africa www.starbucks.co.za/ www.starbucks.com.bh Starbucks Bahrein www.starbucks.com.jo Starbucks Jordan www.starbucks.com.kw Starbucks Kuwait www.starbucks.com.kz Starbucks Kazakhstan www.starbucks.com.lb Starbucks Lebanon www.starbucks.com.om Starbucks Oman www.starbucks.com.tr Starbucks Turkey www.starbucks.cz/ Starbucks Czech Republic www.starbucks.de Starbucks Germany www.starbucks.eg Starbucks Egypt www.starbucks.es Starbucks Spain www.starbucks.fr/ Starbucks France www.starbucks.hu Starbucks Hungary www.starbucks.ie/ Starbucks Ireland www.starbucks.it/ Starbucks Italy www.starbucks.mt Starbucks Malta www.starbucks.nl Starbucks Netherlands www.starbucks.no Starbucks Norway www.starbucks.pl Starbucks Poland www.starbucks.pt/ Starbucks Portugal www.starbucks.qa Starbucks Qatar www.starbucks.ro Starbucks Romania www.starbucks.rs Starbucks Serbia www.starbucks.sa Starbucks Saudi Arabia www.starbucksslovakia.sk/ Starbucks Slovakia Starbucks Argentina Android https://play.google.com/store/apps/details?id=com.starbucks.ar Starbucks Argentina iOS https://apps.apple.com/ar/app/starbucks-argentina/id1209110211 Starbucks Chile Android https://play.google.com/store/apps/details?id=com.starbucks.cl Starbucks Chile iOS Starbucks El Salvador Android https://play.google.com/store/apps/details?id=com.starbucksrewards.sv Starbucks El Salvador iOS https://apps.apple.com/sv/app/starbucks-el-salvador/id6535501479 Starbucks Mexico Android https://play.google.com/store/apps/details?id=com.starbucks.mx Starbucks Mexico iOS https://apps.apple.com/us/app/starbucks-m%C3%A9xico/id570779372 Starbucks Peru Android https://play.google.com/store/apps/details?id=com.starbucks.peru Starbucks Peru iOS https://apps.apple.com/pe/app/starbucks-per%C3%BA/id1409811746 www.starbucks.cl Starbucks Chile www.starbucks.co.cr/ Starbucks Costa Rica www.starbucks.com.ar/ Starbucks Argentina www.starbucks.com.mx/ Starbucks Mexico www.starbucks.com.py/ Starbucks Paraguay www.starbucks.com.sv Starbucks El Salvador www.starbucks.com.uy Starbucks Uruguay www.starbucks.pa/ Starbucks Panama www.starbucks.pe Starbucks Peru www.starbucks.tt Starbucks Trinidad and Tobago www.starbuckspr.com/ Starbucks Puerto Rico Starbucks China Android https://play.google.com/store/apps/details?id=com.starbucks.cn Starbucks China iOS https://apps.apple.com/us/app/%E6%98%9F%E5%B7%B4%E5%85%8B%E4%B8%AD%E5%9B%BD/id499819758 www.starbucks.com.cn/ Starbucks China 2kleague.nba.com bal.nba.com cdn-bal.nba.com cdn.nba.com cms.nba.com com.nbaimd.gametime.nba2011 com.nbaimd.gametime.universal content-api-nextgen-prod.nba.com content-api-prod.nba.com core-api.nba.com corp-dev.nba.com cweb-ott.nba.com elm.nba.com gleague.nba.com id.nba.com identity.nba.com lockervision.nba.com manage-teams.nba.com manage.nba.com mcd.nba.com mcdalerts.nba.com nbafedsvc.nba.com stats-trafficcop-prod.nba.com stats.2kleague.nba.com stats.gleague.nba.com stats.nba.com stats.wnba.com syndication.nba.com teamportal.nba.com vote.nba.com www.nba.com www.wnba.com api.circle.com Testing should be done on api-sandbox.circle.com. app.circle.com Testing should be done on app-sandbox.circle.com. console.circle.com Only the web2 portion of console.circle.com is in scope. Anything smart contract/smart contract platform or otherwise web3 related is not in scope. Researchers should make it clear they\'re HackerOne researchers in their username and email domain, and must be using testnet. http://github.com/circlefin/noble-cctp https://github.com/circlefin/buidl-wallet-contracts https://github.com/circlefin/evm-cctp-contracts https://github.com/circlefin/noble-fiattokenfactory https://github.com/circlefin/solana-cctp-contracts https://github.com/circlefin/stablecoin-aptos https://github.com/circlefin/stablecoin-evm https://github.com/circlefin/stablecoin-sui https://github.com/circlefin/sui-cctp *.varonis.com *.varonis.io *.varonis.net Merchant Portal https://portal.playground.klarna.com https://github.com/nimiq/core-rs-albatross Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward. Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact. When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced). Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. Social engineering (e.g. phishing, vishing, smishing) is prohibited. Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. ## Exploring our repository: - Blockchain: Manages the blockchain structure, block validation, and chain state. - Consensus: Implements the consensus mechanism and synchronization. - Validator: Contains logic for the validator role, including signing and verification processes. - Primitives: Includes fundamental types and utilities used across other crates, such as data structures for accounts, blocks, transactions, and various cryptographic functions. ## Quick start: - Prerequisites: - Install the latest version of Rust by following the instructions on the [Rust website](https://www.rust-lang.org/learn/get-started#installing-rust). - Installation: - Clone the Repository: `git clone https://github.com/nimiq/core-rs-albatross.git` - Move to the Repository: `cd core-rs-albatross` - Build the project and start a basic full node: `cargo run --release --bin nimiq- client` For more details, check the repository [Reame file](https://github.com/nimiq/core-rs-albatross/blob/albatross/README.md). api.vault.chiatest.net Chia Cloud crypto wallet API https://apps.apple.com/app/chia-signer/id6504493785 IOS cryptographic signing application https://github.com/Chia-Network/chia-blockchain Chia core https://github.com/Chia-Network/chia-blockchain-gui Chia desktop https://github.com/Chia-Network/chia_rs Chia RUST implementations https://github.com/Chia-Network/chiapos Chia Proof of Space plotter https://github.com/Chia-Network/chiavdf ChiaVDF (Verifiable Delay Function) for Timelords https://github.com/Chia-Network/clvm_rs https://vault.chiatest.net/ Chia Cloud crypto wallet 3CX Live chat WordPress plugin This is a plugin that integrates 3CX Livechat into a WordPress site. A 3CX installation is required (On Premise or in the Cloud). Link to the plugin: https://wordpress.org/plugins/wp-live-chat-support/ Link to the documentation: https://www.3cx.com/docs/manual/live-chat/ 3CX Phone System 1. Register on www.3cx.com using your **hackerone email address**. Confirm your email and follow the wizard to select a deployment type. (Please refer to our documentation for more information about each deployment type https://www.3cx.com/docs/manual/install/) 2. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version and ensure it is still valid. On linux you can manually update by running `apt update && apt upgrade` in your server\'s terminal.** 3. For any additional technical documentation you can refer to our website. 3CX SBC 1. 3CX SBC requires an existing installation of 3CX Server. 2. Use the following ISO instead to deploy 3CX SBC on-premise: https://downloads-global.3cx.com/downloads/debian12iso/debian-amd64-netinst-3cx.iso . 3. In the 3CX Installer select 3CX SBC (not PBX) 4. During the Installation you will be asked to enter the PBX FQDN and SBC key. 5. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version (both 3CX PBX and 3CX SBC) and ensure it is still valid. You can update by running `apt update && apt upgrade` in your server\'s terminal.** 6. For any additional technical documentation you can refer to our website. https://apps.apple.com/us/app/3cx/id992045982 The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension\'s QR code. User manual: https://www.3cx.com/user-manual/installation-iphone/ https://apps.microsoft.com/detail/3cx/9NW77489NGJ0 The 3CX softphone app for Windows allows you to make calls, view the status of colleagues, chat, schedule a video conference and check voicemail from your desktop https://play.google.com/store/apps/details?id=com.tcx.sipphone14 The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension\'s QR code. User manual: https://www.3cx.com/user-manual/installation-android/ https://portal.3cx.com This is the portal where customers and partners can manage their 3CX account/license keys. https://etherscan.io/address/0x000000000000204327E6669f00901a57CE15aE15 Please refer to the contract at this address, not etherscan.io itself. https://etherscan.io/address/0x000000000000a53f64b7bcf4cd59624943c43fc7 https://etherscan.io/address/0x0000003E0000a96de4058e1E02a62FaaeCf23d8d Please refer to the contract at this address, not etherscan.io itself. https://etherscan.io/address/0x000000e92d78d90000007f0082006fda09bd5f11 https://etherscan.io/address/0x0046000000000151008789797b54fdb500E2a61e https://etherscan.io/address/0xcE0000007B008F50d762D155002600004cD6c647 https://github.com/alchemyplatform/modular-account Alchemy\'s Modular Account is a maximally modular, upgradeable smart contract account that is compatible with ERC-4337 and ERC-6900. auth.privy.io dashboard.privy.io https://www.npmjs.com/package/@privy-io/react-auth *.nflxext.com **Primary Target** Static content is served over this domain *.nflximg.net *.nflxso.net *.nflxvideo.net *.prod.cloud.netflix.com The primary Netflix experience is driven by microservices that are hosted and called through our API. You may see the API referenced as `api*.netflix.com` as well as `www.netflix.com/api/*` *.prod.dradis.netflix.com The primary Netflix experience is driven by microservices that are hosted and called through our API. You may see the API referenced as` api*.netflix.com` as well as `www.netflix.com/api/*` *.prod.ftl.netflix.com Content Authorization Targets **Device & Content Authorization Findings** High severity targets include methods of subverting content authorization or obtaining private keys. Medium severity targets include leaked private keys for content decryption. Submissions of hardware-backed private keys (i.e. from a TEE) & key exfiltration methods will have higher payouts than submissions of software-backed private keys & key exfiltration methods. Corporate Assets ** Netflix.com Google G suite ** **For targets listed in the "Corporate Targets Overview" section, we only reward for the bugs that are critical or High based on the CVSS.** - We do accept submissions of overly exposed Google documents (as described in Corporate Targets above), which start at Low severity. - Submissions must meet other applicable requirements (e.g. not an Excluded Submission Type). - Medium and Low severity reports will be accepted but will not be eligible for a bounty. Microsites ## Secondary Target Microsites are sites that Netflix typically publishes for promotion or in support of Netflix titles. Not all microsites are hosted by Netflix. Some are hosted by vendors or partners. We cannot authorize you to test these sites as we do not own the computers that host them. It is critical that you confirm that Netflix is the owner of a particular microsite before testing. When in doubt, please reach out to the Netflix team to confirm. Netflix Mobile Application for Android ## Mobile target **App Id on play store - com.netflix.mediaclient** We only accept Critical and High-level vulnerabilities in the apps Netflix Mobile Application for iOS **App ID on app store - 363590051** Open Source - Atlas ## https://github.com/Netflix/atlas **Secondary Target** Open Source - Consoleme https://github.com/netflix/consoleme Open Source - Dispatch https://github.com/Netflix/dispatch Open Source - Spectator ## https://github.com/Netflix/spectator Open Source - Weep https://github.com/netflix/weep Open Source - Zuul ## https://github.com/Netflix/zuul Secondary Assets api*.netflix.com beacon.netflix.com Beacon is a logging endpoint used to collect client information from member\'s browsers and streaming devices. customerevents.netflix.com `customerevents.netflix.com`, `nmtracking.netflix.com`, and `presentationtracking.netflix.com` are all alias of `beacon.netflix.com`. Submissions containing variations of the URL will not be treated as unique. help.netflix.com Our help site provides a knowledge base and customer service chat ichnaea.netflix.com Ichanaea is a logging endpoint used to collect client information meechum.netflix.com Netflix partner page nmtracking.netflix.com presentationtracking.netflix.com secure.netflix.com Secure static assets are hosted on this domain www.netflix.com ## Primary Target The primary Netflix experience is hosted on this top level domain. The UI uses a combination of React JS and Node. api.23andme.com First API from original codebase, responsible for less services at the moment but still integrated into the product. auth.23andme.com Responsible for all authenticated services throughout the product. blog.23andme.com Official blog of 23andMe, sharing insightful articles, updates, and stories on genetics, health, and personal genomics. education.23andme.com 23andMe\'s dedicated education site, offering resources and insights to enhance genetic literacy through informative content and educational materials mediacenter.23andme.com Media center for 23andMe, providing press releases, media assets, and comprehensive information for journalists and media professionals medical.23andme.com Medical and therapeutics site containing information about 23andMe\'s medical research. research.23andme.com research.23andMe.com is the official research domain of 23andMe store.23andme.com Online store for 23andMe products, offering DNA testing kits, genetic insights, and personalized merchandise. therapeutics.23andme.com 23andMe\'s site exclusively dedicated to therapeutics to share and market what we\'ve done and what we have in the pipeline in regards to therapeutics. you.23andme.com you.23andme.com is our main consumer site which contains users DNA kit results, dna relatives, and more. Users can interact with relatives and perform profile related features such as downloading data. 1641486558 com.einnovation.temu www.temu.com http://api.lightspark.com http://app.lightspark.com https://link.uma.me Login and signup for Lightspark Extend for UMA. *.bybit.com Web3 Smart Contract https://apps.apple.com/us/app/bybit-app/id1488296980 https://play.google.com/store/apps/details?id=com.bybit.app&hl=en *.cheaptickets.nl Low priority Scope *.trainpal.com,*.mytrainpal.com *.travix.com *.travix.io *.trip.com Except for the domain name of <local>. trip.com <locale>.trip.com Trip Main Sites High priority Scope com.trip.android com.trip.ios *.bykea.net 1351179184 The customer iOS app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services. belaz.bykea.net This microservice facilitates the pick-and-drop service and associated functionalities within our apps. bykea.com com.bykea.pk The customer android app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services. com.bykea.pk.partner The driver app offers core features such as wallet management, invoicing, booking visibility, and acceptance, supporting seamless driver operations on the platform. https://*test*.bykea.net https://api.bykea.net This core microservice handles booking creation and facilitates communication between critical microservices, powering both the apps and overall business operations. https://geocode-beta.bykea.net https://googleplace*.bykea.net https://kronos*.bykea.net This API-based microservice manages invoicing functionalities, playing a vital role in our platform’s financial operations. https://leaflet-map.bykea.net https://loadboard*.bykea.net/ This asset is an API-based microservice that allows drivers to view and accept customer bookings. https://maps.bykea.net https://nominatim.bykea.net https://raptor*.bykea.net This asset is an API-based microservice responsible for authentication processes. e-Commerce This scope covers Inditex\'s entire e-commerce platform, mainly made up of the following domains: - www.zara.com - www.bershka.com - www.oysho.com - www.stradivarius.com - www.zarahome.com - www.pullandbear.com - www.massimodutti.com - www.lefties.com - www.zara.cn - www.bershka.cn - www.oysho.cn - www.stradivarius.cn - www.zarahome.cn - www.pullandbear.cn - www.massimodutti.cn If the bug is in a service not explicitly named in the above list, but you are able to demonstrate that exploitation of the bug would affect directly and clearly to e-commerce operations, we will consider it to be in scope, (e.g. cache poisoning within static.zara.com will affect the operations of www.zara.com). Because the e-commerce platform shares a common technological foundation, multiple reports describing the same vulnerability against multiple assets or endpoints where the root cause is the same will be treated as one report. Do not submit duplicate reports for the same issue across multiple sites, as the duplicates will be closed, and the issue will be treated as one report. https://github.com/leather-wallet/extension www.leather.io com.secretkeylabs.xverse https://chrome.google.com/webstore/detail/xverse-wallet/idnnbdplmphpflfnlkomgpfbpcgelopg https://github.com/fireblocks/mpc-lib aw.visa.com bb.visa.com bd.visa.com bm.visa.com bq.visa.com console.tink.com cw.visa.com developer.authorize.net developer.currencycloud.com developer.cybersource.com developer.visa.com direct-demo.currencycloud.com ebctest.cybersource.com An account can be created via https://developer.cybersource.com/hello-world/sandbox.html ht.visa.com http://myvisainfinite.com/suntrust/en_us/home.html http://www.myvisacardportal.com/welcome/enbd/product/# sandbox.authorize.net An account can be created via https://developer.authorize.net/hello_world/sandbox.html sandbox.secure.checkout.visa.com test.payworks.io usa.visa.com visa.co.cr visa.co.ni visa.co.za visa.com.au visa.com.jm visa.com.ru visa.com.ua www.authorize.net www.cardinalcommerce.com www.currencycloud.com www.cybersource.com www.fraedom.com www.practicalbusinessskills.org www.practicalmoneyskills.com www.practicalmoneyskills.org www.tink.com www.visa.co.ao www.visa.co.id www.visa.co.il www.visa.co.in www.visa.co.jp www.visa.co.ke www.visa.co.nz www.visa.co.th www.visa.co.uk www.visa.co.ve www.visa.com.az www.visa.com.br www.visa.com.cn www.visa.com.cy www.visa.com.ge www.visa.com.hk www.visa.com.hr www.visa.com.kh www.visa.com.kz www.visa.com.lc www.visa.com.lk www.visa.com.ms www.visa.com.mx www.visa.com.my www.visa.com.ng www.visa.com.ph www.visa.com.sg www.visa.com.tr www.visa.com.tw www.visa.com.vn www.visainfinite.ca www.yellowpepper.com *.consumer.worldcoin.org **Secondary Asset** World App backend. TFH-owned asset *.toolsforhumanity.com TFH-owned asset *.worldcoin-distributors.com Worldcoin Foundation-owned asset *.worldcoin.dev *.worldcoin.org Primary Assets bioid-management.app developer.worldcoin.org **Primary Asset** getworldcoin.com https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847 https://docs.world.org/world-chain/reference/address-book Worldcoin Foundation-owned asset. Smart contracts listed in this page are within scope for our program. https://github.com/worldcoin https://play.google.com/store/apps/details?id=com.worldcoin World App for Android. TFH-owned asset id.worldcoin.org toolsforhumanity.com worldcoin.org com.nicehash.metallum com.nicehash.mobile https://api-test.nicehash.com https://test.nicehash.com/shop/ For NiceHash Shop, you can try following discount codes: **BB-ACTIVE** is the valid code for 50% discount, you should be able to use it. **BB-EXPIRED** is the expired code for 25% discount, you should not be able to use it. test.nicehash.com You can self register by using a valid email, Google or Apple account. Web client uses JavaScript to get a data from the NiceHash API and present it to the user or to get data from the user and send it to the NiceHash API. This is the test environment (copy of the production environment) where testnet blockchains are used , that you can acquire for free from internet faucet sites, so you can freely try to manipulate any financial transaction (deposit, withdrawal, purchase...). To get free test coins to your NiceHash account, after registration and login first find your NiceHash deposit address (https://test.nicehash.com/my/wallets/). Then do internet search for "BTC testnet faucet", open found site and enter your NiceHash deposit address - you should receive deposit of test coins from a testnet faucet to your NiceHash account in couple of hours. https://github.com/AleoHQ/snarkOS/ https://github.com/AleoHQ/snarkVM/ 1013961111 1218902777 https://apps.apple.com/us/app/id1218902777 926252661 Blink Indoor ASIN: B086DL32QX Blink Mini ASIN: B07X27VK3D Blink Outdoor ASIN: B086DKMSSM Blink Sync Module 2 ASIN: B084RQ6MHJ Blink Video Doorbell https://www.amazon.com/dp/B08SG2MS3V Chime Gen 2 and 2 Pro, ASIN: B07WML2XTD, B07WML1QM4 Indoor Cam ASIN: B07Q9VBYV8 Peephole Cam ASIN: B07WHMQNPC Ring Alarm Gen 2, ASIN: B07ZPMCW64 Ring Smart Lighting Bridge Gen 1 Stickup Cam Gen 3, ASIN: B07Q3T177V Video Doorbell 2nd Gen, 3 & 3 Plus, ASINs: B0849J7W5X, B08N5NQ869, B07WLP395R com.immediasemi.android.blink com.ring.neighborhoods com.ringapp https://*.blinkforhome.com/* https://*.immedia-semi.com/* https://admin.ring.com/* https://api.ring.com/* https://app.ring.com/* https://billing.ring.com/* https://fw.ring.com/* https://nw.ring.com/* https://oauth.ring.com/* https://ring.com/* prd-ring-web-us.prd.rings.solutions 153.46.96.0/20 193.110.154.0/24 https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB https://apps.apple.com/mx/app/debix/id1581440132 https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871 https://apps.apple.com/mx/app/six-id/id1620496931 https://apps.apple.com/us/app/bme-conecta/id6443938949 https://play.google.com/store/apps/details?id=com.sixgroup.debixplus https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1 https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps https://web3.sdx.com https://www.sdx.com/ www.bolsasymercados.es www.six-group.com com.anker.AnkerMake The App for AnkerMake 3D Printer com.eufylife.EufyHome The eufy Clean/eufy Home App for roboVac com.oceanwing.FDMPrint The Android App for AnkerMake 3D Printer com.oceanwing.battery.cam Most features shall use the eufy Security hardware devices. com.oceanwing.care.cam This is the Android version App works for eufy baby monitor, mainly working offline. com.security.BatteryCam The major features shall connect with the hardware devices of eufy Security. com.security.care This is the iOS version App works for eufy baby monitor, mainly working offline. https://us.eufy.com/products/e8213181 S330 Video Doorbell-Battery https://us.eufy.com/products/t8410121 S220 Indoor Cam https://us.eufy.com/products/t88511d1 eufyCam 2 Pro https://us.eufy.com/products/t88711w1 https://www.ankermake.com/products/m5?variant=42744298373269 This is the hardware of AnkerMake M5. It is the FDM (fused deposition modeling) tech 3D printer. 1023499075 com.eero.android eero (2nd Generation) eero 6 (3rd Generation) eero 6 Extender (3rd Generation) eero 6 Pro eero 6+ (4th Gen) eero 6E Pro (4th Gen) eero Beacon (2nd Generation) eero Pro (2nd Generation) https://api-user.e2ro.com/* https://node.e2ro.com/* Mozilla Ad Routing Service ** Critical Site ** Mozilla Ad Routing Service (MARS) under the below domains: - ads.mozilla.org (mars.prod.ads.prod.webservices.mozgcp.net) - ads.allizom.org (mars.stage.ads.nonprod.webservices.mozgcp.net) - mars.qa.ads.nonprod.webservices.mozgcp.net - ads-img.mozilla.org - ads-img.allizom.org - contile.services.mozilla.com - spocs.getpocket.com - spocs.getpocket.dev - spocs.mozilla.net - spocs.allizom.net Testing to be done on the staging instance: - ads.allizom.org Source Code: https://github.com/mozilla-services/mars Mozilla VPN Clients ** Critical Site** Mozilla VPN iOS, Android, Desktop Clients. Note that Mozilla VPN subscriptions are only open in [these countries](https://support.mozilla.org/en-US/kb/mozilla-vpn-countries-available-subscribe). Source Code: https://github.com/mozilla-mobile/mozilla-vpn-client Product Delivery **Do not run automated scans on those domains** Firefox Downloads which include the below sites: - archive.mozilla.org - download.mozilla.org - download-installer.cdn.mozilla.net - treeherder.mozilla.org Note that content on these assets is intentionally public. Source Code: https://github.com/mozilla/treeherder accounts.firefox.com Mozilla Accounts (previously known as Firefox Accounts) Additional domains in scope for Firefox Accounts: * api.accounts.firefox.com * oauth.accounts.firefox.com * profile.accounts.firefox.com * verifier.accounts.firefox.com * subscriptions.firefox.com Source Code: https://github.com/mozilla/fxa addons.allizom.org This is the staging server for Firefox Addons. Testing should be restricted to this instance without any testing on production. Additional domains for Addons: - services.addons.allizom.org - versioncheck-bg.addons.allizom.org - versioncheck.addons.allizom.org Source Code: https://github.com/mozilla/addons-server api.profiler.firefox.com **Core Site** API server for Firefox Profiler Source Code: https://github.com/firefox-devtools/profiler aus5.mozilla.org Backend update system for Mozilla products. No disruptive testing or scanning tools to be run on production. Source Code: https://github.com/mozilla-releng/balrog bugzilla.mozilla.org Mozilla owned Bugzilla instance. Please do not use automated scanners, create, or modify bugs when testing Bugzilla. Instead, testing should be only done on the development instance, bugzilla-dev.allizom.org. Source Code: https://github.com/mozilla-bteam/bmo community-tc.services.mozilla.com Community instance of TaskCluster CI/CD tool. Source Code: https://github.com/taskcluster/taskcluster crash-reports.allizom.org Endpoint for sending Firefox crash reports. Testing to be done on staging instance: https://crash-reports.allizom.org/ Source Code: https://github.com/mozilla-services/socorro crash-stats.allizom.org Analytics site for Firefox crash reports data. Testing to be done on staging instance only: https://crash-stats.allizom.org/ developer.mozilla.org Please use the staging instance for intrusive tests or for tests which change the content: https://developer.allizom.org Source Code: https://github.com/mdn/mdn firefox-ci-tc.services.mozilla.com TaskCluster CI/CD tool instance used for Firefox builds. firefox.settings.services.mozilla.com Additional domains for Remote Settings: - firefox-settings-attachments.cdn.mozilla.net Testing to be performed on staging instance only: https://firefox.settings.services.allizom.org/v1/ hg.mozilla.org The website used for source code and version control hosting for Firefox. Web vulnerabilities that affect the website itself and not the source code will be considered as vulnerabilities in a **Core Site**. Vulnerabilities that affect the source code itself will be considered as vulnerabilities in a **Critical Site**. Source Code: https://github.com/mozilla/version-control-tools lando.services.mozilla.com Tool used to land Firefox code into Mercurial. Additional Domain: api.lando.services.mozilla.com Testing to be done on staging or development instances only: - ui.dev.lando.nonprod.cloudops.mozgcp.net - ui.stage.lando.nonprod.cloudops.mozgcp.net - api.dev.lando.nonprod.cloudops.mozgcp.net - api.stage.lando.nonprod.cloudops.mozgcp.net Source Code: - https://github.com/mozilla-conduit/lando - https://github.com/mozilla-conduit/lando-api - https://github.com/mozilla-conduit/lando-ui merino.services.mozilla.com Firefox Suggest Testing to be performed on staging instance only: https://stage.merino.nonprod.cloudops.mozgcp.net/api/v1/suggest Source Code: https://github.com/mozilla-services/merino-py monitor.mozilla.org Mozilla Monitor Testing to be done on the staging instance: https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net/ Source Code: https://github.com/mozilla/blurts-server mozilla-pontoon-staging.herokuapp.com Staging instance for Mozilla Localization Service. Testing is to be done on this instance only, testing on production is not acceptable. Source Code: https://github.com/mozilla/pontoon phabricator.allizom.org Testing to be done **only** on the development instance (phabricator-dev.allizom.org) or the staging instance (phabricator.allizom.org) Source Code: https://github.com/mozilla-conduit/phabricator profiler.firefox.com Web application for Firefox Profiler push.services.mozilla.com Firefox Push Service. Additional domain in scope: updates.push.services.mozilla.com Testing to be done on below staging instances: - wss://autopush.stage.mozaws.net - https://updates-autopush.stage.mozaws.net Source Code: https://github.com/mozilla-services/autopush-rs relay.firefox.com Testing to be done on the staging instance only: https://stage.fxprivaterelay.nonprod.cloudops.mozgcp.net. The team would like testing to be focused on the APIs listed here: https://dev.fxprivaterelay.nonprod.cloudops.mozgcp.net/api/v1/docs/ Source Code: https://github.com/mozilla/fx-private-relay shavar.services.mozilla.com Anti-tracking protection service in Firefox. Additional domain: shavar.prod.mozaws.net. Please do not run automated scans or denial of service testing on this service. Source Code: https://github.com/mozilla-services/shavar stage.taskcluster.nonprod.cloudops.mozgcp.net Staging instance for TaskCluster CI/CD tool. support.mozilla.org Support platform for all of Mozilla Products. **Testing to be done on staging instance only to avoid disrupting users: support.allizom.org** Source Code: https://github.com/mozilla/kitsune sync.services.mozilla.com Firefox Sync Domains: - *.sync.services.mozilla.com - token.services.mozilla.com - https://github.com/mozilla-services/syncstorage-rs - https://github.com/mozilla-services/tokenlib/ vpn.mozilla.org This is the backend server behind Mozilla VPN. www.mozilla.org Mozilla Marketing Website aka Bedrock. Please use our staging instance, www.allizom.org, for testing to avoid site disruption. Source Code: https://github.com/mozilla/bedrock 10x.redoxengine.com api.gamma.redoxstage.com app.gamma.redoxstage.com blob.gamma.redoxstage.com clientcert.gamma.redoxstage.com dashboard.gamma.redoxstage.com docs.redoxengine.com eets-sftp-listener.gamma.redoxstage.com eets.gamma.redoxstage.com evening-earth.gamma.redoxstage.com explore.redoxengine.com This is a marketing site with all public information. Findings here have lesser security implication than our application fhir.redoxengine.com gamma.redoxstage.com help.redoxengine.com launch.gamma.redoxstage.com sftp.gamma.redoxstage.com test*.redoxengine.com testapi.redoxengine.com testapp.redoxengine.com webhooks.gamma.redoxstage.com www.redoxengine.com This is our wordpress marketing site. Findings here have lesser security implication than our application *.oklink.com *.okx.com Mac OS Executable https://www.okx.com/download OKT Chain https://github.com/okx/exchain OKX Android APK https://play.google.com/store/apps/details?id=com.okinc.okex.gp OKX Wallet Chrome Extension https://chromewebstore.google.com/detail/okx-wallet/mcohilncbfahbmgdjkbpemcciiolgcge OKX Wallet Edge Add-ons https://microsoftedge.microsoft.com/addons/detail/okx-wallet/pbpjkcldjiffchgbbndmhojiacbgflha OKX Wallet Safari Extension https://apps.apple.com/us/app/okx-wallet/id6463797825 OKX iOS APP https://apps.apple.com/us/app/okx-buy-bitcoin-btc-crypto/id1327268470 Web3 DEX Open Source https://github.com/okx/WEB3-DEX-OPENSOURCE https://github.com/okx/WEB3-DEX-SOLANA-OPENSOURCE Windows OS Executable api.wisdomtreeprimeapp.com com.wisdomtree.wtprime www.analvids.com www.ddfcontent.com www.pornbox.com www.pornworld.com https://github.com/tronprotocol/java-tron *.luckydays.ca we have a lot of 3rd party\'s such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com. *.luckydays.com *.magicjackpot.ro You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s. *.napoleoncasino.be You need a real/fake Belgium ID to register an account on the main casino/sport app. You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution *.napoleondice.be *.napoleongames.be *.napoleonsports.be *.spinaway.com we have a lot of 3rd party\'s such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com. *.superbet.com *.superbet.pl *.superbet.ro For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s. Or use a test account from this list( some of them might not work so try multiple ones): synack1 - rNc7pGnzxaWRaK synack2 - tQWdwGX4B5agoe synack3 - 2hZHsnFhZPTT3D synack4 - 6qE8ZG8JQgSWCU synack5 - yfjzvoWLYZn4GM synack6 - JUKzSYr626V7zZ synack7 - VMs8C4txt3hNzQ synack8 - LyEb8vuuRRgiXd synack9 - KZkfiVXrHZ3JxX synack10 - 6sphJVv3PFp8mB ● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team. *.superbet.rs This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip\'s, so please use a VPN. ro.superbet.games Make sure you change your google play country to Romania so you can access the app. https://play.google.com/store/apps/details?id=ro.superbet.games&hl=ro&gl=RO ro.superbet.sport Make sure you set the location to your google play account to Romania so you can access the app https://play.google.com/store/apps/details?id=ro.superbet.sport&hl=ro&gl=RO *.magiceden.dev Cryptocurrency = Solana *.magiceden.io *.magiceden.workers.dev Magic Eden Wallet (Chrome Extension) magiceden.io 1431768824 563291345 Any other subdomains under this domain are not in scope and ineligible for submission 965180355 api.avtoelon.uz api.kolesa.kz api.krisha.kz app.avtoelon.uz app.kolesa.kz app.krisha.kz avtoelon.uz id.avtoelon.uz id.kolesa.kz kolesa.kz krisha.kz kz.kolesa kz.krisha m.avtoelon.uz m.kolesa.kz m.krisha.kz uz.avtoelon *.boozt.com *.booztlet.com com.boozt com.boozt.app com.boozt.booztlet com.booztlet kronor.io We are interested in reports covering the following endpoints only: 1. https://kronor.io/v1/graphql 2. https://payment-gateway.kronor.io 3. https://kronor.io/cde/gql my.sheer.com www.sheer.com 1589071345 App name: My Vodafone Oman apix.vodafone.om om.vodafone.mva vfo01.vodafone.om vfo02.vodafone.om vfo03.vodafone.om www.vodafone.om api.au.frontegg.com portal.au.frontegg.com *.indrive.com *.indriver.com *.indriverapp.com ab-platform-api.eu-east-1.indriverapp.com argocd.indrive.dev auth.indrive.tech auth2.indrive.tech aws.indrive.tech cargo.indrive.com ci.indrive.dev debug.clairvoyance.indrive.tech external.indrive.dev file-storage-front.eu-east-1.indriverapp.com https://*.indriver.io https://*.indriverjob.com ingest.clairvoyance.indrive.tech injob.indriver.com intercity-*.eu-east-1.indriverapp.com messenger.eu-east-1.indriverapp.com new-order.eu-east-1.indriverapp.com priority.eu-east-1.indriverapp.com profile-api.eu-east-1.indriverapp.com super-services.indriverapp.com terra-*.indriverapp.com truck-api.eu-east-1.indriverapp.com volans.tech watchdocs.indriverapp.com wga.volans.tech 1671793296 zerobounce.net 1324809509 https://apps.apple.com/us/app/id1324809509 1528364633 https://apps.apple.com/us/app/luna-controller/id1528364633 302584613 https://apps.apple.com/us/app/id302584613 621574163 https://apps.apple.com/us/app/amazon-photos/id621574163 944011620 https://apps.apple.com/us/app/id944011620 947984433 https://apps.apple.com/us/app/id947984433 Echo Family Devices Echo (Gen 4), Echo Dot (Gen 4) Echo Dot with Clock (Gen 4) Echo Show 10 Echo Flex Echo Buds Echo Frames Echo Auto FireTV Fire TV Stick (Gen 3) Amazon Fire TV Cube (Gen 2) Fire TV Stick Lite Fire TV Blaster Kindle E-Reader Kindle Oasis (Gen 10) Kindle (Gen 10) Luna Luna Controller Tablets Fire HD 8 (Gen 10) Fire 7" (Gen 9) Fire HD 10 (Gen 9) a4k.amazon.com alexa.amazon.com alexaanswers.amazon.com amazon.com/hz/mycd/* api.amazonalexa.com/* blueprints.amazon.com com.amazon.clouddrive.photos https://play.google.com/store/apps/details?id=com.amazon.clouddrive.photos com.amazon.dee.alexaonwearos com.amazon.dee.app https://play.google.com/store/apps/details?id=com.amazon.dee.app com.amazon.kindle https://play.google.com/store/apps/details?id=com.amazon.kindle com.amazon.storm.lightning.client.aosp https://play.google.com/store/apps/details?id=com.amazon.storm.lightning.client.aosp com.amazon.tahoe.freetime https://play.google.com/store/apps/details?id=com.amazon.tahoe.freetime com.amazon.tails https://play.google.com/store/apps/details?id=com.amazon.tails creator.amazon.com developer.amazon.com/alexa/* developer.amazon.com/apps-and-games/* https://luna.amazon.com/* https://www.amazon.com/luna/* read.amazon.com skills-store.amazon.com www.amazon.com/photos/* Android & iOS App for REI Customers To download the app, please visit https://www.rei.com/mobile What it does? REI customers can place orders through the app on their smartphone Any public cloud resource or infrastructure operated and managed by REI. * Public cloud storage accounts. (e.g. AWS S3 buckets) * Public cloud computer server. (e.g. AWS EC2 instances) http://collaboration.rei.com http://rei.com/adventures http://rei.com/events http://rei.com/lists http://www.rei.com/learn/expert-advice rei.com api.mergify.com dashboard.mergify.com https://www.zabbix.com/download_sources You can download any supported versions of Zabbix distributive for testing purposes (including pre-release versions). com.coinhako Get the app here: https://play.google.com/store/apps/details?id=com.coinhako com.coinhako.app Get the app here: https://apps.apple.com/app/coinhako-bitcoin-wallet-asia/id1137855704 www.coinhako.com cdn.arkoselabs.com client-api.arkoselabs.com customer-sessions.arkoselabs.com demo.arkoselabs.com This web app is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties. iframe.arkoselabs.com portal.arkoselabs.com verify.arkoselabs.com www.arkoselabs.com This website is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties. checksw.com 1- Check if you can pass the two authentications provided by Secure Gateway mobile APP, Try any possible way to login without receiving the code, or try brute force the code or pass the rate limit. 2- Check if you can pass upload prevention system, try any file extension out of the list (jpg,jpeg,png,gif,jfif,mp4,doc,docx,pdf,xls,xlsx,ppsx,ppt,pptx,flv,rar,zip,htm,html) And the file you uploaded should function in a browser when visiting the file. 3- Check whether you can pass the Secure Gateway upload detector system, for example upload \'.jpg\' file It has the word [php_uname] in the file content (not in file name). Instructions For 2FA, you need to install \'Secure Gateway\' APP on your phone to get onetime a code. Secure Gateway APP can be downloaded by clicking on the link below. For Apple Devices https://apps.apple.com/us/app/secure-gateway/id1633721151 For Android Devices https://play.google.com/store/apps/details?id=com.alscotoday.SecureGateway Then contact us to provide you with a test account to login to Secure Gateway APP. Guidelines: 1-Only full hack scenario will be accepted, e.g., edit the index page, or download the database. 2-Upload html file contain JavaScript are not considered as vulnerability, Unless you can change an index page, database or file on our system. 3-A recorded video must be included with every report submitted. 4- If you don\'t follow these guidelines we will not award a bounty for the report. 5-Business logic errors and misconfigurations are out of scope, but you are welcome to submit reports. Required Reporting Format Affected target, feature, or URL: Description of problem: Impact of the issue: Steps to reproduce: Proof of Concept: Is knowledge of this issue currently public? Only complete hacking scenarios will be accepted; otherwise, the report will be closed. Any report that does not follow these guidelines will be rejected and closed. royal.checksw.com Check [Royal CMS] Against Common Injection include [XSS Injection , SQL Injection ,SQLi Injection , OS Injection ,Command Injection, URL Injection , Remote Code Execution, and privilege escalation] that could cause hack CMS and change major files in back-end server. app.dynamic-preprod.xyz app.dynamic.xyz Because we are still beta, if you provide us with a wallet public address we can whitelist your wallet. Open a report with your address. Additionally, we\'ll close as informative to avoid any negative impacts. Alternatively, you can email security@dynamic.xyz with your wallet address and H1 username. Anonymous emails are allowed. demo.dynamic.xyz While demo.dynamic.xyz is set to low severity, do note that we consider reports where using demo.dynamic.xyz to expose an issue with the backend api (https://app.dynamic.xyz and https://app.dynamicauth.com) to be critical. For example, any issues that are specific to demo only are considered low. *.boredapeyachtclub.com *.cryptopunks.app *.mdvmm.xyz *.meebits.app *.otherside.xyz *.yuga.com *.yugalabs.io 329381334701178885 CryptoPunks Discord Server Canary Channel ID: 999377510355718245 831287358355275877 Bored Ape Yacht Club Discord Server Canary Channel ID: 999376248943943813 937011954453721119 Meebits Discord Server Canary Channel ID: 999376585037713568 961114489414094898 Otherside Discord Server Canary Channel ID: 999375944731082923 app.moderntreasury.com cdn.moderntreasury.com http://sandbox-api.fireblocks.io http://sb-console-api.fireblocks.io http://sb-mobile-api.fireblocks.io sandbox.fireblocks.io Access to the sandbox (https://sandbox.fireblocks.io/) is provided after submitting this form https://info.fireblocks.com/fireblocks-developer-account, with the proton email provided by HackerOne credential management. https://developers.fireblocks.com/docs/sandbox-quickstart https://developers.fireblocks.com/docs/postman-guide Authentication component The Authentication component is used to provide MetaMask users services that require to be logged in and/or identified. It is comprised of an Authentication API at: https://authentication.api.cx.metamask.io/ and an ORY Hydra OAuth server at: https://oidc.api.cx.metamask.io. Documentation can be found in this [Doc]( https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub) Message signing snap This snap is pre-installed on MetaMask and can be tested via RPC calls. - **Github source code**: https://github.com/MetaMask/message-signing-snap - **Main documentation**: https://github.com/MetaMask/message-signing-snap/blob/main/docs/testing.md - **Testing video tutorial**: https://www.loom.com/share/93ce2929c2584cf89af87d76f61be978 MetaMask Browser Extension Chrome Installation Link: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn Firefox Installation Link: https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/ Supporting Documentation - https://docs.metamask.io/guide/ - https://github.com/MetaMask/metamask-extension MetaMask SDK The MetaMask SDK allows for third party developers to remotely connect with their user\'s MetaMask wallets after performing an authorization flow. Javascript SDK Installation Guide: * https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-js/ Mobile SDK Installation Guide: * https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-mobile.html Unity SDK Installation Guide: * https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-unity.html Architecture documentation: * https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer Snaps Snaps is a feature that allows third party developers to add new functionality to MetaMask. A snap is a JavaScript program that runs in an isolated environment and customizes the wallet experience. Snaps have access to a limited set of capabilities, determined by the [permissions](https://docs.metamask.io/snaps/how-to/request-permissions/) the user granted them during installation. Visit our [quickstart guide](https://docs.metamask.io/snaps/get-started/quickstart/) to learn how to build your own snap, or visit [snaps.metamask.io](http://snaps.metamask.io) to see the possibilities that snaps now offer. Please note that for the duration of the open beta, custom made snaps can only be installed on experimental [MetaMask Flask](https://metamask.io/flask/). While that asset is out of scope, vulnerabilities concerning the snaps feature are eligible for submission if they affect the main extension as well. **Supporting Documentation:** - https://github.com/MetaMask/snaps/tree/main - https://docs.metamask.io/snaps/ **Architecture Documentation** - https://github.com/MetaMask/snaps/tree/main/docs/internals **Packages included in this scope:** - [rpc-methods](https://github.com/MetaMask/snaps/tree/main/packages/rpc-methods) - [snaps-controllers](https://github.com/MetaMask/snaps/tree/main/packages/snaps-controllers) - [snaps-execution-environments](https://github.com/MetaMask/snaps/tree/main/packages/snaps-execution-environments) - [snaps-utils](https://github.com/MetaMask/snaps/tree/main/packages/snaps-utils) - [snaps-ui](https://github.com/MetaMask/snaps/tree/main/packages/snaps-ui) As snaps is a first party feature integrated into MetaMask, vulnerabilities will be scored relative to the impact demonstrated against the MetaMask Extension without a change in scope. Snaps Development Packages The Snaps development tools consist of a series of unrelated packages that can assist in the development of a snap. These tools are eligible for a bounty in cases where a victim can be impacted by exploiting one of the following tools (ex: achieving remote code execution by having a developer build your snap with snaps-cli). These tools are as follows: - [create-snap](https://github.com/MetaMask/snaps/tree/main/packages/create-snap) - [snaps-browserify-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-browserify-plugin) - [snaps-cli](https://github.com/MetaMask/snaps/tree/main/packages/snaps-cli) - [snaps-rollup-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-rollup-plugin) - [snaps-simulator](https://github.com/MetaMask/snaps/tree/main/packages/snaps-simulator) - [snaps-webpack-plugins](https://github.com/MetaMask/snaps/tree/main/packages/snaps-webpack-plugins) https://*.metamask.io **Please ensure you are not reporting a subdomain that is explicitly listed as being out of scope.** Bounty eligibility is determined based on the impact that can be demonstrated by exploiting the affected asset. https://metamask.github.io/phishing-warning/<vX.Y.Z> The phishing warning page is a security control that warns users when they attempt to visit a webpage found on one of our known phishing blocklists. While many versions of this page exist, only vulnerabilities found on the latest version are eligible for a bounty. Supporting Documentation: * https://github.com/MetaMask/phishing-warning/releases * [Code usage in MetaMask extension](https://github.com/MetaMask/metamask-extension/blob/d96c2b8530ff0fe66ad8977641bc70cc0b58cc03/app/scripts/contentscript.js#L611-L624) https://user-storage.api.cx.metamask.io The User Storage API helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy. Documentation can be found in this [Doc](https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub) io.metamask Installation Link: https://metamask.io/download/ Supporting documentation - https://github.com/MetaMask/metamask-mobile io.metamask.Metamask metamask.io The root https://metamask.io webpage and the metamask.io DNS configuration. portfolio.metamask.io **All reports regarding this asset should be submitted to the ConsenSys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there. ** The Portfolio dApp allows Metamask users to see an aggregated view across multiple different Metamask accounts. It also allows users to access popular on-chain primitives like Swaps, Bridging, Staking, and more. snaps.metamask.io This is a directory that lists featured snaps available for installation on MetaMask. **Supporting Documentation** - https://github.com/MetaMask/snaps-directory api.skinport.com Public REST API - Docs: https://docs.skinport.com app.skinport.com Backend: [app.skinport.com](app.skinport.com) **Important Note:** Alias of skinport.com/api/ (to app.skinport.com/api/) http://skinport.com/blog/ skinport.com skinport.com (without subdomains, e.g. screenshot.skinport.com, float.skinport.com and so on) Frontend: [skinport.com](https://skinport.com) - skinport.com/api/ (redirected to app.skinport.com/api/) submissions, please use app.skinport.com scope! - skinport.com/support: If you are to test anything related to typing in the support ticket, please, send following message before that. `Hello. I\'m a pentester from HackerOne. I\'m going to test something in support ticket. Your developers are aware of that.` *.eu.floqast.app All domains for FloQast\'s Core Application for European Customers *.floqast.app All domains for FloQast\'s Core Application for US Customers api-eu.floqast.app Public API for FloQast\'s Core Application for European Customers https://*.floqast.engineering These domains shouldn\'t be accessible, so if you\'re able to get a 200 response and get the actual page contents and not something like "You need to enable JavaScript to run this app. ", please don\'t hesitate to submit a report. Any public (Internet-facing) infrastructure owned and operated by Palantir. This is an expansive scope to help you identify security issues in any Internet-facing infrastructure we run. All domains and subdomains owned and operated by Palantir are included within the scope. These may include, but are not limited to: * palantir.com * palantir.tech * palantir.build * palantircloud.com * palantircloud.co.uk * palantirfoundry.com * palantirfoundry.co.uk * palantirfoundry.de * palantirfoundry.fr * palantirfoundry.com.au * palantirgov.com * foundrygov.com All assets and services on these, and other Palantir-owned domains (unless otherwise noted as out-of-scope) may be eligible for awards. This may include cloud resources, firewalls, network devices, servers, and other assets or applications. Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir. - Public cloud storage accounts. (e.g. AWS S3 buckets, Azure data blobs) - Public cloud compute servers. (e.g. AWS EC2 instances, Azure Virtual Machines) MongoDB BI Connector MongoDB Cluster-To-Cluster sync MongoDB Compass MongoDB Driver: .NET MongoDB Driver: C MongoDB Driver: C# MongoDB Driver: C++ MongoDB Driver: Go MongoDB Driver: Java MongoDB Driver: Node.js MongoDB Driver: PHP MongoDB Driver: Python MongoDB Driver: Ruby MongoDB Driver: Rust MongoDB Kafka Connector MongoDB Owned GitHub Repositories MongoDB GitHub related reports are encouraged however, eligible reports may be rewarded at a percentage of the severity reward payout. MongoDB Realm SDKs MongoDB Relational Migrator MongoDB Server Local Instance MongoDB Shell MongoDB Spark Connector MongoDB VS Code Plugin artifactory.corp.mongodb.com/ https://*.corp.mongodb.com* https://www.*mongodb.com/* The following domains fall under the \\*.mongodb.com/\\* domain: * \\*.corp.mongodb.com/\\* * \\*.infosec.mongodb.com/\\* * \\*.marian.mongodb.com/\\* * \\*.transport.mongodb.com/\\* * \\*.students.mongodb.com/\\* * \\*.dev.mongodb.com/\\* * \\*.support.mongodb.com/\\* * \\*.compass.mongodb.com/\\* * \\*.university.mongodb.com/\\* * \\*.blog.mongodb.com/\\* * \\*.api.mongodb.com/\\* There are domains that fall under the \\*.mongodb.com/\\* that are out of scope. Please refer to out of scope section PLEASE NOTE eligible subdomain takeover reports may be rewarded at a percentage of the severity reward payout. mongodb.live/* *.deribit.com 1293674041 Tier 1 Tier 2 com.deribit insights.deribit.com metrics.deribit.com pb.deribit.com test.deribit.com tools.deribit.com api.sorare.com This is Sorare\'s GraphQL Open API. More documentation about the API can be found on GitHub: https://github.com/sorare/api sorare.com This is Sorare\'s main application. ws.sorare.com This is Sorare\'s WebSocket domain, providing GraphQL subscriptions capabilities as described in https://github.com/sorare/api#subscribing-to-graphql-events *.hilton.com All subdomains of hilton.com that resolve to IP addresses belonging to the Rackspace organization are considered out of scope. In addition, the application eis.hilton.com is out of scope. *.hilton.io *.hiltonbusinessonline.com *.hiltonlocalbiz.com 121.200.237.36/29 167.187.0.0/16 192.251.123.0/24 192.251.124.0/24 192.251.125.0/24 192.251.126.0/24 203.79.37.2/29 62.216.152.46/29 82.196.42.196/28 hilton.com Authentication functionality when a user creates a Hilton Honors account (https://www.hilton.com/en/hilton-honors/join/). To create a Hilton Honors account, finders should complete the free sign-up process. The string “Test-Hackerone” must be prepended to the First and Last name fields for all Honors accounts created for the purposes of security testing. hilton.io hiltonbusinessonline.com hiltonlocalbiz.com com.compass.compass https://apps.apple.com/us/app/compass-real-estate-homes/id692766504 www.compass.com *.sidefx.com *.wellsfargo.com com.wellsfargo.ceomobile com.wf.ceomobile com.wf.mobilebanking com.wf.wellsfargomobile connect.secure.wellsfargo.com This is our retail banking experience, and a priority domain. http://wellsfargo.com Wickr Me Android Wickr Me Linux Wickr Me OS X Wickr Me Windows Wickr Me iOS Wickr Pro Android Wickr Pro Linux Wickr Pro OS X Wickr Pro Windows Wickr Pro iOS Wickr Pro/Wickr Me (all related technical components) (up to) admin.wickr.com *.payoneer.com http://greenchannel.payoneer.com.cn/gcportal payoneer.com.cn Payoneer China *.hypermint.com *.moonpay.com *.moonpaycloud.com api.moonpay.com app.moonpay.com auth.moonpay.com buy.moonpay.com https://apps.apple.com/app/id1635031432 https://github.com/moonpay Archived repositories are excluded and considered out of scope. https://play.google.com/store/apps/details?id=com.moonpay hypermint.com moonpay.com sell.moonpay.com web3.moonpay.com 1091010942 iOS Mobile app app.koho.ca Our app API gateway. ca.koho Android Mobile app http://api.koho.ca/1.0 Our main API gateway http://api.koho.ca/partner Used for API calls to/for our partners usercontent.koho.ca Used for our assets to be delivered to customers (i.e. logo, stylesheets, etc.). web.koho.ca Customer-facing Web application webgateway.koho.ca Our web API gateway. www.koho.ca Marketing website *.capitalone.ca *.capitalone.com *.capitalonegslbex.com *.capitaloneshopping.com 1089294040 407558537 Capital One Shopping Browser Extension Eno® Browser Extension com.konylabs.capitalone com.wikibuy.prod.main knox.beta.blendlabs.com api.razorpay.com Reference: https://razorpay.com/docs/ checkout.razorpay.com Payment Workflow: https://razorpay.com/docs/payments/dashboard/test-live-modes/ https://razorpay.com/docs/payments/payments/test-card-upi-details/ dashboard.razorpay.com Signup Workflow: https://razorpay.com/docs/payments/sign-up/ invoices.razorpay.com payroll.razorpay.com Doc - https://razorpay.com/docs/x/xpayroll/ x.razorpay.com Docs - https://razorpay.com/docs/x https://git.libssh.org/ Disclosure instructions: https://www.libssh.org/development/security-process/ https://github.com/Electron Build cross platform desktop apps with JavaScript, HTML, and CSS. Disclosure instructions: https://github.com/electron/electron/security/policy https://github.com/Nginx Disclosure instructions: http://nginx.org/en/security_advisories.html https://github.com/apache/airflow Disclosure instructions: https://github.com/apache/airflow/security/policy https://github.com/apache/httpd Disclosure instructions: http://httpd.apache.org/security_report.html https://github.com/apache/tomcat Disclosure instructions: https://tomcat.apache.org/security.html https://github.com/argoproj/argoproj Disclosure instructions: https://github.com/argoproj/argoproj/blob/master/SECURITY.md Project Modifier: bounty amounts for this project are adjusted based on the following criteria: -50% : Vulnerability is not exploitable in a default configuration of Argo. https://github.com/curl/curl Disclosure instructions: https://github.com/curl/curl/blob/master/docs/VULN-DISCLOSURE-POLICY.md https://github.com/django The Web framework for perfectionists with deadlines. Disclosure instructions: https://www.djangoproject.com/security/ https://github.com/libuv/libuv Disclosure instructions: https://github.com/libuv/libuv/security https://github.com/nodejs/node Disclosure instructions: https://hackerone.com/nodejs **Project Modifier:** bounty amounts for this project are adjusted based on the following criteria: -50% : Vulnerability is not exploitable in a default configuration of Node.js. -25% : A proposed patch was not provided for the issue. https://github.com/openssl/openssl OpenSSL. Disclosure instructions: https://www.openssl.org/news/vulnerabilities.html https://github.com/rack/rack Disclosure instructions: https://github.com/rack/rack/security/policy https://github.com/rails Ruby on Rails. Disclosure Instructions: https://rubyonrails.org/security/ https://github.com/ruby The Ruby Programming Language. Disclosure Instructions: https://www.ruby-lang.org/en/security/ https://github.com/rubygems/rubygems Library packaging and distribution for Ruby. Disclosure instructions: https://guides.rubygems.org/security/#reporting-security-vulnerabilities https://github.com/rust-lang/rust Rust Programming Language. Disclosure Instructions: https://www.rust-lang.org/policies/security https://github.com/spiffe/spiffe Disclosure instructions: If you\'ve found a vulnerability or a potential vulnerability in SPIFFE please report it at security@spiffe.io. https://github.com/spiffe/spire Disclosure instructions: https://github.com/spiffe/spire/security/policy https://wiki.xenproject.org/wiki/Xen_Project_Repositories Disclosure instructions: https://xenproject.org/developers/security-policy/ Eligible scope only includes issues for which an XSA is issued. rubygems.org Disclosure instructions: Submit any new or potential vulnerabilities for rubygems.org to https://hackerone.com/rubygems *.code.gov Bounty level: Initial *.login.gov *.search.gov account.fr.cloud.gov admin-catalog-bsp.data.gov admin.fr.cloud.gov alertmanager.fr.cloud.gov api.data.gov api.fr.cloud.gov catalog.data.gov From the data.gov Catalog, you will find many external references. These external sites and the data hosted there is **not in scope** for this program. ci.fr.cloud.gov cloud.gov dashboard-beta.fr.cloud.gov dashboard.fr.cloud.gov diagrams.fr.cloud.gov federalist-docs.18f.gov federalist-proxy.app.cloud.gov federalist.18f.gov federation.data.gov grafana.fr.cloud.gov https://github.com/18f/docker-ruby-ubuntu https://github.com/18f/federalist https://github.com/18f/federalist-builder https://github.com/18f/federalist-docker-build https://github.com/18f/federalist-proxy https://github.com/18f/identity-idp https://github.com/18f/identity-saml-rails https://github.com/18f/identity-saml-sinatra https://github.com/gsa/data.gov https://github.com/gsa/datagov-deploy idp.fr.cloud.gov inventory.data.gov labs.data.gov login.fr.cloud.gov logs-platform.fr.cloud.gov logs.fr.cloud.gov marketplace.fedramp.gov nessus.fr.cloud.gov opslogin.fr.cloud.gov prometheus.fr.cloud.gov sdg.data.gov ssh.fr.cloud.gov tock.18f.gov www.data.gov www.fedramp.gov www.usa.gov Bounty Level: Initial ($150 - $2,000) The following subdomains are also in scope: - analytics.usa.gov - search.usa.gov Chatbot, chat, and webform functionality on www.usa.gov is provided by SaaS providers, therefore we cannot guarantee being able to make mitigations in these areas. http://*.newegg.ca http://*.newegg.com *.krisp.ai Except for OOS domains Other Anything that is verified that belongs to us and doesn\'t match any other scope. account.krisp.ai Krisp account frontend analytics.krisp.ai Krisp analytics api.krisp.ai Krisp API app.krisp.ai download.krisp.ai Download endpoints https://download.krisp.ai/mac Krisp MacOS electron app. Bypassing free minutes limitation via changing frontend applications\' logic is out of scope https://download.krisp.ai/win Krisp Windows electron app. krisp.ai teams.krisp.ai Teams API upld.krisp.ai Websocket API Hedera Go SDK https://github.com/hashgraph/hedera-sdk-go The Hedera Go SDK provides services for interacting with Hedera Hashgraph. Hedera Java SDK https://github.com/hashgraph/hedera-sdk-java The Hedera Java SDK provides services for interacting with Hedera Hashgraph. Hedera Javascript SDK https://github.com/hashgraph/hedera-sdk-js The Hedera Javascript SDK provides services for interacting with Hedera Hashgraph. Hedera Mirror Node Codebase https://github.com/hashgraph/hedera-mirror-node Hedera Mirror Nodes receive information from the Hedera nodes and can provide value-added services such as APIs, auditing, analytics, visibility services, security threat modeling, data monetization services, etc. Hedera Network Services Codebase https://github.com/hashgraph/hedera-services Services run by Hedera consensus nodes. Testing for the purposes of bug bounties is best replicated using Local Nodes. Hedera Testnet API Endpoints nodes: https://docs.hedera.com/guides/testnet/testnet-nodes Testnet nodes belong to the test network and run the same code as the Hedera Mainnet nodes. Testnet Mirror Node APIs https://testnet.mirrornode.hedera.com https://hcs.testnet.mirrornode.hedera.com 1180400838 iOS app ([App Store](https://apps.apple.com/il/app/k-health-telehealth/id1180400838 )). accounts.khealth.com Please remember to include a unique string in the User-Agent of every HTTP request made by yourself or any tooling you use.==**Include the string “(h1)” in your user-agent as follows:** - `User-Agent`: `[..] (h1)` This helps us separate your traffic from real user traffic. It is especially useful when we\'re seeing indicators of attack!! ai.kanghealth Android app ([Play Store](https://play.google.com/store/apps/details?id=ai.kanghealth anthem.khealth.com api.khealth.com api.khealth.io Main API (“kangpy” service) app.khealth.com Redirect - The production environment of the K Health app, redirects you to the kaccount.khealth.com service for login purposes. ask.khealth.com Ask K is an open question platform where anyone can ask our engine any question without the need to identify themselves. eligibility.khealth.com Enterprise account experience to determine eligibility http://auth.khealth.com/cedars/sign-up http://auth.khealth.com/khealth/sign-up http://auth.khealth.com/mayo-la-crosse/sign-up http://clinical-quality.khealth.com/api/v1 https://*.khealth.com All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope. https://*.khealth.io/ https://*.khealth.us/ kaccount.khealth.com This web page is K Health\'s login page. Users are logging into the K app from this web page. middle-force.khealth.io salesforce.khealth.com start.khealth.com Also known as “care navigation”, is a separate web application (and set of server side APIs) that attempts to route users to the correct program inside of K. This is very old code that dates back to when we only had a mobile app. treatments.khealth.com ED medication selection used in the current ED flow. Select meds / quantity / frequency + enter CC details www.kpharmacyllc.com api.smtp2go.com Most of the endpoints are handled by Flask on Python3 with Postgres as a main database. Newer endpoints use Go on Gin framework. Redis is mostly used for cache and ratelimitting. Instructions and documentations can be found here: https://apidoc.smtp2go.com/documentation/ app.smtp2go.com Flask based app running on Python 2.7, some pages are VueJS but most are scripted with custom JQuery. Create a free account in order to gain login access. smtp2go.com Standard Wordpress site hosted with WPEngine, scripting is all custom JQuery based. *.bingoblitz.com *.boardkingsgame.com *.caesarsgames.com *.houseoffun.com *.justfall.lol,*.justplay.lol,*.1v1.lol *.monopoly-poker.com This App belongs to our Tier 3 category of rewards system. *.playtika.com Reports on any domain/app not specifically included are excluded from the scope. *.playwsop.com *.redecor.com *.serious.li *.seriously.com *.slotomania.com *.wooga.com 1116488672 1200391796 1215220850 1223338261 1413287364 1438744533 1448884851 1474700 (Steam app id) 1508620125 1510325826 1v1.lol 447553564 480523695 529996768 586634331 594802437 603097018 645949180 654671575 719525810 868013618 975035622 9nqwjwnqjj5n air.com.buffalo_studios.newflashbingo air.com.playtika.cvs air.com.playtika.slotomania bestfiends.com com.Seriously.BestFiends com.Seriously.Phoenix com.bigblueparrot.pokerfriends com.jellybtn.boardkings com.jellybtn.cashkingmobile com.pacificinteractive.HouseOfFun com.playtika.caesarscasino com.playtika.wsop.gp com.wooga.pearlsperil com.youdagames.monopolypoker fi.reworks.redecor gnocchi-www.buffalo-ggn.net https://apps.facebook.com/pearls-peril https://apps.facebook.com/pokerheat https://apps.facebook.com/vegas_downtown_slots lol.onevone net.supertreat.solitaire net.wooga.junes_journey_hidden_object_mystery_game net.wooga.switchcraft.googleplay net.wooga.tropicats_tropical_cats_puzzle_paradise *.tide.co api.tideplatform.in co.tide co.tide.tideplatform.in com.tideplatform.banking 1127881507 Dolap IOS Application 524362642 Trendyol IOS Application 6467634418 Trendyol Milla IOS Application com.dolap.android com.trendyol.milla.android Trendyol Milla Android Application m.trendyol.com Feel free to use enm.trendyol.com as the codebase is shared across all languages trendyol.com www.dolap.com www.trendyol-milla.com www.trendyol.com Feel free to use en.trendyol.com as the codebase is shared across all languages api.recordedfuture.com app.recordedfuture.com com.recordedfuture.mobile geminiadvisory.io hatching.io id.recordedfuture.com securitytrails.com therecord.media tria.ge www.recordedfuture.com *.clubhouse.com *.clubhouseapi.com *.joinclubhouse.com 1503133294 iOS application Clubhouse Production and Corporate Infrastructure com.clubhouse.android Android Application *.api.cx.metamask.io developer.metamask.io http://portfolio.metamask.io http://staking.consensys.io https://consensys.io/ https://docs.metamask.io/developer-tools/faucet https://metamask-sdk-socket.metafi.codefi.network/ The SDK Socket server facilitates the communication between a MetaMask SDK Client and a MetaMask wallet allowing for them to connect with each other remotely. For documentation please read https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer. on-ramp.metaswap-dev.codefi.network # On-Ramp Aggregator HackerOne ## Description The goal of the On-Ramp Aggregator is to allow users to purchase cryptocurrencies from multiple providers. The aggregator takes a list of parameters (country, payment method, crypto currency, fiat, etc.) and retrieves quotations from the providers. ## Scope The scope of this HackerOne project is: - The API located at https://on-ramp.metaswap-dev.codefi.network - The associated SDK available at https://www.npmjs.com/package/@consensys/on-ramp-sdk Vulnerabilities you may look for: - Getting access to personal information that is not yours - Getting access to secret API keys - Server crashes ## Out of scope The following are out of scope: - SDK technical errors - The Swagger UI located at https://on-ramp.metaswap-dev.codefi.network/docs (it is only available for your convenience on this test environment) - Server performance: this is a test infrastructure - Any SDK version < 0.0.21 The MetaMask mobile version uses the API and the SDK, and is associated to another HackerOne project. ## How to test the API The test environment provides a Swagger UI: https://on-ramp.metaswap-dev.codefi.network/docs. You can use it to list the available endpoints. ### Health These endpoints provide information about the status of the API: version, dependencies... ### Regions The `/regions/countries` endpoint provides information about support of most of the world countries. The `/regions/{regionCode}` endpoint provides information about supported payment methods, fiat currencies, crypto currencies in a specific country. Exmaples of `{regionCode}` are provided by Swagger UI. ### Translations The `/translations/default` endpoint provides the translation template which can be used to translate the application. Only the English version ("default") is available. This endpoint shouldn\'t return any user-related information. ### Order Management The `/providers/{providerCode}/callback` endpoint allows to extract a purchase order ID from an URL. This URL is supposed to be provided by crypto currencies providers: Transak, Wyre, MoonPay... The `/providers/{providerCode}/orders/{orderCode}` allows a user to retrieve information about their order. They need to provide the Order ID and the associated wallet (an ethereum address). Getting access to an order without both these parameters would be a vulnerability. The `/providers/{providerCode}/buy-widget` displays the associated provider widget allowing to purchase crypto currency with the provided parameters. It only works for Moonpay. Here is an example of parameters: - providerCode: `moonpay` - regionId: `/regions/fr` - paymentMethodId: `/payments/debit-credit-card` - cryptoCurrencyId: `/currencies/crypto/1/eth` - fiatCurrencyId: `/currencies/fiat/eur` - amount: `50` - walletAddress: `0x58e5A5478bd302c2E8BEbCbF0342919EE4Aa0e6c` - redirectUrl: `https://www.google.com/` ## How to test the SDK The SDK is available here: https://www.npmjs.com/package/@consensys/on-ramp-sdk The SDK is written in TypeScript, so you can use autocompletion to display the available methods. ## For support Please contact Kevin Le Jeune for technical questions: kevin.le-jeune@consensys.net support.metamask.io tickets.metamask.io *.gethypr.com *.hypr.com HYPR Workforce Access.app HyprUnlock.exe com.hypr.one *.lemonsqueezy.com We will only be accepting reports with high and critical CVSS for the time being. *.link.co Link is a simple and secure way to pay in one click on tens of thousands of sites. Save your payment information with Link the first time you check out. Link will autofill your saved card details and shipping addresses for all future purchases on Link-supported sites. Users can manage their saved information on the link.co website. Landing page: https://link.com Main application: https://app.link.com Support page: https://support.link.com *.recko.io *.reckoproduction.com *.reckostaging.com *.stripe.com 978516833 Stripe iOS Dashboard App App Store URL: https://apps.apple.com/us/app/stripe-dashboard/id978516833 Stripe Apps Vulnerabilities found in third party apps and their backend infrastructure should be reported to the responsible developer. Reporters should only report vulnerabilities in Stripe third party apps to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty. Stripe Atlas Startup incorporation Docs: https://stripe.com/docs/atlas Stripe Billing Subscriptions and invoicing Docs: https://stripe.com/docs/billing Sample Billing applications: * [stripe-samples/subscription-use-cases](https://github.com/stripe-samples/subscription-use-cases): Create subscriptions with fixed prices or usage based billing. * [stripe-samples/checkout-single-subscription](https://github.com/stripe-samples/checkout-single-subscription): Learn how to combine Checkout and Billing for fast subscription pages Stripe Capital Docs: https://docs.stripe.com/capital/how-stripe-capital-works Stripe Checkout Prebuilt, Stripe hosted checkout page URL: https://checkout.stripe.com/ Docs: https://stripe.com/docs/payments/checkout Sample Checkout applications: * [stripe-samples/checkout-subscription-and-add-on](https://github.com/stripe-samples/checkout-subscription-and-add-on): Uses Stripe Checkout to create a payment page that starts a subscription for a new customer. * [stripe-samples/checkout-one-time-payments](https://github.com/stripe-samples/checkout-one-time-payments): Use Checkout to quickly collect one-time payments. Stripe Climate Docs: https://docs.stripe.com/climate Stripe Connect Payments for platforms and marketplaces Docs: https://stripe.com/docs/connect Sample Connect applications: * [stripe/stripe-demo-connect-kavholm-marketplace](https://github.com/stripe/stripe-demo-connect-kavholm-marketplace): Demo app for Global Marketplace using Stripe Connect * [stripe/stripe-connect-rocketrides](https://github.com/stripe/stripe-connect-rocketrides): Sample on-demand platform built on Stripe: Connect onboarding for pilots, iOS app for passengers to request rides. Stripe Dashboard A user interface to operate and configure your Stripe account. URL: https://dashboard.stripe.com Docs: https://stripe.com/docs/dashboard Stripe Data Pipeline Docs: https://docs.stripe.com/stripe-data/access-data-in-warehouse Stripe Elements Secure frontend UI component Docs: https://stripe.com/docs/stripe-js Sample Stripe Elements application: [stripe/elements-examples](https://github.com/stripe/elements-examples): Stripe Elements examples Stripe Financial Connections https://docs.stripe.com/financial-connections Stripe Identity Docs: https://docs.stripe.com/identity Stripe Invoicing Docs: https://docs.stripe.com/invoicing Stripe Issuing Card creation Docs: https://stripe.com/docs/issuing Stripe Open Source Open source projects authored or maintained by Stripe. Only non-archived and non-demo/non-sample projects are in scope. Projects forked from upstream sources are not in scope unless the reported functionality is used by Stripe. URL: https://github.com/stripe Stripe Payment Links Docs: https://docs.stripe.com/payment-links Stripe Payments Online payments Docs: https://stripe.com/docs/payments Sample Payments application: [stripe-samples/accept-a-card-payment](https://github.com/stripe-samples/accept-a-card-payment): Learn how to accept a basic card payment on web, iOS, Android Stripe Radar Fraud and risk management Docs: https://stripe.com/docs/radar Stripe Revenue Recognition Docs: https://docs.stripe.com/revenue-recognition Stripe SDKs Official API libraries URL: https://stripe.com/docs/libraries Terminal SDKs: https://stripe.com/docs/terminal/payments/setup-integration Stripe Sigma Custom reports Docs: https://stripe.com/docs/sigma Stripe Tax Docs: https://docs.stripe.com/tax Stripe Terminal In-person and omnichannel payments Docs: https://stripe.com/docs/terminal Sample Terminal application: [stripe/stripe-terminal-js-demo](https://github.com/stripe/stripe-terminal-js-demo): Demo app for the Stripe Terminal JS SDK Stripe Treasury Docs: https://docs.stripe.com/treasury Stripe for Visual Studio Code api.stripe.com https://stripe.com/docs/api api.taxjar.com app.taxjar.com com.stripe.android.dashboard Google Play Store URL: https://play.google.com/store/apps/details?id=com.stripe.android.dashboard&hl=en_US&pli=1 js.stripe.com https://stripe.com/docs/js Sample Stripe.js application: https://github.com/stripe-samples/accept-a-card-payment Freshcaller-iOS-App Freshcaller iOS app can be downloaded from https://apps.apple.com/us/app/freshcaller/id1424866045 Freshchat-iOS-App Freshchat iOS app can be downloaded from https://apps.apple.com/us/app/freshchat/id1273666080 Freshdesk-iOS-App Freshdesk iOS app can be downloaded from https://apps.apple.com/us/app/freshdesk/id849713306 Freshservice Discovery Agent and Probe Maximum reward of USD 7500 for RCE at agent endpoints using the Freshservice Discovery Agent and Probe. Freshservice-Intune-iOS-App Freshservice Intune iOS app can be downloaded from https://apps.apple.com/us/app/freshservice-for-intune/id6475669802 Freshservice-iOS-App Freshservice iOS app can be downloaded from https://apps.apple.com/us/app/freshservice/id891265220 com.freshchat.agent.android Freshchat Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshchat.agent.android com.freshdesk.helpdesk Freshdesk Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk com.freshservice.helpdesk Freshservice Android App can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk com.freshservice.helpdesk.intune Freshservice Intune Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk.intune com.freshworks.freshcaller Freshcaller Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshworks.freshcaller yourdomain.freshcaller.com Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don\'t own will not be considered eligible for bounty. yourdomain.freshchat.com yourdomain.freshdesk.com yourdomain.freshservice.com yourdomain.myfreshworks.com We encourage you to create an account and commence testing. We kindly request that you review the "In scope" items detailed in the program description. Due to a product revamp, we have decided to remove Freshsales and Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team. Out of scope: Freshsales - https://yourdomain.myfreshworks.com/crm/sales/* Freshmarketer - https://yourdomain.myfreshworks.com/crm/crm/marketer/* bigcommerce-adapter.judge.me This is a simple, lightweight server, basically just to connect BigCommerce websites to our main asset ​https://judge.me/. Its entry point is from installing our BigCommerce app: https://www.bigcommerce.com/apps/product-reviews-by-judge-me/ cache.judge.me This is a simple NodeJS server, using Hapi framework. It\'s basically to store and cache our public widgets\' HTML content, so that when end users want to fetch our widget content, they can fetch from this server directly, which is faster and more resilient to spikes in number of requests. Please see our [help desk article](https://support.judge.me/support/solutions/articles/44001816387-how-to-make-requests-to-the-judge-me-cache-server) on how to enable and use this server. https://judge.me/reviews This is our new product. It is user (reviewer) facing, unlike the other assets, which are merchant facing. Its entry point is https://judge.me/reviews, and its pages are prefixed with https://judge.me/reviews. judge.me This is the core part of our system. It hosts our main app [Judge.me Product Reviews](https://apps.shopify.com/judgeme) and is also the central point of communication for other assets. shop.judge.me This is lightweight, basically just to connect our other Shopify apps to our main asset ​https://judge.me/. Its entry point is https://shop.judge.me/login?app_key=ali_reviews or https://apps.shopify.com/aliexpress-review-importer woocommerce-adapter.judge.me This is a simple, lightweight server, basically just to connect Wordpress websites (specifically WooCommerce websites) to our main asset ​https://judge.me/. Its entry point is from installing our Wordpress plugin: https://wordpress.org/plugins/judgeme-product-reviews-woocommerce/ api.doppler.com This domain hosts our public API. It\'s used by the Doppler CLI as well as by customers directly. All APIs and supported auth schemes are [documented](https://docs.doppler.com/reference) in our Docs hub. dashboard.doppler.com This web app provides the ability to view and manage your secrets, team members, and account. You can read about additional functionality in our [docs](https://docs.doppler.com/). Supported auth methods: - Email/password. Optional: Authy/OTP MFA and/or WebAuthn - Google Auth - SAML SSO doppler This is the pre-built binary based on the Doppler CLI [source code](https://github.com/DopplerHQ/cli) (also in scope). You can find all builds on [cli.doppler.com](https://cli.doppler.com/download) or on [GitHub](https://github.com/DopplerHQ/cli/releases). The CLI can be installed via brew, scoop, apt, yum, sh + curl/wget, and [more](https://github.com/DopplerHQ/cli/blob/master/INSTALL.md). doppler.team This domain hosts our internal tools for managing Workplace plans and features. It does not provide access to user secrets. Access is protected via Cloudflare Access. Users must authenticate with a valid GSuite account, and must additionally be on the Admin allowlist. For this asset, we\'re especially interested in any bypass of our access controls. https://github.com/DopplerHQ/cli The Doppler CLI is the primary agent for retrieving secrets and executing your applications. It communicates with the Doppler API, which is also in scope. You can read more about the CLI on our [Docs hub](https://docs.doppler.com/docs/cli), or [Install](https://cli.doppler.com/download) it and give it a spin. Notable commands we\'re especially interested in: - `doppler login`: orchestrates the auth flow - `doppler run`: executes the specified process with secrets injected as environment variables - `doppler update`: installs the latest CLI Build instructions can be found on [GitHub](https://github.com/DopplerHQ/cli/blob/master/BUILD.md) and only require installing `go`. share.doppler.com Only submissions for vulnerabilities that permit access to shared secrets or otherwise bypass secret access controls are eligible for bounty on share.doppler.com. Please do not send submissions such as lack of CAPTCHA or rate limiting. *.grindr.com This domain includes the following subdomains: * Website (grindr.com). Note the Grindr website does not provide services found in the mobile application or any sort of user login. * Chat server (chat.grindr.com, chat-internal.grindr.com). * ‘Presence’ server (presence.grindr.com). This service manages the availability notification of clients. * CDN/media files (cdns.grindr.com). * Gaymoji image index (gaymoji.grindr.com) * Captcha snippets (captcha-prod.grindr.com) * Admin webapp (admin.grindr.com) * Law Enforcement reporting webapp (reporting-portal.grindr.com) *.grindr.io This domain is used for development purposes. *.grindr.mobi This domain is used for backend API\'s. The following endpoints are examples of the backend API endpoints to focus security research attention: General /v6/nonces /v4/domains/validation /v4/feature-configs /v4/links/ABC123 /v3/bootstrap /v3/experiments /v3/health /v3/logging/mobile/logs /v3/status /v3/version Account Creation, Logins and Passwords: /v3/sessions /v3/sessions/thirdparty /v6/users /v3/users/email /v3/users/forgot-password /v3/users/reset-password /v3/users/reset-password?request=true /v3/users/thirdparty /v3/users/thirdparty/exchange /v3/users/update-password /v4/sms/sessions /v4/sms/verifycode /v4/sms/users/update-password/sendcode /v4/sms/users/update-password /v4/sms/verification/500/sendcode /v4/sms/verification/{{profileId}}/verifycode Profiles /v5/favorites /v4/hashtags/valid /v4/hashtags/recommend /v4/me/blocks?page=1 /v4/me/muted-profiles /v4/me/profile/ /v4/profiles/{{myProfileId}} /v4/profiles/reachable /v4/profiles/status /v4/profiles/supportedFeatures/{{myProfileId}} /v4/profile-tags/categories /v3.1/blockby /v3.1/blockby/1001210 /v3.1/me/blocks /v3.1/me/profile /v3/me/blocks/1001210 /v3/me/favorites/3 /v3/me/legal-agreements /v3/me/profile /v3/me/prefs /v3/me/prefs/phrases /v3/me/prefs/phrases/bfc44381-c215-35f7-874a-ae512360836a /v3/me/prefs/settings /v3/me/subscriptions /v3/me/subscriptions?platform=android /v3/me/subscriptions?status=nonexpired /v3/profiles Location /v3/me/location/ {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&favorite=true {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1 {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&bodyTypeIds=2,1 {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&previouslyOnline=true {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=moreguysoffer {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=newfreeuser {{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&cascadeType=REMOTE {{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance=0 {{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance={{searchAfterDistance}}&searchAfterProfileId={{searchAfterProfileId}} {{host_nearby_profiles}}/v5/profiles/nearby?pageNumber=1 {{host_nearby_profiles}}/v5/profiles/unlimited?searchAfterDistance=0 {{host_nearby_profiles}}/v6/profiles/fresh?pageNumber=1 /v3/places/search?placeName=newyork&limit=3 Chat /v5/me/vendor-token /v5/rewarded-chats /v4/audio-call /v4/audio-call/join /v4/audio-call/renew /v4/audio-call/leave /v4/pics/expiring/status /v4/pics/expiring /v4/phrases/frequency/phraseId=63db06c8-9915-3279-b07c-1fd925013acc /v4/recognition/face /v4/recognition/chat /v4/views /v4/views/54986486 /v3.1/chat/backup /v3.1/flags/112788 /v3.1/groupchat/canbeinvited /v3.1/groupchat/caninvite/44906526 /v3.1/groupchat/invitation-link-code/22345 /v3.1/me/push-conversations/908f72c2d4aea3998a3400c9ad539768 /v3/ad-colony/transactions?amount=4&uid=2&zone=3&id=1&verifier=10&udid=7&odin1=8&open_udid=6&mac_sha1=9&custom_id=49645&currency=5 /v3/mopub/transactions?ad_revenue=4.0&ad_unit_id=2&advertising_id=3&id=1&currency_type=10&currency_value=7&customer_id=8&id=6&placement_id=9&timestamp=49645&verifier=5 /v3/video-call /v3/video-call/12345 {{host_chat_http}}/v3/me/chat/messages?undelivered=true {{host_chat_http}}/v3/me/chat/messages?undelivered=true&receipts=true {{host_chat_http}}/v3/me/chat/messages?confirmed=true {{host_chat_http}}/v3/msgstore?limit=10&from=0 {{host_chat_http}}/v3/msgstore?msgid=messageId {{host_chat_http}}/v3/msgstore/delete {{host_chat_http}}/v3/messages/83a833be210bfe8de60e8e4a7bfe1339?limit=10&from=0 {{host_chat_http}}/v3/groupchats {{host_chat_http}}/v3/groupchats/0835caae4ce92ef1220043a27b0a1b03 {{host_chat_http}}/v3/groupchats/12335 {{host_chat_http}}/v3/groupchats/12335/112233 {{host_chat_http}}/v3/groupchats/all {{host_chat_http}}/v3/groupchats/all/12335678/2222 {{host_gaymoji}}/grindr/chat/gaymoji CDN/Media /v4/videos/expiring /v4/videos/expiring/status {{host_cdn}}/grindr/chat/{{chatImageHash}} {{host_cdn}}/grindr/chat-audio/{{audioHash}} {{host_cdn}}/images/profile/1024x1024/{{profileImageHash}} {{host_media}}/v4/videos {{host_media}}/v3.1/me/profile/images {{host_media}}/v3/me/audio {{host_media}}/v3/me/audio/{{audioHash}} {{host_media}}/v3/me/pics?type=chat {{host_media}}/v3/me/profile/images {{host_media}}/v3/me/profile/images?thumbCoords=300,20,260,20 Store /v4/consumables /v4/consumables/BOOST /v4/consumables/boost/report /v4/store/products /v4/store/products/consumables /v4/store/products/com.grindr.productId /v4/store/status /v3.1/store/grindrstore/coupons /v3.1/store/itunes/purchases /v3.1/store/itunes/purchases/restorations /v3.1/store/googleplay/purchases /v3.1/store/googleplay/purchases/restorations /v3.1/store/itunes/events /v3.1/store/products/com.grindr.product /v3/stripe/events Push/Data /v4/push-settings {{host_client_event}}/v3/logging/mobile/logs {{host_data_requests}}/v1/access-requests {{host_data_requests}}/v1/access-requests/codes {{host_data_requests}}/v1/access-requests/confirmations {{host_push}}/v3/ios-push-tokens {{host_push}}/v3/gcm-push-tokens {{host_push}}/v3/push-tokens/000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1aaa 319881193 Vulnerabilities that require physical, jailbroken, or device root OS access of another user\'s device will typically be considered out-of-scope. com.grindrapp.android web.grindr.com This is the Web version of the Grindr app. Only paid subscriptions have access to Grindr Web. (youriwssubdomain).cloud.com Please visit the following URL and chose the "Get your test instance" option to get a test environment: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform/build/docs/developer-test-instance. **Note:** You would need to link your existing Citrix Cloud account or create a new one to get a test environment. Learn more about the product through guides and videos available here: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform. The documentation regarding Citrix IWS is available here: https://docs.citrix.com/en-us/citrix-microapps.html We have created a small video walkthrough of the product using a sample microapp to ensure that you can get to hacking the application as soon as possible. You can view the video and download the sample microapp using the following links: - Link to video walkthrough: https://citrix.sharefile.com/d-scee2fe1523bf40f68188d984abf871a2 - Link to the sample microapp: https://citrix.sharefile.com/d-s221da461659f42c697e0d327ff88e54e (yoursubdomain).ap.iws.cloud.com (yoursubdomain).eu.iws.cloud.com (yoursubdomain).us.iws.cloud.com *.citrixworkspacesapi.net accounts.cloud.com adm.cloud.com Please note that some UI elements and features of ADM may only become available when an organization has an ADC, MPX, SDX or VPX appliance to onboard into ADM. The most efficient and cost-effective way to do this would be setting up a "Citrix ADC VPX Express – 20 Mbps" from the AWS or Microsoft Azure marketplace which typically has an hourly running cost of 2-3 cents. - https://aws.amazon.com/marketplace/pp/B0796LD46X - https://azuremarketplace.microsoft.com/en-us/marketplace/apps/citrix.netscalervpx-130 Overview - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/overview.html. Onboarding instructions - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started.html ap-s.cloud.com api.adm.cloud.com This is the API Gateway for Citrix Application Delivery Management. All traffic between an Agent and Application Delivery Management service is proxied via API Gateway. API Gateway is also responsible for API authorization checks for traffic from the Agent to Application Delivery Management. eu.cloud.com onboarding-*.cloud.com onboarding.cloud.com us.cloud.com gold.xnxx.com https://www.xvideos.net/app/ www.xnxx.com www.xvideos.com www.xvideos.red *.8x8.vc Professional Meetings and Jitsi as a Service. At this time 8x8 does not provide credentials and researchers are responsible for any fees occurred if signing up for the service. *.8x8cloud.net *.8x8staging.com *.chalet.8x8.com *.jit.si *.jitsi.net *.p8t.us *.wavecell.com 8x8 Communication APIs Transform customer interactions with our seamless SMS, messaging, video, and voice solutions. ⚠️ All APIs listed under "8x8 Connect" are in-scope. ⚠️ Self Sign-up is available: https://connect.8x8.com/ ⚠️ [8x8 CPaaS developer portal](https://developer.8x8.com/connect) ⚠️ E.g. sms.8x8.com, sms.8x8.uk, sms.8x8.id, chatapps.8x8.com, … 8x8-work https://apps.apple.com/us/app/8x8-work/id348177448 Intellectual Property on Public Domains Leaks identified in public domains are in scope, provided they contain sensitive or proprietary information that could impact our organization’s confidentiality, integrity, or availability. Virtual Office Desktop Download 8x8 Work for Desktop: https://support-portal.8x8.com/helpcenter/viewArticle.html?d=8bff4970-6fbf-4daf-842d-8ae9b533153d admin.8x8.com Administration portal for managing your 8x8 service including users and telephony features cloud8.8x8.com connect.8x8.com ⚠️ out of scope: IDORs in form of unguessable/non-enumerable identifier (UUID) ⚠️ out of scope: IDORs based on `AccountId` and `subAccountId` ⚠️ when testing support functionality please add "HackerOne" in your subject line and limit the number of requests to an absolute minimum http://*.packet8.net https://*.chalet.8x8.com/ws/v1 https://8x8.vc/xmpp-websocket https://github.com/jitsi Open source repositories that support Jitsi. Good faith review of source that a reporter must have no association with the existence of the vulnerability in question. Exclusions: https://github.com/jitsi/jitsi/ Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions. https://webrtc.8x8.com/ org.vom8x8.sipua 8x8 Work - https://play.google.com/store/apps/details?id=org.vom8x8.sipua pay.8x8.com platform.8x8.com platform.8x8pilot.com sso.8x8.com 8x8 Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials, such as name and password, to access multiple 8x8 applications. ⚠️ MFA-bypasses requiring prior knowledge of credentials will be treated with `MEDIUM` severity. sso.8x8pilot.com uc.8x8pilot.com user-profile-staging.8x8.com user-profile.8x8.com vcc-*.8x8.com ► Contact Center Agent Workspace: `./AGUI/login.php` ► Configuration Manager: `./CM/login.php` ⚠️ Latest version of software usually available on https://vcc-na30.8x8.com/ ⚠️ shareable Wallboard links are out of scope voapi.8x8.com VOAPI is a backend application responsible to process phone calls (like InboundCall, OutboundCall, Click2Dial, CallTransfer, CallMerge, Start/Stop CallRecording). ▶︎ AU Region: voapi-au.8x8.com ▶︎ UK Region: voapi-uk.8x8.com work-staging.8x8.com work.8x8.com At this time 8x8 does not provide test credentials. Fortress.HongKong.IOS This is our MoneyBack Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. App Link https://apps.apple.com/hk/app/fortress/id1133110850 Watsons.TaiWan.Android This is our Watsons TaiWan Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=tw.com.watsons.app Drogas (subdomains) This asset is specifically for Drogas\' subdomain assets. Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity. In scope ===================== >\\*.drogas.lv >\\*.drogas.lt Drogas.Latvia.Android This is our Drogas (Android) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=lv.drogas.consumer Drogas.Latvia.iOS This is our Drogas (iOS) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/lv/app/drogas/id1564705644 Drogas.Lietuva.Android This is our Drogas (Android) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=lt.drogas.consumer Drogas.Lietuva.iOS This is our Drogas (iOS) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps. Fortress (subdomains) This asset is specifically for Fortress\'s subdomain assets. In Scope ========= > *.fortress.com.hk/ Fortress.HongKong.Android This is our Fortress Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=fortress.fortressapp ICI Paris XL (subdomains) This asset is specifically for ICI Paris XL\'s subdomain assets. >\\*.iciparisxl.nl/ >\\*.iciparisxl.be/ >\\*.iciparisxl.lu/ ICIParisXL.App.Android This is our ICI Paris XL (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. App link: https://play.google.com/store/apps/details?id=com.iciparisxl.app ICIParisXL.App.IOS This is our ICI Paris XL (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/nl/app/ici-paris-xl-beauty/id1061895392 Kruidvat (subdomains) This asset is specifically for Kruidvat\'s subdomain assets. >\\*.kruidvat.nl/ >\\*.kruidvat.be/ Kruidvat.Belgium.Android This is our Dutch online retail mobile app for Belgium customers. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. This app is similar to other apps (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already. https://play.google.com/store/apps/details?id=be.kruidvat.voordeelkaart Kruidvat.Belgium.iOS https://apps.apple.com/be/app/kruidvat/id1151434781 Kruidvat.Netherlands.Android This is our Dutch online retail mobile app. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. https://play.google.com/store/apps/details?id=nl.kruidvat.voordeelkaart Kruidvat.Netherlands.iOS https://itunes.apple.com/nl/app/kruidvat-mobiele-app/id531631058 Marionnaud (subdomains) This asset is specifically for Marionnauds\' subdomain assets. >\\*.marionnaud.it >\\*.marionnaud.fr >\\*.marionnaud.ch >\\*.marionnaud.ro >\\*.marionnaud.hu >\\*.marionnaud.sk >\\*.marionnaud.cz Marionnaud.Austria.Android This is our Marionnaud (Android) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=at.marionnaud.customer Marionnaud.Austria.iOS This is our Marionnaud (iOS) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/gb/app/marionnaud-%C3%B6sterreich/id1114541888 Marionnaud.France.Android This is our Marionnaud (Android) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.marionnaud.marionnaudfrance Marionnaud.France.iOS This is our Marionnaud (iOS) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/fr/app/marionnaud-beaut%C3%A9-soins/id1127368763 Marionnaud.Italy.Android This is our Marionnaud (Android) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=it.marionnaud.customer Marionnaud.Italy.iOS This is our Marionnaud (iOS) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/it/app/marionnaud/id883671274 Marionnaud.Romania.Android This is our Marionnaud (Android) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=ro.marionnaud.customer Marionnaud.Romania.iOS This is our Marionnaud (iOS) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/ro/app/marionnaud-romania/id1021924260 Marionnaud.Switzerland.Android This is our Marionnaud (Android) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=ch.marionnaud.customer Marionnaud.Switzerland.iOS This is our Marionnaud (iOS) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/ch/app/id1486316902 MoneyBack.HongKong.Android https://play.google.com/store/apps/details?id=com.asw.moneyback MoneyBack.HongKong.iOS This is our MoneyBack Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/moneyback/id1230818544 Moneyback (subdomains) This asset is specifically for Moneyback\'s subdomain assets. > *.moneyback.com.hk/ PNS (subdomains) This asset is specifically for PNS\'s subdomain assets. > \\*.pns.hk/ > \\*.parknshop.com/ PNS.HongKong.Android This is our PNS Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.parknshop.parknshopapp PNS.HongKong.iOS This is our PNS Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/parknshop/id840837558 Superdrug (subdomains) This asset is specifically for Superdrug\'s subdomain assets. >*.superdrug.com/ Out of scope >https://appt.healthclinics.superdrug.com/ >https://healthclinics.superdrug.com/ Superdrug.App.Android This is our Superdrug Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. App link: https://play.google.com/store/apps/details?id=superdrug.com.beautycard&hl=en Superdrug.App.IOS This is our Superdrug Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. App link: https://apps.apple.com/gb/app/superdrug/id1267896687 The Perfume Shop (subdomains) This asset is specifically for The Perfume Shop\'s subdomain assets. >\\*.theperfumeshop.com/ ThePerfumeShop.App.Android This is our The Perfume Shop (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.theperfumeshop.customer ThePerfumeShop.App.iOS This is our The Perfume Shop (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. Appstore Link https://apps.apple.com/gb/app/the-perfume-shop/id1202206665 Trekpleister (subdomains) This asset is specifically for Trekpleister\'s subdomain assets. >\\*.trekpleister.nl Watsons HK (subdomains) This asset is specifically for Watsons HK\'s subdomain assets. >*.watsons.com.hk/ Watsons ID (subdomains) This asset is specifically for Watsons Indonesia subdomain assets. >*.watsons.co.id Watsons MY (subdomains) This asset is specifically for Watsons Malaysia subdomain assets. >*.watsons.com.my/ Watsons PH (subdomains) This asset is specifically for Watsons Philippines subdomain assets. >*.watsons.com.ph/ Watsons SG (subdomains) This asset is specifically for Watsons Singapore subdomain assets. >*.watsons.com.sg Watsons TH (subdomains) This asset is specifically for Watsons TH\'s subdomain assets. >*.watsons.co.th Watsons TR (subdomains) This asset is specifically for Watsons TR\' subdomain assets. >\\*.watsons.com.tr Watsons TW (subdomains) This asset is specifically for Watsons TW\'s subdomain assets. >*.watsons.com.tw/ Watsons VN (subdomains) This asset is specifically for Watsons VN subdomain assets. >*.watsons.vn/ Watsons.HongKong.Android This is our Watsons HongKong Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.ndn.android.watsons Watsons.HongKong.IOS This is our Watsons HongKong Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E9%A6%99%E6%B8%AF/id479512803 Watsons.Indonesia.Android This is our Watsons Indonesia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.watsons.id.android Watsons.Indonesia.IOS This is our Watsons Indonesia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/watsons-id/id1184851346 Watsons.Malaysia.Android This is our Watsons Malaysia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.watsons.mcommerce Watsons.Malaysia.IOS This is our Watsons Malaysia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/watsons-my/id1112796292 Watsons.Philippines.Android This is our Watsons Philippines Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.mtelnet.watson.ph Watsons.Philippines.IOS This is our Watsons Philippines Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/watsons-philippines/id1438203234 Watsons.Singapore.Android This is our Watsons Singapore Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.watsons.sg.android Watsons.Singapore.IOS This is our Watsons Singapore Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/watsons-sg-the-official-app/id449412168 Watsons.TaiWan.IOS This is our Watsons TaiWan Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E5%8F%B0%E7%81%A3/id477968775 Watsons.Thailand.Android This is our Watsons Thailand Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.mtelnet.watson.thailand Watsons.Thailand.IOS This is our Watsons Thailand Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/hk/app/watsons-th/id619935224 Watsons.Turkey.Android This is our Watsons (Android) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://play.google.com/store/apps/details?id=com.mobular.watsons Watsons.Turkey.iOS This is our Watsons (iOS) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps. https://apps.apple.com/app/watsons-t%C3%BCrkiye/id1507132907 api.drogas.lt This is the API server of the Drogas mobile app in Lithuania api.drogas.lv This is the API server of the Drogas mobile app in Latvia api.fortress.com.hk This is our API Server for our Fortress website (www.fortress.com.hk) api.iciparisxl.be This is the API server for the www.iciparisxl.be website api.iciparisxl.lu This is the API server for the www.iciparisxl.lu website api.iciparisxl.nl api.marionnaud.at This is the API server for the www.marionnaud.at e-commerce website. api.marionnaud.ch This is the API server for the www.marionnaud.ch e-commerce website. api.marionnaud.fr This is the API server for the www.marionnaud.fr website api.marionnaud.it This is the API server for the www.marionnaud.it e-commerce website. api.pns.hk This is our API Server for our PNS website (www.pns.hk) api.superdrug.com This is the API server for the superdrug.com website api.theperfumeshop.com This is the API server for the www.theperfumeshop.com website api.watsons.co.id This is the API server for the www.watsons.co.id website api.watsons.co.th This is the API server for the www.watsons.co.th website api.watsons.com.hk This is the API server for the www.watsons.com.hk website api.watsons.com.my This is the API server for the www.watsons.com.my website api.watsons.com.ph This is the API server for the www.watsons.com.ph website api.watsons.com.sg This is the API server for the www.watsons.com.sg website api.watsons.com.tw This is the API server for the www.watsons.com.tw website api.watsons.vn This is the API server for the www.watsons.vn website app.drogas.lt This is the API server of the Drogas Lithuania mobile app app.drogas.lv This is the API server of the Drogas Latvia mobile app app.iciparisxl.be This is the API server of the ICI Paris XL mobile app in Belgium app.iciparisxl.lu This is the API server of the ICI Paris XL mobile app in Luxembourg app.iciparisxl.nl This is the API server of the ICI Paris XL mobile app in the Netherlands app.kruidvat.be This is the API server of the Kruidvat Mobile App in Belgium app.kruidvat.nl This is the API server of the Kruidvat Mobile App in the Netherlands app.marionnaud.at This is the API server of the Marionnaud mobile app in Austria app.marionnaud.ch This is the API server of the Marionnaud mobile app in Switzerland app.marionnaud.cz This is the API server of the Marionnaud mobile app in Czech Republic app.marionnaud.fr This is the API server of the Marionnaud mobile app in France app.marionnaud.hu This is the API server of the Marionnaud mobile app in Hungary app.marionnaud.it This is the API server of the Marionnaud mobile app in Italy app.marionnaud.ro This is the API server of the Marionnaud mobile app in Romania app.marionnaud.sk This is the API server of the Marionnaud mobile app in Slovakia app.superdrug.com This is the API server for the Superdrug mobile app app.theperfumeshop.com This is the new API server of The Perfume Shop mobile app app.watsons.com.tr This hostname is used for the Watsons Turkey mobile app blog.watsons.com.tr This is the wordpress blog for Watsons Turkey. This asset is regarded as (Tier 3) subdomain. https://www.drogas.lt/blog This is our Wordpress blog for Drogas Lithuania https://www.drogas.lv/blog/ This is our Wordpress blog for Drogas Latvia https://www.drogas.lv/lv/blog This is our wordpress blog for Drogas Latvia https://www.drogas.lv/ru/blog https://www.kruidvat.nl/fotoservice https://www.kruidvat.nl/persoonlijk mapi.moneyback.com.hk This is the API Server for our MoneyBack Mobile App media.drogas.lt This subdomain is used to store static content for the www.drogas.lt e-commerce website media.drogas.lv This subdomain is used to store static content for the www.drogas.lv e-commerce website media.iciparisxl.be This subdomain is used to store static content for the www.iciparisxl.be e-commerce website media.iciparisxl.lu This subdomain is used to store static content for the www.iciparisxl.lu e-commerce website media.iciparisxl.nl This subdomain is used to store static content for the www.iciparisxl.nl e-commerce website media.marionnaud.at This subdomain is used to store static content for the www.marionnaud.at e-commerce website. media.marionnaud.ch This subdomain is used to store static content for the www.marionnaud.ch e-commerce website. media.marionnaud.fr This subdomain is used to store static content for the www.marionnaud.fr e-commerce website. media.marionnaud.it This subdomain is used to store static content for the www.marionnaud.it e-commerce website. media.superdrug.com This subdomain is used to store static content for the www.superdrug.com e-commerce website media.theperfumeshop.com This subdomain is used to store static content for the www.theperfumeshop.com e-commerce website medias.fortress.com.hk This subdomain is used to store static content for the www.fortress.com.hk e-commerce website. medias.pns.hk This subdomain is used to store static content for the www.pns.hk e-commerce website. medias.watsons.co.id This subdomain is used to store static content for the www.watsons.co.id e-commerce website. medias.watsons.co.th This subdomain is used to store static content for the www.watsons.co.th e-commerce website. medias.watsons.com.hk This subdomain is used to store static content for the www.watsons.com.hk e-commerce website. medias.watsons.com.my This subdomain is used to store static content for the www.watsons.com.my e-commerce website. medias.watsons.com.ph This subdomain is used to store static content for the www.watsons.com.ph e-commerce website. medias.watsons.com.sg This subdomain is used to store static content for the www.watsons.com.sg e-commerce website. medias.watsons.com.tw This subdomain is used to store static content for the www.watsons.com.tw e-commerce website. medias.watsons.vn This subdomain is used to store static content for the www.watsons.vn e-commerce website. www.drogas.lt This is our Lithuanian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.drogas.lv This is our Latvian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.fortress.com.hk Fortress is one of our leading e-commerce websites in Hong Kong and Macau. Customers could shop for electrical appliances after paying their electricity bills. If you are testing functionalities that require you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.iciparisxl.be This is our Belgium online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. This website is similar to other websites (Such as Superdrug and Kruidvat). Please keep in mind that issues might be considered duplicates if it is reported on another website already. www.iciparisxl.lu www.iciparisxl.nl This is our Dutch online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.kruidvat.be This is our Dutch online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. This website is similar to other websites (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already. www.kruidvat.nl www.marionnaud.at This is our online Austrian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.ch This is our online Swiss perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.cz This is our online Czech perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.fr This is our online France perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.hu This is our online Hungarian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.it This is our online Italian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.ro This is our online Romanian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.marionnaud.sk This is our online Slovakian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.moneyback.com.hk MoneyBack has turned shopping into fantastic rewards for families across Hong Kong. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.pns.hk PNS is our leading e-commerce website for every day items in Hong Kong. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.superdrug.com This is our online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.theperfumeshop.com The Perfume Shop is one of our leading e-commerce perfumery websites. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.trekpleister.nl www.watsons.co.id This is our online retail platform for health and beauty products in Indonesia. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www.watsons.co.th This is our online retail platform for health and beauty products in Thailand. www.watsons.com.hk This is our online retail platform for health and beauty products in Hong Kong. www.watsons.com.my This is our online retail platform for health and beauty products in Malaysia. www.watsons.com.ph This is our online retail platform for health and beauty products in the Philippines. www.watsons.com.sg This is our online retail platform for health and beauty products in Singapore. www.watsons.com.tr This is our Turkish online retail platform for health and beauty products. www.watsons.com.tw This is our online retail platform for health and beauty products in Taiwan. www.watsons.vn This is our online retail platform for health and beauty products in Vietnam. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address. www10.fortress.com.hk This is the API server for the Fortress Mobile App www10.pns.hk This is the API server for the PNS Mobile App www10.watsons.co.id This is the API server for the Watsons Indonesia Mobile App www10.watsons.co.th This is the API server for the Watsons Thailand Mobile App www10.watsons.com.hk This is the API server for the Watsons Hong Kong Mobile App www10.watsons.com.my This is the API server for the Watsons Malaysia Mobile App www10.watsons.com.ph This is the API server for the Watsons Philippines Mobile App www10.watsons.com.sg This is the API server for the Watsons Singapore Mobile App www10.watsons.com.tw This is the API server for the Watsons Taiwan Mobile App www10.watsons.vn This is the API server of the Watsons Vietnam Mobile App www20.watsons.co.th *.tiktok.com *.tiktokv.com 1235601864 [iOS Store Download](https://apps.apple.com/sg/app/tiktok-%E6%9C%89%E8%B6%A3%E7%9A%84%E4%BA%BA%E9%83%BD%E5%9C%A8%E9%80%99%E8%A3%A1/id1235601864) 1591003012 TikTok Shop Seller Center [iOS Store Download][link]. [link]: https://apps.apple.com/my/app/tiktok-shop-seller-center/id1591003012 641062073 [link]: https://apps.apple.com/be/app/tiktok-now/id1641062073 835599320 [iOS Store Download](https://apps.apple.com/us/app/tiktok-make-your-day/id835599320) academy-outbound-ads.tiktok.com ads.tiktok.com affiliate-id.tokopedia.com business.tiktok.com careers.tiktok.com com.ss.android.ugc.now [Play Store Download][link]. [link]: https://play.google.com/store/apps/details?id=com.ss.android.ugc.now com.ss.android.ugc.trill [Play Store Download](https://play.google.com/store/apps/details?id=com.ss.android.ugc.trill&hl=en_US) com.tiktok.tv TikTok TV app com.tiktokshop.seller [link]: https://play.google.com/store/apps/details?id=com.tiktokshop.seller&hl=en_US&gl=US com.zhiliao.musically.livewallpaper com.zhiliaoapp.musically [Play Store Download](https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US) creatormarketplace.tiktok.com developers.tiktok.com effecthouse.tiktok.com fp-sg.tiktokv.com live-backstage.tiktok.com partner.tiktokshop.com pay.tokopediax.com seller-id.tokopedia.com shop-id.tokopedia.com shop.tiktok.com TikTok Shop tiktok.com www.pangleglobal.com 1180074773 https://apps.apple.com/us/app/miro-collaborative-whiteboard/id1180074773 9n236hqqtvnh https://www.microsoft.com/en-us/p/miro-online-collaborative-whiteboard-platform/9n236hqqtvnh Innovation Workspace Intelligent Canvas MacOS Desktop Application https://desktop.miro.com/platforms/darwin/Miro.dmg Miro SDK Miro SDK methods are listed in the documentation: https://developers.miro.com/docs/the-windowmiro-object Tier1 Tier2 Windows Desktop Application x32 - https://desktop.miro.com/platforms/win32-x86/Miro.exe x64 - https://desktop.miro.com/platforms/win32/Miro.exe api.miro.com Miro REST API methods are listed in the documentation: https://developers.miro.com/reference com.realtimeboard https://play.google.com/store/apps/details?id=com.realtimeboard http://miro.com/app Miro application. http://miro.com/blog Miro blog. https://marketplace.atlassian.com/apps/1215456/miro-for-jira-cloud?hosting=cloud Miro for Jira Cloud. Plugin for attaching Miro boards to Jira issues. Documentation: https://help.miro.com/hc/en-us/articles/360017572414-Jira-Add-on https://marketplace.atlassian.com/apps/1217530/miro-for-confluence?hosting=cloud Miro for Confluence. Plugin for embedding Miro boards into Confluence pages. Documentation: https://help.miro.com/hc/en-us/articles/360020712594-Confluence-Cloud-Plugin https://marketplace.atlassian.com/apps/1219583/jira-cards-by-miro?hosting=cloud Jira Cards by Miro. Plugin for embedding Jira issues to Miro boards. Documentation: https://help.miro.com/hc/en-us/articles/360017572434-Jira-Cards miro.com Miro website. Does not include paths like https://miro.com/app (application), https://miro.com/blog (blog) and so on. *.1debit.com *.chime.com *.chimebank.com *.chimecard.com *.chimepayments.com *.chmfin.com *.saltlabs.com Chime Android App (Beta) https://app.bitrise.io/app/5bec038cb1e318cd/build/e071d2ed-1b34-41d7-88ac-78d683fce9c7/artifact/4edf32abe1b497ea/p/2f6cacc3a3ca02df5fc194248bfb15b7 Chime IOS App (Beta) https://app.bitrise.io/app/5bec038cb1e318cd/build/0e56ea84-4683-4ef6-8d3e-60eb0a012c25/artifact/cf0e6abc6528df88/p/85802412acd014f154decf14e4bb8c57 PayFriends/PayAnyone Features Pay Friends is a fast and safe way to send money to any of your friends and family through the existing Chime app at the bottom of the app screen. We are open to all findings that show impact but encourage researchers to test for any transactions inconsistencies such as: - A person sent the money but the money stayed in their account - A person sent the money but the recipient didn\'t receive it and they money was actually moved from the initial account - Receive or less money more than is sent For more details on this feature please refer to the documents below: Testing instructions: https://docs.google.com/document/d/1ZU-Hhde5YGBM_72SPqviQHyHid5sNtvDg41Vhkwr-dw/ Example API Endpoints and Queries: https://docs.google.com/document/d/1G6ef-lc17jLS0Fsa03ptC9Kp__gUmzqd1CALEgiVUHg/edit?usp=sharing app.chime.com app.saltlabs.com app.staging.saltlabs.com com.1debit.ChimeProdApp Production Environment iOS Chime App: https://apps.apple.com/us/app/chime-mobile-banking/id836215269 com.onedebit.chime Production Environment Android Chime App: https://play.google.com/store/apps/details?id=com.onedebit.chime com.saltlabs.app http://member-qa.chime.com/enroll/#/account http://member-qa.chime.com/users/sign_in https://app.chime.com/ id1668462142 saltlabs.com wp-ci.chime.com wp-dev1.chime.com wp-dev2.chime.com wp-dev3.chime.com wp-dev4.chime.com wp-dev5.chime.com wp-integ.chime.com wp-qa.chime.com www.chime.com LaunchDarkly Open Source SDKs Our SDKs are open source and are available on Github (e.g. [React client SDK](https://github.com/launchdarkly/react-client-sdk)). We encourage researchers to dig into the open source code if interested. However, we will **not** be accepting the following types of findings: - Findings related to non-SDK repositories (i.e., repos not ending in `-sdk`) - Vulnerability/dependency scan results of our source code. Please try and dig into our source code more deeply than just reporting a scan result that we may already be aware of. app.launchdarkly.com docs.launchdarkly.com events.launchdarkly.com stream.launchdarkly.com https://github.com/0xPolygon/proof-generation-api api-gateway.polygon.technology api-polygon-tokens.polygon.technology/ balance-api.polygon.technology/ ecosystem-api.polygon.technology ecosystem.polygon.technology faucet-api.polygon.technology/ faucet.polygon.technology gasstation.polygon.technology/ https://github.com/0xPolygon/auto-claim-service https://github.com/0xPolygon/chain-indexer-framework https://github.com/0xPolygon/lxly.js https://github.com/0xPolygon/static https://github.com/maticnetwork/bor #Bor The Bor node or the Block Producer implementation is basically the sidechain operator. The sidechain VM is EVM-compatible. https://github.com/maticnetwork/heimdall #Heimdall This github repository contains the source code for one of the core components of Matic. Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic and other essential aspects of the system. https://github.com/maticnetwork/matic-cli portal.polygon.technology Here are just some of things you will be able to to do with Polygon Portal: Bridge your assets via Socket bridge and a range of third-party bridges; Manage your assets and token lists; Use the Refuel Gas feature to purchase MATIC or ETH for gas on the destination chain; Leverage developer tools to help you build your dream dApp; Swap assets easily with third-party DEXs. staking-api.polygon.technology staking.polygon.technology https://github.com/skalenetwork/libBLS https://github.com/skalenetwork/sgxwallet https://github.com/skalenetwork/skale-consensus https://github.com/skalenetwork/skale-manager/tree/develop/contracts Figma Atlassian App https://marketplace.atlassian.com/apps/1217865/figma-for-jira Unauthorized access via this app or the APIs that this app uses is also in scope. Figma Desktop App Figma Slack App https://figma.slack.com/apps/A01N2QYSA81-figma-and-figjam?tab=more_info Figma for Microsoft Teams https://appsource.microsoft.com/en-us/product/office/wa200004521?tab=overview Figma iOS and Android apps api.figma.com www.figma.com We are primarily looking for high/critical vulnerabilities in the system. *.amazon.ae *.amazon.ca *.amazon.cl *.amazon.cn *.amazon.co.jp *.amazon.co.uk *.amazon.co.za *.amazon.com *.amazon.com.au *.amazon.com.be *.amazon.com.br *.amazon.com.co *.amazon.com.mx *.amazon.com.ng *.amazon.com.tr *.amazon.de *.amazon.eg *.amazon.es *.amazon.fr *.amazon.in *.amazon.it *.amazon.nl *.amazon.pl *.amazon.sa *.amazon.se *.amazon.sg 1057338687 PN Seller https://apps.apple.com/us/app/pn-seller/id1057338687 1265170914 Amazon Live Creator https://apps.apple.com/us/app/amazon-live-creator/id1265170914 1276296103 Amazon Relay https://apps.apple.com/us/app/itunes-store/1276296103 1454725763 Amazon Flex https://apps.apple.com/us/app/itunes-store/1454725763 1475021574 Amazon Music for Artists https://apps.apple.com/us/app/amazon-music-for-artists/id1475021574 1478350915 Amazon Shopping (IN) https://apps.apple.com/in/app/amazon-india-shop-pay-minitv/id1478350915 1494755014 Amazon Shopper Panel https://apps.apple.com/us/app/amazon-shopper-panel/id1494755014 1498197033 Amazon Business https://apps.apple.com/us/app/amazon-business-b2b-shopping/id1498197033 1532153219 Amazon Freevee https://apps.apple.com/us/app/amazon-freevee-movies-live-tv/id1532153219 1552455423 Amazon Astro https://apps.apple.com/us/app/amazon-astro/id1552455423 1579372261 Amazon Business (IN) https://apps.apple.com/in/app/amazon-business-india-b2b/id1579372261 1592204907 Amazon Sidewalk Bridge Pro https://apps.apple.com/us/app/amazon-sidewalk-bridge-pro/id1592204907 1659883691 Vendor Central (IN) https://apps.apple.com/in/app/vendor-central-india/id1659883691 297606951 https://apps.apple.com/us/app/amazon-shopping/id297606951 335187483 Amazon Shopping (UK) https://apps.apple.com/gb/app/amazon/id335187483 342576766 Amazon Shopping (CN) https://apps.apple.com/cn/app/%E4%BA%9A%E9%A9%AC%E9%80%8A%E8%B4%AD%E7%89%A9/id342576766 348712880 Amazon Shopping (DE) https://apps.apple.com/de/app/amazon/id348712880 358861688 Amazon Shopping (FR) https://apps.apple.com/fr/app/amazon-fr/id358861688 374254473 Amazon Shopping (JP) https://apps.apple.com/jp/app/amazon-%E3%82%B7%E3%83%A7%E3%83%83%E3%83%94%E3%83%B3%E3%82%B0%E3%82%A2%E3%83%97%E3%83%AA/id374254473 510855668 Amazon Music https://apps.apple.com/us/app/amazon-music-songs-podcasts/id510855668 545519333 Amazon Prime Video https://apps.apple.com/us/app/amazon-prime-video/id545519333 6444868926 Amazon Vendor https://apps.apple.com/us/app/amazon-vendor/id6444868926 6452192521 Amazon One https://apps.apple.com/us/app/amazon-one/id6452192521 6471528064 Amazon Kids + Parents Dashbaord https://apps.apple.com/us/app/amazon-kids-parent-dashboard/id6471528064 794141485 Amazon Seller https://apps.apple.com/us/app/itunes-store/794141485 988788863 Selling Services on Amazon https://apps.apple.com/us/app/selling-services-on-amazon/id988788863 GenAI Apps under *.amazon.* This is a catchall for any GenAI applications found under \\*.amazon.\\*. Rufus is an example of this. amazon.speech.sim Amazon Alexa - Show Mode for L https://play.google.com/store/apps/details?id=amazon.speech.sim amazonpayinsurance.in com.amazon.amazonone.androidapp Amazon One https://play.google.com/store/apps/details?id=com.amazon.amazonone.androidapp com.amazon.amazonvideo.livingroom Amazon Prime Video (TV) - Android TV https://play.google.com/store/apps/details?id=com.amazon.amazonvideo.livingroom **Android TV**: follow the documentation [here](https://developer.android.com/training/tv/get-started/create#run-on-a-virtual-device) to create an Android TV virtual device. The “Android 14.0 (Google TV)” image includes the Play Store and can be used to install and run the in-scope apps. com.amazon.astro https://play.google.com/store/apps/details?id=com.amazon.astro com.amazon.avod.thirdpartyclient Amazon Prime Video https://play.google.com/store/apps/details?id=com.amazon.avod.thirdpartyclient com.amazon.flex.rabbit https://play.google.com/store/apps/details?id=com.amazon.flex.rabbit com.amazon.helix.prod Amazon Hub Counter https://play.google.com/store/apps/details?id=com.amazon.helix.prod com.amazon.imdb.tv.mobile.app https://play.google.com/store/apps/details?id=com.amazon.imdb.tv.mobile.app com.amazon.kisan.app Amazon Kisan https://play.google.com/store/apps/details?id=com.amazon.kisan.app com.amazon.mShop.android.business.shopping Amazon Business https://play.google.com/store/apps/details?id=com.amazon.mShop.android.business.shopping com.amazon.mShop.android.shopping https://play.google.com/store/apps/details?id=com.amazon.mShop.android.shopping com.amazon.minitv.android.app Amazon miniTV https://play.google.com/store/apps/details?id=com.amazon.minitv.android.app com.amazon.mp3 Amazon Music https://play.google.com/store/apps/details?id=com.amazon.mp3 Amazon Music (Watch) is also in scope **wearOS**: follow the documentation [here](https://developer.android.com/training/wearables/get-started/creating#run-emulator) to create a wearOS virtual device. The “Android 14.0 (Wear OS 5)” image includes the Play Store and can be used to install and run the in-scope apps. The documentation [here](https://developer.android.com/training/wearables/get-started/connect-phone) explains how to pair a physical/virtual phone to the virtual wearOS device to complete setup. com.amazon.mp3.automotiveOS Amazon Music - Automotive https://play.google.com/store/apps/details?id=com.amazon.mp3.automotiveOS **Android Automotive (AAOS)**: follow the documentation [here](https://developer.android.com/training/cars/testing/emulator) to create an AAOS virtual device. The “Android 14.0 (Automotive)” image includes the Play Store and can be used to install and run the in-scope apps. com.amazon.music.tv Amazon Music TV https://play.google.com/store/apps/details?id=com.amazon.music.tv com.amazon.primenow.seller.android PN Seller https://play.google.com/store/apps/details?id=com.amazon.primenow.seller.android com.amazon.relay https://play.google.com/store/apps/details?id=com.amazon.relay com.amazon.sellerflexmobile Amazon Seller Flex App https://play.google.com/store/apps/details?id=com.amazon.sellerflexmobile com.amazon.sellermobile.android https://play.google.com/store/apps/details?id=com.amazon.sellermobile.android com.amazon.sft.rangoli.seller.app SmartBiz by Amazon Web Builder https://play.google.com/store/apps/details?id=com.amazon.sft.rangoli.seller.app com.amazon.shopperpanel.android.mobile.app Amazon Shopper Panel https://play.google.com/store/apps/details?id=com.amazon.shopperpanel.android.mobile.app com.amazon.tahoe.grownups Amazon Kids + Parent Dashboard https://play.google.com/store/apps/details?id=com.amazon.tahoe.grownups com.amazon.technician.android Selling Services on Amazon https://play.google.com/store/apps/details?id=com.amazon.technician.android com.amazon.vendormobile.android Amazon Vendor https://play.google.com/store/apps/details?id=com.amazon.vendormobile.android com.amazon.vendormobile.india.android Vendor Central (IN) https://play.google.com/store/apps/details?id=com.amazon.vendormobile.india.android com.amazon.warhol.android Amazon Live Creator https://play.google.com/store/apps/details?id=com.amazon.warhol.android com.amazon.ziggy.android https://play.google.com/store/apps/details?id=com.amazon.ziggy.android com.imdbtv.livingroom Amazon Freevee (TV) https://play.google.com/store/apps/details?id=com.imdbtv.livingroom com.localqueen GlowRoad: Resell & Earn Online https://play.google.com/store/apps/details?id=com.localqueen https://www.amazonpay.in/* in.amazon.mShop.android.business.shopping https://play.google.com/store/apps/details?id=in.amazon.mShop.android.business.shopping in.amazon.mShop.android.shopping https://play.google.com/store/apps/details?id=in.amazon.mShop.android.shopping&hl=en_US primevideo.com/* www.amazon.* All international retail marketplaces * Brazil: www.amazon.com.br * Canada: www.amazon.ca * Mexico: www.amazon.com.mx * United States: www.amazon.com * China: www.amazon.cn * India: www.amazon.in * Japan: www.amazon.co.jp * Singapore: www.amazon.sg * Turkey: www.amazon.com.tr * United Arab Emirates: www.amazon.ae * France: www.amazon.fr * Germany: www.amazon.de * Italy: www.amazon.it * Netherlands: www.amazon.nl * Spain: www.amazon.es * Sweden: www.amazon.se * United Kingdom: www.amazon.co.uk * Australia: www.amazon.com.au 3d.cs.money [3d.cs.money](https://3d.cs.money/) is a skin model generator. ## What to look for: * Vulnerabilities related to user privacy violations * Vulnerabilities directly affecting `cs.money` blog.cs.money By visiting this domain you will be redirected to our blog at [cs.money/blog/](https://cs.money/blog/). This is a web application built on Wordpress. Mainly, we\'re looking for vulnerabilities that can affect `cs.money`, our primary web application. cs.money [cs.money](https://cs.money/) is our primary web application where users can trade, sell and buy in-game items. * Besides the described scope on our policy tab, please pay attention to anything else that can affect user experience, security and privacy. support.cs.money This is our [web client](https://support.cs.money/) for providing technical support. * Direct access to the client, authentication bypass * Vulnerabilities, directly affecting `cs.money` #Important information If you are to test anything related to typing in the support chat, please send the following message before that. ``` Hello. I\'m a pentester from HackerOne. I\'m going to test something in support chat. Your developers are aware of that. wiki.cs.money [wiki.cs.money](https://wiki.cs.money/) contains detailed description and characteristics of all CS2 skins as well as a unique 3D viewing system. H5G We are introducing a new testing scope for our Hosting Infrastructure tailored for WordPress websites. builder.hostinger.com cpanel.hostinger.com This is Hostinger\'s customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, windows_vps, logibox email, gsuite, cloudflare, marketgoo, flockmail. Servers and databases under this domain contain confidential and client data. hpanel.hostinger.com payments.hostinger.com This is Hostinger\'s payment microservice gateway. Assets under this domain stores only depersonalized data, however, it is important to us that unverified operations wouldn\'t occur and integrity of the records wouldn\'t be affected by an unauthorized individuals. www.hostinger.com This is Hostinger\'s main web application meant for service presentation and client account registration. No confidential information or client data is stored on these systems. However, gaining access to these assets might help attacker to access confidential information on other servers. *.romwe.com *.romwe. [com | co.in ] .romwe.org 1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (ie: .com, .co.in and .org), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.** 2. Please read the "Important guidelines regarding cross-host vulnerabilities" section of the policy page as the guidelines apply for this asset. *.shein.com *.shein.[com | in | tw | se | com.hk | com.vn | com.mx | co.uk ] 1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (example: .com, .in, .tw etc), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.** *.sheingsp.com 1080248000 [ROMWE - Fashion Store](https://apps.apple.com/app/romwe-fashion-store/id1080248000) on the Apple App Store 878577184 [SHEIN-Fashion Shopping Online](https://apps.apple.com/app/shein-fashion-shopping-online/id878577184) on the Apple App Store com.romwe [ROMWE](https://play.google.com/store/apps/details?id=com.romwe) on the Google Play Store com.zzkko [SHEIN-Fashion Shopping Online](https://play.google.com/store/apps/details?id=com.zzkko) on the Google Play Store api.faraday.ai app.faraday.ai s3://faraday-secret s3://faraday-uploads *.api.playstation.com *.playstation.net *.sonyentertainmentnetwork.com 410896080 iOS PlayStation App https://apps.apple.com/app/apple-store/id410896080?pt=104940801&ct=pdcexploreapp&mt=8 PlayStation 4 Console system and operating system PlayStation 5 PlayStation Network See in scope assets above - domains/subdomains not listed are out of scope api.direct.playstation.com ca.account.sony.com com.scee.psxandroid Android PlayStation App https://play.google.com/store/apps/details?id=com.scee.psxandroid&utm_source=pdcexploreapp direct.playstation.com my.account.sony.com my.playstation.com social.playstation.com store.playstation.com transact.playstation.com wallets.api.playstation.com *-asia-south1.truecaller.com *-eu.truecaller.com *-noneu.truecaller.com 448142450 iOS Application ID business-resources.truecaller.com business.truecaller.com com.truecaller web.truecaller.com www.truecaller.com 281796108 406056744 MacOS 9wzdncrfj3mb accounts.evernote.com api.evernote.com api.evernote.com is the API gateway into Evernote\'s microservice infrastructure. The microservice infrastructure is managed by Istio and is provisioned by Google Kubernetes Engine (GKE). Traffic is HTTP or gRPC, depending on the service being interacted with. com.evernote www.evernote.com www.evernote.com serves the main Evernote web app. It also exposes several HTTP and Thrift endpoints that the Evernote mobile/desktop apps use to communicate with the service. Almost all endpoints on the www. domain are routed by HAProxy to an array of Java based Tomcat/Struts shards. https://filezilla-project.org/download.php?type=server&show_all=1 https://svn.filezilla-project.org/svn/FileZilla3/trunk/ https://svn.filezilla-project.org/svn/filezilla3/trunk/src/putty The code in this directory is based on PuTTY. Only vulnerabilities specific to changes made in FileZilla compared to upstream are eligible for a bounty. https://svn.filezilla-project.org/svn/libfilezilla/trunk https://svn.filezilla-project.org/svn/libfilezilla/trunk/ Mackeeper app Please use the last updated version available on our site https://mackeeper.com Currently we accept only the reports on version 6.1.1 or higher. For short period of time, we will still accept High and Critical vulnerability reports for older versions of Mackeeper (5.12 and higher) account.mackeeper.com adblocking.clario.co api-ne.mackeeper.com api.account.clario.co chat-crm.clario.co chat.clario.co clario.co crm.clario.co dcs.clario.co dl.clario.co event.clario.co inapp.clario.co kbill.mackeeper.com mackeeper.com mkapi.mackeeper.com static-cdn.clario.co updater.clario.co updatetracker.clario.co webapi.clario.co yapi.clario.co *.a.exodus.io Everything underneath the `*-s.a.exodus.io` is generally considered our staging environment and is okay/safe for performing simple/basic attack vectors against our wallet and our backends. Add `-s` to any asset/service name to hit our staging environment, for example bitcoin-s.a.exodus.io. **KNOWN ISSUES** 1. Please do not re-submit reports disclosing XSS attacks on outdated openapi/swaggerhub version embedded in the various open source blockchain APIs that we host. This is a known issue, posting here for clarity to prevent wasted cycles on your end and ours. 1. API keys that are hardcoded in our wallet involving 3rd party blockchain APIs (ex. bitcoin, tezos, waves etc) are similarly a known/non issue. These are effectively public APIs and no changes will be made to these endpoints. *.exodus.com This is basically a marketing site while our product API is still pointing to `*.exodus.io`, Some of `exodus.io` subdomains should be redirected to `exodus.com` such as `www.exodus.io` --> `www.exodus.com` *.exodus.io Any domains or subdomains underneath exodus.io are considered our public "face" of our company, including our website, subdomains, download links, etc. Please review our policy for things that are considered in-scope and will result in bounties. Exodus Browser Extension Install using: https://www.exodus.com/browser-extension/ Exodus Desktop Wallet Desktop Download Link: [Exodus Crypto Wallet](https://exodus.io/download) This is the official Exodus Crypto Wallet for the Desktop (Mac/Win/Linux) which itself stores and manages a user\'s cryptocurrency. This has much higher Environmental Score and potential attack vectors especially due to its desktop-computer nature. **NOTE:** Please make sure to read our Program Policy, as certain attack vectors are considered out of scope (eg: OS-related attacks). Passkey Wallet 1. https://passkeys.foundation/playground 2. https://wallet.passkeys.foundation/ 3. https://my.passkeys.network/ exodus-movement.exodus App Store: [Exodus Crypto Wallet](https://apps.apple.com/us/app/exodus-crypto-wallet/id1414384820) This is the official Exodus Crypto Wallet, which itself stores and manages a user\'s cryptocurrency. This has much higher Environmental Score and potential attack vectors. The most critical thing we want to help ensure is that our users are never vulnerable to getting their money/wallet stolen, and that users can always use their wallet to view/manage/exchange crypto. exodusmovement.exodus Google Play Store: [Exodus Crypto Wallet](https://play.google.com/store/apps/details?id=exodusmovement.exodus&hl=en) Tier 3 github.com/kubernetes-csi Kubernetes CSI drivers & infrastructure. Not all repos are eligible for bounty. Eligible for bounty: - github.com/kubernetes-csi/external-provisioner - github.com/kubernetes-csi/external-snapshotter - github.com/kubernetes-csi/node-driver-registrar - github.com/kubernetes-csi/livenessprobe - github.com/kubernetes-csi/csi-release-tools - github.com/kubernetes-csi/csi-lib-utils - github.com/kubernetes-csi/kubernetes-csi.github.io - github.com/kubernetes-csi/docs Ineligible: - github.com/kubernetes-csi/driver-registrar (deprecated) - github.com/kubernetes-csi/csi-test - github.com/kubernetes-csi/drivers (example code) - github.com/kubernetes-csi/cluster-driver-registrar (deprecated) - github.com/kubernetes-csi/external-attacher (alpha) - github.com/kubernetes-csi/external-resizer (alpha) - github.com/kubernetes-csi/csi-driver-host-path (not recommended for production) - github.com/kubernetes-csi/csi-driver-iscsi (not stable) - github.com/kubernetes-csi/csi-driver-nfs (not stable) - github.com/kubernetes-csi/csi-driver-image-populator (not stable) - github.com/kubernetes-csi/csi-driver-flex (not stable) - github.com/kubernetes-csi/csi-driver-fibre-channel (not stable) - github.com/kubernetes-csi/csi-lib-fc (not stable) - github.com/kubernetes-csi/csi-lib-iscsi (not stable) https://github.com/kubernetes-client Kubernetes client libraries. The stable libraries are eligible for bounty, including: - https://github.com/kubernetes-client/python - https://github.com/kubernetes-client/java Supporting libraries are also eligible: - https://github.com/kubernetes-client/gen - https://github.com/kubernetes-client/python-base All other libraries are ineligible for bounty due to the alpha status or work in progress status. https://github.com/kubernetes-security Unauthorized access (read or write) to any repositories under the kubernetes-security github organization is eligible. https://github.com/kubernetes/api The canonical location of the Kubernetes API definition. https://github.com/kubernetes/apiextensions-apiserver API server for API extensions like CustomResourceDefinitions https://github.com/kubernetes/apimachinery https://github.com/kubernetes/apiserver Library for writing a Kubernetes-style API server. https://github.com/kubernetes/autoscaler Autoscaling components for Kubernetes https://github.com/kubernetes/cli-runtime Set of helpers for creating kubectl commands and plugins. https://github.com/kubernetes/client-go Go client for Kubernetes. https://github.com/kubernetes/cloud-provider cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider. https://github.com/kubernetes/cluster-bootstrap https://github.com/kubernetes/cluster-registry Cluster Registry API https://github.com/kubernetes/code-generator Generators for kube-like API types https://github.com/kubernetes/component-base Shared code for kubernetes core components https://github.com/kubernetes/cri-api Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes. https://github.com/kubernetes/csi-api https://github.com/kubernetes/csi-translation-lib Staging repo for CSI Migration/Translation libraries https://github.com/kubernetes/dashboard General-purpose web UI for Kubernetes clusters https://github.com/kubernetes/dns Kubernetes DNS service https://github.com/kubernetes/gengo Gengo library for code generation. https://github.com/kubernetes/git-sync A sidecar app which clones a git repo and keeps it in sync with the upstream. https://github.com/kubernetes/k8s.io Kubernetes files for various *.k8s.io sites https://github.com/kubernetes/klog Forked from golang/glog Leveled execution logs for Go (fork of https://github.com/golang/glog) https://github.com/kubernetes/kompose Go from Docker Compose to Kubernetes https://github.com/kubernetes/kops Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management https://github.com/kubernetes/kube-aggregator Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy https://github.com/kubernetes/kube-controller-manager kube-controller-manager component configs https://github.com/kubernetes/kube-deploy A place for cluster deployment automation https://github.com/kubernetes/kube-openapi Kubernetes OpenAPI spec generation & serving https://github.com/kubernetes/kube-proxy kube-proxy component configs https://github.com/kubernetes/kube-scheduler kube-scheduler component configs https://github.com/kubernetes/kube-state-metrics Add-on agent to generate and expose cluster-level metrics. https://github.com/kubernetes/kubeadm Aggregator for issues filed against kubeadm https://github.com/kubernetes/kubectl Issue tracker and mirror of kubectl code https://github.com/kubernetes/kubelet kubelet component configs https://github.com/kubernetes/kubernetes Production-Grade Container Scheduling and Management https://github.com/kubernetes/metrics Kubernetes metrics-related API types and clients https://github.com/kubernetes/minikube Run Kubernetes locally https://github.com/kubernetes/node-api https://github.com/kubernetes/node-problem-detector This is a place for various problem detectors running on the Kubernetes nodes. https://github.com/kubernetes/org Meta configuration for Kubernetes Github Org https://github.com/kubernetes/publishing-bot Code behind the robot to publish from staging to real repositories. https://github.com/kubernetes/release Release infrastructure for Kubernetes and related components https://github.com/kubernetes/repo-infra Kubernetes repository infrastucture tools https://github.com/kubernetes/sig-release Repo for SIG release https://github.com/kubernetes/test-infra Test infrastructure for the Kubernetes project. https://github.com/kubernetes/utils Non-Kubernetes-specific utility libraries which are consumed by multiple projects. https://github.com/kubernetes/website Kubernetes website and documentation repo: https://storage.googleapis.com/kubernetes-release/ Kubernetes release artifacts download server. Write access or modification of assets are eligible for bounty. Please DO NOT modify production artifacts. If you need a test target, you can use a test artifact such as `addons/test/crinit/2017-11-17/crinit` k8s.gcr.io Our official container repository (an alias to gcr.io/google-containers). The ability to write to or modify containers in the repository are in scope. Please DO NOT modify production containers. If you need a test target, please use a test image such as fakegitserver. k8s.io Kubernetes nginx server. kubernetes-csi.github.io Kubernetes CSI documentation site. kubernetes.io Main kubernetes website, hosted by netlify. prow.k8s.io Kubernetes build & test infrastructure. Please limit automated scanning to 1qps. 1541949985 com.coinspot.app www.coinspot.com.au *.gocardless-cicd.io Non-production environment for infrastructure services. *.gocardless-lab.io Testing and experimentation environment for internal tools with no live data. *.gocardless-staging.io Staging environment for GoCardless applications, APIs, and internal tools being developed or supported, may contain live data. *.gocardless.io,*.gocardless-banking.io Internal infrastructure and tools (e.g., performance dashboards). api-sandbox.gocardless.com Sandbox version of the Merchant Dashboard API component - used to power the Merchant Dashboard (manage.gocardless) and to provide functionality for customers who wish to integrate their services with ours. auth0.gocardless.com bankaccountdata.gocardless.com, ob.gocardless.com !Note that this is a production instance, so you must avoid denial of service, data corruption, and any other destructive or disruptive actions. No automated scanning allowed - manual testing only! This is our Bank Account Data dashboard application and Open Banking API endpoint meant for partners and developers who wish to integrate with our Open Banking APIs. connect-sandbox.gocardless.com Sandbox version of the Merchant Dashboard OpenID authentication component. manage-sandbox.gocardless.com Sandbox version of the Merchant Dashboard application. Includes user management for the GC4X application (xero.gocardless). oauth-sandbox.gocardless.com The authentication component for GoCardless for Xero (GC4X). pay-sandbox.gocardless.com Sandbox for the API used to process billing requests, related to the Merchant Dashboard application. www.gocardless.com Our public-facing content, without authenticated access to sensitive information related to merchants or payers. 194.90.151.192/28 Please do not bombard these sites while testing. Be gentle. 194.90.25.80/29 Please be careful when testing these sites to not bombard them. Be gentle. 194.90.89.165/32 212.143.112.81/29 Please be gentle when testing these sites. Do not bombard them. 38.140.238.56/29 64.47.18.80/29 64.84.60.0/24 97.105.243.96/28 CounterAct 8.4 This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings! a360f0bcc63ca11ea92550aeac091f3d-1101372245.us-east-1.elb.amazonaws.com Please prioritize your testing for this device. Thank You. ab2b0c50cdc7b445391f99d4957850c5-cd4ccfdb37dfafad.elb.us-east-1.amazonaws.com aebddc74953f248bc8455665b0f7d47b-78af959a11e5d0c1.elb.us-east-1.amazonaws.com app.command.cysiv.com app.iris.acceptance.forescoutcloud.net app.iris.production.forescoutcloud.net community.forescout.com Community Support Login cysiv.com datapod-1-100-druid-ingest.development.forescoutcloud.net *New Host Added on 3/12/2010 ** Naming convention is datapod-[1-100]-druid-ingest.development.forescoutcloud.net ** Example: datapod-1-druid-ingest.development.forescoutcloud.net ** Example: datapod-10-druid-ingest.development.forescoutcloud.net and so on. datapod-1-100-druid-ingest.testing.forescoutcloud.net * Expanded Datapod Host Range to 100 nodes datapod-1-100-druid-query.development.forescoutcloud.net ** Naming convention is datapod-[1-100]-druid-query.development.forescoutcloud.net ** Example: datapod-1-druid-query.development.forescoutcloud.net ** Example: datapod-10-druid-query.development.forescoutcloud.net datapod-1-100-druid-query.production.forescoutcloud.net datapod-1-100-druid-query.production.forescoutcloud.net is the range ex. datapod-1-druid-query.production.forescoutcloud.net datapod-2-druid-query.production.forescoutcloud.net datapod-10-druid-query.production.forescoutcloud.net and so on.... datapod-1-druid-ingest.production.forescoutcloud.net datapod-1-ingest.production.forescoutcloud.net datapod-1-query.production.forescoutcloud.net datapod-2-druid-ingest.production.forescoutcloud.net datapod-2-ingest.acceptance.forescoutcloud.net datapod-2-query.acceptance.forescoutcloud.net de.forescout.cloud http://backend-api.devicecloud.production.forescoutcloud.net/api/v1/settings http://datapod-1-druid-ingest.production.forescoutcloud.net/v1/upload http://datapod-1-druid-query.production.forescoutcloud.net/v1/polling http://datapod-1-druid-query.production.forescoutcloud.net/v1/query/agg http://datapod-1-druid-query.production.forescoutcloud.net/v2/deletestatus http://datapod-1-druid-query.production.forescoutcloud.net/v2/matrixoverview http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/firstreporttimeentry http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/grouptogroup http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/iplist http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bydst/details http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bysrc http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/overlappinggroups http://datapod-1-druid-query.production.forescoutcloud.net/v2/service-list http://datapod-1-druid-query.production.forescoutcloud.net/v2/services http://datapod-1-druid-query.production.forescoutcloud.net/v3/matrixoverview http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/overlappingzones http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/zonetozone http://logstash-props.devicecloud.production.forescoutcloud.net/api/v1/properties http://mgmtpod-1.production.forescoutcloud.net/oauth/token https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/package This asset is currently in Acceptance testing. https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/polling https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/upload This asset is currently in Acceptance Testing. iris-testing-us-east-1-nlb-4df4bbde6f6e2bbb.elb.us-east-1.amazonaws.com logstash-props.devicecloud.acceptance.forescoutcloud.net Please begin testing against this host as soon as possible. We are working through a release cycle and this testing is part of that cycle. mgmt-sensors.iris.acceptance.forescoutcloud.net mgmt-sensors.iris.production.forescoutcloud.net mgmtpod-1-dashboard.production.forescoutcloud.net mgmtpod-1.production.forescoutcloud.net obs-sensors.iris.acceptance.forescoutcloud.net obs-sensors.iris.production.forescoutcloud.net streaming-api.iris.acceptance.forescoutcloud.net streaming-api.iris.production.forescoutcloud.net streaming-gw.iris.production.forescoutcloud.net streaming.iris.acceptance.forescoutcloud.net streaming.iris.production.forescoutcloud.net uk.forescout.cloud updates.forescout.com us.forescout.cloud www.forescout.com This is the primary www.forescout.com website. *.line-apps.com **_Tier B_ Asset** *.line.biz *.line.me Previous standalone web domains such as live.line.me, music.line.me, news.line.me, store.line.me are now included in this wildcard. URLs that contain `nvapis.line.me` will be out of scope. *.line.naver.jp *.linecorp.com 443904275 **_Tier A_ Asset** [Apple App Store](https://apps.apple.com/jp/app/line/id443904275) Please make sure you are testing the latest version. Only the latest version is considered in scope. 539883307 macOS: [Apple Mac App Store](https://apps.apple.com/id/app/line/id539883307) 9wzdncrfj2g6 [Microsoft Windows Store](https://www.microsoft.com/ja-jp/p/line/9wzdncrfj2g6) Chrome Extension https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc LINE Messenger - Chat Chat and Group Chat feature that can send texts, images, stickers and so on in LINE Messengers > Chats Tab and related servers. Supplementary services such as Album, Notes are also included. LINE Messenger - Keep A storage service that lets you save photos, videos, text and files in LINE Messengers > Keep feature and related servers. LINE Messenger - News News service in LINE Messengers > News Tab and related servers. Please note that this is available in Japan Only. LINE Messenger - OpenChat Anonymous chat service in LINE Messengers > OpenChat and related servers. LINE Messenger - VOOM Social media feature that can share contents in LINE Messengers > Voom Tab and related servers. The website (https://linevoom.line.me) is also included. LINE Messenger - VoIP Voice and Video call service in LINE Messengers > Calls tab or call menu in a chat room and related servers. Windows Executable https://desktop.line-scdn.net/win/new/LineInst.exe com.linecorp.linelite LINE Lite on the [Google Play Store](https://play.google.com/store/apps/details?id=com.linecorp.linelite) http://recruit.linepluscorp.com jp.naver.line.android [Google Play Store](https://play.google.com/store/apps/details?id=jp.naver.line.android) Other Assets 1452166623 **Tier 1** Asset Only the latest version of the application will be in scope. [Download from the Apple App Store here](https://apps.apple.com/app/lark-collaboration-tool/id1452166623) Mac OS Executable: Download here https://www.larksuite.com/download This is the Lark Suite application for Mac OS. Only the latest version of the application will be in scope. Please download the latest version of the application here: https://www.larksuite.com/download Windows OS Executable: Download here https://www.larksuite.com/download This is the Lark Suite application for Windows. Only the latest version of the application will be in scope. api.larksuite.com app.larksuite.com **Tier 2** Asset caldav.larksuite.com com.larksuite.suite [Download from the Google Play Store here](https://play.google.com/store/apps/details?id=com.larksuite.suite) file.larksuite.com hackers_chosendomain.larksuite.com <hacker’s_chosendomain>.larksuite.com If you find a vulnerability against your own test account domain, please feel free to use this asset for submission. internal-api-drive-stream.larksuite.com internal-api-lark-api.larksuite.com internal-api.larksuite.com lark-frontier.byteoversea.com larksuite.com open.larksuite.com passport.larksuite.com status.larksuite.com DSE, Opscenter Applications packaged and in scope are: * DataStax Enterprise (DSE) [Server, Analytics, Graph, Search] Vulnerabilities in scope: * Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports) * Privilege escalation, or loss of tenancy within CQL Vulnerabilities out of scope: * JMX related vulnerabilities * DDOS attacks using large or high throughput payloads astra.datastax.com docs.datastax.com *Automated Scanning Prohibited* downloads.datastax.com Our downloads site available for the general public. Open directory listings with read only access is not in scope. langflow.datastax.com https://docs.datastax.com/en/langflow/quickstart.html langflow.org Please check https://github.com/langflow-ai/langflow/issues before filing here. www.datastax.com *.sprint.apps.dynatracelabs.com Wildcard domain for your Dynatrace Platform environment, sometimes also called 3rd gen. This is your default testing environment. Once you request your testing environment you will be redirected to this environment. API endpoints: - <environment-id>.sprint.apps.dynatracelabs.com/platform/swagger-ui/index.html How to Switch Between APIs: 1. Navigate to the top right corner of the page. 2. Locate the drop-down box next to "Select a Definition." 3. Click on the drop-down box. 4. Choose the desired API from the available options. *.sprint.dynatracelabs.com Wildcard domain for your 2nd gen testing environments - an older but fully supported and regularly updated version of our product. To get there, follow the steps described in our Policy page under "how to access your 2nd gen environment" * <environment-id>.sprint.dynatracelabs.com/rest-api-doc/index.jsp All other Assets Used for asset classification only, please have a look at the policy page or the rewards section. Core Assets Dynatrace ActiveGate ActiveGate is a secure proxy that connects Dynatrace OneAgents to Dynatrace Clusters or other ActiveGates. For more details please have a look at the Useful tips section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate). Dynatrace MobileAgent The MobileAgent can be used to monitor Android or IOs apps. For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/platform-modules/digital-experience/mobile-applications). Dynatrace OneAgent OneAgent is responsible for collecting all monitoring data within your environment. For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation). account-sprint.dynatracelabs.com This is the old domain for our account management, the new domain is myaccount-hardening.dynatracelabs.com. Since the domain is still used in some parts of our software, it is still in scope. https://github.com/Dynatrace Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/). https://github.com/Dynatrace-innovationlab myaccount-hardening.dynatracelabs.com Myaccount is the place where you can manage your license, subscriptions, users, groups, policies and more. For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/manage/account-management). - https://api-hardening.internal.dynatracelabs.com/spec/ sso-sprint.dynatracelabs.com This domain is used in our single sign on solution, you will see the domain for example during the login process. university-staging.dynatracelabs.com University is a learning platform which offers courses that help improve your knowledge about Dynatrace. Use the "**University Login**" button and your already claimed credentials. com.citymapper.app.release 469463298 6449737830 6464473474 657777015 eu.remix.com global-api.citymapper.com https://metroconnect.app.ridewithvia.com https://pt-runner.app.ridewithvia.com platform.remix.com ridewithvia.neoridelittlerock ridewithvia.par.piercetransit via.rider *.mi.com *.miui.com *.miwifi.com *.xiaomi.com *.xiaomiyoupin.com MIUI OS for Xiaomi Phone MIUI is Xiaomi phone operation system (OS), custimized on stock android. the scope inculdes the pre-installed apps with Xiaomi certification signed. Mi Band mi-band-3/4/5 Mi Electric Scooter https://www.mi.com/us/mi-electric-scooter/ Mi Home Webcam https://www.mi.com/us/mi-home-security-camera/ , https://www.mi.com/in/camera-360/ Mi Laser Projector https://www.mi.com/us/mi-laser-projector-150/ Mi Robot Vacuum https://www.mi.com/hk/mi-robot-vacuum/ Mi TV https://store.mi.com/in/accessories/213 Mi TV Box https://www.mi.com/us/mi-box-s/ Mi/Redmi Phone https://www.mi.com/hk/mi-note-10/,https://www.mi.com/hk/mi-a3/,https://www.mi.com/hk/max3/,https://www.mi.com/hk/mi-8-pro/,https://www.mi.com/hk/redmi-note-8-t/,https://www.mi.com/hk/redmi-note-8-pro/ Other APK Assets com.miui.screenrecorder com.android.providers.telephony com.android.dynsystem com.miui.powerkeeper com.xiaomi.miplay_client com.milink.service com.xiaomi.mi_connect_service com.android.updater com.miui.securityadd/com.miui.gallery/com.android.mms.service/com.miui.msa.global/com.android.browser/com.miui.videoplayer/com.android.soundrecorder/com.miui.backup/com.miui.notification/com.android.certinstaller/com.miui.huanji/com.miui.hybrid/com.miui.vsimcore/com.miui.securitycore/com.mi.health/com.xiaomi.simactivate.service/com.miui.phrase/com.miui.player/com.miui.miservice/com.android.provision/com.miui.system/com.miui.global.packageinstaller/com.miui.compass/com.miui.cit/com.miui.android.fashiongallery/com.miui.bugreport/com.android.fileexplorer/com.android.camera/com.xiaomi.glgm/com.xiaomi.xmsf/com.miui.mishare.connectivity/com.miui.freeform/com.xiaomi.finddevice/com.mi.global.bbs/com.xiaomi.joyose/com.mi.android.globalFileexplorer/com.miui.notes/com.miui.wmsvc/com.xiaomi.midrop/com.miui.touchassistant/com.miui.miwallpaper/com.xiaomi.bluetooth/com.miui.cleanmaster/com.miui.analytics/com.android.settings/com.xiaomi.scanner/com.android.phone/com.android.deskclock/com.android.systemui/com.xiaomi.discover/com.android.thememanager/com.android.bluetooth/com.miui.face/com.miui.home Other Hardware Assets Accepted ranges of hardware in Xiaomi’s Program include Xiaomi and Mijia products ( these are for assets that are not specified in the Hardware/IoT scope list ) com.android.browser com.mi.global.shop com.miui.cloudbackup com.miui.cloudservice com.miui.micloudsync com.xiaomi.account com.xiaomi.market com.xiaomi.mibrain.speech com.xiaomi.micloud.sdk com.xiaomi.mipicks com.xiaomi.payment com.xiaomi.smarthome Coda Chrome Extension Link: https://chrome.google.com/webstore/detail/coda-browser-extension/cdgkmagmdldlpiglliebaajdpdkigcbi?hl=en codacontent.io codahosted.io https://*.coda.io/* https://airflow-prod.coda.io/* https://airflow-prod.ops.coda.io/* https://coda.io/* https://coda.io/signup/email Please use your HackerOne designated email when signing up (**`@wearehackerone.com`**), and furthermore please avoid any automated testing or brute-forcing as that may lead to your accounts or IP getting locked out and also create issues on our end. https://data.coda.io/* https://head.coda.io/* https://infra.coda.io/* https://shiny.ops.coda.io/* https://staging.coda.io/* https://user-profile-prod.coda.io/* io.coda Link: https://apps.apple.com/us/app/coda/id1397968110 Coda\'s native apps make heavy use of the same endpoints and UX that\'s used by the mobile website. That being said, there are some differences and we invite security reports pertaining to our iOS and Android apps. Please be sure to follow the same guidelines for setting up an account in our mobile apps as on https://coda.io. io.coda.codaapp Link: https://play.google.com/store/apps/details?id=io.coda.codaapp *.memorable.io [Non-Core asset] *.reddit.com [Core asset] *.redditblog.com [Non-core asset] *.reddithelp.com *.redditinc.com Vendor hosted and managed CMS for corporate / marketing site. It is domain whitelisted for reddit.com functionality so if you can string an attack together with reddit.com then this becomes super interesting. *.redditmedia.com *.snooguts.net This is our internal domain for "intranet" related services. Accessible to the internet should be either 1) an OAuth proxy that gates access to backend services (SCM, admin tooling, CI/CD, etc.) or 2) k8s public ingresses. This domain isn\'t necessarily "private" so leaking the domain isn\'t interesting, but certainly bypassing proxy auth wall or finding juicy targets on that domain is of interest. *.spiketrap.io Android App Non-Core Assets accounts.reddit.com Authentication / authorization service for reddit.com ads.reddit.com amp.reddit.com This service houses our AMP generated pages for search engine optimization. api.reddit.com The Reddit API is used for programmatic access. Please use your own test accounts and do not try to access the private data of other users/mods/admins or Reddit employees. Authentication ([OAUTH](https://github.com/reddit-archive/reddit/wiki/OAuth2)) and authorization are especially important. Docs are available at: https://www.reddit.com/dev/api Please follow Reddit\'s [rules for API access](https://github.com/reddit-archive/reddit/wiki/API). business.reddithelp.com Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren\'t eligible for payout, but misconfigurations that are Reddit\'s responsibility are. developers.reddit.com gateway.reddit.com Frontdoor service that handles dispensation to backend microservices. Relies on oauth authentication gql.reddit.com GraphQL implementation for Reddit accessing all our internal things requiring OAuth. iOS App m.reddit.com Mobile webapp (we call mweb) for Reddit. Use a mobile UA to access. matrix.redditspace.com meta-api.reddit.com Houses Reddit\'s smart contracts based on Ethereum, which is called Community Points and ties in with the Vault functionality within Reddit\'s official mobile apps. mod.reddit.com The Reddit modmail interface is used by moderators to take moderator actions and view reports. Please test against your own subreddits and not those belonging to other users/mods/admins. new.reddit.com The Reddit redesign. Follow the same rules as `www.reddit.com`. redditforbusiness.com Third party hosted CMS platform on WebFlow sh.reddit.com strapi.reddit.com Our streaming api. *.clearxchange.com *.earlywarning.com *.zelle.com *.zellepay.com api.zellepay.com api.zmsp.*.earlywarning.io api.zmsp.earlywarning.com com.zellepay.zelle developer*.earlywarning.com earlywarningapi.force.com ews-fusion.my.site.com https://mywallet-management-east.wallet.cat.earlywarning.io/ https://mywallet-management-west.wallet.cat.earlywarning.io/ https://sandbox.digitalwallet.earlywarning.com platform.cat.earlywarning.io platformtest.cat.earlywarning.io support*.earlywarning.com zellepay.force.com zelleservice.my.site.com *.instacart.com *.instacart.tools 545599256 Instacart’s iOS application for online grocery delivery. package name: com.instacart Android & iOS App for Instacart Shoppers To download the shoppers app please visit https://shoppers.instacart.com/apps and enter your phone number to get the download link Shoppers receive orders through the app on their smartphone and then they shop and deliver groceries to the customers admin.instacart.com An admin page that lets our internal users access tools, reports. It is used by customer support for order refunds, redelivery. Internal corporate employees can use it for editing store configuration and warehouse availability. api.instacart.com A service that allows Instacart\'s retailers to connect to Instacart\'s API to do fulfillment through their apps/websites. com.instacart.client Instacart’s Android application for online grocery delivery. shoppers.instacart.com A service that allows people to apply for the shoppers position at Instacart www.instacart.com Web application to provide online ordering of groceries for either delivery or in store pick up. Account Settings **Note that if you do not see the \'Account\' link on the top right please perform a hard-reload in your browser** **Type:** Fortmatic Modal **What it runs on:** - Redux, HTML, LESS **What it does:** - This provides users access to their personal settings, and offers critical features such as managing their PIN, recovery email, and exporting their private key. **What to look for:** - There is a host of private information being disclosed through this modal. Any web or access control vulnerabilities are of high risk here. Any attacks that can bypass, or skip layers of authentication allowing modification of a user\'s account is of high interest. **Test plan:** - You can gain access to the account settings on our [landing page](www.fortmatic.com?ref=h1) and hitting the `Account` link in the nav bar on the top right. Accessing and interacting with the modal will not require any cryptocurrencies or setup beyond a Fortmatic account. Any .magic.link demo sites Login with SMS - Feature Demo and Overview: https://magic.link/docs/login-methods/sms/build-a-demo/browser Getting started on React: https://magic.link/docs/login-methods/sms/integration/web Getting started on React Native: https://magic.link/docs/login-methods/sms/integration/react-native swagger.json: https://drive.google.com/file/d/1Uu_j7feFo4qot74f0zIj6xCfYyokOnUc/view swagger.yaml: https://drive.google.com/file/d/1NdZPQVBhrkZnEGoZmUcYqLi_3Yv5Ks5c/view Multi-factor Auth - Feature api.fortmatic.com **Any activity that could lead to the disruption of our service (DDOS) is explicitly out of scope.** - This is our main API that serves the rest of the Fortmatic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to interacting with the blockchain can be found. - We are interested in vulnerabilities which are caused by improper access control and can cause leakage/modification of user information. Please keep in mind to only ever test against your own accounts. - Access our API by providing your API key to the `X-Fortmatic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `x2.fortmatic.com`’s interactions with the API will provide a good idea of how the API can be invoked. **Known Issues** - Bugs involving bypass of SMS/2FA verification are known issues and will be considered duplicates api.magic.link - This is our main API that serves the rest of the Magic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to supporting our [dashboard](https://dashboard.magic.link/login?ref=h1) functionalities can be found here. - Grab a set of API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1) - Access our API by providing your API key to the `X-Magic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `auth.magic.link`’s or `dashboard.magic.link`\'s interactions with the API will provide a good idea of how the API can be invoked. auth.magic.link This is our main product, orchestrating the one-click passwordless login experience. Follow the instructions on our [documentation page](https://docs.magic.link/?ref=h1), and please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing. **What it is:** - User interface and authentication relayer to enable passwordless authentication using magic links. The main way to interact with this interface will be through our [client SDK](https://www.npmjs.com/package/magic-sdk), our [docs](https://docs.magic.link/get-started?ref=h1) will help you to quickly get up and running! - We are highly interested in any access control, token enumerations, or privilege escalation vulnerabilities and consider them as very high risk issues. Also keep an eye on other standard web vulnerabilities such as XSS/CSRF for extracting held secrets in local storage/cookies. Please note to only ever test against your own account. - Javascript ES6, TypeScript, React, Redux, HTML, CSS, LESS, - Get your API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1). - Fork our [demo app](https://go.magic.link/hello-world-code), and run with your test publishable API keys from our dashboard. - Inputting an email will start the login process, and you\'ll be off to the races! dashboard.fortmatic.com Navigate to our [dashboard](https://dashboard.fortmatic.com/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our hackers, apologies for the inconvenience. **Similar to our other scopes any DDoS based exploits are explicitly out of scope** - HTML, LESS - Developers come in here to manage their access to the Fortmatic API. It contains features that are vital to the operation of the developers’ app -- domain verification, and obtaining/rolling their API keys. - Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Also interested in vulnerabilities in the OAuth flow that occur for user sign-up/sign-in. - This is a fairly standard web application, with no particular gotchas. Your standard tool kit should be all that you’d need here. dashboard.magic.link Navigate to our [dashboard](https://dashboard.magic.link/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our testers, apologies for the inconvenience. Please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing. - React, Redux, Javascript, Typescript, HTML, CSS, LESS - Developers come in here to manage their access to the Magic API. It contains features that are vital to the operation of the developers’ app -- billing setup, branding customizations*, and obtaining/rolling their API keys, to name a few. - Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Access control bypasses are also of interest to us, can you maybe bypass payments to get access to branding, or access to other higher paid tier features? *Branding is available to developer tier and up. However a free trial can be used to access any paid tier features. fortmatic.com If you\'ve previously visited this [page](https://www.fortmatic.com?ref=h1), we highly recommend performing one hard reload when visiting this asset as an older version of the page may still be cached by your browser. *.carrentals.com Some subdomains are owned by third parties and are therefore out of scope and ineligible for bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. **Out of scope subdomains**: - dbmanalytics.carrentals.com *.cheaptickets.com Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. **Out of scope subdomains:** - faq-lab.cheaptickets.com, faq.cheaptickets.com, groups.cheaptickets.com, link.mailer.cheaptickets.com, login.cheaptickets.com, mi.cheaptickets.com, refer.cheaptickets.com, secure.cheaptickets.com, track.cheaptickets.com *.expediacruises.com Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. **Out of scope subdomains:** - socialhub.expediacruises.com *.expediapartnercentral.com **Out of scope subdomains:** discoveryhub.expediapartnersolutions.com gco-get.expediapartnersolutions.com gco.expediapartnersolutions.com info.expediapartnersolutions.com status.expediapartnersolutions.com support.expediapartnersolutions.com sure.expediapartnersolutions.com taap-ui-bundles-test.expediapartnersolutions.com taap-ui-bundles.expediapartnersolutions.com taapacademy.expediapartnersolutions.com *.hotwire.com Some subdomains are owned by third parties and are therefore *out of scope* and *ineligible for bounty*. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. **Out of scope subdomains**:partners.hotwire.com, press.hotwire.com, movableink.hotwire.com, affiliates.hotwire.com *.lastminute.co.nz **Out of scope subdomains:** - res.ac.lastminute.co.nz Please note *.lastminute.com is NOT owned by Expedia Group and is out of scope. *.lastminute.com.au *Out of scope subdomains:* - mi.lastminute.com.au, mtx.lastminute.com.au, smtx.lastminute.com.au *.travelocity.ca *Out of scope subdomains:* - click.e.travelocity.ca, fr.groups.travelocity.ca, groups.travelocity.ca, om.travelocity.ca, oms.travelocity.ca *.travelocity.com **Out of scope subdomains:** - br.ac.travelocity.com, groups.travelocity.com, mi.travelocity.com, om.travelocity.com, oms.travelocity.com, thingstodo.travelocity.com, track.travelocity.com, view.e.travelocity.com *.vrbo.com **Out of scope subdomains**: li.vrbo.com, media.vrbo.com, om.vrbo.com, community.vrbo.com, trk.vrbo.com *.wotif.com **Out of scope subdomains:** - groups.wotif.com, link.wotif.com, res.ac.wotif.com, smobile.wotif.com, w.smobile.wotif.com 1245772818 https://apps.apple.com/us/app/vrbo-vacation-rentals/id1245772818 284803487 This is the travelocity iOS app https://apps.apple.com/us/app/travelocity-hotels-flights/id284803487 284971959 https://apps.apple.com/us/app/hotels-com-book-your-hotel/id284971959 403546234 This is the Orbitz iOS app https://apps.apple.com/us/app/orbitz-hotels-flights/id403546234 427916203 Expedia iOS App https://apps.apple.com/us/app/expedia-hotels-flights-car/id427916203 483394780 This is the ebookers iOS app https://apps.apple.com/us/app/ebookers-hotels-flights/id483394780 531549799 This is the wotif iOS app https://apps.apple.com/au/app/wotif-hotels-flights/id531549799 566635048 [Hotwire iOS App](https://apps.apple.com/us/app/hotwire-last-minute-hotels/id566635048) 880759727 This is the cheaptickets iOS app https://apps.apple.com/us/app/cheaptickets-hotels-flights/id880759727 bookus.expediacruises.com com.cheaptickets This is the cheaptickets Android app https://play.google.com/store/apps/details?id=com.cheaptickets com.ebookers This is the ebookers Android app https://play.google.com/store/apps/details?id=com.ebookers com.expedia.bookings Expedia Android App https://play.google.com/store/apps/details?id=com.expedia.bookings com.hcom.android [Hotels Android App](https://play.google.com/store/apps/details?id=com.hcom.android) com.hotwire.hotels [Hotwire Android App](https://play.google.com/store/apps/details?id=com.hotwire.hotels) com.orbitz This is the Orbitz Android app https://play.google.com/store/apps/details?id=com.orbitz com.travelocity.android This is the travelocity Android app https://play.google.com/store/apps/details?id=com.travelocity.android com.vrbo.android [VRBO Android App](https://play.google.com/store/apps/details?id=com.vrbo.android) com.wotif.android This is the wotif Android app https://play.google.com/store/apps/details?id=com.wotif.android www.abritel.fr Out of scope subdomains: - https://www.abritel.fr/api/track Note: We are requesting not to test this URL: https://www.abritel.fr/api/track. www.bookabach.co.nz www.carrentals.com www.cheaptickets.com www.ebookers.com www.ebookers.fi www.expedia.com Please note the only point-of-sale assets of www.expedia.com are in scope. This includes regional versions of www.expedia.com such as www.expedia.co.in and www.expedia.co.uk. Other sub-domains are out of scope and ineligible for a bounty. www.expediaagents.com www.expediagroup.com www.expediataap.com www.fewo-direkt.de www.flights.com www.hotels.com Please note only point of sale assets of www.hotels.com are in scope. This includes regional versions of www.hotels.com such as www.in.hotels.com, www.uk.hotels.com, and www.fr.hotels.com. Other sub-domains are out of scope and ineligible for bounty. www.hotwirepartnercentral.com www.lastminute.co.nz www.lastminute.com.au www.mrjet.se www.orbitz.com www.stayz.com.au www.travelocity.ca www.travelocity.com www.vrbo.com www.wotif.com Front for Mac Download here: https://front.com/download Front for Windows api2.frontapp.com This scope is our public API documented at https://dev.frontapp.com/ app.frontapp.com com.frontapp.mobile https://apps.apple.com/us/app/frontapp/id983808769 https://play.google.com/store/apps/details?id=com.frontapp.mobile aggregator.etoro.com api.etoro.com billing-pci.etoro.com billing.etoro.com bullsheet.me We do not consider any data that is not username ,email or password, payment methods to be confidential. All positions data taken from eToro are public by design. candle-src.etoro.com candle.etoro.com cashier-src.etoro.com cashier.etoro.com charts.etoro.com com.etoro.openbook com.etoro.wallet delta.app etorologsapi.etoro.com etoropartners.com io.getdelta.android io.getdelta.ios kyc-src.etoro.com kyc.etoro.com partners.etoro.com push-d-gw.cloud.etoro.com push-d-hap.cloud.etoro.com push-demo-hk-lightstreamer.cloud.etoro.com push-demo-lightstreamer.cloud.etoro.com push-dn-hap.cloud.etoro.com push-hap.cloud.etoro.com push-lightstreamer.cloud.etoro.com push-n-hap.cloud.etoro.com push-real-hk-lightstreamer.cloud.etoro.com r.etoro.com rankings.etoro.com streams.etoro.com sts.etoro.com tapi-demo.etoro.com tapi-real.etoro.com uapi-front.etoro.com wallet.etoro.com watchlistapi.etoro.com www.etoro.com *.infra-prod.nsvcs.net *.onegraph.com As of December 28, 2022 this feature is no longer available for Netlify users who have not yet enabled it. See https://docs.netlify.com/netlify-labs/experimental-features/netlify-graph/get-started/. *.ops.netlify.com *.services-prod.nsvcs.net *.services.netlify.com api.netlify.com `netlify api --list` after installing the CLI: https://docs.netlify.com/cli/get-started/. See also https://open-api.netlify.com/. app.netlify.com See https://docs.netlify.com/get-started/. Also `netlify init` after installing the CLI: https://docs.netlify.com/cli/get-started/. internal-docs.netlify.com internal.netlify.com list-v2--netlify-plugins.netlify.app Powers templates offered by app.netlify.com. See: https://www.netlify.com/integrations/templates/. netlify-cdp-loader.netlify.app Powers this feature: https://docs.netlify.com/site-deploys/deploy-previews/#collaborative-deploy-previews. netlify-rum.netlify.app screenshot-proxy.netlify.app supportal.netlify.app *.east.fdbox.net *.mgmt.fndlsb.net *.prd.fndlsb.net *.prod.fdbox.net *inf.fndlsb.net *racing.fanduel.com 4njbets.com 4njbets.tvg.com 4njbets.tvgnetwork.com 4njbets.us.betfair.com 599664106 b2b.tvgnetwork.com com.fanduel.android.self com.fanduel.sportsbook fanduel.com fdbox.net Development or testing instances are not in scope for this asset. Submissions affecting such environments will be closed. ia.tvg.com login-4ngbets.us.betfair.com login-4njbets.us.betfair.com login-ia.tvg.com login-pabets.tvg.com login.pabets.tvg.com login.tvg.com m.4njbets.tvg.com mobile-prod.tvg.com pabets.tvg.com promos.tvg.com service.racing.fanduel.com service.tvg.com sportsbook.fanduel.com tvg.com us.tvg.com www.4njbets.com www.tvg.com accounts.creditkarma.com api.creditkarma.com Our Native apps make use of our API to talk to our servers. blog.creditkarma.com com.creditkarma.mobile com.creditkarma.mobile.international http://*.creditkarma.co.uk https://*.creditkarma.ca https://*.creditkarma.com https://www.creditkarma.com/reviews/ https://www.creditkarma.com/savings support.creditkarma.ca SalesForce owned Endpoint. Manual review only - No Automated Scans. • No automated scanning on this endpoint. • Overnight hours only (10PM - 2AM PT) • Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from Hacker One and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga. www.creditkarma.ca *.adminml.com *.gokangu.cl *.gokangu.co *.gokangu.mx *.gokangu.uy *.kangu.com.br *.kangu.tech *.mercadolibre.cl *.mercadolibre.com *.mercadolibre.com.ar *.mercadolibre.com.co *.mercadolibre.com.mx *.mercadolibre.com.pe *.mercadolibre.com.uy *.mercadolivre.com.br *.mercadopago.cl *.mercadopago.com *.mercadopago.com.ar *.mercadopago.com.br *.mercadopago.com.co *.mercadopago.com.mx *.mercadopago.com.pe *.mercadopago.com.uy *.mercadoshops.cl *.mercadoshops.co.cr *.mercadoshops.com *.mercadoshops.com.ar *.mercadoshops.com.br *.mercadoshops.com.co *.mercadoshops.com.do *.mercadoshops.com.ec *.mercadoshops.com.mx *.mercadoshops.com.pa *.mercadoshops.com.pe *.mercadoshops.com.py *.mercadoshops.com.uy *.mlstatic.com Crypto - www.mercadopago.com.mx/crypto/* - www.mercadopago.cl/crypto/* - www.mercadopago.com.br/crypto/* Point Smart Tier 1 - MLA - https://www.mercadopago.com.ar/point-smart Tier 1 - MLB - https://www.mercadopago.com.br/point-smart api.mercadolibre.com Tier 1 - See documentation: https://developers.mercadolibre.com.ar/en_us/api-docs api.mercadopago.com Tier 1 - See documentation: https://www.mercadopago.com.ar/developers/en/reference com.3mosquitos.MercadoLibre Tier 1 - Mercado Libres iOS: https://apps.apple.com/ar/app/mercado-libre/id463624852 com.mercadoenvios.crowdsourcing Tier 1 - Mercado Envíos Extra: https://play.google.com/store/apps/details?id=com.mercadoenvios.crowdsourcing com.mercadoenvios.driver Tier 1 - Mercado Envíos Flex: https://play.google.com/store/apps/details?id=com.mercadoenvios.driver com.mercadolibre Tier 1 - Mercado Libre Android: https://play.google.com/store/apps/details?id=com.mercadolibre com.mercadopago.MercadoPago Tier 1 - Mercado Pago iOS: https://itunes.apple.com/ar/app/mercado-pago-recargar-celular/id925436649 com.mercadopago.wallet Tier 1 - Mercado Pago Android: https://play.google.com/store/apps/details?id=com.mercadopago.wallet logistica.redelcom.cl www.mercadolibre.co.cr www.mercadolibre.com.bo www.mercadolibre.com.do www.mercadolibre.com.ec www.mercadolibre.com.gt www.mercadolibre.com.hn www.mercadolibre.com.ni www.mercadolibre.com.pa www.mercadolibre.com.py www.mercadolibre.com.sv www.mercadolivre.com www.mercadopago.com.ec 1032480595 This is our customer iOS apps 982922982 This is our professional ios app. com.urbanclap.provider This is our partner android app. com.urbanclap.urbanclap This is our customer app. www.urbanclap.com www.urbanclap.com is also our root and critical domain. Most of our traffic routes through it. www.urbancompany.com www.urbancompany.com is our main and critical domain. Most of our traffic routes through urbanclap.com. Other subdomains mentioned in scope are for internal purpose and either are password protected or Google auth protected. We do not wish anyone to login to mentioned domains and hence they are critical for us to find vulnerabilities in. **partner.urbancompany.com is one of the critical subdomains within this asset.** Testing Directions: * A user can Sign Up using his phone number and email ID from the website home page or app. Do ensure that you are reachable on the mobile number that you shall use to register with us. While creating account reporters should use their own HackerOne email address like [handle]@wearehackerone.com *.dev.remitly.com *.int.remitly.com 674258465 ablink.info.remitly.com access-sandbox.remitly.com access.remitly.com api.remitly.io app.rewire.to app3.rewire.to auth.remitly.com blog.remitly.com cardpayments.remitly.io cards.remitly.io careers.remitly.com com.remitly.androidapp funding-webhooks.remitly.io hub-api-sandbox.remitly.io ir.remitly.com media.remitly.io metrics.int.remitly.com news.remitly.com partner-webhook.remitly.io rates.rewire.com remitly.com rewire.com site.rewire.com 740514933 S-mobiili banking application (iOS). The application can be found from App Store https://apps.apple.com/fi/app/s-mobiili/id740514933?l=fi api.sokos.fi S-Group online beauty and fashion store. You do not need to have an account but to get access to all asset\'s functionality we prefer you create Sokos/S-Käyttäjätili account. Refer to instructions for www.sokos.fi for the account. Please ensure to place your @wearehackerone email into the User-Agent header when testing api.sokos.fi asset. Requests without this identification might be blocked. cfapi.voikukka.fi This is a GraphQL API for s-kaupat.fi digili.s-cloud.fi Services for S-Bank and S-group customers where customers can take S-bank basic banking services into use (later "digipa") and gain S-Group co-op membership (later "digili). Basic banking services include opening an account and setting it as a benefit services account, applying for Visa Debit-card and opening and ordering net bank credentials that can be used as logging into S-bank netbank and using credentials to identify oneself in digital environments. Digili and Digipa are different applications but they are built on top of same services. Difference Between Digili and Digipa is that in Digili user opens S-group co-op membership before opening basic banking services. In Digipa user can open banking services directly without the need to gain S-group co-op membership. In case user doesn’t have required co-op membership s/he is directed to Digili application. If user has already co-op membership and s/he enters Digili, user will be forwarded to open banking services. In case user has some of the offered basic banking services in use, the step is skipped and user is shown a possibility to open the missing services. Digili and Digipa applications can be entered through https://www.s-pankki.fi/fi/tule-asiakkaaksi/, https://www.s-kanava.fi/asiakaspalvelu/nain-liityt/ or taking S-mobiili into use as a non- S-group co-op member where user is directed automatically to Digili to gain S-group co-op membership that is a requirement to take S-mobiili into use. In order to access Digili or Digipa user needs to be able to authenticate himself/hersef with Finnish banking credentials or through Mobiilivarmenne. User need also to fulfill following requirements in order to be able to access the service: - Needs to be 18 years of age - Needs to have Finnish social security number - Needs to have permanent street address in Finland In case user is not a S-group co-op member there is a minimum of 20€ membership payment that needs to be made during the process. Only vulnerabilities under domains https://digili.s-cloud.fi/ and https://api.digili.s-cloud.fi are eligible for bounty. extranet.s-pankki.fi S-Bank portal where customers can take care of their S-Bank actions with other banks credentials. fi.spankki S-mobiili banking application (Android). The application can be found from Google Play https://play.google.com/store/apps/details?id=fi.spankki&hl=fi https://crosskey.io/stores/s-pankki/apis S-Bank PSD2 interface. mobile.s-pankki.fi S-mobile banking application interface. online.s-pankki.fi S-Bank netbank which provides netbank functionalities (accounts, payments, cards, loans, investments etc) to private customers. Notice that you should use your own netbank credentials or demo customer (ID: 12345678 PW: 123456) credentials. Please ensure to place your @wearehackerone email into the User-Agent header when testing online.s-pankki.fi asset. Requests without this identification might be blocked. tunnistus.s-ryhma.fi S-Group online identity (S-käyttäjätili, later "S-ID"). To get access to all asset\'s functionality, we prefer you create new S-ID account via S-Kaupat (https://www.s-kaupat.fi/) "Kirjaudu (Login) / Luo S-käyttäjätili (Create new account)". You can also access the account, or other test-accounts created, via S-Kaupat "Kirjaudu / Kirjaudu S-käyttäjätilillä". S-ID service at https://tunnistus.s-ryhma.fi is available in Finnish, Swedish and English. When you create S-ID accounts, please use info regarding HackerOne reference, for example: firstname.lastname+hackerone@email.com To enable login via SMS OTP, you need to first verify the SMS number from "S-käyttäjätili" via S-Kaupat "Firstname / Oma profiili / Muokkaa tietojasi S-käyttäjätilillä". From this page under "Yhteystiedot" click "Vahvista puhelinnumero". Notice that: - SMS number verification requires recent-enough login/session. - SMS number can only be "verified" state in one (1) account at a time. You are allowed to access S-ID accounts that you have created for testing purposes, any other accounts are out-of-scope. Notice that these "HackerOne" S-ID accounts will be automatically removed after a certain period of time. They are available for at least 3 months from date of creation. www.prisma.fi S-Group online consumer goods store. You do not need to have an account but to get access to all asset\'s functionality we prefer you create Prisma/S-Käyttäjätili account via "Kirjaudu" / "Log in". In case you create Prisma/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Prisma/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months. Please use email address "firstname.lastname+hackerone@email.com" for order form and contact form. Note: Real orders will be delivered and charged with the given information. Only domestic delivery (Finland). www.s-kaupat.fi S-Group online grocery store. You do not need to have an account but to get access to all asset\'s functionality we prefer you create S-Kaupat account via "Kirjaudu" / "Log in". In case you create S-Kaupat account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these S-Kaupat "HackerOne" accounts will be automatically removed after 6 months. If you create an grocery order please fill in "Älä kerää" / "Do not collect" info to field "lisätiedot kaupalle" and set the pickup date to minimum of five days from current date. www.s-pankki.fi S-bank public pages www.sokos.fi You do not need to have an account but to get access to all asset\'s functionality we prefer you create Sokos/S-Käyttäjätili account via "Kirjaudu" / "Log in". In case you create Sokos/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Sokos/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months. *.flickr.com All flickr.com are in scope unless otherwise listed as specifically out of scope. All third-party assets are out of scope. 328407587 com.yahoo.mobile.client.android.flickr https://github.com/innocraft/ All other software on the innocraft GitHub organisation https://github.com/matomo-org All other software on the matomo-org GitHub organisation https://github.com/matomo-org/docker Official Docker project for Matomo Analytics https://github.com/matomo-org/matomo this repository contains the source code of Matomo Analytics https://plugins.matomo.org/developer/innocraft Official plugins by Innocraft https://plugins.matomo.org/developer/matomo-org Official plugins by the Matomo team matomo.cloud Matomo Analytics Cloud *$username.matomo.cloud* is also in scope, but please limit tests to ones that don\'t affect the live instance. (no automated tools) You can easily set up your own Matomo instance for extensive testing (see https://matomo.org/docs/installation/) *.getmeetio.com Are in the scope: admin.getmeetio.com storage.getmeetio.com stats-api.getmeetio.com api.getmeetio.com look.getmeetio.com parse.getmeetio.com *.streamlabs.com *vc.logitech.com 1018340690 This is the iOS app for the Circle ecosystem of devices, 1294578643 This app is Streamlabs: Stream Live by Streamlabs 1456293789 This app is Logi Tune by Logitech Inc. 1476615877 This app is Streamlabs Deck by Streamlabs 632344648 App: BOOM & MEGABOOM by Ultimate Ears Circle Cameras Please note exploits resulting from physical hacks to the device itself are out of scope, and any received reports will be marked N/A in accordance with HackerOne policy. Please refrain from submitting reports for physical hacks to avoid losing Reputation. At this time we are unable to provide Circle devices for testing purposes. If you already own a Circle , hack away to your heart\'s content, otherwise watch this space for updates! Eligible models include all Circle cameras (Circle View Doorbell, Circle View Camera, Circle 2, Circle) running the latest firmware. G Hub Only the latest version of GHub is in scope. Logi Options+ PC/MAC Logi Options+ software lets you configure your Logitech device. The latest version is eligible (PC & MAC). Logi Tune PC/MAC Logi Tune Desktop application for PC and MAC reports are eligible as long as they are on the latest version. Logitech MIXLINE Logitech Mice & Keyboards The current generation of Logitech Keyboards and Mouses. Logitech Sync This is Sync Desktop Application by Logitech. The latest version is eligible. Presentation Remotes In-scope devices: R500 Laser Presentation Remote; Spotlight Presentation Remote; R400 Laser Presentation Remote; R700 Laser Presentation Remote Streamlabs Desktop Application PC/MAC The latest version is eligible USB Unifying and LightSpeed Receivers Ultimate Ears Speakers Products in scope are the current generation BLAST, MEGABLAST, BOOM 3, MEGABOOM 3, WONDERBOOM 2, HYPERBOOM, POWER UP Video Conferencing Products All products running their latest firmware listed in the page below are eligible: https://www.logitech.com/en-us/video-collaboration/products accounts.logi.com Non production testing site exists under sandbox.accounts.logi.com circle.logi.com Also includes the *.video.logi.com and *.circle.logi.com See developer documentation at https://developers.logitech.com/circle com.getmeetio.* Meetio Room (com.getmeetio.room), Android Meetio View (com.getmeetio.view), Android Meetio Desk (com.getmeetio.meetiodesk), Android Meetio Update (com.getmeetio.update), Android Meetio System (com.getmeetio.system), Android Meetio Personal (com.getmeetio.personal), Android com.getmeetio.Meetio-Enterprise Meetio Personal (com.getmeetio.Meetio-Enterprise), iOS com.logitech.circle This app is part of the Circle ecosystem of camera devices. com.logitech.logue This App is Logi Tune for Zone Headsets by Logitech com.logitech.ueboom com.streamlabs This is the "Streamlabs: Live Streaming" App by Streamlabs com.streamlabs.slobsrc gaming.logicool.co.jp id.logi.com logitechg.com.cn meetiobook.com sync.logitech.com Cloud service associated with the Logitech Sync application www.astrogaming.com www.jaybirdsport.com www.logicool.co.jp www.logitech.com www.logitech.com.cn Ineligible for bounty: store.logitech.com.cn is a hosted 3rd party service, so we will forward any reports onto the vendor. www.logitechg.com www.ultimateears.com *uat.marriott.com user acceptance testing environments for marriott.com products . 455004730 activities.marriott.com all-inclusive.marriott.com careers.marriott.com cpp.marriott.com dcfgateway*.marriott.com gateway*.marriott.com help.marriott.com homes-and-villas.marriott.com hotel-deals.marriott.com http://www.shopmarriott.com Marriott Store https://dcfgatewaytst1.marriott.com/ https://gatewaydsapdev2.marriott.com/ https://gatewaydsaptst1.marriott.com/ https://gatewaydsaptst2.marriott.com/ jobs.marriott.com lawmanager.marriott.com marriottfranchisetransactions.marriott.com marrtool.com mgs.marriott.com mipartnerprivileges.marriott.com moments.marriottbonvoy.com passwordchallenge.marriott.com This app is used for employees all over marriott to reset their passwords, for new employees to set their first password, and set up challenge questions. reservations.all-inclusive.marriott.com sso.marriott.com travelagents.marriott.com/ traveler.marriott.com www.marriott.com www.ritzcarlton.com/ This is the flagship website of one of our luxury brands that we acquired several years ago. 140.95.0.0/16 199.66.248.0/22 213.139.133.32/28 476639005 assets.hyatt.com We are adding this subdomain to our program as our main domain pulls images and other assets from this site. blueskytours.globalbookingsolutions.com Does not include additional subdomains. book.applevacations.com book.beachbound.com book.booktandl.com book.cheapcaribbean.com Do not target additional subdomains. book.extraholidaysvacations.com booking.applevacations.com booking.beachbound.com booking.cheapcaribbean.com com.Hyatt confluence.hyattdev.com ebsext.oft.hyatt.com holidays-au.fijiairways.com holidays-fj.fijiairways.com holidays-hk.fijiairways.com holidays-nz.fijiairways.com holidays-sg.fijiairways.com holidays-us.fijiairways.com hyatt.com jira.hyattdev.com login.www.vaxvacationaccess.com meetings.hyatt.com mobileapp.hyatt.com new.www.vaxvacationaccess.com newsroom.images.hyatt.com Only test newsroom.images.hyatt.com; newsroom.hyatt.com is not hosted by Hyatt (do not test). plannerrequest.hyatt.com public.hyatt.com res.blueskytours.globalbookingsolutions.com res.funjet.com res.hyattinclusivecollection.com res.nowresorts.com res.secretsresorts.com res.skyteam.com res.southwestvacations.com res.treasureisland.globalbookingsolutions.com res.universalorlandovacations.com res.vacations.buschgardens.com res.vacations.discoverycove.com res.vacations.seaworld.com res.vacations.sesameplace.com res.vacations.united.com res.vacations.universalstudioshollywood.com reservations.wynnvacations.com rezagent.triseptsolutions.com roominglist.hyatt.com salesportal.hyatt.com scapegoat.hyatt.com shop.wyndhamvacationownership.trisept.travel soaext.oft.hyatt.com sso.oft.hyatt.com upsell.hyatt.com vacations.travelimpressions.com vacations.united.com vacations.universalstudioshollywood.com vacations.us.palladiumhotelgroup.com world.hyatt.com www.applevacations.com www.beachbound.com www.blueskytours.com www.cheapcaribbean.com www.funjet.com www.globalhotelchoices.com www.hyatt.com www.hyattconnect.com www.hyattinclusivecollection.com www.triseptapi.com www.triseptdemo.com www.triseptsolutions.com www.universalorlandovacations.com www.wynnvacations.com *-api-*.acronis.com *.5nine.com *.acronis.com *.acronis.work *.devicelock.com 1118448159 Acronis Cyber Protect for [iOS](https://apps.apple.com/app/acronis-cyber-backup/id1118448159). 1192506963 Acronis Files Cloud for [iOS](https://apps.apple.com/us/app/files-cloud/id1192506963). 429704844 Acronis Files Advanced for [iOS](https://apps.apple.com/us/app/acronis-files-advanced/id429704844). 978342143 Acronis Mobile for [iOS](https://apps.apple.com/app/acronis-true-image-mobile/id978342143). Acronis Agent Acronis Agent is a client-side application for Acronis Cyber Protect that incorporates backup and cyber protection mechanisms. You may download versions for all supported platforms from [here](https://mc-beta-cloud.acronis.com/download/u/baas/4.0/). Acronis Cloud Manager Acronis Cloud Manager provides advanced monitoring, management, migration, and recovery for Microsoft Cloud environments. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/cloud-manager/trial/). Acronis Cyber Files Acronis Cyber Files is a secure file sync and share solution that enables your team to collaborate, access company files, and share documents on any device. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/files/trial/). Acronis Cyber Infrastructure Acronis Cyber Infrastructure unites software-defined compute, network and storage in a single, scalable product, designed for building private or public clouds. You can read more about it at [kb.acronis.com](https://kb.acronis.com/acronis-cyber-infrastructure). Please note that this asset is only available periodically during testing phases. Acronis Cyber Protect Acronis Cyber Protect is an on-premises cyber protection solution designed for business environments. You may request a trial by completing [registration](https://www.acronis.com/en-us/business/cyber-protect/trial/#/registration). Acronis DeviceLock DLP Acronis DeviceLock DLP provides comprehensive endpoint data loss prevention. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/devicelock/trial/). Acronis Snap Deploy Acronis Snap Deploy is designed to deploy and provision all of your servers and workstations at once. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/snap-deploy/trial/). Acronis True Image (formerly Acronis Cyber Protect Home Office) Acronis True Image is designed for protection of home computers. [Download a trial](https://www.acronis.com/en-us/products/true-image/trial/). Other Acronis Domains Other Acronis executables account.acronis.com Acronis Customer Portal. beta-cloud.acronis.com Acronis Cyber Cloud beta environment. To request an account, please follow HackerOne [Credentials](https://docs.hackerone.com/en/articles/8466488-credentials) guide and select `beta-cloud.acronis.com` asset. com.acronis.abc Acronis Cyber Protect for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2b). com.acronis.acronistrueimage Acronis Mobile for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2c). Faucets Chainlink Testnet Faucet is available at the following URL: https://faucets.chain.link/ https://github.com/smartcontractkit/chainlink https://github.com/smartcontractkit/chainlink/tree/master/contracts https://github.com/smartcontractkit/external-adapters-js/ https://github.com/smartcontractkit/staking-v0.1/tree/master/contracts *.braintree-api.com For testing and account creation, please use *.sandbox.braintree-api.com rather than production. *.braintree.tools Please note, this is a development environment that is constantly in flux. Accordingly, vulnerabilities found on this asset will generally have lower impact and payouts. *.braintreegateway.com *.braintreepayments.com For testing and account creation, please use *.sand.braintreepayments.com rather than production. *.hyperwallet.com *.paydiant.com *.paylution.com *.paypal.com *.paypalcorp.com *.venmo.com *.xoom.com 351727428 [iOS Venmo App](https://apps.apple.com/us/app/venmo/id351727428) Braintree SDK PayPal SDK api.loanbuilder.com api.swiftfinancial.com com.paypal.android.p2pmobile com.paypal.merchant com.paypal.merchant.client com.venmo com.xoom.android.app com.xoom.app decision.swiftfinancial.com We are aware that the root URL of this domain returns an error, the API is functioning correctly. loanbuilder.com my.loanbuilder.com my.swiftfinancial.com partner.swiftfinancial.com paypal.me paypalobjects.com pigeon.swiftfinancial.com prequal.swiftfinancial.com py.pl sandbox.braintreegateway.com scrutiny.swiftfinancial.com swiftcapital.com swiftfinancial.com www.loanbuilder.com www.paypal-*.com PayPal\'s Partner Sites (www.paypal-__.com) are mainly marketing based sites that are not part of the core PayPal customer domains (.paypal.com) and are managed by hosting vendor companies. They have variable timelines and are often decommissioned. A listing of these sites designated for deprecation will not be publically maintained due to frequent changes. When researching bugs on these sites, please keep this in mind as bug Submissions for sites on schedule for deprecation will not be honored. Submissions of bugs relating to services or domains not referenced above or for sites on schedule for deprecation are ineligible for the Bug Bounty Program and will not be eligible for a Bounty Payment. www.swiftcapital.com www.swiftfinancial.com *.cb.dev **Caution: Reports about the testbed will be excluded if they do not affect the main site.** However it is useful to test some exploits. *.highwebmedia.com This domain covers all our main media servers; such as video servers, chat servers, image servers, etc. *.mmcdn.com Our new CDN Domain, replaces highwebmedia.com *.mmwebc.dev Our domain for Web Components *.securegatewayaccess.com Our billing customer service site. Any access here is critical and must be immediately reported. billingsupport.chaturbate.com Alisas of the billing customer support site. chaturbate.com The main chaturbate site! m.chaturbate.com The mobile version of Chaturbate secure.chaturbate.com The billing customer service and signup page *.fanbox.cc * This site uses pixiv account (signup at https://accounts.pixiv.net). accounts.pixiv.net * Signin / signup site for many pixiv products (`*.pixiv.net`, `*.booth.pm`, etc). booth.pm * PC: https://booth.pm coban.pixiv.net comic.pixiv.net This site is in Japanese. This site uses pixiv account (signup at https://accounts.pixiv.net). - Web: https://comic.pixiv.net - iOS : https://apps.apple.com/jp/app/pixiv%E3%82%B3%E3%83%9F%E3%83%83%E3%82%AF/id975414811 - Android: https://play.google.com/store/apps/details?id=jp.pxv.android.manga dic.pixiv.net https://github.com/pixiv/charcoal charcoal (https://github.com/pixiv/charcoal) is a set of libraries used as a design system and maintained by pixiv. - Vulnerabilities caused by the libraries included in charcoal - Supply chain vulnerabilities related to the dependencies of charcoal libraries - Vulnerabilities of sites using any of the charcoal libraries (including services by pixiv inc) https://vroid.com/studio hub.vroid.com * This is a site where users share their 3D characters in [VRM file format](https://vrm.dev/en/). * When testing with VRM, please use characters provided by [our official account](https://hub.vroid.com/users/36144806). * Go to a character -> click "Use this model" -> click "Download". * Please avoid interactions / exposure to other users to the best of you ability. neoket.net novel.pixiv.net - Web: https://novel.pixiv.net pastela.app - This site uses pixiv account (signup at https://accounts.pixiv.net). - PC: https://pastela.app - iPadOS: https://apps.apple.com/app/pastela/id6478907270 payment.pixiv.net sensei.pixiv.net sketch.pixiv.net * This site is in Japanese. * PC: https://sketch.pixiv.net/ * iOS: https://itunes.apple.com/app/pixiv-sketch/id991334925 * Android: https://play.google.com/store/apps/details?id=jp.pxv.android.sketch vroid.com www.pixiv.net * The core pixiv. * Signup at https://accounts.pixiv.net * PC: https://www.pixiv.net/ * iOS: https://itunes.apple.com/app/pixiv/id337248563 * Android: https://play.google.com/store/apps/details?id=jp.pxv.android CometBFT CometBFT is a blockchain application platform; it provides the equivalent of a web-server, database, and supporting libraries for blockchain applications written in any programming language. CometBFT implements Byzantine Fault Tolerant (BFT) State Machine Replication (SMR) for arbitrary deterministic, finite state machines.
 For more background, see the [CometBFT docs site](https://docs.cometbft.com/v0.38/). To get started quickly with an example application, see the [quick start guide](https://docs.cometbft.com/v0.38/guides/quick-start). ## In-Scope Repositories * [cometbft](https://github.com/cometbft/cometbft) * [cometbft-db](https://github.com/cometbft/cometbft-db) ## LTS Policy Bugs present in the latest released versions of the v0.34, v0.37 and v0.38 series are eligible for bounty. Bugs present in pre-releases of new versions are also eligible. CosmWasm CosmWasm is a smart contract platform that focuses on security, performance and interoperability by Confio GMBH. It is the only smart contracting platform for public blockchains with significant adoption outside of the EVM. For documentation about the platform and a Getting Started guide, please see https://www.cosmwasm.com/build ## In-scope Repositories * Execution environment * [cosmwasm](https://github.com/CosmWasm/cosmwasm) * [wasmvm](https://github.com/CosmWasm/wasmvm) * [wasmd](https://github.com/CosmWasm/wasmd) * Standard library dependencies * [serde-json-wasm](https://github.com/CosmWasm/serde-json-wasm) * Libraries for building contracts * [cw-plus](https://github.com/CosmWasm/cw-plus) * [cw-storage-plus](https://github.com/CosmWasm/cw-storage-plus) * [cw-utils](https://github.com/CosmWasm/cw-utils) * Build tools * [rust-optimizer](https://github.com/CosmWasm/rust-optimizer) Cosmos SDK The Cosmos SDK is an open-source framework for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. SDK-based blockchains are built out of composable [modules](https://docs.cosmos.network/main/build/building-modules/intro), most of which are open-source and readily available for any developers to use.

To get started, learn more about the [architecture of a Cosmos SDK application](https://docs.cosmos.network/main/learn/intro/sdk-app-architecture), or how to build application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial). * [cosmossdk](https://github.com/cosmos/cosmos-sdk) ### Core packages * [baseapp](https://github.com/cosmos/cosmos-sdk/tree/main/baseapp) * [crypto](https://github.com/cosmos/cosmos-sdk/tree/main/crypto) * [types](https://github.com/cosmos/cosmos-sdk/tree/main/types) * [store](https://github.com/cosmos/cosmos-sdk/tree/main/store) ### Modules * [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) * [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank) * [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking) * [x/slashing](https://github.com/cosmos/cosmos-sdk/tree/main/x/slashing) * [x/evidence](https://github.com/cosmos/cosmos-sdk/tree/main/x/evidence) * [x/distribution](https://github.com/cosmos/cosmos-sdk/tree/main/x/distribution) * [x/mint](https://github.com/cosmos/cosmos-sdk/tree/main/x/mint) We are interested in bugs in other modules, however the above are most likely to have significant vulnerabilities, due to the complexity/nuance involved. We also recommend reading the [specification](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules/README.md) of each module before digging into the code. Hermes Relayer Hermes is a Rust implementation of an Inter-Blockchain Communication (IBC) relayer that is developed and maintained by Informal Systems. It provides a CLI to relay packets between Cosmos SDK chains, exposes [Prometheus](https://prometheus.io/) metrics and offers a REST API. The [documentation for Hermes](https://hermes.informal.systems/) includes a [guide for installation](https://hermes.informal.systems/quick-start/installation.html) and [several tutorials](https://hermes.informal.systems/tutorials/local-chains/index.html) that will help you get started with security testing in a local environment.  
This component of the Interchain Stack comprises primarily of 6 crates:  * [ibc-relayer](https://crates.io/crates/ibc-relayer) provides an implementation of an IBC relayer, as a *library*. * [ibc-relayer-cli](https://crates.io/crates/ibc-relayer-cli) is a CLI (a wrapper over the ibc-relayer library), comprising the [hermes](https://hermes.informal.systems/) binary. * [ibc-chain-registry](https://crates.io/crates/ibc-chain-registry) provides functions to fetch data from the [chain registry](https://github.com/cosmos/chain-registry) and automatically generate chain configuration for Hermes. * [ibc-telemetry](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for gathering telemetry data and exposing that in a Prometheus endpoint. * [ibc-relayer-rest](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for exposing a REST API to inspect the state of the relayer. * [ibc-test-framework](https://crates.io/crates/ibc-test-framework) provides the infrastructure and framework for writing end-to-end (E2E) tests that include the spawning of the relayer together with Cosmos full nodes. Horcrux Horcrux is a [multi-party-computation \\(MPC\\)](https://en.wikipedia.org/wiki/Secure_multi-party_computation) signing service for CometBFT nodes built and maintained by Strangelove Labs. It provides high-availability key management for Cosmos validator operations, and mitigates the risk of double signing transactions. This documentation and set of guides will help you get started with learning about Horcrux: ### Guides: * [PFC-Validator example shell script](https://github.com/PFC-Validator/horcrux-container/blob/main/launch-all.sh) * [PFC-Validator Kubernetes Cluster yaml configs](https://github.com/PFC-Validator/PFC-Cluster/tree/main/manifests/cosmos/pisco) * [Lavender.Five Ansible Cluster automation](https://github.com/LavenderFive/horcrux-ansible) ### Diagrams: * [https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png](https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png) * [https://github.com/strangelove-ventures/horcrux](https://github.com/strangelove-ventures/horcrux)  The Strangelove Labs team maintains a dedicated [Horcrux Support Policy](https://docs.google.com/document/d/1XrrOfigfoDuJUp04b_4BMvoDvgQwTQGutXVio5cAfAE/edit?usp=sharing).  IBC Go Relayer The ibc-go relayer is a Golang implementation of an Interblockchain Communication (IBC) relayer maintained by Strangelove Labs. A relayer process monitors for updates on open paths between sets of IBC enabled chains and submits these updates in the form of specific message types to the counterparty chain. Clients are then used to track and verify the consensus state. In addition to relaying packets, this relayer can open paths across chains, thus creating clients, connections and channels.

 The [documentation for this relayer](https://github.com/cosmos/relayer?tab=readme-ov-file#table-of-contents) and a [demo](https://github.com/cosmos/relayer/blob/main/examples/README.md) for setting up a development environment are available. Additional information on how IBC works can be found [here](https://ibc.cosmos.network/main). [https://github.com/cosmos/relayer](https://github.com/cosmos/relayer)  Packet Forward Middleware Packet Forward Middleware (PFM) is an IBC middleware module built for Cosmos blockchains that routes incoming IBC packets from a source chain to a destination chain. This [diagram](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware%23sequence-diagrams) and [integration guide](https://github.com/cosmos/ibc-apps/blob/main/middleware/packet-forward-middleware/docs/integration.md) will help you get acquainted with the code. * [https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward) The Strangelove Team maintains a [Support Policy](https://docs.google.com/document/d/1I50F_rvp7oPnn6UuKwUdulZvBtMnePoRXtBhrYWMjkE/edit?usp=sharing) for this component. https://github.com/cosmos/gaia The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in! * Injection exploits * Privilege escalation * IBC * Inter-module interactions * Network channel attacks * Replay attacks https://github.com/cosmos/iavl The `iaviewer` application itself is not in-scope for the bug bounty program, unless there is an underlying bug in the `iavl` library that can be exploited through the application or other applications using the `iavl` library. https://github.com/cosmos/ics23 https://github.com/cosmos/ledger-cosmos We are looking for security vulnerabilities that, when exploited, can make a person lose their fund, access to their private key or otherwise impact them _on the production system_, in this case, a public Ledger device. https://github.com/iqlusioninc/crates/tree/main/signatory Restricted to the ed25519 provider sub-crates like dalek-ed25519 and ring. https://github.com/iqlusioninc/tmkms https://github.com/iqlusioninc/yubihsm.rs The bug bounty is restricted to the ed25519 pubkey and signing paths. ibc-go The Inter-Blockchain Communication Protocol (IBC) allows blockchains to talk to each other. The protocol realizes this interoperability by specifying a set of data structures, abstractions, and semantics that can be implemented by any distributed ledger that satisfies a small set of requirements.  To learn more about IBC and its components, visit the [documentation site](https://ibc.cosmos.network/main/ibc/overview).
 * [https://github.com/cosmos/ibc-go/tree/main](https://github.com/cosmos/ibc-go/tree/main) ### IBC Core * [02-client](https://github.com/cosmos/ibc-go/tree/main/modules/core/02-client) * [03-connection](https://github.com/cosmos/ibc-go/tree/main/modules/core/03-connection) * [04-channel](https://github.com/cosmos/ibc-go/tree/main/modules/core/04-channel) * [05-port](https://github.com/cosmos/ibc-go/tree/main/modules/core/05-port) * [23-commitment](https://github.com/cosmos/ibc-go/tree/main/modules/core/23-commitment) * [24-host](https://github.com/cosmos/ibc-go/tree/main/modules/core/24-host) ### Application Modules * [Transfer](https://github.com/cosmos/ibc-go/tree/main/modules/apps/transfer) * [27-interchain-accounts](https://github.com/cosmos/ibc-go/tree/main/modules/apps/27-interchain-accounts) ### Light Clients * [06–solomachine](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/06-solomachine) * [07-tendermint](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/07-tendermint) * [09-localhost](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/09-localhost) * [08-wasm] (https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/08-wasm) ### Middleware Modules * [29-fee](https://github.com/cosmos/ibc-go/tree/main/modules/apps/29-fee) * [Callbacks](https://github.com/cosmos/ibc-go/tree/main/modules/apps/callbacks) The ibc-go team has implemented a [Stable Release Policy](https://github.com/cosmos/ibc-go/blob/main/RELEASES.md%23stable-release-policy) that covers the protocol and components it maintains. com.affirm.central.audit This is the Android testing app built for HackerOne. It\'s distributed through Google Play Store. com.affirm.internal.hackerone This is the testing iOS app built for HackerOne. It is distributed through Crashlytics. sandbox.affirm.com *.crypto.com We will consider all vulnerability reports against assets in Crypto.com\'s control. Severity might be limited for certain assets based on business impact. *.mona.co Crypto.com Exchange APIs that require an account Includes any BFF APIs Crypto.com Wallet Extension Crypto.com mobile app APIs that require an account app.mona.co co.mona.android Get the app here: https://play.google.com/store/apps/details?id=co.mona.android You won’t need test accounts for this as it will be public-facing sites for now. The app should give you the functionality to start using CRO services. com.defi.wallet https://apps.apple.com/app/crypto-com-wallet/id1512048310 https://play.google.com/store/apps/details?id=com.defi.wallet com.monaco.mobile developer-platform-api.crypto.com https://crypto.com/exchange https://crypto.com/nft https://crypto.com/price https://etherscan.io/token/0xfe18ae03741a5b84e39c295ac9c856ed7991c38e **Bounty Range Changes: CDCETH Smart Contract** Critical Severity: Up to $50,000 USD Extreme Tier: Up to $1,000,000 js.crypto.com merchant.crypto.com nadex.com tax.crypto.com web.crypto.com com.goodrx Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx com.goodrx.iphone iOS Download: https://itunes.apple.com/app/id485357017 www.goodrx.com This our primary site. Our mobile site m.goodrx.com is also covered by this scope. Only issues regarding the frontend of https://www.goodrx.com/care will be considered in-scope. Any backend issue is belonging to a partner of ours. https://api-staging.pingone.com/* * **What it is:** * REST API for configuring and managing your PingOne For Customers organization Please note that this documentation points to **PROD**, which is out of scope for this engagement. To access the ORT environment URLs will have to be appended with -staging like the console link above. https://apps-staging.pingone.com/* * Cloudfront distribution for the PingOne for Customers login/authentication flow orchestration and self-service account/profile management user interfaces * **What it does:** * Provides user interface for administrators to configure authentication flows and assign different authentication policies * Provides interface for end users to manage their account profiles and settings https://console-staging.pingone.com/* * Administrative console to the PingOne For Customers platform that manages user access, authentication types, and connected applications. * **Here\'s how to add an application to your PingOne For Customer environment:** https://youtu.be/TBA5VTfnsSE * **Sample client-side app (Please note that the content of the github repository is out of scope):** https://github.com/pingidentity/pingone-customers-sample-oidc * Allows administrators to configure authentication workflows and assign different authentication policies (SAML, OAuth2, and OpenID Connect are supported) to each of your applications. * Supports Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) across all connected applications. * Offers robust user-management capabilities. https://openam-bug-bounty-stag.forgeblocks.com/* * Administrative console for the single-tenant SAAS PingOne Advaced Identity Cloud platform which manages IAM functionality for Enterprise customers. * Staging environment - Used for testing development changes, including stress tests and scalability tests with realistic deployment settings. * **Documentation:** * https://backstage.forgerock.com/docs/idcloud/latest/overview.html https://ort-admin.pingone.com/* * Administrative web portal for PingOne For Enterprise (P14E) * Allows P14E administrators to manage all aspects of their enterprise user accounts https://ort-authenticator.pingone.com/* * Multi-factor Authentication (MFA) authenticator service * MFA is configured via the PingOne Desktop > Devices > My Device > Add. * Ping Authenticator used for Multi-Factor Authentication (MFA) * The authenticator is a service which provides multi-factor via PingID mobile applications available in the iTunes and Android app stores, Yubikey Series 4, PingID Desktop apps for OS X and Windows, or email. * The authenticator service is a back-end hosted service. * The client MFA applications are not in scope but the protocol data and authenticator service are, this includes requests and responses. * Employs MFA (typically [PingID](https://www.pingidentity.com/en/cloud/pingid.html)) to authenticate users and then pass control back to PingOne for Enterprise https://ort-desktop.pingone.com/* * **What it is:** * Central hub of Ping One For Enterprise, a cloud-based dock that provides users with secure SSO access to an expansive library of applications * **What it does:** * Provides many pre-existing integrations with popular SaaS applications * Leverages SAML, OIDC and other secure identity standards to integrate with any other cloud-based applications Provides the option of storing user identity data in PingOne’s cloud directory *.betfair.com *.betfair.es *.betfair.it *.betfair.ro *.betfair.se *.betsharedservices.io *.betviewapi.com *.bonne-terre-data-layer.com *.dibz.co.uk *.msgsvc.io *.operationstechnology.io *.paddypartners.com *.paddypower.com *.paddypower.it *.platformservices.io *.ppbdev.com *.sbgcdn.com *.sbgcore.com *.sbgorigin.com *.sbgservices.com *.sbgtest.net *.securityservices.io *.skybet.co.uk *.skybet.com *.skybet.net *.skybetservices.com *.skybettest.net *.skybettingandgaming.com *.skybettingandgaming.design *.skybettingandgaming.info *.skybingo.com *.skycasino.com *.skygamingcontent.com *.skypoker.com *.skyvegas.com *.sportinglife.com com.betfair.exchange Betfair Exchange Betting https://play.google.com/store/apps/details?id=com.betfair.exchange&gl=uk https://assets.cdnbf.net/static/android/betfair-wrapper-exchange.apk com.betfair.sportsbook Betfair Sports Betting https://play.google.com/store/apps/details?id=com.betfair.sportsbook&gl=uk https://assets.cdnbf.net/static/android/betfair-wrapper-sportsbook.apk com.flutter.bem.release com.paddypower.sportsbook.u.inhouse Paddy Power Sports Betting: https://play.google.com/store/apps/details?id=com.paddypower.sportsbook.u.inhouse&gl=uk itv7.itv.com super6.skysports.com bounty-node.rsk.co A RSKj JSON RPC server is available for testing. You can obtain the list of JSON RPC methods supported from the rskj source code and from RSK and Ethereum documentation. You can attempt the following attacks: * Bypass the Varnish JSON RPC method blacklist/whitelist filtering. * Application level DoS: exploit the whitelisted methods to consume server\'s resources. * System Information disclosure (file system, private keys) * Code execution (Hint: check the object mapping capabilities of the JSON parser library and Java reflection) **Only application level DoS attacks are allowed. Do not attempt volumetric transport level attacks** Sample Request: `curl -s -X POST -H "Content-Type: application/json" -d \'{"jsonrpc":"2.0","method":"web3_clientVersion", "params": {}, "id":666}\' https://bounty-node.rsk.co ` The whitelisted methods are the following: ```web3_clientVersion eth_getUncleCountByBlockNumber net_version net_listening net_peerCount eth_protocolVersion eth_hashrate eth_mining eth_call eth_estimateGas eth_gasPrice eth_blockNumber eth_getBalance eth_getBlockByHash eth_getBlockByNumber eth_getBlockTransactionCountByHash eth_getBlockTransactionCountByNumber eth_getCode eth_getStorageAt eth_getTransactionByBlockHashAndIndex eth_getTransactionByBlockNumberAndIndex eth_getTransactionByHash eth_getTransactionCount eth_getTransactionReceipt eth_getUncleByBlockHashAndIndex eth_getUncleByBlockNumberAndIndex eth_getUncleCountByBlockHash eth_sendRawTransaction Good luck! https://github.com/rsksmart/2wp-api # Scope We are interested in finding issues that lead to compromise of the app. # Out of scope - `__test__` directory - Vulnerabilities in dependencies/libraries - Clickjacking - Reports from automated tools or scans, without exploitability demonstration - Theoretical vulnerabilities without demonstrated security impact - Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions - Attacks requiring MITM or physical access to a user\'s device. - Attacks requiring a compromised victim device. - Comma Separated Values (CSV) injection without demonstrating a vulnerability. - Missing best practices in SSL/TLS configuration. - Any activity that could lead to the disruption of our service (DoS). - Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS - Rate limiting or bruteforce issues - Missing best practices in Content Security Policy. - Missing HttpOnly or Secure flags on cookies - Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...) - Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version] - Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors). - Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis. - Open redirect - unless an additional security impact can be demonstrated - Issues that require unlikely user interaction - Cache poisoning without demonstrated security impact - Tabnabbing - Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.) - Reporting a leaked token without first confirming it is valid and has access to sensitive operations - Secret recovery phrase brute-forcing - Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.) - Vulnerabilities under development branches in our source code. - Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment) - Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory - Lack of binary protection (anti-debugging) controls. - Absence of certificate pinning https://github.com/rsksmart/2wp-app # We are interested in finding: - Exploits to extract the private keys of the wallet from the memory - Ways to gain control over the software or hardware wallets - Ways to change the transaction by adding or removing data #Out of scope - `test` directory https://github.com/rsksmart/powpeg-node - Attacks requiring physical access or local user level access to a user\'s device. - Previously known vulnerable libraries without a working Proof of Concept. - Denial of our service (DoS) not directly related to a flaw in the IOVLabs code or environment. - DoS attacks that require sending multiple network packets at any layer. We’re interested in DoS that depends on the data and can\'t be stopped at the network level. - Flaws on the configuration related to the option to store private keys on disk. - Vulnerabilities reported on the rskj project are out of scope for the powpeg-node. https://github.com/rsksmart/rif-wallet ##Out of scope * Clickjacking * Reports from automated tools or scans, without exploitability demonstration * Theoretical vulnerabilities without demonstrated security impact * Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions * Attacks requiring MITM or physical access to a user\'s device. * Attacks requiring a compromised victim device. * Previously known vulnerable libraries without a working Proof of Concept. * Comma Separated Values (CSV) injection without demonstrating a vulnerability. * Missing best practices in SSL/TLS configuration. * Any activity that could lead to the disruption of our service (DoS). * Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS * Rate limiting or bruteforce issues * Missing best practices in Content Security Policy. * Missing HttpOnly or Secure flags on cookies * Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...) * Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version] * Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors). * Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis. * Open redirect - unless an additional security impact can be demonstrated * Issues that require unlikely user interaction * Cache poisoning * Tabnabbing * Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.) * Reporting a leaked token without first confirming it is valid and has access to sensitive operations * Secret recovery phrase brute-forcing * Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.) * Vulnerabilities under development branches in our source code. * Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment) * Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory * Lack of binary protection (anti-debugging) controls. * Absence of certificate pinning https://github.com/rsksmart/rif-wallet-libs https://github.com/rsksmart/rif-wallet-services https://github.com/rsksmart/rsk-powhsm/ * Attacks that allow extracting the seed from the device, including but not limited to: Gaining access to the device recovery mode without wiping the seed first. * Allowing the installation and use of arbitrary ledger apps without wiping the seed first. * Attacks that allow signing arbitrary hashes with the BTC key id. * Attacks that gain access to arbitrary BIP32 paths (either for signing or extracting the public key). * Attacks that allow the manipulation of the blockchain state\'s best block without the corresponding PoW. * Attacks that allow the manipulation of the blockchain state\'s ancestor block and/or ancestor receipts root without the corresponding proof of best block ancestry. * Attacks that fake an authentic attestation on a device running different versions of either the UI or Signer. * Attacks that allow producing an authentic attestation on a device with a pre-generated or well-known seed. * Attacks that lead the ledger into a DOS state without the need for physical device access. This does not mean ledger device has open external interface. * Attacks that lead the middleware manager into a DOS state without the need for physical access to the host. This does not mean the middleware has open external interface. * Transactions in either the RSK or Bitcoin networks that may lead the powHSM into signing arbitrary pegouts or hashes. * Side channel attacks. * Supply chain attacks that have direct consequences on the production software. * Identification and reporting of vulnerabilities in the Ledger source code will be eligible for rewards after 90 days from the initial disclosure from Ledger. * Vulnerabilities discovered in the Ledger source code will be rewarded according to the general reward table specified for the bug bounty program, rather than the powHSM project reward table. * Vulnerabilities found in the Ledger source code will not qualify for the bonus reward associated with Remote Execution Code. ## Out of Scope * Vulnerabilities related to the ledger devices used by the rsk-powhsm; this includes their physical security. * Vulnerabilities that don\'t ultimately allow for the arbitrary or unsecure use of any of the keys derived from the device seed. * Vulnerabilities in TCPSigner component, which is made solely for testing and fuzzing purposes. * Vulnerabilities located in code under the following path `firmware/src/hal/src/x86/` since is code related to the TCPSigner component. * All code related to SGX is out of scope. Due to the complexity of the project some of the points may be interpreted ambiguously, therefore we reserve a right to make a final decision on the report regarding its relevance to the scope and specified severity. Please, reach us if you have any doubts on the scope. https://github.com/rsksmart/rskj RSKj Installation instructions: https://dev.rootstock.io/rsk/node/ Binary releases: https://github.com/rsksmart/rskj/releases Discord channel for technical questions: https://discord.com/invite/fPerbqcWGE Important: DoS attacks that require sending multiple network packets at any layer are out of scope. We’re interested in DoS that depends on the data and can\'t be stopped at the network level. https://github.com/rsksmart/tokenbridge The system is designed to allow to move tokens between blockchains if and only if 50% of the members approve it. Vulnerabilities that require access to a member\'s private key will be valid but will be considered medium risk at most. * The private key handling and storage is out of scope. * Malicious ERC20 tokens are out of scope because there is a whitelisting process in place. * Multi-signature wallet. * Tests located under `test` folder in (all of them). * Open Zeppelin contracts located in `bridge/contracts/zeppelin` *.bitmex.com 1589023233 All Other BitMEX Assets All other assets that are provably owned by BitMEX. com.bitmex.app.android https://play.google.com/store/apps/details?id=com.bitmex.app.android.testnet Please see the instructions under the mobile beta access section of our policy https://testflight.apple.com/join/533gFghn testnet.bitmex.com When testing our platform, please use our testing environment at `testnet.bitmex.com` and not `www.bitmex.com`. API Docs: https://testnet.bitmex.com/app/apiOverview www.bitmex.com *.adaptive-shield.com Excluding 3rd party maintained targets *.bionic.ai *.crowdstrike.com **Excluding 3rd party maintained targets** *.flowsecurity.app Excluding 3rd party maintained targets *.humio.com *.preempt.com *.preemptsecurity.com *.reposify.com *.securecircle.com CrowdStrike public infrastructure apps.apple.com/us/app/crowdstrike-falcon/id1458815656 falcon-sandbox.com hybrid-analysis.com play.google.com/store/apps/details?id=com.crowdstrike.falconmobile www.crowdstrike.com **Including all localized sites: crowdstrike.de, crowdstrike.com.au, crowdstrike.co.uk, crowdstrike.fr, crowdstrike.jp, crowdstrike.com.br** www.crowdstrike.org **CrowdStrike Foundation Website** All Other In-Scope Assets academy.databricks.com accounts.cloud.databricks.com advocates.databricks.com community.databricks.com customer-academy.databricks.com databricks.com demo.cloud.databricks.com docs.databricks.com help.databricks.com https://community.cloud.databricks.com/ [Register for Demo Accounts](https://docs.databricks.com/en/getting-started/community-edition.html) Documentation : * For information on using Databricks, please visit https://docs.databricks.com/. https://dbc-9a3f8ed1-7608.cloud.databricks.com For information on using Databricks, please visit https://docs.databricks.com/ kb.databricks.com labs.databricks.com marketplace.databricks.com partners.databricks.com support.databricks.com *.elastic.co All subdomains are in scope UNLESS OTHERWISE LISTED IN OUT-OF-SCOPE. Local, or on-premise Elastic stack is also IN-scope. *.elasticnet.co *.elstc.co *.eops.nl *.found.io Exfiltration of data or attacks against any customer clusters will not be eligible for rewards. Local, or on-premise Elastic stack is also in-scope. Only the latest supported versions of the Elastic Stack will be eligible for a bounty. *.swiftype.com Beats Issue that span across multiple Beats Source: https://github.com/elastic/beats Download: https://www.elastic.co/downloads/beats/ Including - Auditbeat - Filebeat - Heartbeat - Metricbeat - Packetbeat - Winlogbeat - Elastic Agent Beats - Auditbeat Must be a supported version: https://www.elastic.co/support/eol Includes - All platforms: https://www.elastic.co/downloads/beats/auditbeat - Docker container: https://www.docker.elastic.co/r/beats/auditbeat - Source code: https://github.com/elastic/beats/tree/main/auditbeat Beats - Filebeat - All platforms: https://www.elastic.co/downloads/beats/filebeat - Docker container: https://www.docker.elastic.co/r/beats/filebeat - Source code: https://github.com/elastic/beats/tree/main/filebeat Beats - Heartbeat - All platforms: https://www.elastic.co/downloads/beats/heartbeat - Docker container: https://www.docker.elastic.co/r/beats/heartbeat - Source code: https://github.com/elastic/beats/tree/main/heartbeat Beats - Metricbeat - All platforms: https://www.elastic.co/downloads/beats/metricbeat - Docker container: https://www.docker.elastic.co/r/beats/metricbeat - Source code: https://github.com/elastic/beats/tree/main/metricbeat Beats - Packetbeat - All platforms: https://www.elastic.co/downloads/beats/packetbeat - Docker container: https://www.docker.elastic.co/r/beats/packetbeat - Source code: https://github.com/elastic/beats/tree/main/packetbeat Beats - Winlogbeat - Download: https://www.elastic.co/downloads/beats/winlogbeat - Source code: https://github.com/elastic/beats/tree/main/winlogbeat Elastic Agent - All platforms: https://www.elastic.co/downloads/elastic-agent - With Fleet: https://www.elastic.co/guide/en/fleet/current/fleet-elastic-agent-quick-start.html - Source code: https://github.com/elastic/elastic-agent Elastic Behavior Detections Elastic invites security researchers to test our detection (SIEM) and endpoint (EDR) rulesets for potential bypasses, vulnerabilities, and areas for improvement. For this period (Dec 4 2024 - Dec 31 2024), the focus for this bounty period is on Windows behavior detections, particularly on bypassing detection capabilities tied to specific MITRE ATT&CK techniques such as Process Injection, Lateral Movement, Phishing: Spearphishing Attachments, and Impair Defenses. We are looking for submissions that demonstrate realistic, high-impact techniques that evade detection, focusing on novel approaches and measurable risks. Submissions will be evaluated based on their impact and complexity. The reward tiers are structured as follows: - Low: Alerts generated are only low severity - Medium: No alerts generated (SIEM or Endpoint) For complete details on target rulesets, MITRE techniques, and submission guidelines, view the full scope [here](https://docs.google.com/document/d/1YDyaFpIRNumh2zOSSNHY1lzL0RXNqxIkv_-0SAgdtjk/edit?tab=t.0#heading=h.1fkf7cph0u7z). Elastic Clients - Java Client: https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/index.html - JavaScript Client: https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/index.html - Ruby Client: https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/index.html - Go Client: https://www.elastic.co/guide/en/elasticsearch/client/go-api/current/index.html - .NET Client: https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/index.html - PHP Client: https://www.elastic.co/guide/en/elasticsearch/client/php-api/current/index.html - Perl Client: https://www.elastic.co/guide/en/elasticsearch/client/perl-api/current/index.html - Python Client: https://www.elastic.co/guide/en/elasticsearch/client/python-api/current/index.html - Eland Client: https://www.elastic.co/guide/en/elasticsearch/client/eland/current/index.html - Rust Client: https://www.elastic.co/guide/en/elasticsearch/client/rust-api/current/index.html Elastic Cloud Enterprise (ECE) - Download: https://www.elastic.co/downloads/enterprise Elastic Cloud on Kubernetes (ECK) - Download: https://www.elastic.co/downloads/elastic-cloud-kubernetes Elastic Enterprise Search - All platforms: https://www.elastic.co/downloads/enterprise-search - Docker: https://www.docker.elastic.co/r/enterprise-search - Cloud: https://cloud.elastic.co Elastic Maps Server - Download: https://www.elastic.co/downloads/elastic-maps-server Elastic Package Registry - https://github.com/elastic/package-registry - https://epr.elastic.co/search?all Elastic\'s package registry is used to pull elastic packages. Being able to modify our package registry is of particular interest to us. Elastic Synthetics Monitoring To get access, do the following steps: 1. Create a new deployment on cloud using an account with your @wearehackerone.com email alias. 2. Once in the deployment, go to the Observability application and pick the "Uptime" 3. Go to the Monitor Management tab 4. Fill out the request form. 5. Wait 24 hours for our team to approve you. Elasticsearch - All platforms: https://www.elastic.co/downloads/elasticsearch - Docker container: https://www.docker.elastic.co/r/elasticsearch - Source code: https://github.com/elastic/elasticsearch - Instance on Cloud: https://cloud.elastic.co Fleet Server Setup (Included in Elastic Cloud): https://www.elastic.co/guide/en/fleet/8.8/fleet-server.html Source: https://github.com/elastic/fleet-server Kibana - All platforms: https://www.elastic.co/downloads/kibana - Docker container: https://www.docker.elastic.co/r/kibana - Source code: https://github.com/elastic/kibana Logstash - All platforms: https://www.elastic.co/downloads/logstash - Docker container: https://www.docker.elastic.co/r/logstash - Source code: https://github.com/elastic/logstash Observability - APM Agents - .NET Agent: https://www.elastic.co/guide/en/apm/agent/dotnet/current/setup.html - .NET Agent Source: https://github.com/elastic/apm-agent-dotnet - Java Agent: https://www.elastic.co/guide/en/apm/agent/java/current/setup.html - Java Agent Source: https://github.com/elastic/apm-agent-java - JavaScript RUM Agent: https://www.elastic.co/guide/en/apm/agent/rum-js/current/getting-started.html - JavaScript RUM Agent Source: https://github.com/elastic/apm-agent-rum-js - Go Agent: https://www.elastic.co/guide/en/apm/agent/go/current/getting-started.html - Go Agent Source: https://github.com/elastic/apm-agent-go - Node.js Agent: https://www.elastic.co/guide/en/apm/agent/nodejs/current/set-up.html - Node.js Agent Source: https://github.com/elastic/apm-agent-nodejs - PHP Agent: https://www.elastic.co/guide/en/apm/agent/php/current/setup.html - PHP Agent Source: https://github.com/elastic/apm-agent-php - Python Agent: https://www.elastic.co/guide/en/apm/agent/python/current/set-up.html - Python Agent Source: https://github.com/elastic/apm-agent-python - Ruby Agent: https://www.elastic.co/guide/en/apm/agent/ruby/current/set-up.html - Ruby Agent Source: https://github.com/elastic/apm-agent-ruby Observability - APM Server - All platforms: https://www.elastic.co/downloads/apm - Docker: https://www.docker.elastic.co/r/apm/apm-server - Source code: https://github.com/elastic/apm-server If you found something that we own that is not explicitly listed as in-scope, please file it under this asset for us to investigate. We don\'t want our scope section to stop you from finding us vulnerabilities! Software Supply Chain Includes threats highlighted by SLSA https://slsa.dev/spec/v0.1/threats - Source - Build - Dependencies - Package Specifically - Github Workflows @ https://github.com/elastic - look under the .github/workflows directory - Dependency Confusion - Actual credential exfiltration or leaks (not theoretical) from build services (below) - Command injection against build service **Build Services** Buildkite - https://buildkite.com/elastic Github Actions - https://github.com/elastic/ Jenkins - https://elasticsearch-ci.elastic.co - https://apm-ci.elastic.co/ - https://beats-ci.elastic.co/ - https://clients-ci.elastic.co/ - https://cloud-ci.elastic.co/ - https://devops-ci.elastic.co/ - https://elasticsearch-ci.elastic.co/ - https://infra-ci.elastic.co/ - https://internal-ci.elastic.co/ - https://kibana-ci.elastic.co/ - https://logstash-ci.elastic.co/ - https://swiftype-ci.elastic.co/ cloud.elastic.co **How to test** 1. Go to https://cloud.elastic.co/ 1. Click “Sign Up” 1. Enter your @wearehackerone email and click “Start Free Trial” (you can create multiple trials if necessary) 1. Find your verification email and click “Verify and Accept” 1. Set your password 1. Click “Start Free Trial” You should now be able to create an Elasticsearch deployment in any hosted infrastructure you choose. Once you create a deployment, try to find bugs! Only the latest supported versions of the Elastic Stack will be eligible for a bounty. Bugs describing missing rate limiting on cloud.elastic.co/api/v1/users/_login are out of scope. The API is rate limited but doesn\'t return a 429. elastic.co credentials www.elastic.co The main page for Elastic *.advisorsolutions.gs.com *.ayco.com *.folioclient.com *.foliodigitalwealth.com This site is in the process of being retired. Only Critical issues will be considered for bounty *.foliofirst.com *.foliofn.com *.folioidentity.com *.folioinstitutional.com *.folioinvesting.com *.global-liquidity.gs.com *.goldman.com *.goldmanpfm.com Avoid all active testing on contact and registration forms, such as "Contact us", "Register for a Demo", and "Speak With a Financial Advisor". These forms may generate emails that will affect the business. If we start receiving test submissions on these forms, we may have to pause eligibility for these sites. *.goldmansachs.com This is Goldman Sachs\' main website. *.gs-mosaic.gs.com *.gs-mosaic.qa.gs.com *.gs.com Excludes third-party hosted applications, including: - *.subscriptions.gs.com - gset.gs.com - 10ksbv.eo.gs.com - BlackInBusiness.gs.com *.gs.de Includes: *.gsmarkets.de *.gsmarkets.nl *.gsmarkets.at *.gsmarkets.be Excludes the 3rd party hosted site: classic.gs.de In scope sites may display a page overlay to US visitors which can be hidden using an adblocker like uBlock Origin *.gsam.com *.gspublishing.com *.gsselect.com *.honestdollar.com *.marcus.co.uk *.marcus.com *.nextcapital.com Any domain pointing to a third party service that is not a cloud provider is out of scope for testing. If unsure whether an asset is in scope, please reach out to bugbounty@gs.com before testing. *.nnip.com *.qaglobal-liquidity.gs.com *.vennhypotheken.nl GS Select iOS app [GS Select iOS app](https://apps.apple.com/us/app/gs-select/id1634151697) api.foliofn.com apigw.foliofn.com com.gs.gsnow.external [GS Now iOS](https://apps.apple.com/us/app/gs-now/id1473474041) com.gs.gstrader.external [Marquee Trader Mobile](https://apps.apple.com/us/app/marquee-trader-mobile/id1518269915) com.gs.mobile.gsnow [GS Now Android](https://play.google.com/store/apps/details?id=com.gs.mobile.gsnow) com.gs.mobile.trader [Marquee Trader Android](https://play.google.com/store/apps/details?id=com.gs.mobile.trader&hl=en_IN&gl=US) com.gs.pfmg.wellness [Goldman Sachs Wellness Android](https://play.google.com/store/apps/details?id=com.gs.pfmg.wellness&hl=en_IN&gl=US) com.gs.pwmdigital.external [GS PWM iOS](https://apps.apple.com/us/app/gs-pwm/id1440077444) com.gs.pwmdigital.external.android [GS PWM Android](https://play.google.com/store/apps/details?id=com.gs.pwmdigital.external.android) com.marcus.android [Marcus US Android](https://play.google.com/store/apps/details?id=com.marcus.android&hl=en_IN&gl=US) com.marcus.android.uk [Marcus UK: Online Savings Bank Android](https://play.google.com/store/apps/details?id=com.marcus.android.uk) com.marcus.ios-uk [Marcus UK: Online savings bank](https://apps.apple.com/gb/app/marcus-uk-online-savings-bank/id1489511701) com.marcus.ios-us [Marcus by Goldman Sachs](https://apps.apple.com/us/app/marcus-save-borrow-invest/id1489511701) developer.gs.com goldmansachsindices.com marquee.gs.com research.gs.com www.fitvermogen.nl www.rocaton.com Excludes: *.rocaton.com secure.rocaton.com 983980808 https://itunes.apple.com/us/app/yoti/id983980808 Yoti Password Manager browser extension https://chromewebstore.google.com/detail/yoti-password-manager/ajgehecfkfhindkhdcjmifbngkfdflla api.yoti.com ccloud.yoti.com code.yoti.com com.yoti.mobile.android.live https://play.google.com/store/apps/details?id=com.yoti.mobile.android.live core.yoti.com hub.yoti.com you must use "[Hackerone] <whatever name here>" when creating any organisation/application/service within Hub! identity.yoti.com www.yotisign.com You must use "[Hackerone] ORG_NAME" when registering an organisation! Steam Client Steam Servers api.steampowered.com com.valvesoftware.Steam developer.valvesoftware.com help.steampowered.com partner.steamgames.com partner.steampowered.com playartifact.com steamcommunity.com store.steampowered.com support.steampowered.com www.counter-strike.net www.dota2.com www.teamfortress.com www.valvesoftware.com *.3lateral.com ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty. If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation. *.amplitude-game.com *.artstation.com ***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty. *.audicagame.com *.cubicmotion.com *.dancecentral.com *.dropmix.com *.easy.ac *.epicgames.com *.epicgames.dev *.fallguys.com *.fortnite.com *.harmonixmusic.com *.hmxservices.com *.hmxwebservices.com *.mediatonic.co.uk *.oncatapult.com *.psynet.gg *.psyonix.com *.quixel.com When assessing Quixel models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information. *.rocketleague.com **==The white hat is no longer offered as a reward for Rocket League findings.==** *.singspacegame.com *.sketchfab.com When assessing Sketchfab models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information. *.twinmotion.com *.unrealengine.com *.unrealtournament.com Any other Epic games owned asset not listed in the out of scope section Note: Acceptance of findings of this type are at the discretion of the Epic Games team. EOS C# SDK [C# SDK] (https://dev.epicgames.com/portal/api/v2/services/sdk/download/?sdkType=c_sharp) EpicGamesLauncher.exe Local privilege escalation is currently out of scope for this asset. EpicOnlineServices FortniteClient-Android-Shipping-arm64-es2.apk FortniteClient-Win64-Shipping.exe FortniteLauncher-Win64-Shipping.exe FortniteLauncher-Win64-Shipping_BE.exe FortniteLauncher-Win64-Shipping_EAC.exe FortniteLauncher.exe UnrealEditorFortnite-Win64-Shipping.exe aqtooling.com aquiris.com.br aquiris.studio aquiristech.com ballistic.com ballistic.com.br buckingfuggy.com capturingreality.com fab.com fortnite.com harmonixmusic.com hc2services.com hc2tooling.com hmxservices.com horizonchase.com horizonchase.com.br horizonchaseturbo.com id1520720139 id1534920947 innersloth.kidswebservices.com kidswebservices.com metahuman.unrealengine.com This is an API Base, please also see the following list of endpoints GET: /health-check GET: /metrics GET: /api/v1/getClientSession GET: /api/v1/getQueuePosition GET: /api/v1/get-eula POST: /api/v1/accept-eula niantic.kidswebservices.com playwonderbox.com playwonderbox.com.br staging.kidswebservices.com twinmotion.unrealengine.com GET: /logout GET: /api/drive/account GET: /api/drive/presentations POST: /api/drive/rename_presentation POST: /api/drive/delete_presentation POST: /api/drive/share_presentation POST: /api/drive/unshare_presentation POST: /api/drive/create_session POST: /api/drive/user_position POST: /api/public/create_session POST: /api/public/user_position POST: /api/public/presentation v1. kidswebservices.com v1staging.kidswebservices.com wonderboxapi.com wonderboxdev.com *.cloud.malwarebytes.com Domains supporting many Malwarebytes services and products. *.cyrus-security.com *.malwarebytes.com * academy.malwarebytes.com *.mb-cosmos.com *.mbamupdates.com *.mwb-threatintel.com *.mwbsys.com *.threatdown.com Any other Malwarebytes asset Please use this category to report vulnerabilities in any other assets not listed in other categories. Note: Due to the broad scope of this category, eligibility and rewards will decided on the case-by-case basis. BrowserGuard (Firefox/Chrome/Safari browser extension) Malwarebytes Browser Guard crushes unwanted and unsafe content, giving you a safer and faster browsing experience. Not only that, it is the world’s first browser extension that can identify and stop tech support scams. * Product page: https://www.malwarebytes.com/browserguard * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468293-Malwarebytes-Browser-Guard Malwarebytes Anti-Ransomware Advanced antivirus and anti-malware with faster, safer web browsing. * Product page: https://forums.malwarebytes.com/forum/172-anti-ransomware-beta/ * Documentation: https://support.malwarebytes.com/hc/en-us/articles/360038523414-What-is-Malwarebytes-Anti-Ransomware Malwarebytes Device Control * Product page: https://www.malwarebytes.com/business/cloud * Documentation: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula Malwarebytes Endpoint Detection and Response (EDR) Cross-platform threat prevention and remediation for Windows, Mac, and Linux * Product page: https://www.malwarebytes.com/business/edr / https://www.malwarebytes.com/business/edr/server-security/ Malwarebytes Endpoint Protection Comprehensive security that keeps your devices safe and teams productive. * Product page: https://www.malwarebytes.com/business/endpoint-protection / https://www.malwarebytes.com/business/endpoint-protection/server-security Malwarebytes Incident Response Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. The solution bolsters your enterprise cyber resilience and incident response process by compressing response times with fast and complete remediation. * Product page: https://www.malwarebytes.com/business/incident-response * Documentation: https://www.malwarebytes.com/business/incident-response Malwarebytes Privacy (VPN) With a single click, our next-generation VPN helps protect your online privacy, secures your WiFi connection, and delivers speeds way faster than older VPNs. * Product page: https://www.malwarebytes.com/vpn * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360003545953-Malwarebytes-Privacy **Note**: The scope of the bug bounty program is limited to **ONLY** the VPN client installed on desktop/endpoint. **Server-side** is strictly **NOT** in scope, but your feedback is appreciated, **NOT** rewarded. The primary goal of this bug bounty program is to explore if there are any IP leak, DNS leak, and Data leak vulnerabilities present or not. As a researcher and creative thinker, you are welcome to explore for any other vulnerabilities if they are applicable to the client. Malwarebytes Remediation for CrowdStrike Malwarebytes Remediation for CrowdStrike works seamlessly with CrowdStrike Real Time Response (RTR) functionality. It provides automated remediation that thoroughly removes malware on machines where CrowdStrike Falcon has stopped an attack. * Product page: https://www.malwarebytes.com/business/crowdstrike * Documentation: https://service.malwarebytes.com/hc/en-us/articles/4413798516627-Malwarebytes-Remediation-for-CrowdStrike-integration-guide Malwarebytes ToolSet (MBTS) * Product page: https://www.malwarebytes.com/techbench * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057875-Toolset Malwarebytes Windows Firewall Control Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better. It runs in the system tray and allows the user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall. * Product page: https://www.binisoft.org/wfc * Documentation: https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf Malwarebytes for Mac * Product page: https://www.malwarebytes.com/mac * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468253-Malwarebytes-for-Mac Malwarebytes for Teams * Product page: https://www.malwarebytes.com/business/teams * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4414671777043-For-Teams Malwarebytes for Windows * Product page: https://www.malwarebytes.com/premium * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows Vulnerability & Patch Management Understand risks quickly and strengthen defenses across your digital ecosystem with modules for our cloud-based security management platform. * Product page: https://www.malwarebytes.com/business/vulnerability-patch-management * Documentation: https://www.malwarebytes.com/business/vulnerability-patch-management cloud.malwarebytes.com Platform that support most of Malwarebytes for business products. * Product page: https://cloud.malwarebytes.com * Documentation: https://www.malwarebytes.com/business/cloud com.malwarebytes.Malwarebytes Get all the extra iOS security you need in one app. Protect yourself from online threats and put a stop to annoying spam calls and texts. Browse the web with confidence and focus on the messages that matter. * Product page: https://www.malwarebytes.com/ios * Appstore: https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431 * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS my.malwarebytes.com Portal to manage your subscriptions and billing. * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458094-My-Account-Billing oneview.malwarebytes.com The Malwarebytes OneView multi-tenant dashboard enables you to grow revenue while lowering costs with a single pane of glass to centrally manage customer and partner accounts, cloud subscriptions for servers and workstations, invoicing, and integrations. The admin console provides direct linkage to the Malwarebytes internal team for rapid creation and resolution of support tickets. * Product page: https://www.malwarebytes.com/partners/managed-service-providers * Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057491-OneView org.malwarebytes.antimalware * Product page: https://www.malwarebytes.com/android / https://www.malwarebytes.com/chromebook * Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458034-Malwarebytes-for-Android-Chrome-OS www.malwarebytes.com MS Office Add-In Grammarly add-on (works with MS Word and Outlook for Windows), where authorized users can check their Word documents or emails. Auto-update functionality can be tested on an [older version](https://download-office.grammarly.com/installer/GrammarlyAddInSetup6.6.110.exe). Download URL: https://download-office.grammarly.com/latest/GrammarlyAddInSetup.exe . Prerequisites: MS Word/Outlook, .NET Framework 4.5. Vulnerabilities are eligible for submission if they’re reproducible on **any version of** Word/Outlook on Windows 10 with **all latest security patches applied**. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word/Outlook license if the report appears being valid. *.grammarly.com *.grammarly.io *.grammarlyaws.com AppActions With app actions, you can connect Grammarly to apps you use every day and perform common tasks directly from Grammarly. This saves time by avoiding context-switching and helps you stay in the flow of writing. URL\'s in scope: - 3p-access.grammarly.com/* - goldengate.grammarly.com/skills-proxy/* - goldengate.grammarly.com/skills/* You can read more about "App Actions" here - https://support.grammarly.com/hc/en-us/articles/21227721882253-Introducing-App-Actions. Browser Extensions The extension is available in the extension/add-on store of the respective browser: * [Chrome](https://chrome.google.com/webstore/detail/grammarly-for-chrome/kbfnbcaeplbcioakkpcpgfkobkghlhen?hl=en) * [Firefox](https://addons.mozilla.org/en-US/firefox/addon/grammarly-1/) * [Edge](https://microsoftedge.microsoft.com/addons/detail/grammarly-ai-writing-and/cnlefmmeadmemmdciolhbnfeacpdfbkd) * [Safari](https://apps.apple.com/us/app/grammarly-for-safari/id1462114288) **Browser Extension vulnerabilities will not be distinguished. For example, if a vulnerability exists in the Chrome and Safari extensions, we will consider it the same vulnerability and will only award one bounty.** Capture the Flag The first hacker who reports the `$FLAG` saved in the document (`document_id: 1198436185`) of the user `h1_ctf@grammarly.com` (`user_id: 1411519194`) will be awarded a **$100K bounty**. Grammarly AI Assistant Grammarly\'s AI writing assistant is a powerful tool that leverages generative AI to assist users in composing, rewriting, ideating, and replying to texts. It\'s contextually aware and offers personalized suggestions that respect user authenticity. The assistant is integrated into Grammarly\'s existing product offerings and can be used across many popular desktop applications and websites. It provides on-demand assistance, allowing users to generate high-quality, task-appropriate writing and revisions. The assistant is also capable of incorporating organizational context for Grammarly Business customers, providing text that\'s tailored to the business. - Read more about Writing Assistant: https://www.grammarly.com/ai - Article to help you get started with Grammarly Assistant https://support.grammarly.com/hc/en-us/articles/14528857014285-Introducing-generative-AI-assistance Grammarly Auth Services Multiple services that are used for authentication and authorization. `auth.grammarly.com` `tokens.grammarly.com` `sso.grammarly.com` Grammarly Business Features ### Security features - Account roles and permissions - SAML single sign-on - Managed mode - Invite and domain capture ### Team features - Style guide - Brand tones - Knowledge Share - Snippets - Analytics dashboard ## Supporting Resources - [Overview of Business features](https://www.grammarly.com/business) - [Feature comparison](https://www.grammarly.com/plans) - [Snippets Introduction](https://www.grammarly.com/business/snippets) - [Brand tones introduction](https://www.grammarly.com/business/brand-tones) - [Analytics introduction](https://www.grammarly.com/business/analytics) - [Style Guide introduction](https://www.grammarly.com/business/styleguide) - [Knowledge Share introduction](https://support.grammarly.com/hc/en-us/articles/16664924710797-Introducing-Knowledge-Share) - [Managed Mode](https://support.grammarly.com/hc/en-us/articles/8341171286541-Managed-Mode) - [Invite](https://support.grammarly.com/hc/en-us/articles/115000931852-Invite-team-members) - [Domain Capture](https://support.grammarly.com/hc/en-us/articles/19489029001869-How-to-automatically-join-or-request-to-join-a-Grammarly-Business-subscription) - [Roles and permissions](https://support.grammarly.com/hc/en-us/articles/19026306820109-Group-manager-permissions-for-team-members) - [How to use style guides](https://support.grammarly.com/hc/en-us/articles/360043832652-Create-style-rules) - [How to use analytics dashboard](https://support.grammarly.com/hc/en-us/articles/360061408151-Analyze-my-team-s-writing-performance) - [How to use Brand tones](https://support.grammarly.com/hc/en-us/articles/4403544890253-Set-brand-tones) - [How to use snippets](https://support.grammarly.com/hc/en-us/articles/4403077145485-Create-snippets) - [Articles to setup SSO](https://support.grammarly.com/hc/en-us/sections/360010341231-SAML-Single-Sign-On) Grammarly Desktop for Windows https://download-windows.grammarly.com/GrammarlyInstaller.exe Grammarly Desktop for macOS https://download-mac.grammarly.com/Grammarly.dmg Grammarly for Microsoft Word Vulnerabilities are eligible for submission if they’re reproducible on any version of Word on OS with all latest security patches applied. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word license if the report appears to be valid. You can install **Grammarly for Microsoft Word** at https://appsource.microsoft.com/en-us/product/office/WA200001011 app.grammarly.com app.grammarly.com is Grammarly’s web application, enabling users to create, edit, and manage documents while accessing the full suite of Grammarly features through the online editor. capi.grammarly.com CAPI: A service dedicated to text analysis, primarily utilizing WebSocket communication with a few HTTP endpoints. com.grammarly.android.keyboard Vulnerabilities in Grammarly Mobile Keyboard for Android with a working proof of concept may qualify for an additional bounty through the [Google Play Security Rewards Program](https://hackerone.com/googleplay). To see which vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s [Vulnerability Criteria](https://hackerone.com/googleplay). com.grammarly.keyboard grammarly.ai This service doesn\'t handle, store or transfer any internal data or data of our users. Additionally, it is located in a separate VPC and isn\'t part of our infrastructure. We accept only **critical submissions**(SSRF, XXE, SQLi, RCE) with a clearly reproducible **proof of concept code**. ​ _Reports that don\'t match these criteria will be closed as "N/A"._ https://github.com/hyperledger/besu https://github.com/hyperledger/besu-errorprone-checks https://github.com/hyperledger/besu-native https://github.com/hyperledger/besu-verkle-trie https://github.com/hyperledger/fabric https://github.com/hyperledger/fabric-admin-sdk https://github.com/hyperledger/fabric-amcl https://github.com/hyperledger/fabric-ca https://github.com/hyperledger/fabric-chaincode-go https://github.com/hyperledger/fabric-chaincode-java https://github.com/hyperledger/fabric-chaincode-node https://github.com/hyperledger/fabric-cli https://github.com/hyperledger/fabric-config https://github.com/hyperledger/fabric-contract-api-go https://github.com/hyperledger/fabric-gateway https://github.com/hyperledger/fabric-gateway-java https://github.com/hyperledger/fabric-lib-go https://github.com/hyperledger/fabric-private-chaincode https://github.com/hyperledger/fabric-protos https://github.com/hyperledger/fabric-protos-go https://github.com/hyperledger/fabric-protos-go-apiv2 https://github.com/hyperledger/fabric-samples https://github.com/hyperledger/fabric-sdk-go https://github.com/hyperledger/fabric-sdk-java https://github.com/hyperledger/fabric-sdk-node https://github.com/hyperledger/fabric-sdk-py 1604650263 351331194 https://apps.apple.com/gb/app/badoo-dating-chat-friends/id351331194 403684733 https://apps.apple.com/gb/app/badoo-premium/id403684733 6444040977 930441707 https://apps.apple.com/us/app/bumble-dating-meet-people/id930441707 badoo.com badoocdn.com bma.badoo.com bma.bumble.com ccardseu1.badoo.com ccardsus1.badoo.com chatdate.app com.badoo.hotornot com.badoo.mobile https://play.google.com/store/apps/details?id=com.badoo.mobile com.badoo.twa https://play.google.com/store/apps/details?id=com.badoo.twa com.bumble.app https://play.google.com/store/apps/details?id=com.bumble.app com.bumblebff.app com.flashgap.fruits com.flashgap.fruitz com.hotornot.app com.official.rnapp corp.badoo.com eu1.badoo.com getofficial.co hotornot.com m.badoo.com meu1.badoo.com mus1.badoo.com translate.badoo.com us1.badoo.com www.bumble.com api.spotify.com, api-partner.spotify.com Based on simple REST principles, the Spotify Web API endpoints return JSON metadata about music artists, albums, and tracks, directly from the Spotify Data Catalogue. Web API also provides access to user related data, like playlists and music that the user saves in the Your Music library. Such access should be enabled through selective authorization, by the user. A full list of the objects returned by the endpoints of the Spotify Web API - https://developer.spotify.com/documentation/web-api/ `api-partner` is a similar API used by Spotify\'s partners, aka Ads API. It\'s documentation is available @ https://developer.spotify.com/documentation/ads-api *.atspotify.com If a bug you have submitted affects a site managed by a third party we will award you a $100 bonus payment and close the report as informational. *.avecspotify.com *.byspotify.com *.enspotify.com *.forspotify.com *.fromspotify.com *.spotify.com Main spotify domain wildcard for assets on this domain that are not otherwise listed. *.spotify.net Internal spotify domain wildcard for assets on this domain that are not otherwise listed. *.tospotify.com *.withspotify.com Anchor Anchor was acquired by Spotify in 2019. ~~~ anchor.fm Android SDK * https://developer.spotify.com/documentation/android/ * https://github.com/spotify/android-sdk Backstage source code https://github.com/spotify/backstage GHE Jira Megaphone Megaphone was acquired by Spotify in November 2020. ** These targets are NOT in scope:** support.megaphone.fm Okta Other Spotify websites Please use this asset for non *.spotify.com websites. This includes sites associated with Spotify, but aren\'t otherwise listed as a separate asset. Find below a list of in-scope targets. Note that it is continuously updated: closetheplaygap.com eyeofthestormers.com lifeatspotify.com play-portraits.com reviewvault.com sonalytic.com spotify-library.com spotify.design spotify.dev spotify.stackenterprise.co spotifycharts.com spotifycodes.com spotifycs.my.salesforce.com spotifyforpartners.com spotifyforvendors.com spotifynewsroom.jp spotifyonstage.com spotifypodcastsummit.com spotifypremium.jp spotifysoundcheck.com spotifyvault.com timetoplayfair.com Podsights Podsights was acquired by Spotify in February 2022. [ Non-core asset] ** These targets are in scope: ** admin.podsights.com api.pdst.fm cdn.pdst.fm dash.podsights.com metarouter.pdst.io pdst.fm ping.pdst.fm podcast-graph-dot-adaptive-growth.appspot.com podsights.com sink.pdst.fm Sonantic Sonantic was acquired by Spotify in June 2022. app.sonantic.io api.sonantic.io label-studio-public.sonantic.io Spotify SDKs For Spotify SDK (note: there is a specific scope for Web, Android and iOS SDK) https://developer.spotify.com/ Spotify desktop application (Windows and Mac) VPN Web Playback SDK * https://developer.spotify.com/documentation/web-playback-sdk/ assets.spotify.com * Do not run automated scans against this target. They are often very noisy. backstage.io Backstage is an open-source developer portal. Find below a list of in-scope targets. Note that it is continuously updated: com.anchorfminc.Anchor com.spotify.client Spotify - Music and Podcasts https://itunes.apple.com/us/app/spotify-music-and-podcasts/id324684580 com.spotify.kids Spotify Kids https://apps.apple.com/ie/app/Spotify-Kids/id1470209570 https://play.google.com/store/apps/details?id=com.spotify.kids com.spotify.lite Spotify Lite https://play.google.com/store/apps/details?id=com.spotify.lite com.spotify.music https://play.google.com/store/apps/details?id=com.spotify.music com.spotify.s4a Spotify for Artists https://itunes.apple.com/us/app/spotify-for-artists/id1222021797 https://play.google.com/store/apps/details?id=com.spotify.s4a com.spotify.tv.android Spotify Music - for Android TV https://play.google.com/store/apps/details?id=com.spotify.tv.android fm.anchor.android iOS SDK * https://developer.spotify.com/documentation/ios/ * https://github.com/spotify/ios-sdk *.guilded.gg *.ra.roblox.com *.rbx.com *.roblox.com App api\'s that are used within Roblox. Roblox Client Applies to Windows/Osx/Mobile Platform Roblox Engine Roblox Studio blox.link *.cp.dyson.com This namespace is used to publish API\'s relating to the registration and control of Dyson connected products. *.dyson.com 993135524 (Dyson Link App - https://itunes.apple.com/gb/app/dyson-link/id993135524) Dyson Connected Products (IoT Hardware) Github findings Any issues found on Github that could pose a risk for Dyson such as leaked credentials. These reports will be evaluated on a case-by-case basis Other Dyson Assets We welcome reports for all other assets that are owned or managed by Dyson. If you are unsure if something you have found is a Dyson asset, then please contact us first for clarification. api.dyson.at api.dyson.be api.dyson.ch api.dyson.co.uk api.dyson.com api.dyson.de api.dyson.dk api.dyson.es api.dyson.fr api.dyson.ie api.dyson.it api.dyson.nl api.dyson.no api.dyson.pt api.dyson.se api.dysoncanada.ca api.fi.dyson.com com.dyson.mobile.android (Dyson Link App - https://play.google.com/store/apps/details?id=com.dyson.mobile.android) shop.dyson.co.za shop.dyson.tw www.dyson.ae www.dyson.at www.dyson.be www.dyson.ch www.dyson.cn www.dyson.co.il www.dyson.co.jp www.dyson.co.kr www.dyson.co.nz www.dyson.co.th www.dyson.co.uk www.dyson.com www.dyson.com.au www.dyson.com.ee www.dyson.com.mx www.dyson.com.ro www.dyson.com.sg www.dyson.com.tr www.dyson.com.ua www.dyson.cz www.dyson.de www.dyson.dk www.dyson.es www.dyson.fr www.dyson.hk www.dyson.hu www.dyson.ie www.dyson.in www.dyson.it www.dyson.my www.dyson.nl www.dyson.no www.dyson.pl www.dyson.pt www.dyson.se www.dyson.tw www.dyson.vn www.dysoncanada.ca www.fi.dyson.com www.gr.dyson.com www.sa.dyson.com *.shipt.com 971888874 IOS Member App 976353472 IOS Shopper App admin.shipt.com *No credentials will be provided. Unauthenticated assessment only. api.shipt.com app.shipt.com com.shipt.groceries Shipt Member App com.shipt.shopper Shipt Shopper App shop.shipt.com shoppingcart.shipt.com staging-admin.shipt.com *No credentials will be provided staging-api.shipt.com staging-app.shipt.com staging-shop.shipt.com staging-shoppingcart.shipt.com www.shipt.com Please follow normal scope (no DOS, social engineering, etc.) and please refrain from assessing any other wp-engine platforms. *.nordvpn.com Third-party services under our subdomains are out of scope **(please read full policy for details).** 1486322860 NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0) Please make sure you are testing the latest version. 905953485 NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8) All Mobile Assets iOS: App Store (905953485) NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8) iOS: App Store (1486322860) NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0) Android .apk: com.nordvpn.android NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/) Android Play Store: com.nordvpn.android NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android) Android Play Store: com.nordpass.android.app.password.manager NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0) NordPass - Linux Executable [Direct Web Download](https://nordpass.com/download/linux/) Please make sure you are testing the latest version NordPass - MacOS Executable [Direct Web Download](https://nordpass.com/download/macos/) NordPass - Windows Executable [Direct Web Download](https://nordpass.com/download/windows/) NordVPN - Linux Executable [Direct Web Download](https://nordvpn.com/download/linux/) NordVPN - MacOS Executable [Direct Web Download](https://nordvpn.com/download/mac/) [MacOS App Store](https://apps.apple.com/us/app/nordvpn-vpn-fast-secure/id905953485) NordVPN - Windows Executable [Direct Web Download]( https://nordvpn.com/download/windows/) NordVPN Browser Extension * Chrome: https://nordvpn.com/download/chrome-extension/ * Firefox: https://nordvpn.com/download/firefox-extension/ app.nordpass.com com.nordpass.android.app.password.manager NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0) com.nordvpn.android NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android) NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/) *.lyst.co *.lyst.com *.lystit.com 597940518 cdna.lystit.com com.lyst.lystapp mobileapi.lystit.com *.kiwi.com Mostly branded versions of our main www.kiwi.com site, please report vulnerabilities only for www.kiwi.com and don\'t duplicate it here. *.skypicker.com APIs & internal tools. auth.skypicker.com Authentication API used on www.kiwi.com. com.skypicker.Skypicker **Primary target** - Available in [App Store](https://itunes.apple.com/bs/app/kiwi-com-cheap-flight-tickets/id657843853) com.skypicker.main **Primary target** - Available in the [Play Store](https://play.google.com/store/apps/details?id=com.skypicker.main) http://www.kiwi.com/stories Online travel magazine Kiwi.com Stories, with very limited impact on our sites & infrastructure. https://github.com/kiwicom/* Note that archived projects are out of scope. jobs.kiwi.com Hiring page, no sensitive information, likely no impact on our company. tequila.kiwi.com B2B platform. Backend API requests are proxied via **tequila-api.kiwi.com** & **api.tequila.kiwi.com** www.kiwi.com Our main website https://github.com/discourse/discourse try.discourse.org Enjin Blockchain The Enjin Blockchain refers to either the Enjin Relaychain or the Enjin Matrixchain. It does not refer to other (community-operated) Matrixchains. Issues originating from Substrate are notifiable but ineligible for a bounty as Enjin Blockchain will automatically work towards scheduling upgrades from Substrate, which includes new features; bug fixes; and security fixes. Enjin Coin - Ethereum ERC-20 Contract Mainnet Contract: `0xF629cBd94d3791C9250152BD8dfBDF380E2a3B9c` **Background** Enjin Coin (ENJ) is an Ethereum-based cryptocurrency used to directly back the value of next-generation blockchain assets. It is the gold standard for digital assets. **Additional Conditions** All testing must be conducted on the Goerli (testnet) contract. The deployed contract is identical to that of the Mainnet contract. com.enjin.mobile.wallet https://apps.apple.com/us/app/enjin-cryptocurrency-wallet/id1349078375 The Enjin Wallet is a secure, feature-packed, and convenient blockchain asset wallet built for traders, gamers, and developers. https://play.google.com/store/apps/details?id=com.enjin.mobile.wallet nft.io You can also test, for free, on [canary.nft.io](https://canary.nft.io). platform.enjin.io You can also test, for free, on [platform.canary.enjin.io](https://platform.canary.enjin.io). The Enjin Platform is open-source. You can access the code on our [GitHub Organization](https://github.com/enjin). All related repositories start with the `platform-` prefix. Nintendo Switch System Nintendo Switch applications for which Nintendo is the publisher worldwide cdn.plaid.com This is on Amazon CloudFront, so the scope here is limited to our content and configuration issues. dashboard.plaid.com Plaid\'s developer dashboard demo.plaid.com Demo Plaid developer integration https://github.com/plaid/plaid-link-android Plaid\'s drop-in client-side module for authentication. Available for web, mobile web and iOS. https://github.com/plaid/plaid-link-examples https://github.com/plaid/plaid-link-ios https://github.com/plaid/plaid-ruby The official Ruby bindings for the Plaid API. It\'s generated from our OpenAPI schema https://github.com/plaid/react-native-plaid-link-sdk Plaid Link for React Native https://github.com/plaid/react-plaid-link React hooks and components for integrating with the Plaid Link drop module my.plaid.com Portal for customers to access their information as seen by Plaid apps they have permissioned. https://my.plaid.com plaid.com Plaid\'s marketing website, not full *.plaid.com production.plaid.com Plaid\'s developer API. Docs: https://plaid.com/docs secure.plaid.com This is an alias for cdn.plaid.com *.myinsights.io *.scatec.io *.sellzone.com *.semrush.com *.semrush.net *.seoab.io *.seoquake.com Leaked/Сompromised Employee accounts Please review the program policy on this scope before submitting your report. Other Semrush Related Asset Please use this Asset tag for any High and Critical report that does not relate directly to another Semrush asset listed in scope, and is also NOT listed under the "Out of Scope" section. Please note, that Semrush will only accept and review valid high and critical severity reports. *.quora.com Except for subdomains managed by third parties, such as help.quora.com, careers.quora.com, and business.quora.com. com.quora.android The latest version of Android app installed from the official store at: https://play.google.com/store/apps/details?id=com.quora.android com.quora.app.mobile The latest version of iOS app installed from the official store at: https://itunes.apple.com/us/developer/quora-inc/id456034440 http://poe.com 0x0d8775f648430679a709e98d2b0cb6250d2887ef We are particularly interested in any security issue which has consequences for this Ethereum address. 0x44fcfabfbe32024a01b778c025d70498382cced0 0x67fa2c06c9c6d4332f330e14a66bdf1873ef3d2b 0x7c31560552170ce96c4a7b018e93cddc19dc61b6 0xfbfa258b9028c7d4fc52ce28031469214d10daeb account.brave.com basicattentiontoken.org We are not generally interested in bugs on the static website hosted <basicattentiontoken.org>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions. brave.com We are not generally interested in bugs on <brave.com>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions. com.brave.browser com.brave.browser_beta com.brave.ios.browser creators.basicattentiontoken.org https://github.com/brave-intl/bat-balance https://github.com/brave-intl/bat-client https://github.com/brave-intl/bat-go https://github.com/brave-intl/bat-ledger https://github.com/brave-intl/bat-publisher https://github.com/brave-intl/publishers https://github.com/brave/brave-core https://github.com/brave/vault-updater https://laptop-updates.brave.com/latest/dev/debian64 https://laptop-updates.brave.com/latest/dev/ubuntu64 https://laptop-updates.brave.com/latest/fedora64 https://laptop-updates.brave.com/latest/linux64 https://laptop-updates.brave.com/latest/mint64 https://laptop-updates.brave.com/latest/openSUSE64 https://laptop-updates.brave.com/latest/osx https://laptop-updates.brave.com/latest/winia32 https://laptop-updates.brave.com/latest/winx64 search.brave.com talk.brave.com Burp Collaborator Burp Collaborator is part of Burp Suite Pro - for further information refer to https://portswigger.net/burp/help/collaborator.html Burp Suite Enterprise Edition Download from https://portswigger.net/requestfreetrial/enterprise Burp Suite Pro/Community Download from https://portswigger.net/burp forum.portswigger.net https://enterprise-demo.portswigger.net/ This is a hosted demo of Burp Suite Enterprise Edition. portswigger.net https://portswigger.net FIles.com REST API ## REST API Full documentation for the REST API can be found here: https://developers.files.com/ The REST API URL is tied to your specific site (https://*sitename*.files.com) that was generated when you created the trial using the [BUGBOUNTY] setup process defined in the Policy section. Files.com Desktop Application for Windows or Mac Download for desktop application is located here: https://www.files.com/docs/desktop/ Files.com SDK\'s Full documentation for the Files.com SDK’s can be found here: https://developers.files.com/#per-language-sdks app.files.com Files.com Web Application www.files.com This is the main marketing site for Files.com. On the marketing site asset (https://www.files.com) we will only accept vulnerabilities that lead to a vulnerability on the main *.files.com platform. your-assigned-subdomain.files.com **Files.com Web Application** **Please review the Out of Scope assets** -- note that not all subdomains of https://*.files.com are in scope for this asset. Please review the listing of assets marked Out of Scope prior to any testing. This list will change so please refer back during all phases of testing. The actual application URL will be created as https://*your-assigned-subdomain*.files.com when you create the trial account using the [BUGBOUNTY] process outlined in the Policy section. Exness Investor https://apps.apple.com/id/app/exness-investor/id1579331769 Exness Social Trading https://apps.apple.com/id/app/exness-social-trading/id1392465628 Exness Trade: Online Trading https://apps.apple.com/id/app/exness-trader-trade-on-the-go/id1359763701 api.excalls.mobi Mobile API com.exness.android.pa https://play.google.com/store/apps/details?id=com.exness.android.pa com.exness.investments Social Trading https://play.google.com/store/apps/details?id=com.exness.investments com.exness.investor https://play.google.com/store/apps/details?id=com.exness.investor exness.com Public Area for Web Trading exnessaffiliates.com Partnership programs https://my.exness.com/pa/pim/manager Portfolio Management https://my.exness.com/pa/socialtrading https://my.exness.com/webtrading/ Web Terminal For Trading my.exness.com Personal Area for Web Trading pay.ibex.exchange Payments Services pwapi.ex2b.com Public Web API social-trading.exness.com *.scopely.com Vulnerabilities reported on Scopely services additional to the games in scope are now eligible for monetary rewards. *.scopely.io *.withbuddies.com Backend API servers included in scope. Please take into account that any kind of DOS is totally forbidden. Games Tier 1 This asset was added for bounty table purposes. Games Tier 2 Games Tier 3 com.foxnextgames.m3 com.kitkagames.fallbuddies [Stumbleguys](https://play.google.com/store/apps/details?id=com.kitkagames.fallbuddies) Stumble Guys is a massive multiplayer party knockout game with up to 32 players online. Join millions of players and stumble to victory in this fun multiplayer knockout battle royale! Are you ready to enter the running chaos? Running, stumbling, falling, jumping, and winning has never been so fun! com.pieyel.scrabble [Scrabble GO](https://apps.apple.com/nz/app/scrabble-go-new-word-game/id1215933788) The world’s greatest word game, is all new and reimagined as a free to play mobile game! **Status:** Available worldwide. Shared Framework: Yes [Scrabble GO](https://play.google.com/store/apps/details?id=com.pieyel.scrabble) com.scopely.monopolygo [Monopoly GO! ](https://play.google.com/store/apps/details?id=com.scopely.monopolygo) Hit GO! Roll the dice! Earn MONOPOLY money, interact with your friends, family members and fellow Tycoons from around the world as you explore the expanding universe of MONOPOLY GO! It’s the new way to play - board flipping cleanup not required! com.scopely.startrek [Star Trek Fleet Command ](https://play.google.com/store/apps/details?id=com.scopely.startrek) You have the conn! Summon your skills in strategy, combat, diplomacy, and leadership to master the dangerous universe of Star Trek Fleet Command. com.scopely.yux [Yahtzee with Buddies Dice Game](https://apps.apple.com/us/app/yahtzee-with-buddies-dice/id1206967173) Roll dice to play YAHTZEE® With Buddies! It is the fun, classic board game with a new look. Play dice with friends in this multiplayer game. [Yahtzee with Buddies Dice Game](https://play.google.com/store/apps/details?id=com.scopely.yux) com.withbuddies.dice.free [Dice With Buddies: Social Game](https://apps.apple.com/us/app/dice-with-buddies-social-game/id432750508) Dice With Buddies is a fun, new spin on your favorite classic dice game! Enjoyed by millions of players, you can play free multiplayer board games with family, friends, or new buddies! [Dice With Buddies: Social Game](https://play.google.com/store/apps/details?id=com.withbuddies.dice.free) id1427744264 [Star Trek Fleet Command](https://apps.apple.com/us/app/star-trek-fleet-command/id1427744264) id1541153375 [StumbleGuys](https://apps.apple.com/es/app/stumble-guys/id1541153375) id1621328561 [Monopoly GO!](https://apps.apple.com/us/app/monopoly-go/id1621328561) api.localizestaging.com api.localizestaging.com maps to the APIs that are documented here: https://help.localizejs.com/reference Please refrain from testing against the Production endpoint (https://api.localizejs.com). Instead, the staging endpoint should be used (https://api.localizestaging.com) app.localizestaging.com cdn.localizestaging.com localizestaging.com localizestaging.com is the primary asset in scope of this program. This application uses Stripe for credit card payment processing. To test payment related functionality, you may use test credit cards as documented by Stripe: https://stripe.com/docs/testing *.buddypress.org,bbpress.org,profiles.wordpress.org *.trac.wordpress.org, *.svn.wordpress.org, *.git.wordpress.org, github.com/WordPress **Do _not_ pentest Trac instances**, it\'s very annoying to clean up after. Setup a local environment instead; the custom source code is available via the Git command below, in the `trac.wordpress.org` subfolder. **If you ignore this you\'ll forfeit any bounty.** The projects here are kept mostly for archival purposes and non-critical information disclosure will generally not be eligible for a bounty. Only report vulnerabilities in our custom code, don\'t report vulnerabilities that only exist upstream in Trac itself. Report those directly to info@edgewall.com. All source code that isn\'t behind authentication is intended to be public. The source code itself has `High` CVSS impact scores. The applications that manage the code (Trac, Git, SVN, etc) have `Low` scores, except for vulnerabilities that allow modifications to the source code. Most of the source code in these domains is contained in the "meta" repository: `git clone git://meta.git.wordpress.org/` *.wordcamp.org *.wordpress.net All WordPress.net domains, including (but not limited to) jobs.wordpress.net. This is a shared-hosting environment, and these are generally low-value targets, so we\'re usually only interested in high- and medium- severity issues that affect the entire server (not just an individual site). *.wordpress.org All wordpress.org domains that **are not listed in other assets**, including (but not limited to) the following: * login.wordpress.org * developer.wordpress.org * make.wordpress.org * translate.wordpress.org * global.wordpress.org, {locale}.wordpress.org (e.g., de.wordpress.org, es-mx.wordpress.org) * learn.wordpress.org BBPress Core Download source code from: https://bbpress.org/download/ BuddyPress Core Download source code from: https://buddypress.org/download/ GlotPress All code located under [the GlotPress organization](https://github.com/GlotPress/) on GitHub. The most important target is the `glotpress-wp` repository. Other repositories are in scope, but may have a lower importance. Gutenberg Download source code from https://github.com/WordPress/gutenberg Official WordPress plugins Any plugin listed on the WordPress.org profile for [the "wordpressdotorg" account](https://profiles.wordpress.org/wordpressdotorg#content-plugins). To find the source code for any of them, clicking on the name will take you to the plugin\'s page within the WordPress.org plugin directory. Once there, click on the `Download` button for a `.zip` file of the latest release, or click on the `Development` tab for links to the code browser and Subversion repository. WP-CLI All code located under [the WP-CLI organization](https://github.com/wp-cli) on GitHub. The most important targets are the main `wp-cli` repository, and any repositories for commands that are bundled with the distributed `wp-cli` source code, like `cache-command`, `scaffold-command`, etc. Other repositories are in scope, but may have a lower importance. WordPress Core Download source code from: https://wordpress.org/download/source/ api.wordpress.org codex.wordpress.org,codex.bbpress.org,codex.buddypress.org These are wikis, they\'re intended to be freely edited by anonymous users. We are not interested in vulnerabilities unless they have a severe impact. doaction.org gutenberg.run Each subdomain of this site provides temporary live preview sites for Gutenberg pull requests. Only critical vulnerabilities should be submitted, because the impact of low/medium vulnerabilities is barely noticable. More info: https://github.com/WordPress/gutenberg.run irclogs.wordpress.org These are public logs of very old conversations. We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, XSS, modifying the logs, etc). DoS is not severe in this case. lists.wordpress.org We are not interested in vulnerabilities unless they have a severe impact. mercantile.wordpress.org This site runs uses [the WooCommerce plugin](https://woocommerce.com/), but we don\'t accept reports for that. We only accept reports for our custom code. If you find any vulnerabilities that are also present in WooCommerce itself, please [report them to Automattic](/automattic). Please don\'t submit test orders (especially automated ones). They don\'t test any of our custom code, and are a pain to clean up. Additionally, price manipulation is a common invalid report, please see #682344. munin-*.wordpress.org We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, SSRF). Metrics data is intentionally made public. planet.wordpress.org wordpressfoundation.org Desktop Client Issues affecting the Desktop Client available from [https://nextcloud.com/install/#install-clients](https://nextcloud.com/install/#install-clients "https://nextcloud.com/install/#install-clients") com.nextcloud.Talk Our official iOS Talk client from [https://itunes.apple.com/app/id1296825574](https://itunes.apple.com/app/id1296825574) com.nextcloud.client Our official Android client from [https://play.google.com/store/apps/details?id=com.nextcloud.client](https://play.google.com/store/apps/details?id=com.nextcloud.client "https://play.google.com/store/apps/details?id=com.nextcloud.client") com.nextcloud.talk2 Our official Android Talk client from [https://play.google.com/store/apps/details?id=com.nextcloud.talk2](https://play.google.com/store/apps/details?id=com.nextcloud.talk2) com.peterandlinda.iOCNotes Our official iOS Nextcloud Notes client from [https://itunes.apple.com/app/id813973264](https://itunes.apple.com/app/id813973264) daita/files_fulltextsearch_tesseract Code from [https://github.com/daita/files_fulltextsearch_tesseract](https://github.com/daita/files_fulltextsearch_tesseract) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. https://github.com/nextcloud/collectives Code from [https://github.com/nextcloud/collectives](https://github.com/nextcloud/collectives) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. https://github.com/nextcloud/files_confidential Code from [https://github.com/nextcloud/files_confidential](https://github.com/nextcloud/files_confidential) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. https://github.com/nextcloud/tables Code from [https://github.com/nextcloud/tables](https://github.com/nextcloud/tables) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. it.niedermann.owncloud.notes Our official Android Notes client from [https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes](https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes "https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes") it.twsweb.Nextcloud Our official iOS client from [https://itunes.apple.com/app/nextcloud/id1125420102](https://itunes.apple.com/app/nextcloud/id1125420102 "https://itunes.apple.com/app/nextcloud/id1125420102") nextcloud/3rdparty Code from [https://github.com/nextcloud/3rdparty](https://github.com/nextcloud/3rdparty "https://github.com/nextcloud/3rdparty") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/activity Code from [https://github.com/nextcloud/activity](https://github.com/nextcloud/activity "https://github.com/nextcloud/activity") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/approval Code from [https://github.com/nextcloud/approval](https://github.com/nextcloud/approval) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/bruteforcesettings Code from [https://github.com/nextcloud/bruteforcesettings](https://github.com/nextcloud/bruteforcesettings) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/calendar Code from [https://github.com/nextcloud/calendar](https://github.com/nextcloud/calendar) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/calendar_resource_management Code from [https://github.com/nextcloud/calendar_resource_management](https://github.com/nextcloud/calendar_resource_management) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/circles Code from [https://github.com/nextcloud/circles](https://github.com/nextcloud/circles "https://github.com/nextcloud/circles") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/contacts Code from [https://github.com/nextcloud/contacts](https://github.com/nextcloud/contacts) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/data_request Code from [https://github.com/nextcloud/data_request](https://github.com/nextcloud/data_request) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/deck Code from [https://github.com/nextcloud/deck](https://github.com/nextcloud/deck "https://github.com/nextcloud/deck") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/end_to_end_encryption Code from [https://github.com/nextcloud/end_to_end_encryption](https://github.com/nextcloud/end_to_end_encryption "https://github.com/nextcloud/end_to_end_encryption") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/external Code from [https://github.com/nextcloud/external](https://github.com/nextcloud/external) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_accesscontrol Code from [https://github.com/nextcloud/files\\_accesscontrol](https://github.com/nextcloud/files_accesscontrol "https://github.com/nextcloud/files\\_accesscontrol") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_antivirus Code from [https://github.com/nextcloud/files_antivirus](https://github.com/nextcloud/files_antivirus) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_automatedtagging Code from [https://github.com/nextcloud/files\\_automatedtagging](https://github.com/nextcloud/files_automatedtagging "https://github.com/nextcloud/files\\_automatedtagging") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_fulltextsearch Code from [https://github.com/nextcloud/files_fulltextsearch](https://github.com/nextcloud/files_fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_lock Code from [https://github.com/nextcloud/files_lock](https://github.com/nextcloud/files_lock) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_pdfviewer Code from [https://github.com/nextcloud/files\\_pdfviewer](https://github.com/nextcloud/files_pdfviewer "https://github.com/nextcloud/files\\_pdfviewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_retention Code from [https://github.com/nextcloud/files\\_retention](https://github.com/nextcloud/files_retention "https://github.com/nextcloud/files\\_retention") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_rightclick Code from [https://github.com/nextcloud/files_rightclick](https://github.com/nextcloud/files_rightclick "https://github.com/nextcloud/files_rightclick") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/files_texteditor Code from [https://github.com/nextcloud/files\\_texteditor](https://github.com/nextcloud/files_texteditor "https://github.com/nextcloud/files\\_texteditor") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/firstrunwizard Code from [https://github.com/nextcloud/firstrunwizard](https://github.com/nextcloud/firstrunwizard "https://github.com/nextcloud/firstrunwizard") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/flow_notifications Code from [https://github.com/nextcloud/flow_notifications](https://github.com/nextcloud/flow_notifications) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/fulltextsearch Code from [https://github.com/nextcloud/fulltextsearch](https://github.com/nextcloud/fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/fulltextsearch_elasticsearch Code from [https://github.com/nextcloud/fulltextsearch_elasticsearch](https://github.com/nextcloud/fulltextsearch_elasticsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/globalsiteselector Code from [https://github.com/nextcloud/globalsiteselector](https://github.com/nextcloud/globalsiteselector) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/groupfolders Code from [https://github.com/nextcloud/groupfolders](https://github.com/nextcloud/groupfolders) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/guests Code from [https://github.com/nextcloud/guests](https://github.com/nextcloud/guests) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/logreader Code from [https://github.com/nextcloud/logreader](https://github.com/nextcloud/logreader "https://github.com/nextcloud/logreader") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/mail Code from [https://github.com/nextcloud/mail](https://github.com/nextcloud/mail "https://github.com/nextcloud/mail") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/nextcloud_announcements Code from [https://github.com/nextcloud/nextcloud\\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\\_announcements") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/notes Code from [https://github.com/nextcloud/notes](https://github.com/nextcloud/notes "https://github.com/nextcloud/notes") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/notifications Code from [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/notify_push Code from [https://github.com/nextcloud/notify_push](https://github.com/nextcloud/notify_push) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/onlyoffice Code from [https://github.com/ONLYOFFICE/onlyoffice-nextcloud](https://github.com/ONLYOFFICE/onlyoffice-nextcloud) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. **Note:** We only issue monetary awards for issue in our own code base. For any bugs within ONLYOFFICE, please contact [ONLYOFFICE](https://www.onlyoffice.com/support-contact-form.aspx). nextcloud/password_policy Code from [https://github.com/nextcloud/password\\_policy](https://github.com/nextcloud/password_policy "https://github.com/nextcloud/password\\_policy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/photos Code from [https://github.com/nextcloud/photos](https://github.com/nextcloud/photos "https://github.com/nextcloud/photos") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/privacy Code from [https://github.com/nextcloud/privacy](https://github.com/nextcloud/privacy "https://github.com/nextcloud/privacy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/recommendations Code from [https://github.com/nextcloud/recommendations](https://github.com/nextcloud/recommendations "https://github.com/nextcloud/recommendations") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/related_resources Code from [https://github.com/nextcloud/related_resources](https://github.com/nextcloud/related_resources) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/richdocuments Code from [https://github.com/nextcloud/richdocuments](https://github.com/nextcloud/richdocuments) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. **Note:** We only issue monetary awards for issue in our own code base. For any bugs within Collabora Online, please contact [Collabora](https://www.collaboraoffice.com/about-us/). nextcloud/server Code from [https://github.com/nextcloud/server](https://github.com/nextcloud/server "https://github.com/nextcloud/server") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/serverinfo Code from [https://github.com/nextcloud/serverinfo](https://github.com/nextcloud/serverinfo "https://github.com/nextcloud/serverinfo") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/sharepoint Code from [https://github.com/nextcloud/sharepoint](https://github.com/nextcloud/sharepoint) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/socialsharing Code from [https://github.com/nextcloud/socialsharing](https://github.com/nextcloud/socialsharing) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/spreed Code from [https://github.com/nextcloud/spreed](https://github.com/nextcloud/spreed) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/survey_client Code from [https://github.com/nextcloud/survey\\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\\_client") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/suspicious_login Code from [https://github.com/nextcloud/suspicious_login](https://github.com/nextcloud/suspicious_login) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/terms_of_service Code from [https://github.com/nextcloud/terms_of_service](https://github.com/nextcloud/terms_of_service) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/text Code from [https://github.com/nextcloud/text](https://github.com/nextcloud/text "https://github.com/nextcloud/text") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/twofactor_totp Code from [https://github.com/nextcloud/twofactor_totp](https://github.com/nextcloud/twofactor_totp) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/twofactor_webauthn Code from [https://github.com/nextcloud/twofactor_webauthn](https://github.com/nextcloud/twofactor_webauthn) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/updater Code from [https://github.com/nextcloud/updater](https://github.com/nextcloud/updater "https://github.com/nextcloud/updater") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/user_migration Code from [https://github.com/nextcloud/user_migration](https://github.com/nextcloud/user_migration) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/user_oidc Code from [https://github.com/nextcloud/user_oidc](https://github.com/nextcloud/user_oidc) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/user_saml Code from [https://github.com/nextcloud/user\\_saml](https://github.com/nextcloud/user_saml "https://github.com/nextcloud/user\\_saml") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/viewer Code from [https://github.com/nextcloud/viewer](https://github.com/nextcloud/viewer "https://github.com/nextcloud/viewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. nextcloud/workflow_script Code from [https://github.com/nextcloud/workflow_script](https://github.com/nextcloud/workflow_script) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases. Subdomain Takeover (SDTO) Subdomain Takeovers will be evaluated on their severity considering cookie scoping, historical significance and potential traffic volume. They maybe bounty eligible or alternately informative as determined by their security impact to Starbucks. Refer to the Appropriate Proof of Concepts section of this policy for information on how to construct a valid proof of concept for these reports. app.starbucks.com Starbucks US https://app.starbucks.com com.starbucks.mobilecard Starbucks USA Android app. https://play.google.com/store/apps/details?id=com.starbucks.mobilecard com.starbucks.mystarbucks Starbucks US ios app. https://itunes.apple.com/us/app/starbucks/id331177714 openapi.starbucks.com Starbucks digital service capabilities to 3rd party business partner(s)/cooperators via standard Open API. secureui.starbucks.com Starbucks Payment Processing https://secureui.starbucks.com/ www.starbucks.ca Starbucks Canada https://www.starbucks.ca/ www.starbucks.com https://www.starbucks.com/ www.starbucksreserve.com Starbucks Reserve https://www.starbucksreserve.com/ https://github.com/ruby/ruby *.rockstargames.com Some subdomains excluded. See the rest of the scope table below. Rockstar Games Launcher circolocorecords.com/ prod.ros.rockstargames.com rockstarnorth.com socialclub.rockstargames.com store.rockstargames.com Please note that the checkout/payment process go through the Xsolla platform. If you believe you have found a vulnerability in the checkout/payment process, please confirm first whether the vulnerability is in the general Xsolla platform, or our specific implementation. support.rockstargames.com Vulnerability reports for support.rockstargames.com may not be awarded bounties if it is discovered that the root vulnerability lies in Zendesk\'s code. Hackers are encouraged to submit such reports to [Zendesk\'s bug bounty program](https://hackerone.com/zendesk). *.github.net Subdomains under `*.github.net` run services for our internal production network. Many of these services are not accessible from outside our internal network. Not all subdomains are [in-scope](https://bounty.github.com/#scope) *.githubapp.com Subdomains under `*.githubapp.com` provide a number of internal services to GitHub employees. Not all subdomains are [in-scope](https://bounty.github.com/#scope) *.githubusercontent.com Copilot Copilot Chat on dotcom Copilot for Business Dependabot Dependabot powers GitHub\'s [automated security fixes](https://help.github.com/en/articles/configuring-automated-security-fixes). This feature allows GitHub users to automatically update vulnerable dependencies. The core logic of Dependabot is [open-source](https://github.com/dependabot/dependabot-core) and an [overview of the architecture](https://github.com/dependabot/dependabot-core#architecture) is available. * Execution environment breakout attacks, providing access to private networked resources or other users\' data * Security issues in [`dependabot-core`](https://github.com/dependabot/dependabot-core) GitHub CLI [GitHub CLI](https://cli.github.com) is an open source command line tool for working with your GitHub.com account. It is built with Golang, and performs several GitHub.com commands from your terminal, such as viewing, commenting and performing other actions on issues and PRs. GitHub CSP While content-injection vulnerabilities are already in-scope for our [GitHub.com bounty](https://bounty.github.com/targets/github.html), we also accept bounty reports for novel [CSP](https://developers.google.com/web/fundamentals/security/csp/) bypasses affecting GitHub.com, even if they do not include a content-injection vulnerability. Using an intercepting proxy or your browser\'s developer tools, experiment with injecting content into the DOM. See if you can execute arbitrary JavaScript or exfiltrate sensitive page contents such as CSRF tokens. Reports of other previously-unknown impacts from content-injection will also be considered. Previously identified attacks are not eligible for reward (we\'ve put a lot of thought into CSP bypasses already). You can find a discussion of known attacks and our attempts to mitigate them [here](http://githubengineering.com/githubs-csp-journey/). Attacks against CSP features not used on GitHub.com, such as script nonces, are not eligible for reward. Vulnerabilities resulting from injection in implausible locations, such as within an element that doesn\'t contain user-content, are not eligible for reward. Rewards are determined at our discretion: if you think you\'ve found something cool and novel, report it! GitHub Desktop [GitHub Desktop](https://desktop.github.com) is an open-source [Electron](https://electronjs.org)-based app for working with your GitHub.com or GitHub Enterprise account. Only the following vulnerabilities are eligible for reward: * Remote code execution via protocol handlers such as `x-github-client://` * Code execution without user interaction when cloning or fetching malicious repositories GitHub Enterprise Cloud GitHub Enterprise Cloud is the cloud-hosted version of GitHub Enterprise. It is designed for teams who want advanced authentication and permissions without managing infrastructure. More information about GitHub Enterprise Cloud is available at https://github.com/enterprise GitHub Enterprise Server GitHub Enterprise Server is the on-premise version of GitHub Enterprise. GitHub Enterprise Server shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies. GitHub Enterprise Server adds a number of features for enterprise infrastructures, including additional authentication backends and clustering options. Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate. * Bypassing instance-wide authentication, also known as [*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/) * External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/) * In-app administration of the instance using a site administrator control panel * [User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/) * [Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/) and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/) to configure and update the instance * [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/) * [GitHub Connect](https://help.github.com/enterprise/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com/) allows users to share specific features and workflows between your GitHub Enterprise Server instance and a GitHub.com organization on GitHub Enterprise Cloud. * See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/) for a list of services typically open on an instance. You can request a trial of GitHub Enterprise Server for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty). GitHub Pages GitHub Pages is our static site hosting service designed to host your personal, organization, or project pages directly from a GitHub repository. It uses the Jekyll static site generator and officially supported themes are are developed in the pages-themes organization. GitHub Pages support custom domains and can be secured with HTTPS. Eligible submissions include: * Executing arbitrary code during the build process, either via a custom Jekyll theme or vulnerabilities in the command-line Git tools when cloning or checking-out repositories * Reading arbitrary files during the build process which discloses sensitive information, for example by misusing path traversal or symbolic links in a custom Jekyll theme **Individual GitHub Pages sites hosted under `*.github.io` are out-of-scope.** GitHub Production Credentials GitHub, Inc. uses a mix of our own physical infrastructure, cloud platforms and third-party services to keep everything running smoothly. Keeping credentials and access tokens secure for these resources is paramount to the security of our employees and users. * Credentials allowing access to cloud services, package managers and other resources used by GitHub, Inc employees * Credentials accidentally made public in repositories which allow access to GitHub, Inc resources. This does *not* include credentials exposed by our users and credentials which do not allow access to GitHub, Inc resources. * Credentials exposed by third-party services which allow access to GitHub, Inc resources Please review our [guidance for handling PII](https://bounty.github.com/#handling_personally_identifiable_information_pii) before investigating credentials allowing access to GitHub, Inc resources. The reward amount is based on the impact of the leaked credential which will be determined by the GitHub Security team. GitHub for mobile Bring GitHub collaboration tools to your small screens with [GitHub for mobile](https://github.com/mobile). api.github.com The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority. Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. You can find the app at [https://api.github.com](https://api.github.com "https://api.github.com") and can find the API documentation at [https://developer.github.com](https://developer.github.com "https://developer.github.com"). classroom.github.com education.github.com GitHub Education offers a variety of tools to help educators and researchers work more effectively inside and outside of the classroom. More details are available at https://education.github.com/. GitHub Classroom is [open-source](https://github.com/education/classroom) gist.github.com Gist is one of the first products launched by GitHub after GitHub.com. It is a service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies. Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. For example, if you find a reflected XSS that is only possible in Opera, and Opera is \\<2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, at \\>60% of our traffic, will earn a much larger reward. You can find the app at [https://gist.github.com](https://gist.github.com "https://gist.github.com"). github.com GitHub.com is our main web site. It is our most intricate application with a number of user inputs and access methods. GitHub.com is built on Ruby on Rails and leverages a number of Open Source technologies. You can find the app at [https://github.com](https://github.com "https://github.com"). npm CLI npmjs.com This is the domain for npm’s public-facing websites. All subdomains under npmjs.com are in scope. npmjs.org This is the domain for npm’s registry, public-facing databases, and APIs. All subdomains under npmjs.org are in scope. *.simpletax.ca *.wealthsimple.com com.wealthsimple com.wealthsimple.wealthsimple https://github.com/mainwp/mainwp We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation. We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha. https://github.com/mainwp/mainwp-child *.district.in *.edition.in *.hyperpure.com *.insider.in *.runnr.in *.ticketnew.com *.tktnew.com *.zdev.net *.zomans.com This domain is mainly used for internal applications that are hosted in AWS. Our area of interest is any issue that can potentially give anyone unrestricted access or expose internal or confidential data. *.zomato.com 434613896 Zomato: Food Delivery & Dining All Assets (other than Blinkit) Bounty table header All District Assets (Other than Zomato, BlinkIT & Hyperpure) All Zomato Assets (Other than BlinkIT & Hyperpure) BlinkIT, Hyperpure assets (in scope) api.grofers.com api2.grofers.com blinkit.com com.application.zomato com.grofers.customerapp Blinkit\'s Customer Android App: https://play.google.com/store/apps/details?id=com.grofers.customerapp http://*.grofer.io http://*.grofers.com winecellar.zomato.com Tor https://gitlab.torproject.org/tpo/core/tor Supported versions for Tor can be found at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases. Tor Browser https://gitlab.torproject.org/tpo/applications/tor-browser It\'s a good start to look at the latest stable, alpha, and nightly builds. The former can be found at https://www.torproject.org/download/ and nightlies can be obtained via http://f4amtbsowhix7rrf.onion/tor-browser-builds/. *.binary.com *.deriv.cloud *.deriv.com *.derivws.com api.deriv.com app.deriv.com cashier.deriv.com derivws.com github.com/binary-com github.com/deriv-com oauth.deriv.com secure-dfadmin.deriv.com smarttrader.deriv.com 1005070636 - 589698942 com.fishbowlmedia.fishbowl com.glassdoor.app https://*.glassdoor.com/* https://api.fishbowlapp.com/* https://api.glassdoor.com/* https://design.glassdoor.com/* https://help.glassdoor.com/* https://www.fishbowlapp.com/* https://www.glassdoor.com/* *.gotinder.com *.tinder.com *.tinderops.net *.tinderwebstaging.com *.tstaging.com *.tstaging.tools 547702041 com.tinder *.fetlife.com fetlife.com *.algolia.net *.algolianet.com dashboard.algolia.com www.algolia.com *.grab-sure.com *.grab.co *.grab.com *.grabpay.com *.grabtaxi.com *.myteksi.com *.myteksi.net *.ovo.id Staging/Development/UAT environments are considered out-of-scope, such as: - *.byte-stack.net - *.dududev - *.uat-ovo.net and other assets that might not be explicitly listed. *.taralite.com and other assets that might not be explicitly listed 1142114207 OVO iOS application https://apps.apple.com/ID/app/id1142114207 1257641454 Grab Driver * Eligible for updated mobile Apps bounty rewards offering (up to $15,000 for a Critical vulnerability) 1343620481 GrabPay Merchant 647268330 Grab (iOS) C100447517 Grab Superapp for Huawei Devices(using HMS) https://appgallery.huawei.com/#/app/C100447517 C103149579 Grab Driver app for Huawei Devices(using HMS) https://appgallery.huawei.com/#/app/C103149579 api.grabpay.com **What it does:** Grab iOS and Android apps communicate with this service while you use Grab specifically for newer payment features. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at GrabPay. **What to look for:** Much like our external API, `api.grabpay.com` is a RESTful API performed over HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the `X-mts-ssid` header and look for authorization and access control issues, business logic and etc. Please keep in mind that you should only ever perform this testing against accounts you own, accessing any data not owned by you can result in disqualification. **What it runs on:** Golang / Java com.grab.merchant com.grabpay.merchant com.grabtaxi.driver2 com.grabtaxi.passenger Grab (Android) gamma.grab.co gifts.grab.com grab.careers jira.grab.com Please note that since this is a third-party application, most reports will typically be marked with a maximum of medium-severity (especially due to modifications not controlled by the Grab team, but by the vendor). In cases where the vulnerability is severe enough, such as an RCE, mass retrieval of personal information etc, we will review them on a case-by-case basis and will reward a bounty accordingly at our discretion. kartaview.org manage.grab.co ovo.id OVO\'s Android App: https://play.google.com/store/apps/details?id=ovo.id *.byte-stack.net *.dududev *.uat-ovo.net and other assets that might not be explicitly listed. p.grabtaxi.com **What it does:** Grab iOS and Android apps communicate with this service while you use Grab. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at Grab. **What to look for:** Much like our external API, p.grabtaxi.com is a RESTful API performed over certificate-pinned HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the X-mts-ssid header and look for authorization and access control issues, user enumeration, business logic etc. Please keep in mind that you should only ever perform this testing against accounts you own, failure to do so could result in ban from the program, which nobody wants!. **What it runs on:** Golang wiki.grab.com xtramile.grabpay.com com.moneybird.Moneybird com.moneybird.android moneybird.com moneybirdstorage.com SSO_Saml_connector https://support.dashlane.com/hc/en-us/articles/360014277880-Setting-up-the-SSO-Connector Standalone Chrome extension The standalone extension is available here : https://chrome.google.com/webstore/detail/dashlane-password-manager/fdjamakpfbbddfjaooikfcpapjohcfmg api.dashlane.com app.dashlane.com com.dashlane com.dashlane.dashlanephonefinal console.dashlane.com gehmmocbbkpblljhkekmfhjpfbkclbph It\'s the standalone edge extension https://microsoftedge.microsoft.com/addons/detail/dashlane-password-manag/gehmmocbbkpblljhkekmfhjpfbkclbph https://www.dashlane.com/fr/directdownload-v2?os=OS_X_10_12_6&platform=website&target=launcher_macosx Our OSX installer https://www.dashlane.com/fr/directdownload-v2?os=none&platform=website&target=archive_win Our windows installer logs.dashlane.com ws1.dashlane.com www.dashlane.com www.udemy.com yourcompany.udemy.com 1174276185 You need an existing Zendesk Account to use the iOS app. Please sign up for an Account per the instructions in our program page. Zendesk Support for iOS is built for agents, team leads, and managers on the move. It\'s a fast and secure productivity tool that gives you visibility to your account in real time. Get ahead of the day and keep things running by bringing the right people, conversations, and information together. Support for iOS is available for iPhone and iPad, so you can access Zendesk whether you\'re at your office or on the go! 488534576 https://apps.apple.com/us/app/base-crm-sales-tracking/id488534576 549057844 Zendesk Chat for iOS com.futuresimple.base https://play.google.com/store/apps/details?id=com.futuresimple.base com.zendesk.android Zendesk Support for Android com.zopim.android Zendesk Chat for Android developer.zendesk.com This site hosts our documentation and API reference. h1-your-domain.zendesk.com The Zendesk Suite is the collection or our core Products. Reports in any of the following Products & services should be submitted here: * Support, Agent Workspace & Ticketing systems - `/agent/` * Admin center - `/admin/` * [Our Public API\'s](https://www.postman.com/zendesk-redback/zendesk-public-api/overview) - `/api/` * Authentication & Auxiliary functionality - `/auth/` and `/access/` * Billing - `/billing/` * Chat - `/chat/` * Community Forum - `/collaboration/` * Explore (Data & Analytics) - `/explore/` * Help Centre - `/hc/` * Other paths that are not explicitly listed in other parts of the scope. More details can be found at https://support.zendesk.com/hc/en-us/articles/4408881937306-Getting-started-with-Zendesk-Suite-Introduction http://h1-your-domain.zendesk.com/qa/ AutoQA analyzes every interaction – including with AI agents – then shows you which ones need extra support. You’ll spend less time hunting through a stack of tickets, and more time actually solving issues. All reports related to QA (`/qa/`) and sub-paths should be submitted here. We will also accept bounties for the legacy domains https://kibbles.klausapp.com & https://app.klausapp.com however note that you cannot create new accounts under these domains. [Setting up Zendesk QA – Zendesk help](https://support.zendesk.com/hc/en-us/sections/7162431070618-Setting-up-Zendesk-QA) http://h1-your-domain.zendesk.com/sell In this context, "h1-your-domain" is on your own personal testing account. http://h1-your-domain.zendesk.com/wfm/ Zendesk Workforce management (WFM) improves the predictability and efficiency of customer service organizations through its wide range of planning, scheduling and monitoring tools. All reports related to WFM (`/wfm/`) and sub-paths should be submitted here. [Zendesk Workforce management \\(WFM\\) resources](https://support.zendesk.com/hc/en-us/articles/6457209788442-Zendesk-Workforce-management-WFM-resources) https://developer.zendesk.com/documentation/zendesk-sdks/#android Zendesk Support SDK for Android https://developer.zendesk.com/documentation/zendesk-sdks/#ios Zendesk Support SDK for iOS www.zendesk.com zopim.com business.kayak.com com.kayak.android The most recent version of this app is in scope com.kayak.travel www.cheapflights.com including local versions: e.g. www.cheapflights.co.uk, www.cheapflights.com.au, etc. Please check https://www.kayak.com/global for full list of domains that belong to us. www.checkfelix.com www.hotelscombined.com including local versions: e.g. www.hotelscombined.com.au, www.hotelscombined.co.kr, etc. Please check https://www.kayak.com/global for full list of domains that belong to us. www.kayak.com including localised versions: e.g. www.kayak.de, www.kayak.fr and www.kayak.co.uk, etc. Please check https://www.kayak.com/global for full list of domains that belong to us. www.momondo.com including localised versions: e.g. www.momondo.dk, www.momondo.se, etc. www.mundi.com.br www.swoodoo.com *.hey.com 3.basecamp.com Basecamp 3 Basecamp.app Basecamp for Mac: https://basecamp.com/via#basecamp-for-your-mac-or-pc HEY.app HEY for macOS: https://hey.com/apps/ HEY.exe HEY for Windows: https://www.microsoft.com/en-us/p/hey-mail/9pf08ljw7gw2 ONCE: Campfire basecamp3.exe Basecamp for Windows: https://basecamp.com/via#basecamp-for-your-mac-or-pc com.basecamp.bc3 Basecamp for Android: https://basecamp.com/via#basecamp-for-ios-and-android-devices com.basecamp.bc3-ios Basecamp for iOS: https://basecamp.com/via#basecamp-for-ios-and-android-devices com.basecamp.hey HEY for Android: https://play.google.com/store/apps/details?id=com.basecamp.hey com.hey.app.ios HEY for iOS: https://apps.apple.com/us/app/hey-email/id1506603805 hey-mail HEY for Linux: https://snapcraft.io/hey-mail/ launchpad.37signals.com Launchpad world.hey.com *.shopify.com Reports involving *.shopify.com are reviewed on a per case basis for bounty eligibility, this includes shopifycompass.com. Any services operated by a third party without a proof of concept demonstrating impact on *.myshopify.com users will likely be ineligible for a bounty. *.shopify.io *.shopify.io may include developer test or third party applications. If you are unsure about a domain and it looks like a test or third party application, please email us at bugbounty@shopify.com before spending time on it. *.shopifycloud.com *.shopifycloud.com may include developer test or third party applications. For example, devdegree*.shopifycloud.com, vendorvoice.shopifycloud.com, nsolid-test-console.shopifycloud.com. These types of domains are not considered in scope and reports pertaining to them will be closed Informative. If you are unsure about a domain and it looks like a test application, please email us at bugbounty@shopify.com before spending time on it. *.shopifycs.com Shopify\'s service for handling credit card data in a PCI compliant way. *.shopifykloud.com Shopify Kloud includes all *.shopifykloud.com applications. Please note, there may be developer test or third party applications launched on the domain which may have low security implications for Shopify. If you are unsure about a subdomain on *.shopifykloud.com and it looks like a test application, email us at bugbounty AT shopify.com before spending time on it. Shopify Developed Apps Shopify apps and sales channels means everything installed via the following link https://apps.shopify.com/collections/made-by-shopify Shopify Mobile Applications Android: https://play.google.com/store/apps/dev?id=8929232438554100687 iOS: https://itunes.apple.com/ca/developer/shopify-inc/id371294475 Note: any services operated by a third party without a proof of concept demonstrating impact on Shopify users will likely be ineligible for a bounty. accounts.shopify.com admin.shopify.com arrive-server.shopifycloud.com https://github.com/Shopify/* Public repositories available under the Shopify organization in Github. linkpop.com partners.shopify.com shop.app shopify.plus shopifyinbox.com your-store.myshopify.com Your development store hosted at `*.myshopify.com`. Create a development store by signing up at https://partners.shopify.com/ api.mapbox.com Our APIs are the primary interface to Mapbox for many of our customers, and all actions a customer can take on their account run through them. https://docs.mapbox.com/android/ [Maps SDK for Android](https://docs.mapbox.com/android/maps/overview/) [Navigation SDK for Android](https://docs.mapbox.com/android/navigation/overview/) https://docs.mapbox.com/api/ The Mapbox web services APIs allow for programmatic access to Mapbox tools and services. - [Accounts Service APIs](https://docs.mapbox.com/api/accounts/) - [Maps Service APIs](https://docs.mapbox.com/api/maps/) - [Navigation Service APIs](https://docs.mapbox.com/api/navigation/) - [Search Service APIs](https://docs.mapbox.com/api/search/) https://docs.mapbox.com/ios/maps/overview/ [Maps SDK for iOS](https://docs.mapbox.com/ios/maps/overview/) https://github.com/mapbox Mapbox has 700+ public Github repositories that are within scope, though only reports that can be actively exploited on Mapbox infrastructure will be eligible for a monetary bounty. Submissions on assets containing the "Mapbox" name but not owned by Mapbox are not eligible for bounty. Some repositories in the Mapbox GitHub organization may contain experimental code and are not eligible for a bounty. * Please submit any open source security issues directly to HackerOne, do not open security-related issues on public Github repositories. * Please send any questions about the eligibility of an open source repository to security@mapbox.com. A few of our popular open-source repositories: [node-sqlite3](https://github.com/mapbox/node-sqlite3) | [node-pre-gyp](https://github.com/mapbox/node-pre-gyp) | [carmen](https://github.com/mapbox/carmen) https://www.mapbox.com/mapbox-gl-js/ Mapbox GL JS is a JavaScript library that uses WebGL to render interactive maps from vector tiles and Mapbox styles. It is part of the Mapbox GL ecosystem, which includes Mapbox Mobile, a compatible renderer written in C++ with bindings for desktop and mobile platforms. www.mapbox.com - https://mapbox.com - https://studio.mapbox.com/ - https://account.mapbox.com/ *.airbnb-aws.com Lower Impact Scope *.airbnb.com Higher Impact Scope *.airbnbcitizen.com *.atairbnb.com *.byairbnb.com *.hoteltonight-test.com *.hoteltonight.com *.luxuryretreats.com *.muscache.com *.withairbnb.com Localized airbnb sites listed at the link below: **https://www.airbnb.com/sitemaps/localized** api.airbnb.com assets.airbnb.com callbacks.airbnb.com com.airbnb.android com.airbnb.app com.luxuryretreats.ios m.airbnb.com next.airbnb.com omgpro.airbnb.com one.airbnb.com open.airbnb.com support-api.airbnb.com www.airbnb.com www.hoteltonight.com *.booking.com if there\'s any vulnerabilities raised on this asset that are owned by a third party we will not be accepting those reports *.fareharbor.com *.fareharbor.engineering *.rentalcars.com accommodations.booking.com account.booking.com admin.booking.com Incorrect permission check for different roles is out of scope. autocomplete.booking.com booking.com careers.booking.com cars.booking.com chat.booking.com compass.fareharbor.com demo.fareharbor.com distribution-xml.booking.com experiences.booking.com fareharborsites.com fhdn.fareharbor.com flights.booking.com http://secure-iphone-xml.booking.com/json/ https://apps.apple.com/us/app/booking-com-hotels-travel/id367003839 https://apps.apple.com/us/app/pulse-for-booking-com-partners/id992795726 https://iphone-xml.booking.com/json/ https://play.google.com/store/apps/details?id=com.booking&hl=en https://play.google.com/store/apps/details?id=com.booking.hotelmanager&hl=en https://secure-iphone-xml.booking.com/json/ indicative-pricing.taxi.booking.com kyc-onboarding.booking.com marketing.fareharbor.com metasearch-api.booking.com paybridge.booking.com paymentcomponent.booking.com paynotifications.booking.com phone-validation.taxi.booking.com portal.taxi.booking.com readonly.fareharbor.com secure-supply-xml.booking.com secure.booking.com sites.fareharbor.com spark.fareharbor.com supplier.auth.toag.booking.com supply-xml.booking.com tableau.fareharbor.engineering taxi.booking.com taxis.booking.com teleport.fareharbor.engineering webhooks.booking.com widget.rentalcars.com www.fareharbor.com *.staging-airtableblocks.com IMPORTANT: this domain is NOT eligible for stored XSS via building custom apps/blocks functionality. *.staging.airtable.com airtable.js SDK (https://www.npmjs.com/package/airtable) - Install `airtable.js` via `npm install airtable` - Visit https://staging.airtable.com/account and generate an API key - Create a new Javascript file and add the following lines: ```javascript const Airtable = require(\'airtable\'); const airtable = new Airtable({ apiKey: \'PUT YOUR API KEY HERE\', endpointUrl: \'https://api-staging.airtable.com\', // IMPORTANT: you MUST set the endpointUrl attribute to this URL, or else you will be testing on airtable.com, which is out of scope }); See https://staging.airtable.com/api for instructions on how to use the API, as well as [the source code on Github](https://github.com/airtable/airtable.js) Please note that reports about outdated/vulnerable dependencies flagged by `npm audit` or `yarn audit` are **out of scope**. Vulnerabilities discovered via manual code audits are acceptable. api-staging.airtable.com Go to https://staging.airtable.com/account to generate an API key. See https://staging.airtable.com/api for API documentation per base. staging.airtable.com *.lightroom.adobe.com Please refer to Lightroom Web Test Plan on how to access/test the environment. Adobe Commerce, Commerce B2B and Commerce Open Source C2PA Tool Please refer to Content Authenticity Initiative Test Plan on how to access/test the environment. ColdFusion Please refer to ColdFusion Test Plan on how to access/test the environment. account.adobe.com Please refer to IMS Test Plan on how to access/test the environment. account.magento.com accounts.magento.cloud acrobat.adobe.com adobeid-na1.services.adobe.com auth.services.adobe.com com.adobe.Adobe-Reader com.adobe.lrmobile Lightroom com.adobe.reader com.adobe.scan.android com.adobe.scan.ios contributor.stock.adobe.com firefly.adobe.com http://federatedid-na1.services.adobe.com http://ims-na1.adobelogin.com https://contentcredentials.org/ https://github.com/contentauth/c2pa-js https://github.com/contentauth/c2pa-rs imagine.magento.com learningmanager.adobe.com Please refer to Adobe Learning Manager Test Plan on how to access/test the environment. magento.com magentocommerce.com magentolive.com marketplace.magento.com net.s2stagehance.com Please refer to Behance Test Plan on how to access the environment. new.express.adobe.com Please refer to Express Test Plan on how to access the environment. photoshop.adobe.com Please refer to Photoshop Web Test Plan on how to access/test the environment. repo.magento.com stock.adobe.com u.magento.com *.blockchain.com 1557515848 Blockchain.com Exchange App https://apps.apple.com/us/app/blockchain-com-exchange/id1557515848 493253309 Blockchain.com Wallet App https://itunes.apple.com/us/app/blockchain-wallet-bitcoin/id493253309 api.blockchain.info com.blockchain.exchange https://play.google.com/store/apps/details?id=com.blockchain.exchange piuk.blockchain.android https://play.google.com/store/apps/details?id=piuk.blockchain.android ws.blockchain.info www.blockchain.info *.ubnt.com *.ui.com AmpliFi Cloudkey EdgeMAX UCRM UFiber UID https://ui.com/uid UNMS UniFi UniFi Access UniFi Cloud UniFi Gateways (UDM, UXG, USG) UniFi LED UniFi Network Application UniFi Protect UniFi Switches UniFi Talk UniFi Wireless Access Points account.ui.com airFiber airMAX careers.ui.com com.ubnt.discovery.app com.ubnt.easyunifi com.ubnt.umobile community.ui.com design.ui.com fw-update.ubnt.com ispdesign.ui.com rma.ui.com store.ui.com uisp.com unifi.ui.com *.sc-core.net Snapchat\'s internal services *.sc-corp.net Lens Studio Tier A - Core Assets Tier B - Non Core (Bitmoji, Playcanvas) accounts.snapchat.com Snapchat\'s account management website. ads.snapchat.com app.snapchat.com Main server-side application hosted on Google App Engine under the hostname feelinsonice-hrd.appspot.com and app.snapchat.com. blog.playcanvas.com business.snapchat.com Snapchat\'s Business Manager. businesshelp.snapchat.com Snapchat\'s Salesforce instance code.playcanvas.com com.bitstrips.imoji [iOS App Store](https://itunes.apple.com/us/app/bitmoji-keyboard-your-avatar/id868077558) [Google Play Store](https://play.google.com/store/apps/details?id=com.bitstrips.imoji) com.snapchat.android [Google Play Store](https://play.google.com/store/apps/details?id=com.snapchat.android) com.toyopagroup.picaboo [iOS App Store](https://itunes.apple.com/us/app/snapchat/id447188370?mt=8) create.snapchat.com Snapchat\'s Geofilter creation tool. developer.playcanvas.com forum.playcanvas.com geofilters.snapchat.com Snapchat\'s on-demand Geofilters purchase website. https://lensstudio.snapchat.com/api/ kit.snapchat.com SNAPKIT web application and SDKs launch.playcanvas.com login.playcanvas.com map.snapchat.com msg.playcanvas.com my.snapchat.com Snapchat\'s Spotlight on the web. playcanv.as playcanvas.com relay.playcanvas.com rt.playcanvas.com scan.snapchat.com Snapcode creation website snappublisher.snapchat.com Snapchat\'s publisher tool. spectacles.com Snapchat\'s spectacles purchase website. store.playcanvas.com store.snapchat.com Snapchat\'s Bitmoji Merch Store story.snapchat.com web.snapchat.com www.bitmoji.com www.bitstrips.com 336381998 [Priceline iOS App](https://apps.apple.com/us/app/priceline-hotel-travel-deals/id336381998) Penny https://www.priceline.com/penny admin.rezserver.com **Policy Guidance** We are not currently providing credentials for this asset. **Rules of Engagement** - In request headers use \'hackerone-{your username}\' for user-agent - Keep low volume of requests - Automated testing is not permitted - Do not Fuzz Contact forms - Do not Fuzz "Request Account Activation" & "Request Product Activation" - Do not Fuzz request for "Change Request under Sites" - Do not modify other hacker_* user accounts under Hacker one test account **Non-Qualifying Vulnerabilities and Exclusions** - CSRF api.rezserver.com **Rezserver API** _Policy Guidance_ _Rules_ - Don\'t use automated tools or scanners - Don\'t DDoS _Out of scope vulnerabilities_ - Missing best practices in HTTP header configuration. - Any activity that could lead to the disruption of our service (DoS) - Missing best practices in SSL/TLS configuration - Account/email enumeration issues - Disclosure of software version numbers (we maintain forks of several tools, and apply security patches accordingly) - Content Spoofing/Text Injection that cannot be leveraged for XSS or sensitive data disclosure _Endpoints out of scope_ - Hotel: BookRequest - Air: All endpoints - Car: All endpoints - Custom: All endpoints com.priceline.android.negotiator cruises.priceline.com flyiin.com press.priceline.com priceline.com reservations.rezserver.com secure.rezserver.com www.bookingholdings.com www.getaroom.com www.priceline.com *.uberinternal.com *ubereats.com Includes all subdomains (*.ubereats.com) except subdomains listed in out of scope. Recon Data Uber provides endpoints to determine whether an asset belongs to Uber: https://appsec-analysis.uber.com/public/bugbounty/ListDomains https://appsec-analysis.uber.com/public/bugbounty/ListIPs All of the endpoints support offset and limit as optional parameters. Example: https://appsec-analysis.uber.com/public/bugbounty/ListDomains?offset=0&limit=100. The public endpoints for asset information are for recon purposes. Information returned by those endpoints (or not) does not mean a bounty is guaranteed. uber.com Includes all subdomains (*.uber.com) except subdomains listed in out of scope. *.yelp-support.com *.yelp.com *.yelpwifi.com 284910350 Yelp Mobile 542767785 Restaurant Manager iOS app 936983378 Yelp for Business Owners com.yelp.android Yelp Mobile for Android com.yelp.android.biz yelptop100.com *.cloud.vimeo.com Upload endpoints such as \\ *.cloud.vimeo.com *.livestream.com *.magisto.com **EXCEPTION** - Subdomains owned/controlled/managed/etc by a 3rd party. *.new.livestream.com *.vhx.tv **EXCEPT for community.vhx.tv, 3rd party sites and EXCEPT a single-customer configured site** The vulnerability must affect every site in order to be valid. *.vimeo.com See scope/program for more definitive information. Does not include 3rd parties under vimeo.com domain names. Subject to realization we missed one. 1491791513 425194759 486781045 493086499 Livestream software (Producer, Studio) Out of scope: any attacks of the install process, that require additional configuration files, dll, etc that are put onto the machine via virus, malware, confidence, etc. VHX Branded Customer Android Apps **Vulnerabilities must affect ANY/ALL VHX branded Android apps and not just a single VHX customer app** VHX Branded Customer Roku Apps **Vulnerabilities must affect ANY/ALL VHX branded Roku apps and not just a single VHX customer app** VHX Branded Customer iOS Apps **Vulnerabilities must affect ANY/ALL VHX branded iOS apps and not just a single VHX customer app** api.vhx.tv api.vimeo.com applause1.magisto.com channelstore.roku.com/details/48061/vhx Roku App checkout.vimeo.com This is an S3 bucket behind a CDN. We will be responsible for things WE can control about this (Content, S3 permissions, CDN headers, etc). For items beyond our control, those are not in scope. com.livestream.livestream com.magisto com.vimeo.android.videoapp com.vimeocreate.videoeditor.moviemaker donations.livestream.com embed.vhx.tv http://vimeo.com/api Legacy API endpoints such as vimeo.com/api http://vimeo.com/create http://vimeo.com/ondemand Vimeo On Demand hosted sites: https://vimeo.com/ondemand magisto.com,www.magisto.com player.vimeo.com staging.magisto.com vhx.tv The VHX homepage at vhx.tv redirects to a login page at ott.vimeo.com. Please submit these reports to the VHX program. vimeo.magisto.com Only as it integrates with Vimeo. For anything about it itself, please report on the Magisto program vimeopro.com Vimeo Pro portfolios hosted on vimeopro.com www.livestream.com www.vimeo.com 288429040 api.linkedin.com business.linkedin.com com.linkedin.android www.linkedin.com api.greenhouse.io Documentation: https://developers.greenhouse.io/harvest.html https://developers.greenhouse.io/job-board.html#retrieve-a-department app.greenhouse.io app.interseller.io Please do not spam the payment form as this is manage by a third party and is out of scope for testing. Vulnerabilities related to paywall bypass are out of scope. boards.greenhouse.io interseller.io This is a Marketing website and will produce less bounties than the actual product application jss.greenhouse.io onboarding.greenhouse.io support.greenhouse.io www.greenhouse.io *.gitlab.net Hosts owned and operated by GitLab. *.gitlab.org *.gitlap.com Hosts owned and operated by GitLab. gitla**p** with a p! GitLab for Jira Cloud Other non-production infrastructure Hosts owned and operated by GitLab other than gitlab.com itself and our static websites. Your Own GitLab Instance about.gitlab.com There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable. advisories.gitlab.com customers.gitlab.com Server-side Denial of Service is out of scope as per our Policy. design.gitlab.com docs.gitlab.com gitlab.com https://gitlab.com/gitlab-org/gitaly https://gitlab.com/gitlab-org/gitlab https://gitlab.com/gitlab-org/gitlab-pages https://gitlab.com/gitlab-org/gitlab-runner https://gitlab.com/gitlab-org/gitlab-shell https://gitlab.com/gitlab-org/gitlab-vscode-extension https://gitlab.com/gitlab-org/opstrace/opstrace registry.gitlab.com *.twimg.com *.twitter.com *.vine.co *.x.ai *.x.com com.atebits.Tweetie2 com.twitter.android gnip.com x.com GitHub repositories [Any _**source**_ repository on my Github account](https://github.com/iandunn?tab=repositories&type=source), _**except**_ for the ones marked as **archived**. Forks are not in-scope, please report any issues with those upstream. Archived repos are not maintained. This refers to the source code in the repositories listed on that page, **not** to the github.com website itself. You can report potential vulnerabilities in github.com to [them](https://github.com/security). WordPress.org plugins [Any plugin listed on my WordPress.org profile](https://profiles.wordpress.org/iandunn#content-plugins) is within scope, **except** for these: * Email Post Changes and Jetpack should be submitted to [Automattic](https://hackerone.com/automattic) instead. * CampTix, CampTix Network Tools, P2 New Post Categories, Tagregator, and SupportFlow should be submitted to [WordPress](https://hackerone.com/wordpress) instead, because they\'re [Meta team](https://make.wordpress.org/meta/) projects. * Manage Tags Capabilities is not covered, since I don\'t have commit access to it. This refers to the source code of the plugins listed on that page, **not** to the wordpress.org website itself. You can report potential vulnerabilities in wordpress.org to [their program](/wordpress). *.cloudflare.com Excluding support.cloudflare.com, community.cloudflare.com and other SaaS applications *.cloudflarepartners.com *.teams.cloudflare.com 1.1.1.1 Resolver A blazing fast DNS resolver built for private browsing. https://1.1.1.1/ https://developers.cloudflare.com/1.1.1.1/what-is-1.1.1.1/ https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/ AI Gateway https://developers.cloudflare.com/ai-gateway/ AMP Real URL https://developers.cloudflare.com/speed/optimization/other/amp-real-url/ API Shield https://developers.cloudflare.com/api-shield/ Area 1 Bot Management Cloudflare enables you to manage bots with speed and accuracy by applying several detection methods: Behavioral analysis, machine learning, and fingerprinting. https://www.cloudflare.com/products/bot-management/ Browser Isolation https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/ CDNJS CDNJS is a free and open source project to organize and provide popular front-end web development resources to developers via a fast CDN infrastructure without usage limitations and fees. https://github.com/cdnjs/cdnjs https://blog.cloudflare.com/an-update-on-cdnjs/ China Network https://developers.cloudflare.com/china-network/ Cloudflare Access Cloudflare Access is an application that controls access to your sites and integrates with social and enterprise identity providers (IdP) for managing user credentials. https://www.cloudflare.com/products/cloudflare-access/ Cloudflare Analytics https://developers.cloudflare.com/analytics/ Cloudflare CASB Cloudflare\'s cloud access security broker (CASB) service gives comprehensive visibility and control over SaaS apps, so you can easily prevent data leaks and compliance violations. With Zero Trust security, block insider threats, Shadow IT, risky data sharing, and bad actors. https://www.cloudflare.com/products/zero-trust/casb/ Cloudflare Cache https://developers.cloudflare.com/cache/ Cloudflare D1 https://blog.cloudflare.com/introducing-d1/ Cloudflare DNS Cloudflare Durable Objects https://developers.cloudflare.com/durable-objects/ Cloudflare Pages https://developers.cloudflare.com/pages Cloudflare R2 https://blog.cloudflare.com/r2-open-beta/ Cloudflare Tunnel Cloudflare Tunnel offers an easy way to expose web servers securely to the internet, without opening up firewall ports and configuring ACLs. https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare Workers CI Cloudflare Zaraz https://developers.cloudflare.com/zaraz/ Cloudflare Zero Trust/Cloudflare One Data Loss Prevention (DLP) https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/ Gateway https://developers.cloudflare.com/cloudflare-one/policies/gateway/ Hyperdrive https://developers.cloudflare.com/hyperdrive/ Images https://developers.cloudflare.com/speed/optimization/images/#image-optimization Load Balancing Cloudflare\'s Load Balancing automatically reduces latency by directing visitors to infrastructure closest to them. https://www.cloudflare.com/load-balancing/ Magic Firewall https://developers.cloudflare.com/magic-firewall/ Magic Transit Magic Transit is a software-defined networking product that offers IP transit with DDoS protection, next-gen firewall, traffic acceleration and more for your on-premise and data center networks from a single, easy-to-use interface. https://www.cloudflare.com/magic-transit/ Magic WAN https://developers.cloudflare.com/magic-wan/ Open source tools from Cloudflare https://github.com/cloudflare SSL/TLS https://developers.cloudflare.com/ssl/ Spectrum Spectrum extends the power of Cloudflare\'s DDoS, TLS, and IP Firewall to TCP and UDP-based services, keeping them online and secure. https://www.cloudflare.com/products/cloudflare-spectrum/ Stream Cloudflare Stream is an easy-to-use, affordable, on-demand video streaming platform. Stream seamlessly integrates video storage, encoding, and a customizable player with Cloudflare’s fast, secure, and reliable global network. https://www.cloudflare.com/products/cloudflare-stream/ Turnstile https://developers.cloudflare.com/turnstile/ Vectorize https://developers.cloudflare.com/vectorize/ WARP Mobile Apps Download on Android: https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone Download on iOS: https://itunes.apple.com/us/app/1-1-1-1-faster-internet/id1423538627 WARP is a free VPN for mobile phones. The app can be used as a 1.1.1.1 DNS resolver or VPN or our premium paid service Warp+. It works on wireguard protocol. See documentation section for more details. Areas of interest: Can other apps snoop with Warp Downgrade of connections Misconfiguration in the apps or backend MITM attacks Using WARP+ features without paying WARP desktop client Cloudflare Zero Trust client applications releases on Windows, Linux and MacOS Waiting Room https://developers.cloudflare.com/waiting-room/ Workers https://developers.cloudflare.com/workers/ Workers AI https://developers.cloudflare.com/workers-ai/ Workers KV https://developers.cloudflare.com/kv/ api.cloudflare.com cloudflareworkers.com This is a Cloudflare Workers test site. Cloudflare Workers provides a lightweight JavaScript execution environment that allows developers to augment existing applications or create entirely new ones without configuring or maintaining infrastructure. https://www.cloudflare.com/products/cloudflare-workers/ dash.cloudflare.com The Cloudflare dashboard (https://dash.cloudflare.com/) and any direct calls from the dashboard to other Cloudflare owned resources are considered in scope. http://github.com/cloudflare https://github.com/cloudflare/workerd one.dash.cloudflare.com waf.cumulusfire.net This domain must be used for testing WAF bypasses. *.srvcs.tumblr.com *.tumblr.com **The Blog Network** *Note: Blogs are cached for 1 minute after first request (60s from first request); content is re-loaded into cache when a new request is submitted after the 61st second.* How to identify you are looking at the Blog Network: * Header: `X-tumblr-user` can be used to identify if the domain is a blog on the Blog Network * View the domain in a browser, there will be a Tumblr banner visible. Exclusions for this asset: * JavaScript is allowed; XSS is excluded from eligibility. * Pages can be framed; Clickjacking or other X-Frame-Options attacks are excluded from eligibility. Crowdsignal Any issues on https://crowdsignal.com/, and or Crowdsignal WordPress plugins Jetpack Any issues related to the Jetpack plugin https://github.com/Automattic/jetpack and/or https://jetpack.com/ WooCommerce Any security issues on the WordPress WooCommerce plugin (https://wordpress.org/plugins/woocommerce/) and/or https://woocommerce.com/ WordPress Plugins & Themes Any security issue found on any WordPress plugin or theme that\'s **maintained/created by Automattic**. This includes but is not limited to - WP-Supercache (https://wordpress.org/plugins/wp-super-cache/) - WP-Job-Manager (https://github.com/Automattic/WP-Job-Manager) - Sensei LMS (https://github.com/Automattic/sensei) See https://profiles.wordpress.org/automattic/ for more details WordPress.com VIP Any issue in the WordPress.com VIP infrastructure, WordPress plugins, or client sites. akismet.com Any issues on https://akismet.com/, or the Akismet WordPress plugin. api.tumblr.com assets.tumblr.com com.tumblr - Minimum OS version: API 21 - API keys in code - Certificate pinning com.tumblr.tumblr - Minimum OS version: iOS 11 embed.tumblr.com gravatar.com intensedebate.com mailpoet.com Any issue in https://www.mailpoet.com/, or the MailPoet WordPress plugin. my.pressable.com safe.tumblr.com secure.tumblr.com simperium.com simplenote.com t.umblr.com wordpress.com www.tumblr.com *.irccloud-cdn.com Please note that this domain hosts user-uploaded files which are intentionally public for sharing on IRC. These do not constitute an information disclosure vulnerability and reports will be closed as "Not Applicable". *.irccloud.com In particular IRC connection hosts listed here: https://www.irccloud.com/networks api.irccloud.com blog.irccloud.com com.irccloud.IRCCloud The iOS app is open source, decompilation issues are not eligible https://github.com/irccloud/ios Vulnerabilities requiring local or root access to a device are also not eligible. com.irccloud.android The Android app is open source, decompilation issues are not eligible https://github.com/irccloud/android https://github.com/irccloud/android https://github.com/irccloud/ios irc.irccloud.com Support IRC network. irccloud.com team-irc.irccloud.com Private team IRC servers www.irccloud.com *.base.org *.cbhq.net *.coinbase.com 54.175.255.192/27 Coinbase WaaS (Wallet as a Service) Documentation: https://www.coinbase.com/cloud/products/waas Applications that may have been missed as a part of our standard scope; this will be assessed on a by submission basis. Web3 Smart Contracts api.coinbase.com api.custody.coinbase.com Please see the instructions for the custody.coinbase.com asset on how to get an account. cloud.coinbase.com coinbase.com com.coinbase.android com.coinbase.ios com.coinbase.wallite commerce.coinbase.com custody.coinbase.com * **[Coinbase Custody - Institutional User Roles Overview](https://hackerone.app.box.com/s/l8rqfuv0xgaf15nwdzmffvsrxjm6vr8n)** * **[Custody API Documentation](https://docs.custody.coinbase.com/)** http://coinbase.com https://base.org https://chrome.google.com/webstore/detail/coinbase-wallet-extension/hnfanknocfeofbddgcijnmhnfnkdnaad institutional.coinbase.com international.coinbase.com nft.coinbase.com org.toshi org.toshi.distribution prime.coinbase.com pro.coinbase.com *.quip.com Only accepting Critical reports 2023-12-01 to 2025-02-01 647922896 itunes.apple.com/us/app/quip-docs-chat-sheets/id647922896 Slack Desktop Application api.slack.com The Slack API app.slack.com com.Slack com.quip.quip Only accepting Critical reports 2023-12-01 to 2025-02-01. com.slack.slackmdm Reports are accepted for vulnerabilities specific to the [Slack EMM/MDM version of the app](https://apps.apple.com/us/app/slack-for-emm/id1254292716). EMM client vulnerabilities in the absence of a valid MDM configuration via a supported MDM provider, (such as MobileIron), on an EMM-enabled Slack team are excluded. com.tinyspeck.chatlyio The main Slack app is included: [Slack iOS App](https://apps.apple.com/us/app/slack/id618783545) Other versions of the app, such as the EMM and Intune versions, are not included. edgeapi.slack.com https://github.com/slackhq/nebula https://salesforce.quip.com/blog/desktop slack-imgs.com slack-redir.net slack-status.com slack.com The slack.com site and application. slackatwork.com slackb.com spaces.pm www.quip.com https://github.com/rails/rails *.vpn.hackerone.net The HackerOne hacker VPN is used by hackers and HackerOne personnel. We\'d be most interested in vulnerabilities that allow you to route traffic to other clients (lack of client isolation), routing traffic to internal HackerOne / Amazon networks, and bypassing [sslsplit](https://github.com/droe/sslsplit). Traffic routed through the VPN will originate from `66.232.20.0/23` or `206.166.248.0/23` (HackerOne netblocks). The VPN is based on OpenVPN. 206.166.248.0/23 This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we\'re interested in. 66.232.20.0/23 a5s.hackerone-ext-content.com This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party. api.hackerone.com This is our public API that customers use to read and interact with reports. To look for vulnerabilities in this asset, create a sandboxed program, select HackerOne Professional or HackerOne Enterprise in the Product Edition settings page, and create an API token. This system’s backend is written in Ruby, converts the request to a GraphQL query, and serializes the GraphQL result to JSON. app.pullrequest.com Please use your `@wearehackerone.com` email address when signing up. b5s.hackerone-ext-content.com cover-photos-us-east-2.hackerone-user-content.com This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object. cover-photos.hackerone-user-content.com ctf.hacker101.com The Hacker101 CTF domain, ctf.hacker101.com, is not connected to HackerOne\'s production environment. It is hosted on Amazon AWS. Users authenticate through HackerOne.com (OAuth). The maximum bounty for any vulnerability on this asset is $500 right now. The CTF challenges itself are not in scope for our bug bounty program. errors.hackerone.net A separate domain that we use to capture information of client and server side exceptions. hackathon-photos-us-east-2.hackerone-user-content.com hackathon-photos.hackerone-user-content.com hackerone-ext-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com This is an Amazon S3 bucket that contains attachments of reports and activities. These attachments may contain confidential information. A signed request is required to download an object. hackerone-user-content.com hackerone.com This is our main application that hackers and customers use to interact with each other. It connects with a database that contains information about vulnerability reports, users, and programs. This system’s backend is written in Ruby and exposes data to the client through GraphQL, rendered pages, and JSON endpoints. hackerone.live https://*.hackerone-ext-content.com https://*.hackerone-user-content.com/ mta-sts.wearehackerone.com profile-photos-us-east-2.hackerone-user-content.com profile-photos.hackerone-user-content.com reviewer.pullrequest.com www.hackerone.com This is our marketing website. It does not contain any report or customer information. It may store information about hackers, such as information collected through the [penetration tester sign up form](https://www.hackerone.com/hackers/pentest-community-application). The website runs Drupal with a few customizations. www.wearehackerone.com *.agilebits.com null All other domains, subdomains, and 1Password Accounts that are not owned by you, including accounts where you are a user but not the owner, are out of scope. https://support.1password.com https://www.1password.com/ *.zipbooks.com Zipbooks related assets blog.ishosting.com help.ishosting.com https://*.amazonaws.com/* db.*.supabase.co Supabase database domains belonging to our customers. Test only domains belonging to your own account. Domains that are part of your account are in-scope https://*.supabase.co Supabase Product APIs and database domains belonging to our customers. https://api.supabase.com/platform/pg-meta/project_id/query This is intended to take raw SQL queries. This end-point is not "SQL injectable". The ability to escalate privileges via this end-point is a valid issue, but executing SQL is not. https://github.com/supabase-community/ https://supabase.dev/ Supabase Contributor Portal - Guide for contributing to Supabase https://supabase.productions/ The official Supabase album auth.finnair.com Please note, that this assets is out of the program scope. x.com Anything discovered with any of Circle\'s published media is out of scope. youtube.com www.advisoryworld.com The specific URL www.advisoryworld.com is out of scope. However, reports on other AdvisoryWorld sites are welcome. Security vulnerabilities that are identified in Peloton products or in website domains owned, operated, or controlled by Peloton that are not listed above are OOS *.varonis-preprod.com All other assets issue-management.iontrading.com *.nimiq.com Blockchain testnet https://github.com/nimiq/core-js/ https://github.com/nimiq/core-rs/ https://github.com/nimiq/ledger-app-nimiq https://keyguard.nimiq.com/ https://miner.nimiq.com/ www.lowesprosupply.com/ Please do not request a user account for this asset. Testing is to be performed as an unauthenticated user. *.rentals.rei.com This is an out of scope asset since it is owned and managed by a 3rd party. desktop.rei.com destinations.rei.com foryourbenefit-rei.com/ future-login.rei.com greenvestrentals.rei.com http://rei.com/blog http://rei.com/rei-garage http://rei.com/rentals http://rei.com/used partners2.rei.com rei.jobs reia.my.site.com reiadventures.force.com reifund.org test-login.rei.com vpn.rei.com wpvip.rei.com *.3cx.com blog.privy.io demo.privy.io docs.privy.io privy.io The primary Privy site where you can learn about products & services, get support, etc. Set-top-boxes, smart TVs, streaming sticks Out of Scope **Out of Scope** Third party websites or systems hosted by non-Netflix entities Out of Scope ir.netflix.com ir.netflix.net netflixinvestor.com *.security.neustar http://customertest.drivershistory.com/dr3/api/dr30/getcombined https://customertest.drivershistory.com/currentversion5/wsdhilookup.asmx https://customertest.drivershistory.com/currentversion6/wssubjectprescreenplus.asmx www.wellhive.com WellHive\'s marketing website. *www.aeromexico.com https://www.aeromexico.com support.lighstpark.com www.tilismtechservices.com This is a third-party service; therefore, issues related to this asset are out of scope for our program. https://api-3.xverse.app https://api.xverse.app https://inscribe.xverse.app/ https://ord.xverse.app https://pool.xverse.app/ https://sponsor.xverse.app https://xverse.app http://support.wonder.com www.greenfly.com *.ionity.eu www.cleverreach.com *dhcp*.gobrightspeed.net dhcp.embarqhsd.net https://www.*.nba.com nba.net **Only subdomains listed in the policy are eligible for submission**. https://visayanelectric.com/ iflex.snaboitiz.com/wp-content/* support.worldcoin.com https://api-test.nicex.com https://test.nicex.com test.nicex.com *.envira.es While Eurofins Group has acquired parts of ENVIRA, the domain *.envira.es (and others, e.g. envira.global) are not Eurofins Assets and therefore are not in scope of this program. *.eurofins-digitaltesting.com Eurofins Digital Testing has been divested in 2022 and is not part of the Eurofins Group anymore. Please refrain from any security testing on any former Eurofins Digital Testing Asset. *.sgs.com While Eurofins Group has acquired parts of SGS Group, the domain *.sgs.com is not an Eurofins Asset and therefore not in scope of this program. samplekinect.eurofins.com This application is out of scope. Please refrain from any security testing until further notice. Anything not in scope Devices Placeholder for the Rewards modal Services, Apps, Mobile *.truist.com Only exception is www.truist.com Other: Out-of-Scope Scope item added for the Bounty Modal gnltn.com ldry.com This asset is temporarily out of scope. api.redoxengine.com Please ensure all testing is performed against the staging instance at testapi.redoxengine.com candi.redoxengine.com Please ensure all testing is performed against the staging instance at testapp.redoxengine.com dashboard.redoxengine.com Please ensure all testing is performed against the staging instance at 10x.redoxengine.com gamma.redoxengine.com Please ensure all testing is performed against the staging instance at gamma.redoxstage.com https://redoxengine.atlassian.net Internal Jira is out of scope redox.slack.com Internal Slack is out of scope sso.redoxengine.com Website 3rd Party/Chat Systems Chat bot and contact forms on www.egress.com wisdomtree.com Wisdomtree.com and Wisdomtree.eu are out of scope of this project. If you find something that you wish to report please reach out to security@wisdomtree.com. wisdomtree.eu defenceshare.mod.uk Please use vdp.kahootz.com affiliate.napoleongames.be 3rd party affiliates.superbet.com affiliates.superbet.rs https://legacy-web.superbet.ro/session/login All our LOGIN services are out of scope for the moment. Any bruteforce attempt on our login services will be considered misbehavior and you will be banned from the program. We won\'t reward any credentials identified using bruteforce attacks. Thank you! https://retail.prod.incubator.superbet.ro/ssbt-api/ out of scope blog.magiceden.io This service is done through substack and they are unwilling to fix reported bugs cdn.magiceden.dev http://ord-mirror.magiceden.dev img-cdn.magiceden.dev mainframe.magiceden.io *.pramericalife.in *.prudential.co.kr *.prudentialagf.cl *.prudentialplc.com Prudential Joint Ventures afphabitat.cl pramericalife.in prudentialagf.cl analytics.boozt.com bmp.boozt.com www.kronor.io We are not interested in issues found in the www.kronor.io website. api.frontegg.com portal.frontegg.com servicos.indrive.com sinet.startup.inDriver "Contact Us" Functionality Placeholder for the top Rewards modal Services and Apps engineering.rei.com login.rei.com rei.gladly.com Spamming the Gladly chat bot widget is considered out of scope. reicasting.com blog.mergify.com We do not manage our blogging infrastructure directly. mergify.com We do not manage the infrastructure of our Web hosting service. https://blog.zabbix.com/ This website out of the scope of this program. https://cloud.zabbix.com/ https://exam.zabbix.com/ https://git.zabbix.com/ https://space.zabbix.com/ https://support.zabbix.com/ https://translate.zabbix.com/ https://www.zabbix.com/ developer.arkoselabs.com This site is managed by a 3rd party provider. https://status.arkoselabs.com/ https://careers.abb/global/en https://hub.electrification.us.abb.com/wcc/eh/ https://www.stringsizer.abb.com billing.dynamic.xyz docs.moderntreasury.com help.moderntreasury.com trust.moderntreasury.com www.moderntreasury.com *.daimler.com *.fuso.com *.thomasbuildbuses.com 3rd party integrations bigstockphoto.fr ofcourse.com Support chat Please do not submit reports related to the chat function in the application. *.api.cx.metamask.io **All reports regarding this asset should be submitted to the Consensys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there.** _Note: Consensys is the company that owns MetaMask, and is not a third party._ Core Tier Assets MetaMask\'s Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Core Tier bounty table. This table can be found on our program page, and includes the following assets: * MetaMask SDK * metamask.io * `https://metamask.github.io/phishing-warning/<vX.Y.Z>` * Authentication component * `https://authentication.api.cx.metamask.io/` * `https://oidc.api.cx.metamask.io` * `https://user-storage.api.cx.metamask.io` * Message signing snap Metamask Flask Extension Installation Link: https://chrome.google.com/webstore/detail/metamask-flask-developmen/ljfoeinjpaedjfecbmggjgodbgkmjkjk This is an experimental playground for developers, where new or proposed features can be rolled out and tested before deploying them to the broader public. Non-Core Tier Assets MetaMask\'s Non-Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Non-Core Tier bounty table. This table can be found on our program page, and includes the following assets: * https://snaps.metamask.io * *.metamask.io (with exceptions) * Snaps Development Packages Wallet Tier Assets MetaMask\'s Wallet Tier Assets are specific MetaMask assets which are paid out in accordance with our Wallet Tier bounty table. This table can be found on our program page, and includes the following assets: * MetaMask Extension * MetaMask Mobile (io.metamask.Metamask, io.metamask) * MetaMask Snaps community.metamask.io Vulnerability reports related to this domain should be directed to the Discourse bug bounty program: https://hackerone.com/discourse developer.metamask.io _Please note that MetaMask part of Consensys, and the MetaMask developer dashboard (previously known as infura) is considered a first party Consensys product._ https://metamask.github.io/ This domain is the root of various static GitHub pages applications which range from test sites, to development tools, to production security controls. Vulnerabilities which can be used to have impact on an in-scope asset will still be considered for a bounty. https://mmi-support.metamask.io/ https://support.metamask.io/ https://www.npmjs.com/search?q=%40metamask Vulnerabilities within npm packages in the @metamask namespace that do not pose a risk to MetaMask users permissionless.snaps.metamask.io An experimental directory for permissionless snaps. Is currently under development, and may potentially be put in scope in the future. *.skinport.com *.floqast.com FloQast\'s Marketing Website *.floqast.studio FloQast\'s Marketing Website for our Digital Entertainment Division Any Asset Not Specifically Listed as In-Scope Any domain, device, or asset not specifically listed as "In-Scope" for this program. s3://floqast The "floqast" S3 bucket is not owned by us. We have static code analysis tools that prevent developers from connecting any of our services to it. connector.callsign.com dashboard.callsign.com pathway.callsign.com portal.callsign.com programs.callsign.com support.callsign.com www.callsign.com Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions. blog.palantir.com certification.palantir.com community.palantir.com explore.palantir.com gear.palantir.com go.palantir.com info.palantir.com investors.palantir.com learn.palantir.com 3rd-party certification website/service. palantirfedstart.com Any domain related to FedStart or Palantir FedStart. palantirpacusa.com Any domain related to the Palantir PAC. sandbox.training.palantir.com store.palantir.com training.palantir.com community.modernfertility.com https://*.ro.co/api/members https://login.ro.co/authorize https://ro.co/api/account-exists https://ro.co/api/presigned-upload-url https://ro.co/messages/* https://ro.co/weight-loss/glp1-insurance-checker/* https://ro.co/weight-loss/supply-tracker/* *.Windstreambundledeals.com This site is off limits. *.getwindstream.com *.orderwindstream.com *.windstreamdeals.com *.windstreamoffers.com Allworx *.account.mongodb.com/* *.atlas.mongodb.com/* *.cloud.mongodb.com/* All Evergreen Assets (including staging) Please note that all evergreen endpoints (including staging) are out of scope of this program and not eligible for bounty Enterprise Edition Products and Tools Drivers, cloud tools, enterprise cloud and enterprise server MongoDB Community Edition Cloud Manager Please note this includes: cloud.mongodb.com MongoDB Driver: Swift Please note as per https://www.mongodb.com/docs/drivers/swift/ The Swift driver is no longer under active development as of 2022. MonogoDB Community Server auth.mongodb.com/ http://*.auth.mongodb.com/* https://www.mongodb.com/community/forums/* https://www.mongodb.com/community/forums/* Is out of scope, please refrain from testing this site. *.chattest.deribit.com deribit.zendesk.com office.deribit.com veriscope.deribit.com activate.fidelity.com activate1.fidelity.com alertmanagerams.streetscape.com alertstreaming.fidelity.com alertstreaming.streetscape.com alumni.fidelity.com boundless.fidelity.com china.fidelity.com dmt.fidelity.com dmtfi.fidelity.com esgpro.fidelity.com event.fidelity.com fcone.fidelity.com fctms.fidelity.com https://api-stage.fidelity.com/brokerage-debit-card-order/v1 https://api-test.fidelity.com/brokerage-account-checking-stop-payment/v1 https://api.fidelity.com/brokerage-account-checking-stop-payment/v1 https://api.fidelity.com/brokerage-debit-card-order/v1 india.fidelity.com jobs.fidelity.com metrics.fidelity.com reviews.fidelity.com reviews.retail.fidelity.com sitecatalyst.fidelity.com social.fidelity.com social.retail.fidelity.com testjobs.fidelity.com www.boundless.fidelity.com www.fidelityworkplace.com www.india.fidelity.com www.jobs.fidelity.com www.myfidelitysolutions.com dolimg.com dwss-ptp.disney.com espnbet.com magicalfloralandgifts.com tokyodisneyresort.jp This licensing partnership site is OUT of scope of the VDP. www.enchantedfinejewelry.com *.hiltonhotels.jp eis.hilton.com https://jobs.hilton.com creators.gymshark.com gymshark.okta.com onboarding.gymshark.com slack.moov.io support.moov.io support.moov.io is not in scope for reporting as this is not our application. tools.cards.moov.io tools.moov.io help.strongdm.com Our support site is hosted externally by Zendesk. No security testing should be done against the platform itself. Any security issues found within the platform should be reported [directly to Zendesk](https://hackerone.com/zendesk). security.strongdm.com Our Security Portal is hosted externally by SafeBase. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to security@safebase.io status.strongdm.com Our Status Page site is hosted externally by Atlassian. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to [Atlassian](https://bugcrowd.com/atlassian). @properties *.attorneyskeytitle.com *.chartwellescrow.com *.ctccal.com *.firstalliancetitle.com *.kvstitle.com *.legacytexastitle.com *.sqstitle.com Chartwell Christie’s International Real Estate Consumer’s Title of California Glide KVS Title LegacyTexas Title SQS Square Settlements glide.com http://www.compass.com/api/v3/lead_forms/agent_profile http://www.compass.com/contact/ staebapp01.allegion.com Out of scope stczpisupplier.allegion.com Not in scope stisupplier.allegion.com support.wickr.com community.pagerduty.com http://www.pagerduty.com/support/ The Support Form and ticketing system is owned by a third party. university.pagerduty.com www.pagerduty.com/contact-us/ The "Contact Us" form is operated by a third party. affiliates.payoneer.com blog.payoneer.com brand.payoneer.com community.payoneer.com duediligence.payoneer.com explore.payoneer.com investorday.payoneer.com register.payoneer.com skuad.io tracks.payoneer.com Dunnhumby Please report any vulnerabilities here: https://www.dunnhumby.com/security.txt Tesco Bank Tesco Mobile https://www.tescomobile.com/.well-known/security.txt *.plexlabs.io clicks.moonpay.com docs.hypermint.com docs.moonpay.com ethpass.xyz Don\'t report for this domain as will be not rewarded help.moonpay.com page.moonpay.com plexlabs.io qr.moonpay.com request-headers-no-proxy.moonpay.com request-headers.moonpay.com storefront.hypermint.com support.moonpay.com *.koho.ca/cdn-cgi Customer Support Request Forms Customer support request forms (i.e. - Veeam Customer Portal Cases and Case Escalation Forms) are not in scope for this program. Virtual Chat Assistants Virtual chat assistants on our websites are provided by an out of scope 3rd party and are not in scope for this program. https://www.mavieencouleurs.fr autodiscover.apnic.net Out of scope because it\'s a CNAME to a 3rd party. enterpriseenrollment.apnic.net enterpriseregistration.apnic.net help.apnic.net info.apnic.net login.apnic.net lyncdiscover.apnic.net sip.apnic.net upload.apnic.net *.app.cloud.gov Domains of the form *.app.cloud.gov are customer domains, and are out of scope. *.cloud.gov Only the subdomains of `cloud.gov` explicitly listed are in scope; all other subdomains are excluded. *.data.gov 18f.gov 18f.gsa.gov all-sorns.app.cloud.gov data.gov applications Please do not perform any testing on third-party applications that happen to be powered by data.gov (i.e. https://data.gov/applications/) http://github.com/18f/identity-saml-java http://github.com/18f/identity-saml-python manage.data.gov vote.gov careers.tenable.com cloud.tenable.com community.tenable.com de.tenable.com developers.tenable.com docs.tenable.com fr.tenable.com go.tenable.com login.tenable.com partners.tenable.com static.tenable.com suggestions.tenable.com university.tenable.com www.tenable.com Assets operated by, but not owned by, Snowplow. We would like to focus your attention on our own estate, not the solutions we spin up for our customers or the technology of our partners. Starting your journey at https://snowplowanalytics.com should keep you in the right zone. segashop.co.uk http://*.neweggbusiness.com jobs.newegg.com Site content on this subdomain hosted by 3rd party sellerportal.newegg.com sellingpilot.newegg.com *.maconsotempsreel.octopusenergy.fr *.fastly.net community.fastly.com connect.fastly.com Adagio Adagio is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Barista Bros Barista Bros is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Cafe Punta Del Cielo Cafe Punta Del Cielo is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Cinnabon Cinnabon is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Emerils Emerils is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Evian Evian is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Gloria Jean\'s Gloria Jean\'s is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Hollys Coffee Hollys Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand. Kahlua Kahlua is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Krispy Kreme Krispy Kreme is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Laughing Man Laughing Man is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Margaritaville Margaritaville is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Newman\'s Own Newman\'s Own is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Panera Bread Panera Bread is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Peet\'s Coffee Peet\'s Coffee is not a wholly owned brand by Keurig Dr Pepper. KDP does not own the web assets related to this brand RC Cola International RC Cola International is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Swiss Miss Swiss Miss is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Timothy\'s World Coffee Timothy\'s World Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand Vitacoco Vitacoco is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand support.commercial.keurig.com support.keurig.ca support.keurig.com support.keurigdrpepper.com www.diedrichroasters.com Diedrich is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand *dev*.krisp.ai Development environment metabase.krisp.ai sdk-docs.krisp.ai url5145.krisp.ai voice-ai-newsletter.krisp.ai whatsnew.krisp.ai DMARC Policy DMARC Policy for all services is not in-scope for the bug bounty program. HSTS & CAA Configuration Strict Transport Security & Certification Authority Authorization for all services is not in-scope for the bug bounty program. Hedera Mainnet API Endpoints https://docs.hedera.com/guides/mainnet/mainnet-nodes#mainnet-node-address-book Hedera Owned Domains & Subdomains _.hedera.com_ _.hederacouncil.org_ _.hedera.io_ _.hederahashgraph.com_ _.hashgraph.com_ Mainnet Mirror Node APIs https://mainnet.mirrornode.hedera.com https://hcs.mainnet.mirrornode.hedera.com The testnet mirror node REST API offers the ability to query transaction information Services Hosted by 3rd Party Example: shop.hedera.com, members.hedera.com, status.hedera.com, docs.hedera.com, netki.hedera.com, etc. Weak Password Policy Weak Password Policy for all services is not in-scope for the bug bounty program. api-2.khealth.io careers.khealth.com This asset is out of scope. Submissions relating to this asset will not be rewarded. http://*.hydrogenhealth.com All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope. https://khealth.com/careers khealth-test.com This asset is included here in order to indicate its out-of-scope status support.smtp2go.com Vendor/Partner Any services not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. Additionally, vulnerabilities found in JetBlue systems from our business partners fall outside of this policy’s scope and should be reported directly to the business partner according to their disclosure policy (if any). *.awards.slotomania.com com.youdagames.gop3multiplayer This App belongs to our Tier 3 category of rewards system. id877638937 sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com Reflected Cross-Site-Scripting (RXSS) vulnerabilities in the following assets are temporarily out of scope. dev-proxy-ci-centralus.agrisync.com http://www.deere.com/assets/pdfs account-reader.tide.co admin.tide.co bot-*.bo.tide.co community.tide.co domains.tide.co http://*-staging.tide.co http://*-wip.tide.co http://*.staging.tide.co http://*.stg-tideplatform.in http://*.wip-tideplatform.in http://*.wip.tide.co mi.tide.co portaldesign.tide.co status-*.tide.co status.tide.co www.tidecharity.org.uk ceros.leafnow.com com.mts.webtrading https://bids.acqcenter.com https://dp.acqcenter.com https://eiamd-eis.com https://frtcmodernization.com https://nicmontereyea.com https://nwtteis.com https://pmsr-eis.com https://sealbeachea.com https://uat1.acqcenter.com https://uat2.acqcenter.com Globalpaymentsinc.com and Globalpayments.com - OUT OF SCOPE Globalpaymentsinc.com and Globalpayments.com are out of scope for the Vulnerability Disclosure Program. Research on these assets are only allowed in our private bug bounty program with specific testing instructions. Leaked Credentials UCS blog.clubhouse.com wvcorp.tva.com This site has a very weak auth page in front of it and was done as a matter of "requirement" at the time. This site is being modified to remove the auth page as the data is public and nonsensitive. signin.costco.com consensys-solutions.net consensys.net events.on-running.com events.on.com https://shz64n.on-running.com/ partners.on-running.com partners.on.com shz64n.on.com/ help.hypr.com partners.hypr.com support.hypr.com *.who.int covid19app.who.int *.getbouncer.com Onboarding Verification Link Crawling Stripe has a project in place to revamp its crawling infrastructure for onboard verification links. Until that work is completed reports related to this feature will be reviewed but closed as informative. Stripe Third Party Apps and Integrations Vulnerabilities found in third party apps, integrations, and their infrastructure should be reported to the responsible developer. This includes third parties that insecurely implement Stripe components or API methods. Reporters should only report vulnerabilities in Stripe third party apps and integrations to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty. Please include specifics regarding steps taken to communicate with the third party. Freshsales-iOS-App Freshsales iOS app can be downloaded from https://apps.apple.com/us/app/freshsales/id1073125057 com.freshdesk.freshsales.mobile Freshsales Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk freshworks.atlassian.net We don\'t use this Atlassian JIRA instance. http://yourdomain.myfreshworks.com/crm/marketer Due to a product revamp, we have decided to remove Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team. Freshmarketer Endpoint - yourdomain.myfreshworks.com/crm/marketer http://yourdomain.myfreshworks.com/crm/sales Due to a product revamp, we have decided to remove Freshsales product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team. Freshsales Endpoint - yourdomain.myfreshworks.com/crm/sales wchat.freshchat.com www.freshworks.com The domain www.freshworks.com is a static webpage containing no sensitive information. yourdomain.freshping.io yourdomain.freshstatus.io yourdomain.freshsurvey.io www.corda.net www.r3.com aem-prod.brookfieldproperties.com aem-qa.brookfieldproperties.com aem-test.brookfieldproperties.com apts.brookfieldproperties.com auexpe.brookfieldproperties.com autodiscover.brookfieldproperties.com azuebtpblu0501d.brookfieldproperties.com bamazaubtaap01p.brookfieldproperties.com bfpl30clpcc01.brookfieldproperties.com bfpl30clpcs01.brookfieldproperties.com bpoazusmpsap01p.brookfieldproperties.com bpoazusmpsap02p.brookfieldproperties.com brexpc.cluster.brookfieldproperties.com brexpe.brookfieldproperties.com brookfieldproperties.com brospf.brookfieldproperties.com camkm-pvwa01.brookfieldproperties.com canrpc.brookfieldproperties.com captive.brookfieldproperties.com causash-pvwa02.brookfieldproperties.com click.b.brookfieldproperties.com click.e.brookfieldproperties.com cloud.b.brookfieldproperties.com cloud.e.brookfieldproperties.com collab-edge.brookfieldproperties.com conteudo.brookfieldproperties.com cuc-bf-1-p-au9-01-ms.brookfieldproperties.com cuc-bf-1-p-au9-01.brookfieldproperties.com cuc-bf-1-p-br1-01-ms.brookfieldproperties.com cuc-bf-1-p-br1-01.brookfieldproperties.com cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com cuc-bf-1-p-eu8-01.brookfieldproperties.com cuc-bf-1-p-na9-01-ms.brookfieldproperties.com cuc-bf-1-p-na9-01.brookfieldproperties.com cuc-bf-1-s-au9-02.brookfieldproperties.com cuc-bf-1-s-br1-02.brookfieldproperties.com cuc-bf-1-s-ca2-01.brookfieldproperties.com cuc-bf-1-s-eu8-02.brookfieldproperties.com cyberark.brookfieldproperties.com expc-bf-1-p-au9-01.brookfieldproperties.com expc-bf-1-p-br1-01.brookfieldproperties.com expc-bf-1-p-br1-02.brookfieldproperties.com expc-bf-1-p-ca2-01.brookfieldproperties.com expc-bf-1-p-eu8-01.brookfieldproperties.com expc-bf-1-p-na9-01.brookfieldproperties.com files.brookfieldproperties.com google.brookfieldproperties.com hello.rent.brookfieldproperties.com icdworkspace.brookfieldproperties.com image.b.brookfieldproperties.com image.e.brookfieldproperties.com imp-bf-1-p-br1-01-ms.brookfieldproperties.com imp-bf-1-p-br1-01.brookfieldproperties.com imp-bf-1-p-eu8-01.brookfieldproperties.com imp-bf-1-p-na9-01.brookfieldproperties.com imp-bf-1-s-br1-02.brookfieldproperties.com imp-bf-1-s-ca2-01.brookfieldproperties.com imp-bf-1-s-eu8-02.brookfieldproperties.com investors.brookfieldproperties.com iotservices.brookfieldproperties.com link.agency.brookfieldproperties.com link.bp.brookfieldproperties.com lyncdiscover.brookfieldproperties.com lyncdiscoverinternal.brookfieldproperties.com na1bthyb01.brookfieldproperties.com na1bthyb02.brookfieldproperties.com na2btled01.brookfieldproperties.com na2btlfe01.brookfieldproperties.com nac1m-s1.brookfieldproperties.com nac1m-t1.brookfieldproperties.com nac1m-t2.brookfieldproperties.com nac1m-t3.brookfieldproperties.com nac225l-s1.brookfieldproperties.com nac225l-t1.brookfieldproperties.com naexpe.brookfieldproperties.com oncite.brookfieldproperties.com pam.brookfieldproperties.com rent.brookfieldproperties.com rooms.brookfieldproperties.com roomsicd.brookfieldproperties.com secure.brookfieldproperties.com staging.brookfieldproperties.com staging.rent.brookfieldproperties.com staging.webadmin.brookfieldproperties.com thycotic.brookfieldproperties.com tsbazusaudit01p.brookfieldproperties.com tsbazussqldb01s.brookfieldproperties.com tsbazuswdsdc01p.brookfieldproperties.com tsgazauwdsdc01p.brookfieldproperties.com tsgazsgwdsdc01p.brookfieldproperties.com tsgazsgwdsdc02p.brookfieldproperties.com tsgazusexhyb01p.brookfieldproperties.com tsgazusexhyb02p.brookfieldproperties.com tsgazusipmap01p.brookfieldproperties.com tsgwsusexhyb01p.brookfieldproperties.com tsgwsusexhyb02p.brookfieldproperties.com ucm-bf-1-p-au9-01-ms.brookfieldproperties.com ucm-bf-1-p-au9-01.brookfieldproperties.com ucm-bf-1-p-br1-01-ms.brookfieldproperties.com ucm-bf-1-p-br1-01.brookfieldproperties.com ucm-bf-1-p-eu8-01.brookfieldproperties.com ucm-bf-1-p-na9-01-ms.brookfieldproperties.com ucm-bf-1-p-na9-01.brookfieldproperties.com ucm-bf-1-s-au9-02.brookfieldproperties.com ucm-bf-1-s-br1-02.brookfieldproperties.com ucm-bf-1-s-ca2-01.brookfieldproperties.com ucm-bf-1-s-ca2-02.brookfieldproperties.com ucm-bf-1-s-eu8-02.brookfieldproperties.com ucm-bf-1-s-na9-02.brookfieldproperties.com ucm-bf-1-s-na9-03.brookfieldproperties.com ucm-bf-1-s-na9-04.brookfieldproperties.com ukexpe.brookfieldproperties.com usarpc.brookfieldproperties.com usash-pvwa02.brookfieldproperties.com view.b.brookfieldproperties.com view.e.brookfieldproperties.com webadmin.brookfieldproperties.com webmail.brookfieldproperties.com workspace.brookfieldproperties.com workspaceicd.brookfieldproperties.com workspaceportal.brookfieldproperties.com www.azuebtpblu0501d.brookfieldproperties.com www.bamazaubtaap01p.brookfieldproperties.com www.bfpl30clpcs01.brookfieldproperties.com www.brexpc.cluster.brookfieldproperties.com www.brookfieldproperties.com www.captive.brookfieldproperties.com www.cuc-bf-1-p-au9-01-ms.brookfieldproperties.com www.cuc-bf-1-p-br1-01-ms.brookfieldproperties.com www.cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com www.expc-bf-1-p-au9-01.brookfieldproperties.com www.expc-bf-1-p-br1-01.brookfieldproperties.com www.expc-bf-1-p-eu8-01.brookfieldproperties.com www.na2btled01.brookfieldproperties.com www.pam.brookfieldproperties.com www.secure.brookfieldproperties.com www.thycotic.brookfieldproperties.com www.tsgazauwdsdc01p.brookfieldproperties.com www.tsgazsgwdsdc01p.brookfieldproperties.com www.tsgazusipmap01p.brookfieldproperties.com www.ucm-bf-1-p-au9-01-ms.brookfieldproperties.com www.ucm-bf-1-p-br1-01-ms.brookfieldproperties.com www.ucm-bf-1-p-eu8-01-ms.brookfieldproperties.com community.doppler.com This is our community hub hosted on Discourse. docs.doppler.com This subdomain points to our docs hosted on ReadMe. doppler.com This is our marketing website built on Webflow. http://calendly.com/doppler/enterprise Please do not attempt to test the Doppler calendly integration https://github.com/DopplerHQ/awesome-bots This is a public collection of resources maintained by the community. support.doppler.com This is our support hub hosted on Zendesk. *.grindrads.com This site is hosted by a third-party, Bucksense. Please contact security@bucksense.com to report security vulnerabilities. *.intomore.com Any databases, Wordpress instances, web infrastructure related to INTO is out of scope blog.grindr.com The site is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here: https://www.squarespace.com/vulnerability-reporting github.com/thesokrin/vfd Known issue; this repo describes staging systems that are no longer in use. Please do not submit reports unless you are able to demonstrate a connection between this code and live infrastructure. go.grindr.com This site is hosted by a third-party, GoLinks. Please contact them at https://www.golinks.io/contact.php grindr.atlassian.net This site is hosted by a third-party; please direct security vulnerabilities to Atlassian at https://bugcrowd.com/atlassian grindrbloop.com This is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here: grindrtogo.grindr.com This site is hosted by a third-party, Shopify. Please report security issues on their HackerOne account: https://hackerone.com/shopify help.grindr.com The site is hosted by a third-party, ZenDesk. Please report security issues on their HackerOne account: https://hackerone.com/zendesk?type=team https://github.com/grindrlabs investors.grindr.com This is Grindr\'s Investor Relations site. The site is hosted by a third-party, Q4 inc. As recommended on https://www.q4inc.com/contact-us/default.aspx, submit security related issues or concerns to support@q4inc.com kindr.grindr.com This site is hosted by a third-party, Wix. Please report security issues on their HackerOne account: https://support.wix.com/en/article/reporting-a-security-issue selfservice.grindr.com shop.grindr.com shop.grindrbloop.com *.browser.cloud.com *.citrix*.com *.cloudburrito.com Staging Environment for Citrix Cloud *.podio.com *.securevdr.com *.xmdev.cloud.com Dev Environment for CEM (XenMobile) *.xmqa.cloud.com QA Environment for Citrix Endpoint Management (XenMobile) *.xmtest.cloud.com Test Environment for CEM (XenMobile) accounts-internal.cloud.com citrix.cloud.com launch.cloud.com www.cloud.com c21.hk century21.hk *.afadvantage.gov *.cio.gov *.itdashboard.gov alpha.sam.gov fbo.gov fdms.gov fedidcard.gov fsrs.gov gobiernousa.gov gsaauctions.gov info.gov innovation.gov itdashboard.gov kids.gov performance.gov pic.gov pif.gov plainlanguage.gov presidentialinnovationfellows.gov realestatesales.gov www.openmage.org This asset is hosted by Github Pages. Please observe [Github\'s security program](https://hackerone.com/github) and report directly to them if any issues are found with the underlying technologies. Only issues directly affecting the security or privacy of the OpenMage organization should be submitted to this program. ### Email services for the openmage.org domain are not in scope! Reports relating to SPF and DMARC will be closed immediately as N/A. *cars.aerlingus.com aerlingus.estore.iagl.digital Replaced with https://www.shopping.ba.com (same code base) ba.estore.iagl.digital buyavios.iberia.com Replaced with https://pgt.shopping.ba.com/ (same code base) https://*.iagloyalty.com This asset is hosted by Hubspot, and as such these reports should be submitted to them directly. https://docs-next.apiportal.dev.iagl.digital/docs Replaced with https://docs.iagloyalty.com https://docs.iagloyalty.com https://shop.ba.com/ https://www.iagcargo.com/en/page/claims-process https://www.iagcargo.com/en/page/critical-performance-guarantee-refund-request https://www.iagcargo.com/en/page/prioritise-performance-guarantee-refund-request https://www.iagcargo.com/en/page/product/live-animals https://www.iagcargo.com/en/page/product/pets https://www.iagcargo.com/en/page/product/relocation https://www.iagcargo.com/en/page/tracking-devices-enquiry https://www.iagcargo.com/es/page/claims-process https://www.iagcargo.com/es/page/critical-performance-guarantee-refund-request https://www.iagcargo.com/es/page/prioritise-performance-guarantee-refund-request https://www.iagcargo.com/es/page/product/live-animals https://www.iagcargo.com/es/page/product/pets https://www.iagcargo.com/es/page/product/relocation https://www.iagcargo.com/es/page/tracking-devices-enquiry https://www.iberia.com/*/*.do* https://www.iberia.com/cs/satellite* iberia.estore.iagl.digital pgt.estore.aerlingus.com vueling.estore.iagl.digital www.hangar51.com This asset is hosted by Webflow, and as such these reports should be submitted to them directly at https://webflow.com/security 8x8-meeting-rooms 8x8 Spaces - https://apps.apple.com/us/app/8x8-meeting-rooms/id1468264023 While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions 8x8.wavecell.com (webmail.wavecell.com) Powered by [Hubspot](https://bugcrowd.com/hubspot). Jitsi Meet Desktop https://desktop.jitsi.org/Main/Download.html Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions. accountmanager.8x8.com com.atlassian.JitsiMeet.ios https://apps.apple.com/us/app/jitsi-meet/id1165103905 While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions. com.spot8x8.spot 8x8 Spaces - https://play.google.com/store/apps/details?id=com.spot8x8.spot express.8x8.com feedback.wavecell.com Powered by [Canny](https://canny.io/security). get8x8.com http://*.callstats.io Sold to Spearline. No longer owned by 8x8. http://*.contactnow.8x8.com http://*.jitsi.org http://*.sameroom.io investors.8x8.com mobileidentity.8x8.com also api.mobileidentity.8x8.com (more info to come soon) org.jitsi.meet https://play.google.com/store/apps/details?id=org.jitsi.meet supersite.8x8.com support-portal.8x8.com support.8x8.com vm.8x8.com www.8x8.com www.wavecell.com eflow.watsons.com.tw/ form.watsons.com.my https://www.watsons.com.my/blog Any feedback form MarketPlace Submission process. community.miro.com developers.miro.com events.miro.com help.miro.com miro.com/api/stream/v1/* miro.com/careers/vacancy/* miro.com/contact/* status.miro.com *.corebridgefinancial.com *.travelguard.com travel.aig.co.jp Subdomains maintained by third parties, other than AIG, are not in scope for this program. www-1008.aig.com www.corebridgefinancial.com *.fip.finra.org https://ews.finra.org/* *.pantheonsite.io careers.chime.com 3rd-party vendor nd.chime.com blog.launchdarkly.com launchdarkly.com This is our static marketing site. sandbox.launchdarkly.com slack.launchdarkly.com status.launchdarkly.com *.matic.network https://github.com/maticnetwork/contracts #Contracts This repository contains the smart contracts that power Matic Network *.skale.network https://github.com/skalenetwork/skale-node-cli https://github.com/skalenetwork/validator-cli Spamming of forms and APIs with automated vulnerability scanners are strictly out of scope help.yesware.com roadmap.vendasta.com Uses a third-party content management system so it is ineligible for VDP. t.yesware.com This subdomain is used for generated email tracking links. **We do not accept open-redirect issues for this subdomain**. www.vendasta.com www.yesware.com www.designsystems.com event.us-east-1.sws.siemens.com http://o0pv3l7chl.execute-api.us-east-1.amazonaws.com/dev https://react.vis.pre2.usea1.devops.sws.siemens.com/sample/dist/index.html poh0v3odoi.execute-api.eu-central-1.amazonaws.com *.aws.* *.dev .*a2z*. AWS and AWS customer assets are strictly out of scope Amazon Web Services (AWS) Currently, anything related to AWS should be considered out of scope and should be reported directly to AWS: https://aws.amazon.com/security/vulnerability-reporting/ Anything considered a non-prod asset Anything which redirects to AWS amazongames.com learning.logistics.amazon.com CS.Money Antiscam This is our Google Chrome extension, which protects our users from potential scams. No longer supported and thus out of scope. [Chrome Web Store](https://chrome.google.com/webstore/detail/csmoney-antiscam/bocdepodnagbohblgjmooobalmcojkpg) grafana.cs.money Out of scope. This is our instance of Grafana. old.cs.money Out of scope. This was the old version of our primary web application. Any assets not listed \\*.[any-domain].[or.id|com|net|org|id|web.id]:[2082|2083|2086|2087|2095|2096]/any backend we not manage \\*.1337.or.id, wiki.1337.or.id, news.1337.or.id Browser extensions/add-ons \\- XSSRush (Chrome/Firefox) access-dr.navient.com access.navient.com altaccess.navient.com assist.navient.com clientaccess.citrixcloud.navient.com filegateway.navient.com fms.navient.com jobs.navient.com m.jobs.navient.com militaryadvisorchatbot-qa.navient.com militaryvirtualassist-public.navient.com mynavientwellbeing.com navientlogin.b2clogin.com navientpath.com news.navient.com o8.studentloan.navient.com pcx.navient.com rsa.citrixcloud.navient.com services.navient.com services2.navient.com ssp.navient.com studentloan.navient.com tableau-prod.navient.com tableau-test.navient.com adsmanager.truecaller.com community.truecaller.com support.truecaller.com www.investnext.com com.evernote.android help.evernote.com https://svn.filezilla-project.org/svn/filezilla3/trunk/src/storj/ This also includes the libstorj dependency. Tier 1 Bounty table header Tier 2 Tier 3 account.clario.co api-ne.clario.co api.account.opendoor.ltd old *.hcltechsw.com *.atp-exodus.com We do not own atp-exodus.com assets hence it should be considered out of scope. exodus.atlassian.net We do not own Atlassian instance at https://exodus.atlassian.net . Any reports containing this out-of-scope asset will be marked as N/A exodusstore.blob.core.windows.net This azure bucket does not belong to us please refrain from submitting. get.exodus.* This subdomain is hosted on a 3rd party dataset http://exodus.com/keybase.txt intentionally public. Any report related to this will be marked Not-Applicable http://www.exodus.com/contact-support https://exodus.atlassian.net We do not own this instance, Any report related to this will be marked as `Not-Applicable` slack-invite.exodus.com Invite link to our public Slack, there are no vulnerabilities. support-helpers.a.exodus.io This subdomain points to our support and hiring services which are hosted on 3rd party dataset support.exodus.com Domain is not in scope for testing www.exodus.com/job-application/* 3rd party service installed on the endpoint Out Of Scope #### Out of Scope: * admin.topcoder.com * api-work.topcoder.com * dev.arena.topcoder.com * qa.arena.topcoder.com * arenaws.topcoder.com * asteroids.topcoder.com * beta.topcoder.com * beta-community-app.topcoder.com * blitz.topcoder.com * bluehost.topcoder.com * bluehost-test01.topcoder.com * bluehost-test02.topcoder.com * cmap-leaders.topcoder.com * coder.topcoder.com * codeyourwayin.topcoder.com * dtn.topcoder.com * epa.topcoder.com * hphaven.topcoder.com * ideas.topcoder.com * info.topcoder.com * internal-api.topcoder.com * jp.topcoder.com * lightning.topcoder.com * link.topcoder.com * mediasharedev.topcoder.com * mediasharepoc.topcoder.com * mobile.topcoder.com * predix.topcoder.com * qa.topcoder.com * software.qa.topcoder.com * studio.qa.topcoder.com * site.topcoder.com * smtp.topcoder.com * swift.topcoder.com * talk.topcoder.com * tcdev1.topcoder.com * tcdev3.topcoder.com * topgear.topcoder.com * training.topcoder.com * tunnel1.topcoder.com * vorbote.topcoder.com * wiki.topcoder.com * x-receiver.topcoder.com www.gmelius.com Gmelius\' www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider. api.outpost.co app.outpost.co www.mplans.com www.outpost.co www.teamoutpost.com *.mtnfootball.com HI we no longer are in ownership of this domain or subdomains. 41.189.179.249 41.216.67.108 41.216.78.13 41.216.80.172 achom.ir areeba.com.gh areeba.com.gn electricityservices.mtn.com.sy faulucareers.co.ke gameplus.mtnonline.com games.mtnonline.com h14de.n2.ips.mtn.co.ug h1576.n2.ips.mtn.co.ug h163e.n2.ips.mtn.co.ug h18e.n1.ips.mtn.co.ug h19f2.n2.ips.mtn.co.ug h19f6.n2.ips.mtn.co.ug h1b24.n2.ips.mtn.co.ug h1b6e.n2.ips.mtn.co.ug h1c1c.n2.ips.mtn.co.ug h1c5b.n1.ips.mtn.co.ug h1f7.n1.ips.mtn.co.ug h1fa.n1.ips.mtn.co.ug h2252.n1.ips.mtn.co.ug h2276.n1.ips.mtn.co.ug h22d.n1.ips.mtn.co.ug h22eb.n1.ips.mtn.co.ug h2302.n1.ips.mtn.co.ug h234e.n1.ips.mtn.co.ug h235.n1.ips.mtn.co.ug h245a.n1.ips.mtn.co.ug h2472.n1.ips.mtn.co.ug h254e.n1.ips.mtn.co.ug h27d.n2.ips.mtn.co.ug h27d6.n1.ips.mtn.co.ug h27da.n1.ips.mtn.co.ug h2826.n1.ips.mtn.co.ug h2a36.n1.ips.mtn.co.ug h2a8.n1.ips.mtn.co.ug h2cf3.n1.ips.mtn.co.ug h2cf3.n1.ips.mtn.co.ug:8070 h2d.n1.ips.mtn.co.ug h2d5.n1.ips.mtn.co.ug h2dea.n1.ips.mtn.co.ug h30e.n1.ips.mtn.co.ug h341b.n1.ips.mtn.co.ug h3426.n1.ips.mtn.co.ug h37d.n1.ips.mtn.co.ug h3b5.n1.ips.mtn.co.ug h3b68.n1.ips.mtn.co.ug h3b7.n1.ips.mtn.co.ug h3e5.n1.ips.mtn.co.ug h456.n1.ips.mtn.co.ug h62a.n1.ips.mtn.co.ug h652.n2.ips.mtn.co.ug h696.n2.ips.mtn.co.ug h69a.n2.ips.mtn.co.ug h6a2.n2.ips.mtn.co.ug h6a6.n2.ips.mtn.co.ug h6b6.n2.ips.mtn.co.ug h6ba.n2.ips.mtn.co.ug h6c6.n2.ips.mtn.co.ug h6ca.n2.ips.mtn.co.ug h6ce.n1.ips.mtn.co.ug h6d2.n2.ips.mtn.co.ug h6d6.n2.ips.mtn.co.ug h6fa.n1.ips.mtn.co.ug h742.n1.ips.mtn.co.ug h7c2.n1.ips.mtn.co.ug h80e.n1.ips.mtn.co.ug h82e.n1.ips.mtn.co.ug h862.n1.ips.mtn.co.ug h93e.n1.ips.mtn.co.ug hb16.n1.ips.mtn.co.ug hb56.n1.ips.mtn.co.ug hb92.n1.ips.mtn.co.ug hbce.n1.ips.mtn.co.ug hd65.n2.ips.mtn.co.ug he2.n1.ips.mtn.co.ug hfa.n4.ips.mtn.co.ug hfe.n1.ips.mtn.co.ug http://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331 https://www.evod.co.za/ https://www.mtn.com/contact/become-supplier/ Aware of the fucntion and tested via pentest teams https://www.mtn.com/investors/sign-up-for-investor-information/ Not in scope aware of this and we have tested and happy with results from external pen testing firm https://www.mtn.com/wp-json/ HI, Hosted WordPress site, this is enabled on the hosted environment, other mitigation in place to prevent ddos and brute force from happening https://www.mtn.com/wp-json/wp/v2/users/ https://www.mtn.com/wp-login.php https://www.mtn.com/xmlrpc.php https://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331 irancel.ir irancell.ir jolie.ir lonestarcell.org m-game.mtnonline.com move2mtn.com mtn-bissau.com Domain does not belong to MTN Bissau. mtn-eschool.com mtn-ic.com mtn-weca.com mtn.com.cy This is from an entity that was sold off mtn.com.ye This forms part of an entity that was sold off mtnblog.co.za mtnbusiness.tel mtnfootball.com mtngame.net mtngb.com mtnhostedservices.com mtnhostedservices.net mtnlibmusic.com mtnmail.org mtnmail.tel mtnmailsync.com mtnmmo.com mtnmobad.mtnbusiness.com.ng mtnmobilemoney.us mtnmobility.net mtnonlineservices.com mtnpulse.tel mtnrechargelink.com mtnspotlight.com mtnsyr.com mtnvoicemail.com mtnzakhele.tel mwstatic-game.mtnonline.com novafone.com.lr ptldynamic-game.mtnonline.com ptlstatic-game.mtnonline.com sharehub.co.ke wap-game.mtnonline.com wapstatic-game.mtnonline.com www.evod.co.za www.mtnbusiness.co.za yellomonitoring.ir https://github.com/kubernetes/ingress-gce https://github.com/kubernetes/ingress-nginx api-staging.gocardless.com Staging version of the Dashboard API. Please test the Sandbox deployment instead. api.gocardless.com Production version of the Merchant Dashboard API component. Please test the Sandbox deployment instead. brand.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Webflow". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report. connect.gocardless.com Production version of the Merchant Dashboard OpenID authentication component. gocardless-status.com, status.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Atlassian". learn.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "PayTo University". manage.gocardless-staging.io Staging version of the Merchant Dashboard application. Please test the Sandbox deployment instead. manage.gocardless.com Production version of the Merchant Dashboard application. oauth-staging.gocardless.com Staging version of the OAuth API. Please test the Sandbox deployment instead. oauth.gocardless.com Production version of the authentication component of the GC4X application. outgrow.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Outgrow". partnerportal.gocardless.com, gocardless.my.site.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Salesforce". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report. pay.gocardless.com Production version of the API used to process billing requests, related to the Merchant Dashboard application. privacy.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Transcend". qbo-api.gocardless.com This is an API endpoint for a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks". qbo.gocardless.com This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks". storybook.gocardless.io This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Storybook". support.gocardless.com This is our Zendesk instance. However, it is not under our control, and vulnerabilities should reported directly to Zendesk. If you think there is an issue that is caused specifically by our implementation of Zendesk that is not present in other instances, do let us know, and we can consider issuing a reward. xero-sandbox.gocardless.com GoCardless integration with Xero (GC4X). Users and permissions are managed through the Dashboard application (manage.gocardless). ReadOnly users cannot access GC4X; ReadWrite and Admin users have the same level of access on GC4X. xero-staging.gocardless.com Testing environment for the GoCardless integration with Xero. Frequently used by merchants for testing implementations. xero.gocardless.com Production version of the GoCardless integration with Xero. *.acordocerto.com.br preview.midigator.com This is a demo site hosting exclusively test data to preview the functionality of the production website. CounterAct 8.3 This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings! datapod-1-100-ingest.development.forescoutcloud.net * Expanded Datapod Host Range to 100 nodes ** Naming convention is datapod-[1-100]-ingest.development.forescoutcloud.net ** Example: datapod-1-ingest.development.forescoutcloud.net ** Example: datapod-10-ingest.development.forescoutcloud.net and so on. datapod-1-100-ingest.testing.forescoutcloud.net ** Naming convention is datapod-[1-100]-ingest.testing.forescoutcloud.net ** Example: datapod-1-ingest.testing.forescoutcloud.net ** Example: datapod-10-ingest.testing.forescoutcloud.net datapod-1-100-query.development.forescoutcloud.net ** Naming convention is datapod-[1-100]-query.development.forescoutcloud.net ** Example: datapod-1-query.development.forescoutcloud.net ** Example: datapod-10-query.development.forescoutcloud.net datapod-1-100-query.testing.forescoutcloud.net ** Naming convention is datapod-[1-100]-query.testing.forescoutcloud.net ** Example: datapod-1-ingest.query.forescoutcloud.net ** Example: datapod-10-ingest.query.forescoutcloud.net datapod-1-ingest.acceptance.forescoutcloud.net datapod-1-query.acceptance.forescoutcloud.net forescout.service-now.com mgmtpod-1-100-dashboard.development.forescoutcloud.net * Expanded Mgmtpod Host Range to 100 nodes ** Naming convention is mgmtpod-[1-100]-dashboard.development.forescoutcloud.net ** Example: mgmtpod-1-dashboard.development.forescoutcloud.net ** Example: mgmtpod-10-dashboard.development.forescoutcloud.net mgmtpod-1-100.development.forescoutcloud.net ** Naming convention is mgmtpod-[1-100].development.forescoutcloud.net ** Example: mgmtpod-1.development.forescoutcloud.net ** Example: mgmtpod-10.development.forescoutcloud.net *nvapis.line.me URLs that contain `nvapis.line.me` will be out of scope. Example: `dev-nvapis.line.me`, `kr-nvapis.line.me` etc DEMAE-CAN LINE BANK LINE FINANCIAL LINE Pay Please refrain from testing any functionality that is related to financial transactions. **This includes LINE Pay functionality within the LINE Application and Rabbit Pay for Thailand.** LINE TAXI LINEMAN Yahoo Japan https://entry.line.me/ livedoor prod-fido-fido2-server.line-apps.com This domain is a FIDO API endpoint for testing integrations. It has no user data and is purely for testing implementations. As such, it is out of scope for this program. *.sky.com.mx This is out of scope for submission. 12.0.1.28 accbusinesspricing.att.com attdashboard.wireless.att.com attpurchasing.com This is out of scope for submission attsuppliers.com authkeysmx01.att.com.mx c2m-projectone.att.com https://clec.att.com/clec/ prod-taxexempt.att.com projectone.att.com rcloud.social wf-projectone.att.com *solidus.io academy.datastax.com *Automated Scanning Prohibited* Sign ups are open, you may use any email address that can be verified to sign up for the academy. community.datastax.com https://*cla.datastax.com/ *.dev.dynatracelabs.com *.dynatrace.com This is our corporate website and it is out of scope of this program. EasyTrade demo application This is a demo application which helps you fill your testing environment with data. For more details please have a look at the "Useful tips" section of the policy or the [github repo](https://github.com/Dynatrace/easytrade) easyTravel demo application This is a demo application which helps you fill your testing environment with data. For more details please have a look at the "Useful tips" section of the policy or our [community page](https://community.dynatrace.com/t5/Start-with-Dynatrace/easyTravel-Documentation-and-Download/m-p/181271). https://github.com/Dynatrace-oss-contrib Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/). *.citymapper.com/ *.drivewithvia.com citymapper.com remix.com ridewithvia.com ridewithvia.okta.com status.coda.io *.criticalstack.com When creating accounts on this asset, please use the following information. If you need multiple accounts, please use {username}+1@wearehackerone.com etc. Email: {username}@wearehackerone.com First Name: Bug Bounty Last Name: Tester DOB: 7/27/1994 Phone Number: 123-456-7890 Business Name: Bug Bounty Program Address: 1680 Capital One Drive State: VA City: McLean Country: USA *.intelstack.com *.unitedincome.com 414607046 asos-idcheck.capitalone.co.uk 3rd Party Asset com.yinzcam.facilities.verizon idcheck.capitalone.co.uk jamfproqa.capitalone.com littlewoods-idcheck.capitalone.co.uk luma-idcheck.capitalone.co.uk ocean-idcheck.capitalone.co.uk postoffice-idcheck.capitalone.co.uk thinkmoney-idcheck.capitalone.co.uk travel-qa.capitalone.com travel.capitalone.com very-idcheck.capitalone.co.uk reddit.secure.force.com [Non-core asset] Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren\'t eligible for payout, but misconfigurations that are Reddit\'s responsibility are. *bc.earlywarning.com ccpa*.zellepay.com ccpa.zellepay.com demo.earlywarning.com docs.earlywarning.com flip0717.earlywarning.com toolkit.zellepay.com zellepay.earlywarning.com Out of scope per Salesforce policy *.email.instacart.com brand.instacart.com careers.instacart.com carrotstore.instacart.com corporate.instacart.com covidresponse.instacart.com design.instacart.com enterprise-status.instacart.com Third-party system - [Atlassian Statuspage](https://www.atlassian.com/software/statuspage) instacart.careers life.instacart.com news.instacart.com tech.instacart.com www.phpbb.com Please limit your reports to the phpBB git repository for now. developers.fortmatic.com Out of scope third-party hosted integration docs.fortmatic.com email.fortmatic.com static.fortmatic.com china.airasiago.com thailand.airasiago.com www.expediapartnersolutions.com api-portal.etoro.com etorox.com templates.etoro.com *.netlify.app Except for the in scope subdomains listed as in scope. *.netlify.com *.netlifycms.org answers.netlify.com docs.netlify.com https://github.com/netlify/ webpop.com This is an old asset and will be deprecated in the near future. www.netlify.com This is Netlify\'s marketing website. *.canada.fanduel.com *.fndl.dev appsflyer.com crashlytics.com help.creditkarma.com SalesForce owned-endpoint. Manual Testing only. No Automated Scanning. • No automated scanning on this endpoint. • Overnight hours only (10PM - 2AM PT) • Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from HackerOne and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga. https://www.creditkarma.com/all/advice https://www.creditkarma.com/article/* socialverification.creditkarma.com socialverification.stage.creditkarma.com taplytics.com tax.creditkarma.com taxsupport.creditkarma.com .*mercadolibre.* Redelcom Any other asset related to redelcom ajuda.kangu.com.br developersforum Any asset related to developersforum Including but not limited to: https://developersforum.mercadolibre.com.ar/ https://developersforum.mercadolibre.com.co/ https://developersforum.mercadolibre.cl/ https://developersforum.mercadolibre.com.mx/ https://developersforum.mercadolibre.com.ve/ Other urbancompany.com subdomains except for the ones in-scope Examples of out-of-scope subdomains include but not limited to: - careers.urbancompany.com - careers.urbanclap.com - blog.urbancompany.com - blog.urbanclap.com - sherlock.urbanclap.com - sherlock.urbancompany.com - ops.urbanclap.com - ops.urbancompany.com - configs.urbanclap.com - configs.urbancompany.com - jarvis.urbanclap.com - jarvis.urbancompany.com - pro.urbanclap.com - dev*.urbanclap.com - All staging and dev subdomains https://www.remitly.com/blog *.egadvertising.com *.hoteis.com *.hoteles.com events.nutanix.com frame.nutanix.com karbon.nutanix.com This domain and its sub-domains are out of scope. mops.nutanix.com next.nutanix.com webex.nutanix.com *.flickr.net amt.flickr.com appletv.flickr.com blog.flickr.com blogtest.flickr.com bluebird.flickr.com code.flickr.com csp.flickr.com flickrhelp.com Please don\'t research or file reports against our customer support features guce.flickr.com health.flickr.com help.flickr.com links.flickr.com This asset is used for emails and is out of scope. parkorbird.flickr.com stage.guce.flickr.com trunk.guce.flickr.com api.matomo.org forum.matomo.org Please don\'t post test posts on the forum. The forum is using discourse, so please report any security issues [on their bug bounty](https://hackerone.com/discourse) matomo.org Project website plugins.matomo.org The Matomo Marketplace Platform is excluded from this bug bounty shop.matomo.org *.capturis.com Submissions for noncredentialed access only. NISC does not issue credentials for its public vulnerability disclosure program. *.igear.coop *.nisc-mic.coop *.nisc.coop *.saitek-fr.com *.saitek.com *.saitekforum.com *.wilife.com Logitech Alert Cameras Logitech Alert cameras and the Commander software were EOL\'ed many years ago and are not in scope for submission. Squeezebox Products Squeezebox products were EOL\'ed many years ago and aren\'t eligible for submissions. *.phunware.com *.ritzcarltonyachtcollection.com We need to handle some internal ownership details until we can support this asset as part of our scope. Please do not test it. *moxymix*.marriott.com Any domains or infrastructure pertaining to Moxy Mix projects are OOS until further notice. Thanks for working with our policy changes! Not-Listed Assets ## Any asset *not* listed in-scope is *ineligible* for bounty and will be marked N/A Phoenix Platform apps.ritzcarlton.com element-hotels.marriott.com hotelexcellence.marriott.com luxurybrands.marriott.com marriott.tech marriottlearnourbrands.com meetings-excellence.marriott.com mi.bookmarriott.com milux.marriott.com springhillsuites.marriott.com towneplacesuites.marriott.com This is a vanity site vacations.marriott.com We do not own this site. www.github.com We do not own this domain but we wish to receive notice of repositories on here that may contain our data. www.travelagents.marriott.com learn.acronis.com Intercom Intercom is a 3rd party add-on and is not in scope. blog.chain.link chainlinklabs.com The asset chainlinklabs.com is out of scope for this program. create.smartcontract.com docs.chain.link github.com/smartcontractkit/chainlink/contracts/src/*/dev The contracts in the chainlink/contracts/src/*/dev directory are currently in development and not considered production-ready. github.com/smartcontractkit/chainlink/examples The Chainlink Examples directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development. https://github.com/smartcontractkit/chainlink/tree/master/core/internal The internal directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development. https://github.com/smartcontractkit/chainlink/tree/master/core/sgx The Chainlink SGX directory contains tools and private keys in order to test the Chainlink\'s SGX compatibility in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development. https://github.com/smartcontractkit/chainlink/tree/master/integration The Chainlink Integration directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development. https://github.com/smartcontractkit/chainlink/tree/master/tools The Chainlink Tools directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development. *.atlassian.net *.paypal.cn **Please submit all `https://www.paypal.cn/` reports to the associated bounty program:** - Paypal.vulbox.com braintree.com Please note braintree.com does not belong to PayPal, and as such is out of scope. com.paypal.here com.paypal.herehd www.gopay.com **Please submit all `Gopay` reports to:** cbswag.com This is a Shopify store, we recommend you submit any shopify bugs to their program: https://hackerone.com/shopify status.chaturbate.com This is a 3rd party site and therefore ineligible. support.chaturbate.com The support site is 3rd party and therefore not part of the bounty program. *.pixiv.co.jp factory.pixiv.net * This site is in Japanese. * This site uses pixiv account (signup at https://accounts.pixiv.net). *.affirm.com https://github.com/crypto-com/chain-desktop-wallet https://github.com/crypto-com/cro-staking https://github.com/crypto-com/swap-contracts-core https://github.com/crypto-com/swap-contracts-periphery com.goodrx.doctors iOS Download: https://itunes.apple.com/app/id1122105489 Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.doctors com.goodrx.gold iOS Download: https://itunes.apple.com/app/id1249717355 Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.gold Gold workflow and features are being migrated into the primary GoodRx consumer app. Bounties for the Gold application must be replicated within the core GoodRx application to qualify for a bounty. investors.goodrx.com This subdomain is not managed by GoodRx. sso.identity.goodrx.com This sub-domain is manged by Auth0. Bugs hosted on this domain would be covered by Auth0\'s bug bounty program and not GoodRx\'s. support.goodrx.com This subdomain is managed by Zendesk. Any issues on this page would be covered by Zendesk\'s bug bounty program. admin.pingone.com api.pingone.com authenticator.pingone.com console.pingone.com desktop.pingone.com https://*.pingidentity.com https://*.pingidentity.io https://*.pingidentity.net https://developer.pingidentity.com/* test-desktop.pingone.com test-sso.connect.pingidentity.com uploads-staging.pingone.com uploads.pingone.com *.betfair.com.au Betfair Australia is not part of Flutter UK&I division *.email.skybet.com This domain is out of scope. *.s6.sbgservices.com *.sbagmail.skybettingandgaming.com *.sbg.life *.sbga.me *.sbgcolab.com *.sbgdataintl.com *.sbggraduates.com *.sbgmail.skybettingandgaming.com *.sbgpeople.com *.sbpartner.it *.skybet-it.info *.skybet.de *.skybet.it *.skybetcareers.com *.skybetchiusuraconto.it *.skybetgraduates.com *.skybetpartner.de *.skybettingandgamingresearch.com *.skybusinessemail.com This domain is not is not owned or managed by Flutter UK&I division *.technology.skybettingandgaming.com *.us.betfair.com Betfair US is not part of the Flutter UK&I division affiliatehub.skybet.com community.betfair.com This domain is temporarily out of scope. community.skypoker.com community.staging.skypoker.com email1.skybet.com online.*.skybingo.com https://online.<x>.skybingo.com/<y> is just a proxy to https://<x>.virtuefusion.com/<y> which is a third party website not owned or operated by Flutter UK&I, and as such we can neither give your permission to test it, not is it ieligable for bounty payments. Findings for this domain should be forwarded to www.playtech.com partners.skybet.com sbagmail.skybettingandgaming.com skymail.sky.com skyrgs.blueprintgaming.com support.developer.betfair.com technology.skybettingandgaming.com www.betfair.com.co Betfair Colombia is not part of the Flutter UK&I division *.iovlabs.org IOV Labs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. *.rif.technology RIF websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. *.rifos.org RIF OS websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. *.rootstock.io Rootstock websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. *.rootstocklabs.com Rootstocklabs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. *.rsk.co RSK websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope. academy.bitmex.com The academy subdomain and its subdomains are deprecated and therefore out of scope. affiliates.bitmex.com bitmex-org.freshworks.com bitmex.freshdesk.com blog.bitmex.com public-testnet.bitmex.com public.bitmex.com research.bitmex.com status.bitmex.com support.bitmex.com **Do not use automated tools on support.bitmex.com.** *.azuredatabricks.net *.cloud.databricks.com Other subdomains of *.azuredatabricks.net and other ‘o’ parameters feedback.databricks.com forums.databricks.com go.databricks.com https://databricks-prod-cloudfront.cloud.databricks.com/public/* blog.thecoalition.com Coalition\'s blog is hosted by Ghost. Security bugs in Ghost may be reported per https://github.com/TryGhost/Ghost/blob/master/SECURITY.md help.thecoalition.com Coalition\'s help site is hosted by Intercom. Security bugs in Intercom may be reported directly to the vendor. www.thecoalition.com Coalition\'s www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider. *.elasticsearch.cn This domain is not affiliated with Elastic. buy.elastic.co community.elastic.co discuss.elastic.co elasticon.elastic.co go.es.co https://github.com/elastic/*/wiki Our wikis are public on purpose https://github.com/swiftype/*/wiki Our wikis are meant to be public info.elastic.co jobs.elastic.co learn.elastic.co link.email.elastic.co partners.elastic.co sendgrid.elastic.co track.email.elastic.co training.elastic.co wiki.elastic.co *.clientevents.gs.com *.communicatie.vennhypotheken.nl *.events.gs.com Any similar events pages are also all out of scope. These are all usually hosted by a vendor and as such we can\'t authorize testing on these assets. Please check in with us at bugbounty@gs.com when in doubt about an asset being in scope *.overrules.vennhypotheken.nl *.rocaton.com,secure.rocaton.com www.rocaton.com is in scope, but other subdomains are not. *.scripts.vennhypotheken.nl *.subscriptions.gs.com 10ksbv.eo.gs.com 18098.nextcapital.com All .cn domains Please note that all GS assets with .cn domains are Out of scope billpay.goldman.com blackinbusiness.gs.com deb.nextcapital.com email.nextcapital.com gset.gs.com gsg-uk.goldman.com Do not pentest gsg.goldman.com gspf.goldman.com npm-new.nextcapital.com npm.nextcapital.com qa-billpay.goldman.com repo.nextcapital.com rubygems.nextcapital.com Personal email Please do not report issues concerning my personal email addresses unless the severity is very high. Personal machine edoverflow.keybase.pub https://keybase.io/edoverflow https://keybase.pub/edoverflow/ https://twitter.com/edoverflow Yoti liveness detection campaign developers.yoti.com Please DO NOT test this domain - it is a third party hosted documentation site for developers, and not of concern to us. The third-party service DO NOT want this site tested. Thank you! www.yoti.com Please DO NOT report items from this website, unless you deem them to be critical in nature. WPSCAN findings will not be accepted. list.valvesoftware.com This site is run by a 3rd party. translation.steampowered.com valvestore.forfansbyfans.com,store.valvesoftware.com www.steamgames.com Pending cleanup from engineering. www.steampowered.com This subdomain is out of scope pending code cleanup *.bandcamp.com Bandcamp is no longer affiliated with Epic Games. *.bcbits.com *.jellychat.com *.popjam.com *.rukkaz.com Only Critical submissions are accepted *.superawesome.com *.superawesome.tv *.superbeatsports.com Adobe Flash related submissions FortniteClient-Mac-Shipping.app Popjam Android application Rukkaz Android application admin-dev.harmonixmusic.com admin.harmonixmusic.com answers.unrealengine.com This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical. Examples of severe findings: - Personal Data Exposure - Data Integrity Issues - RCE app.playwonderbox.com artportal.epicgames.com audica-live-admin.hmxwebservices.com audica-prod-admin.hmxwebservices.com audica-prod-api.hmxwebservices.com autodiscover.harmonixmusic.com azure-int-proxy.hmxservices.com communities.unrealengine.com This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical. * Personal Data Exposure * Data Integrity Issues * RCE communityportal.epicgames.com confluence.harmonixmusic.com damascushelp.epicgames.com dcvr-live-admin.hmxwebservices.com dcvr-prod-admin.hmxwebservices.com detroitlabs.epicgames.com docs.superawesome.tv docs.unrealengine.com dropmix-dev-admin.hmxwebservices.com dropmix-prod-admin.hmxwebservices.com eoshelp.epicgames.com epicsupport.force.com epicswag.com facebook.aquiris.com.br forums.unrealengine.com fuser-admin-dev-external.hmxservices.com fuser-admin-live-external.hmxservices.com http://brand.epicgames.com http://superawesome.com/contact-us/ Contact form will be considered out of scope hype-dev-admin.hmxwebservices.com isitbandcampfriday.com issues.unrealengine.com jira.harmonixmusic.com learn.unrealengine.com locustus.harmonixmusic.com login.epicgames.com This is explicitly out of scope. logstash-shipper-azure.hmxservices.com looneytuneswom.com maestro.io mail.harmonixmusic.com marketplacehelp.epicgames.com mediaspace.unrealengine.com merch.fortnite.com mithrilhelp.epicgames.com mon.hmxservices.com msoid.harmonixmusic.com msoid.hmxservices.com news.capturingreality.com public-web-swarm-cluster.hmxservices.com rb4-admin.hmxservices.com rb4ca-prod-admin.hmxwebservices.com rb4ca-staging-admin.hmxwebservices.com senior.aquiris.com.br skookum.chat sompmgr-admin.hmxservices.com sompmgr-dev-proxy-aws.hmxservices.com sompmgr-dev-proxy-azure.hmxservices.com sompmgr-dev.hmxservices.com sompmgr-frontend.hmxservices.com sompmgr-int-dev.hmxservices.com sompmgr-int.hmxservices.com sompmgr-proxy-ext-dev.hmxservices.com sompmgr-proxy-ext.hmxservices.com sompmgr-proxy-int-dev.hmxservices.com sompmgr-proxy-int.hmxservices.com sompmgr.hmxservices.com songsdb.harmonixmusic.com stadiahelp.epicgames.com support.capturingreality.com support.harmonixmusic.com swarm-monitoring-node-01.hmxservices.com swarm.harmonixmusic.com tableau.harmonixmusic.com teamcity-external.harmonixmusic.com teamcity.hmxservices.com twinmotionhelp.epicgames.com udn.unrealengine.com vimeo.aquiris.com.br watch.fortnite.com web-admin.harmonixmusic.com webinars.unrealengine.com www-api.hmxservices.com So-net (Sony Network Communications Inc.) So-net is a Japanese internet service provider, operated by Sony Network Communications Inc., a wholly owned subsidiary of Sony. IPs and website domains that utilize So-net are Out-of-scope if the website domains owned, operated, or controlled also not directly owned by Sony. estore.malwarebytes.com This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty. However, valid reports will still be addressed and reputation will possibly be awarded. pages.malwarebytes.com store.malwarebytes.com view.malwarebytes.com Grammarly Editor for MacOS [Download link](https://download-editor.grammarly.com/osx/Grammarly.dmg): Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting. Grammarly Editor for Windows [Download link](https://download-editor.grammarly.com/windows/GrammarlySetup.exe) Grammarly for Developers Text Editor SDK [Text editor SDK](https://developer.grammarly.com/) allows application developers to enhance their apps with writing assistant from Grammarly. - [Developer Documentation](https://developer.grammarly.com/docs/) - [Getting Started](https://developer.grammarly.com/docs/quick-start) - [Developer Console](https://developer.grammarly.com/apps) [NPM packages](https://developer.grammarly.com/docs/api/): - [@grammarly/editor-sdk](https://developer.grammarly.com/docs/api/editor-sdk/) - [@grammarly/editor-sdk-react](https://developer.grammarly.com/docs/api/editor-sdk-react/) - [@grammarly/editor-sdk-vue](https://developer.grammarly.com/docs/api/editor-sdk-vue/) Notable features: - **[Connected Accounts](https://developer.grammarly.com/docs/connected-accounts)** - **[Trusted Authentication](https://developer.grammarly.com/docs/trusted-authentication)** Grammarly for Developers and the Text Editor SDK were discontinued on January 10, 2024. The SDK will no longer work in applications. Third party external services - `send.grammarly.com` - `calendar.grammarly.com` - `support.grammarly.com` - `status.grammarly.com` - `brand.grammarly.com` - `partners.grammarly.com` Any submissions on these domains and their subdomains are out of scope for bounty. chat.hyperledger.org https://github.com/hyperledger/blockchain-explorer https://github.com/hyperledger/cello https://github.com/hyperledger/cello-analytics https://github.com/hyperledger/cello-k8s-operator https://github.com/hyperledger/composer https://github.com/hyperledger/composer-atom-plugin https://github.com/hyperledger/composer-sample-applications https://github.com/hyperledger/composer-sample-networks https://github.com/hyperledger/composer-tools https://github.com/hyperledger/composer-vscode-plugin https://github.com/hyperledger/education https://github.com/hyperledger/fabric-docs https://github.com/hyperledger/fabric-docs-i18n https://github.com/hyperledger/fabric-rfcs https://github.com/hyperledger/fabric-test https://github.com/hyperledger/fabric-test-resources https://github.com/hyperledger/hyperledger https://github.com/hyperledger/hyperledger.github.io https://github.com/hyperledger/hyperledgerwp https://github.com/hyperledger/indy-anoncreds https://github.com/hyperledger/indy-crypto https://github.com/hyperledger/indy-node https://github.com/hyperledger/indy-plenum https://github.com/hyperledger/indy-sdk https://github.com/hyperledger/iroha https://github.com/hyperledger/iroha-android https://github.com/hyperledger/iroha-api https://github.com/hyperledger/iroha-dotnet https://github.com/hyperledger/iroha-ios https://github.com/hyperledger/iroha-javascript https://github.com/hyperledger/iroha-network-tools https://github.com/hyperledger/iroha-python https://github.com/hyperledger/iroha-scala https://github.com/hyperledger/sawtooth-core https://github.com/hyperledger/slack-archive identity.linuxfoundation.org jira.hyperledger.org lists.hyperledger.org www.hyperledger.org www.linuxfoundation.org *.teston.io *.usertesting.com help.usertesting.com http://www.usertesting.com/blog https://apps.apple.com/us/app/usertesting/id1485452102 https://chrome.google.com/webstore/detail/usertestingcom-screen-rec/onlhphabpmijgblopkcjmphbbmeliagn https://play.google.com/store/apps/details?id=com.usertesting.recorder.krsna qa.usertesting.com 1660741163 blog.bumble.com com.sgiggle.Mango com.studio.projects.zodia heyfiesta.com honey.bumble.com shop.bumble.com thebeehive.bumble.com zodia.studio Findaway Findaway was acquired by Spotify in June 2022. No Findaway assets are currently in scope. Including: ``` findawayvoices.com findaway.com findawayworld.com Preact Preact was acquired by Spotify in 2016. preact.io is no longer owned by Spotify and is out of scope for this program Soundtrap Soundtrap was acquired by Spotify in 2017. Soundtrap is no longer owned by Spotify and is out of scope for this program. The Ringer The Ringer was acquired by Spotify in February 2020 but has not been onboarded to its Bug Bounty Program. ~~~ 99music.theringer.com besttv.theringer.com fantasyfootball.theringer.com fastfood.theringer.com heists.theringer.com inflight.theringer.com nbadraft.theringer.com nfldraft.theringer.com superheroes.theringer.com theringer.com thrones.theringer.com tradevalue.theringer.com com.soundtrap.studioapp Soundtrap https://itunes.apple.com/us/app/soundtrap/id991031323 Soundtrap - Make Music Online https://play.google.com/store/apps/details?id=com.soundtrap.studioapp everynoise.com example.com *.dynsystem.kr *central.dyson.com *dyson-demo.com 30secondbleeps.com aio.shop.china-dyson.com api.q.dyson.cn auth.dysonrecall.com bounce.dyson* Asset out of scope as it is pending internal review. careers.dyson.com central-test.dyson.com centraltest.dyson.com comm.dyson* This also includes: * comms.* community.dyson.com dysontherapie.fr fsc.dyson.com jamesdysonfoundation.* jobs.dyson.com m.shop.dyson.cn mail.register-dyson.co.kr on.dyson.co.uk q.dyson.cn register-dyson.co.kr reviews.dyson* sakti3.com shop.dyson.co.kr shop.dyson.ru sm2.dyson.com sm3.dyson.com svn.dyson.com test.oepay.dyson.cn view.dyson.com www.dyson.ovh github.com The GitHub wiki is intentionally open to public. hg.weblate.org This site has intentional setup this way to allow mercurial client to clone the repository. help.lyst.com *._domainkey.kiwi.com Out of scope, 3rd party assets that are under our domains. *.coupons.kiwi.com Managed by third party. *_domainkey.skypicker.com Out of scope: 3rd party asset that is linked under our domain. *cars.kiwi.com **3rd-party target** - Operated by [rentalcars.com](https://rentalcars.com). *citi-sign.kiwi.com *code.kiwi.com **3rd-party target** - Hosted on [medium.com](https://medium.com) (see [this help page](https://help.medium.com/hc/en-us/articles/213481308-Bug-Bounty-Disclosure-Program)). *experiences.kiwi.com Out of scope, managed by a third party. *learn.kiwi.com **3rd-party target** - Operated by [northpass.com](https://www.northpass.com). *ov.kiwi.com *parking.kiwi.com **3rd-party target** - Operated by [travelcar.com](https://travelcar.com). *sg.kiwi.com email*kiwi.com email*skypicker.com kiwistore.kiwi.com Out of scope, 3rd party asset hosted under our domain. link.kiwi.com mail.skypicker.com nyrujhhu3yuk.nest.skypicker.com outbound.intercom.kiwi.com packages.kiwi.com retool.skypicker.com **3rd-party target** - Operated by [retool.com](https://retool.com). Please contact retool directly on security@retool.com. rooms.kiwi.com **3rd-party target** - Operated by [booking.com](https://booking.com) (see https://hackerone.com/bookingcom). status.kiwi.com **3rd-party target** - Hosted on [statuspage.io](https://statuspage.io) (see https://bugcrowd.com/statuspage). vacation.kiwi.com 3rd party, out of scope. assets.enjin.io This asset is out-of-scope as a third-party service is responsible for the running and maintenance of this website. cdn.enjin.io cdn.nft.io docs.enjin.io This asset is out-of-scope as a third-party service (ReadMe) is responsible for the running and maintenance of this website. enj.in enjin.io This asset is out-of-scope as a third-party service (Webflow) is responsible for the running and maintenance of this website. faucet.canary.enjin.io The Canary Faucet can be used to acquire cENJ that is used for testing on the Canary Blockchain. support.enjin.io This asset is out-of-scope. Testing on this asset is strictly prohibited. support.nft.io Nintendo 3DS System Nintendo 3DS applications for which Nintendo is the publisher worldwide advocates.semrush.com email.semrush.com com.linkbubble.playstore LinkBubble is no longer in scope https://github.com/brave/brave-ios https://github.com/brave/browser-ios https://github.com/brave/browser-laptop Brave has moved from the Muon-based `browser-laptop` codebase to a Chromium-based `brave-browser` codebase. Muon-based Brave is no longer available for download from <brave.com> and everyone will be migrated to the Chromium-based Brave in a few weeks. https://github.com/brave/link-bubble https://github.com/brave/muon Since Brave is moving from Muon to Chromium, we will no longer be maintaining the Muon codebase. *.portswigger.net Subdomains of portswigger.net that are not explicitly whitelisted are out of scope. *.web-security-academy.net The Academy contains numerous intentional vulnerabilities, and is completely isolated from our other infrastructure. blog.rubygems.org gem server command `gem server` command has been deprecated since rubygems [3.2.0](https://github.com/rubygems/rubygems/blob/master/CHANGELOG.md#320--2020-12-07) guide.rubygems.org help.rubygems.org http://rubygems.org/names https://s3-us-west-2.amazonaws.com/rubygems-dumps These database dumps are deliberately public. stats.rubygems.org status.rubygems.org support.rubygems.org uptime.rubygems.org developers.files.com https://developers.files.com/ is a documentation site and is out of scope for the bounty program. mail.files.com mail.files.com is an old domain and is out of scope for this program status.files.com https://status.files.com/ is a status site hosted by StatusPage and is out of scope for this bounty program. bamboo.scopely.io confluence.scopely.io jira.scopely.io scopely.okta.com *.wordpress.com All WordPress.com vulnerabilities should be reported to [Automattic\'s HackerOne program](https://hackerone.com/automattic). **WordPress.com vulnerabilities reported here will be marked as `Not Applicable`.** 335703880 **Please, report vulnerabilities for the WordPress mobile apps through the [Automattic HackerOne page](/automattic).** Archived GitHub repositories Archived code repositories (e.g. in GitHub) are out of scope, unless you have verified that code from it is imported and actively being used. Digital Ocean, AWS, etc Unless otherwise noted, we own and operate dedicated servers, rather than using services like AWS, Digital Ocean, etc. Third-parties frequently create S3 buckets, droplets, etc that have security issues, and have "WordPress" in the name. These are not ours, and reports about them will be closed as `Not Applicable`. https://github.com/wordpress-mobile/ org.wordpress.android status.wordpress.org,glotpress.blog,wordpress.tv These are hosted on WordPress.com and we don\'t have access to modify the code, servers, etc. Check [Automattic\'s HackerOne program](https://hackerone.com/automattic) for details on reporting vulnerabilities with WordPress.com sites. *.gocd.org Please do not raise issues regarding docs.gocd.org, www.gocd.org etc. cloud.nextcloud.com [https://cloud.nextcloud.com](https://cloud.nextcloud.com "https://cloud.nextcloud.com") is our internal production Nextcloud instance. Please limit testing to your own testing instances. conf.nextcloud.com This is a legacy system now redirecting to our [eventyay page](https://eventyay.com/e/de88e486/). Please report issues within eventyay directly to [the responsible contacts](https://eventyay.com/imprint/). demo.nextcloud.com [https://demo.nextcloud.com](https://demo.nextcloud.com "https://demo.nextcloud.com") is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting. drone.nextcloud.com Our Drone server contains no sensitive data and we would ask you to not test against our development environments. If you discover a security issue in Drone please report this to [https://github.com/drone/drone](https://github.com/drone/drone "https://github.com/drone/drone") instead. https://nextcloud.atlassian.net/jira/dashboard ⛔ Please note that the JIRA instance running at https://nextcloud.atlassian.net/jira/dashboard is not ours. It is not operated on our infrastructure, we do not own/host the domain nor are we in any way related to the JIRA instance. 🔒 Any reports regarding this will be closed as N/A! sentry.nextcloud.com We would ask you to not test against our development environments. If you discover a security issue in Sentry please report this to https://sentry.io/security/ instead. try.nextcloud.com https://try.nextcloud.com is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting. *.ruby-lang.org anomotion.com any-invalid-domains.rockstargames.com Any subdomain that does NOT contain its own valid content and instead redirects to \'rockstargames.com/?domain-check-failed\', UNLESS you can demonstrate an impact to a valid domain or subdomain. bomgar.rockstargames.com This subdomain is ineligible for bounty at this time. emailcontent.rockstargames.com We do not have direct control over this subdomain and will not be accepting submissions for it. faspex.rockstargames.com lifeinvader.com *.github.io Individual sites which are hosted on GitHub Pages are out-of-scope. Atom [https://atom.io](https://atom.io "https://atom.io") Electron Electron vulnerabilities which do not directly affect GitHub Desktop are out-of-scope and should be [reported](https://electronjs.org/community) to the Electron developers. GitHub Classroom Assistant The [GitHub Classroom Assistant application](https://classroom.github.com/assistant) is currently out-of-scope. blog.github.com The GitHub Blog is not in-scope and ineligible for rewards. community.github.com The GitHub Community forum is not in-scope and ineligible for rewards. enterprise.github.com `enterprise.github.com` is commonly confused with the [GitHub Enterprise Server product](https://github.com/enterprise) which is an on-premise instance of GitHub. git.io The [git.io](https://git.io) URL shortener is out-of-scope. github.blog [github.blog](https://github.blog) is out-of-scope. http://education.github.com/forum The [GitHub Education Community forum](https://education.github.com/forum) is not in-scope and ineligible for rewards. shop.github.com The GitHub Shop is not in-scope and ineligible for rewards. spectrum.chat [Spectrum](https://spectrum.chat) is currently out-of-scope. help.wealthsimple.com support.wealthsimple.com tldr-archive.wealthsimple.com work.wealthsimple.com *.ali.zomans.com *.bstro.io *.zomatoportugal.com blog.zomato.com business-blog.zomato.com com.application.zomato.ordering community.zomato.com dev.hyperpure.com devapi.hyperpure.com devpod.hyperpure.com http://*.blinkit.support send.zomato.com staging*.runnr.in Please don\'t test on staging/dev instances. Instead, we have created a dedicated environment `bugbounty.runnr.in` which is a replica of the same for testing. success.zomato.com www.zomatobook.com *.binary.* We will only accept reports for the **.com** TLD, all other TLDs like **.sx**, **.me** etc. will be marked out of scope. Any 3rd party managed domain besquare.deriv.com com.binary.ticktrade https://ticktrade.binary.com/download/ticktrade-app.apk community.deriv.com deriv.slack.com http://admin.binary.com http://community.deriv.com https://deriv.atlassian.net/servicedesk/customer/user/signup The asset is not owned by Deriv Ltd trade.mql5.com tradingview.deriv.com guide.glassdoor.com Note: This site is hosted on Wix. Unless you are able to show direct impact to Glassdoor via a Wix related vulnerability, we will be treating this out of scope. AppsFlyer Subdomains The following assets are managed by AppsFlyer and are considered out of scope: * party.tinder.com * open.tinder.com * matchmaker.tinder.com * invite.tinder.com * click.tinder.com console.gotinder.com This asset is not owned by us. dig console.gotinder.com ... CNAME app6.creatoriq.com. go.tinder.com `go.tinder.com` is an asset belonging to Branch.io. - You can submit reports directly to Branch here: https://branch.io/security/ gotinder.imgix.net www.help.tinder.com `www.help.tinder.com` is an asset belonging to Zendesk - You can submit reports directly to Zendesk here: https://hackerone.com/zendesk *.bitlove.co For an issue to be classified as \'Low severity\', it must be very significant and have risk implications that affects users across our primary domains Requests to our ad endpoints (on any server): `/ads/serve`, `/ads/application_serve*`, and `/ads/click/*` bitlove.co co.bitlove.opensource.FetLife com.bitlove.fetlife Open-source FetLife Android App (https://github.com/fetlife/android) fetlifemail.com fetlifestatus.com mail.fetlife.com n2.fetlife.com CNAME to 3rd Party email Vendor status.fetlife.com *.qms.grab.com www.revive-adserver.com about.udemy.com affiliates.udemy.com blog.udemy.com business.udemy.com coding-exercises.udemy.com Powered by GitBook, a third-party vendor community.udemy.com copyright.udemy.com design.udemy.com government.udemy.com helpdesk.udemy.com keeplearning.udemy.com legalteam.udemy.com mi.udemy.com people-innovators.udemy.com research.udemy.com support.udemy.com teach.udemy.com theupskillingimperative.com translate.udemy.com ufbsupport.udemy.com affiliates.kayak.com https://*.kayakairplanemode.com kayak.com/guides/* Anything related to /guides/ on any domain is ineligible for submission since this feature will be removed soon. kayak.com/hotelowner/* Including local versions kayak.com/moira/ehoe/* including local versions klassereise.checkfelix.com *.basecamphq.com Basecamp Classic *.highrisehq.com Highrise basecamp.com Basecamp 2 *.email.shopify.com Operated by a third party. Other academy.shopify.com cdn.shopify.com Shopify allows merchants to upload any file they want on our content delivery network. Being able to upload a file is not a vulnerability, this is the intended functionality. community.shopify.com community.shopify.com is a third party service and not in scope of our bug bounty program. Please do not test this subdomain. community.shopify.dev community.shopify.dev is a third party service and not in scope of our bug bounty program. Please do not test this subdomain. investors.shopify.com livechat.shopify.com Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed. supplier-portal.shopifycloud.com Includes invoices.shopify.io, factures.shopify.io, invoices.shopify.cn, invoices.shopify.de, invoices.shopify.fr, invoices.shopify.jp Submissions on out-of-scope assets listed below will be closed as N/A - `status.mapbox.com` - please instead report to the [StatusPage.io bug bounty program](https://bugcrowd.com/statuspage) - `email.mapbox.com` - [Mapbox Studio Classic](https://docs.mapbox.com/help/glossary/mapbox-studio-classic/) - [Tilemill](https://www.mapbox.com/tilemill/) - [Legacy iOS SDK](https://github.com/mapbox/mapbox-ios-sdk-legacy) - [Legacy Android SDK](https://github.com/mapbox/mapbox-android-sdk-legacy) - [decrypt-kms-env](https://github.com/mapbox/decrypt-kms-env) - not actively maintained - [tilelive](https://github.com/mapbox/tilelive) - not actively maintained - [osm-navigation-map](https://github.com/mapbox/osm-navigation-map)(deprecated) geojson.io Geojson.io is considered deprecated and no longer maintained. The original developer has forked the code and maintains <https://geojson.net> . As such, Mapbox considers <https://geojson.io> to be out of scope for our security program. admin.demo.urbandoor.com demo.urbandoor.com luckey.app luckey.fr luckey.in luckey.partners luckeyhomes.com provider.demo.urbandoor.com business.booking.com/ *.business.booking.com is out of scope until further notice. reports submitted prior to 06/11/2024 will still be accepted desk-demo-api.fareharbor.engineering desk-demo.fareharbor.engineering https://fareharbor.com/demo/ https://secure.booking.com/companyjoin.html https://secure.booking.com/enterprise/signon.en-gb.html https://ugcupload.booking.com/upload_bbtool_company_logo https://www.booking.com/bbm.html jobs.booking.com partnerfeedback.booking.com recruitmentsurveys.booking.com secure.booking.com/company/* secure.booking.com/orgnode/* spadmin.booking.com/ www.booking.com/bbmanage/* www.booking.com/bbmanage/data/* Airtable Windows app The Airtable Windows app is available for download at: https://staging.airtable.com/downloads Airtable macOS app The Airtable macOS app is available for download at: https://staging.airtable.com/downloads airtable.com This is production environment. All testing should be performed against staging.airtable.com. blog.airtable.com com.FormaGrid.Hyperbase Airtable\'s iOS is not in-scope for bounties. com.formagrid.airtable community.airtable.com dl.airtable.com dl.getforma.com guide.airtable.com support.airtable.com Magento 1 Enterprise (Commerce) and Community (Open Source) Editions Support for Magento 1 software ended on June 30, 2020, and it is no longer eligible for bounty. *.formassembly.com *.tfaforms.com *.tfaforms.net *.veerwest.com blog.blockchain.com email-clicks.blockchain.com institutional.blockchain.com partners.blockchain.com support.blockchain.com track.blockchain.com why.blockchain.com *.go.ubnt.com AirControl UniFi Talk Conference Speaker - UT-Conference UniFi Video UniFi Video Cloud UniFi Video Server UniFi Voip com.ubnt.mpower com.ubnt.unifi.edu com.ubnt.unifivideo forum-es.ui.com forum-pt.ui.com mFi security.community.ui.com Spectacles Spectacles charging case dev.playcanv.as http://dev*.playcanvas.com returns.spectacles.com returns.spectacles.com application is owned and managed by Netsuite. Please consider reporting vulnerabilities directly to them. support.snapchat.com Static support website *.roomvaluesteam.com Everything under roomvaluesteam.com is current not in scope. Please do not test anything in or under this domain. *.testaroom.cloud Everything under testaroom.cloud is current not in scope. Please do not test anything in or under this domain. *.testaroom.com Everything under testaroom.com is current not in scope. Please do not test anything in or under this domain. 1psb.priceline.com ace-qa.corp.priceline.com api-gnae1-poc.priceline.com api-guse4-poc.priceline.com availability.getaroom.com booking.priceline.com breadcrumb.getaroom.com careers.priceline.com customerservice-ccp.priceline.com dashboard.corp.priceline.com dev.customerservice-ccp.priceline.com dev.sales-ccp.priceline.com employeedeals.flightdeals.priceline.com experiences.priceline.com extranet.getaroom.com google.corp.priceline.com groupdeals.priceline.com guse4-rc-qa.priceline.com help.corp.priceline.com ids-dev.priceline.com ids-too.priceline.com img1.priceline.com itsupport.corp.priceline.com jira.corp.priceline.com links.deals.priceline.com localdealsemail.priceline.com mail.corp.priceline.com offers.priceline.com qaa.booking.priceline.com remotecontrol.corp.priceline.com stockroom.production.getaroom.com supply.getaroom.com tools-qaa.corp.priceline.com tools.corp.priceline.com url5932.travel.priceline.com weatherstatus.priceline.com www.airportrentalcars.com Airportrentalcars.com is current *not* in scope. Please do not test it. www.priceline.com/vp-web/* Path www.priceline.com/vp-web/* will be decommissioned soon so it is not eligible for bounty *.ubercarshare.com *.uberscoot.us This asset is not eligible for Uber bounty programs. *.ubertransit.io Fraud Reports Fraud reports are out of scope and ineligible for bounties. This includes reports detailing the ability to take free rides and evade payment. bizblog.uber.com drive.uber.com eng.uber.com et.uber.com https://assets.uber.com https://brand.uber.com love.uber.com newsroom.uber.com people.uber.com uber.com.cn Any asset under *.uber.com.cn is not eligible for Uber bounty programs. This and any other asset related to Uber in China belongs to Didi Chuxing. uber.onelogin.com blog.yelp.com cloud.e.yelp-business.com This is a product provided by Salesforce. Please report bugs to the Salesforce Security Team https://www.salesforce.com/company/disclosure/ engineeringblog.yelp.com www.yelp-ir.com yelp-press.com yelp.careers *.boost.livestream.com,boost.livestream.com This is a 3rd party (AMP.LIVE). *.cdn.magisto.com This domain is out-of-scope for testing and bounty effective 6/26/2020 11:30 EDT *.dev.magisto.com *.email.vimeo.com *.test.magisto.com *.wibbitz.com Do not perform any testing on these assets. *.wirewax.app *.wirewax.com 935740658 The base VHX app is no longer in scope as of 3/15/2019. Please test on branded apps. All No MS versions will be accepted. Any previously owned/sold hardware The hardware side of Livestream has been sold to a non-Vimeo company. Even though we have integrations with much of it still, we can not take reports for it. applause2.magisto.com delta.magisto.com epsilon.magisto.com eta.magisto.com gamma.magisto.com help.livestream.com This is Zendesk, 3rd party. http://www.magisto.com/blog int001.vimeo.magisto.com int002.vimeo.magisto.com int003.vimeo.magisto.com int004.vimeo.magisto.com int005vimeo.magisto.com livestream.com/blog, *.livestream.com/blog, blog.livestream.com WPEngine requires a different contract if you include it on a bug bounty program livestreamapis.com omega.magisto.com publishing-api.livestream.com Even though its a Livestream name, and goes to Livestream Fastly, the backend is a 3rd party vendor. s3://static.intercast-livestream.com Its a 3rd party owned bucket, AMP.LIVE, publicly available. The content in there is made to be publicly available. status.livestream.com store.livestream.com This is 3rd party/Shopify. tv.vhx This is out of scope effective 3/15/2019. Please use branded apps for testing. vimeo.atlassian.net Although it has the name VIMEO, this is not our instance. community.greenhouse.io resources.greenhouse.io store.greenhouse.io *.gitlab.cn `gitlab.cn` and the JiHu-specific GitLab distribution which are property of GitLab Information Technology (Hubei) Co., Ltd. (JiHu), security issues in those products should be reported to `security@gitlab.cn` *.runway.gitlab.net *.service-now.com alerts.gitlab.com aptly.gitlab.com dashboards.gitlab.com federal-support.gitlab.com forum.gitlab.com gitlab.biterg.io This is a third-party website that aggregates public data from GitLab.com. It is out of scope and the data hosted there is not meant to be confidential. https://contributors.gitlab.com/ redirects to this website. gitlabdemo.cloud gitlabsandbox.net gitlabtraining.cloud https://gitlab.com/gitlab-org/cli/ This is a community project that is [now officially maintained by GitLab](https://about.gitlab.com/blog/2022/12/07/introducing-the-gitlab-cli/). It will be in scope at a later time but it is not ready yet. https://gitlab.com/gitlab-org/opstrace/opstrace-ui ir.gitlab.com levelup.gitlab.com packages.gitlab.com partners.gitlab.com shop.gitlab.com status.gitlab.com support.gitlab.com translate.gitlab.com us-federal-gitlab.com status.twitter.com This is hosted by a third party, status.io. iandunn.name 172.65.0.0/16 These are customer applications protected by Cloudflare Spectrum, hence out of scope community.cloudflare.com events.www.cloudflare.com support.cloudflare.com This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @Zendesk support.cloudflarewarp.com This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @zendesk. *.crowdsignal.net This cookieless domain contains user generated content. While we might decide to fix XSS issues, reports for this domain will not be eligible for a bounty. *.poll.fm *.survey.fm *.txmblr.com */xmlrpc.php The sole presence of `xmlrpc.php` in `wordpress.com` and all the domains hosted under our platform doesn\'t constitute a vulnerability. If you report an issue related to this file, please make sure to provide a working proof of concept that clearly shows the impact. afterthedeadline.com,*.afterthedeadline.com atavist.com happy.tools learnboost.com,*.learnboost.com polishmywriting.com,*.polishmywriting.com scrollkit.com,*.scrollkit.com try.pressable.com This is only a demo site. Security issues that don\'t affect the integrity of `my.pressable.com` or `pressable.com` will most likely be closed as `N/A`. *.blockspring.com N/A - Not Coinbase owned or operated This asset labelling is used to signal to a reporter that the asset in question is not owned or operated by Coinbase in any capacity. blog.coinbase.com com.coinbase.pro developers.coinbase.com engineering.coinbase.com paradex.io status.coinbase.com support.coinbase.com support.pro.coinbase.com tagomi.com *.concrete5.org Please send reports of issues with concrete5.org the website to `security@concrete5.org`. *.concretecms.com Please send reports of issues with concretecms.com the website to `security@concrete5.org`. *.concretecms.org Please send reports of issues with concretecms.org the website to `security@concrete5.org`. *.glitchthegame.com This domain was part of a prior company. 3rd Party Quip Apps 3rd Party Quip App are not eligible for bug bounty program. com.Slack.intune com.slack.slackintune slackhq.com This site runs on WordPress, so if you find vulnerabilities in the WordPress service, please see [WordPress bounty program](https://hackerone.com/wordpress) for reporting details status.slack.com The Slack status site *.rubyonrails.org go.hacker.one This asset is hosted by Marketo, and as such these reports should be submitted to them directly. h1.community info.hacker.one This asset is hosted by Unbounce, and as such these reports should be submitted to them via https://unbounce.com/security/. ma.hacker.one support.hackerone.com This asset is hosted by Freshdesk (as of 2023-04-28), and as such these reports should be submitted to the appropriate program: https://hackerone.com/freshworks www.h1.community www.hackeronestatus.com This asset is hosted by Atlassian, and as such these reports should be submitted to their program instead via https://bugcrowd.com/statuspage. Hardware Firmware Software app.aikido.dev myaccount.ad.nl webwinkel.ad.nl www.ad.nl www.ad.nl/abonnementen *.ad.nl *.allegro.cz.allegrosandbox.pl *.allegro.pl.allegrosandbox.pl *.allegro.sk.allegrosandbox.pl FPGA Solution Development Tools and Utilities *.bild.de *.bild.tv *.computerbild.de *.welt.de https://dealer.prod.ps.axelspringer.de/api/v1/partners/{partnerId}/activation https://dealer.prod.ps.axelspringer.de/purchases/004/bild/* https://dealer.prod.ps.axelspringer.de/purchases/004/welt/* https://secure.mypass.de/ *.autobild.de *.bz-berlin.de *.spring-media.de *.springtools.de *.ein-herz-fuer-kinder.de *.fitbook.de *.myhomebook.de *.petbook-magazine.com/ *.petbook.de *.stylebook.de *.techbook.de *.travelbook.de *.wissen-sie-mehr.de *.bmc.nl www.bmw-motorrad.de www.bmw.de www.mini.de configure.bmw.de configure.mini.de konfigurator.bmw-motorrad.de de.bmw.connected.mobile20.row 1519034860 Functions dealing with vehicle access and immobilizer Remaining functions imove.bpost.cloud login.cm.com *.ticketing.cm.com api.cm.com api.cmtelecom.com cm.com/[locale]/app/* cm.com/[locale]/register cm.com/app/messagingtrial/ www.cm.com appmiral.com building-blocks.com cmcom.atlassian.net payment.backend-capital.com *.backend-capital.com capital.com/* com.capital.trading open-api.capital.com *.capital.com *.itcapital.io *.cloudways.com api.cloudways.com developers.cloudways.com platform.cloudways.com unified.cloudways.com www.cloudways.com css-tricks.com https://justonweb.be/fines/ *.dpgmedia.be *.dpgmedia.nl Any related DPG media domain assessment-api.datacamp.com app.datacamp.com/certification app.datacamp.com/groups app.datacamp.com/learn assessment-v2.datacamp.com assessment.datacamp.com campus.datacamp.com com.datacamp https://apps.apple.com/au/app/datacamp-learn-data-science/id1263413087 practice.datacamp.com projects.datacamp.com www.datacamp.com www.datacamp.com/datalab *.datacamp.com myaccount.demorgen.be shop.demorgen.be www.demorgen.be www.demorgen.be/abonnementen *.demorgen.be myaccount.volkskrant.nl shop.volkskrant.nl webwinkel.volkskrant.nl www.volkskrant.nl www.volkskrant.nl/abonnementen *.volkskrant.nl www.delen.bank api.digital.delen.be api.digital.delen.lu app.delen.be app.delen.ch app.delen.lu auth.digital.delen.be auth.digital.delen.lu be.delen.digital delen/id1064839588 login.delen.be login.delen.ch login.delen.lu login.oyens.com status.delen.be sts.delen.be www.cadelam.be www.cadelux.lu/en www.delen.be/en *.vlaanderen.be *.digitalocean.com 169.254.169.254 api.digitalocean.com cloud.digitalocean.com https://github.com/digitalocean/do-agent https://github.com/digitalocean/doctl https://github.com/digitalocean/droplet-agent https://github.com/digitalocean/go-nbd https://github.com/digitalocean/terraform-provider-digitalocean marketplace.digitalocean.com snapshooter.com www.digitalocean.com digitaloceanmirrors.com digitaloceanpartners.com digitaloceanstatus.com digitaloceantest.com do.co hackathon-tracker.digitalocean.com hacktoberfest.com https://github.com/digitalocean/do-markdownit https://apps.apple.com/us/app/donorbox-live/id1668808097 https://donorbox.org/admin https://play.google.com/store/apps/details?id=org.donorbox.cardreader&hl=en&gl=US https://donorbox.org https://donorbox.org/embed/potato https://donorbox.org/org_admin https://donorbox.org/potato my.eurid.eu *.das.eu *.dns.eu *.eurid.eu *.nic.eu *.registry.eu *.whois.eu *.yadifa.eu YADIFA authoritative name server service.fing.com app.fing.com Fing desktop Grafana Loki Grafana Mimir Grafana OSS Grafana Pyroscope Grafana Tempo https://github.com/grafana/* *.account.api.here.com *.account.here.com *.mobilitygraph.hereapi.com *.router.hereapi.com *.scbe.api.here.com *.subp-router.hereapi.com 955837609 com.here.app.maps https://jaguar.here.com https://landrover.here.com Leaked/compromised employee accounts *.here.com *.here.com *.hereapi.com * hln.be/inloggen * hln.be/login * hln.be/registreren hln.be myaccount.hln.be www.hln.be *.hln.be myaccount.parool.nl shop.parool.nl webwinkel.parool.nl www.parool.nl www.parool.nl/abonnementen *.parool.nl https://www.kuleuven.be/sapredir/huisvesting * humo.be/registreren myaccount.humo.be shop.humo.be www.humo.be www.humo.be/abonnementen *.humo.be 949829216 950680989 950693949 be.gamma.app.android kassa.gamma.be/* kassa.gamma.nl/* kassa.karwei.nl/* mijn.gamma.be/* mijn.gamma.nl/* mijn.karwei.nl/* nl.gamma.app.android nl.karwei.app.android www.gamma.be/* www.gamma.nl/* www.karwei.nl/* *.gamma.be/* *.gamma.nl/* *.intergamma.cloud *.intergamma.nl/* *.karwei.nl/* *.restintergamma.nl 1558129454 *.intergamma-test.nl *.werkenbijgamma.be *.werkenbijgamma.nl *.werkenbijkarwei.nl *.klubcinema.fr *.megatix.be booking.mjrtheatres.com extras.landmarkcinemas.com identityserver.landmarkcinemas.com kinepolis.megatix.be luxfilmfestfilms.megatix.be luxfilmfestproducts.megatix.be luxfilmfesttickets.megatix.be movieapi.kinepolis.megatix.be tickets.kinepolis.be tickets.kinepolis.ch tickets.kinepolis.es tickets.kinepolis.fr tickets.kinepolis.lu tickets.kinepolis.nl userprofile-ui.landmarkcinemas.com www.kinepolis.be www.kinepolis.ch www.kinepolis.com www.kinepolis.es www.kinepolis.fr www.kinepolis.lu www.kinepolis.nl www.landmarkcinemas.com www.mjrtheatres.com business.kinepolis.be business.kinepolis.lu business.kinepolis.nl com.inthepocket.kinepolis extras-acc.landmarkcinemas.com https://movieclub-int.kinepolis.com https://movienow-int.kinepolis.be/admin https://shop-acc.kinepolis.be/ identityserver-acc.landmarkcinemas.com kinepolis-studio.be kinepolis/id368204284 nz.co.vista.android.movie.mjrtheatres stage.landmarkcinemas.com userprofile-acc.landmarkcinemas.com www.kinepolis.biz *.kinepolis.be *.kinepolis.ch *.kinepolis.com *.kinepolis.fr *.kinepolis.lu *.kinepolis.nl *.landmarkcinemas.com *.mjrtheatres.com 522089287 edge.lansweeper.com api.lansweeper.com app.lansweeper.com backoffice.lansweeper.com https://lsagentrelay.lansweeper.com/ app.lansweeper.com/trial autoupdateapi.lansweeper.com docs.lansweeper.com login.lansweeper.com Modernized Discovery on-premises software www.lansweeper.com www.libelle.nl *.libelle.nl mobilevikings.be api.unleashed.be jimmobile.be mgm.mobilevikings.be uwa.mobilevikings.be vpn.mobilevikings.be *.mas.mobilevikings.be *.mobilevikings.be *.prd-pub.mobilevikings.be *.prd.mobilevikings.be vikingco.be vikingdeals.be *.monzo.com *.monzo.me *.prod-ffs.io 1052238659 co.uk.getmondo 134.58.179.82 be.nexuzhealth.mobile.cpv be.nexuzhealth.mobile.kws be.nexuzhealth.mobile.mynexuz forms.nexuzhealth.be idp-mobile.nexuzhealth.be kws-companion/id1342124012 mobile.nexuzhealth.be mynexuz.be mynexuz.be/myUZ/ mynexuzhealth/id1459856321 idp-contact.nexuzhealth.be media.nexuzhealth.be/patient/ 1079537578 https://oda.com no.kolonial.tienda *.oda.com *.prod.nube.tech 1076840480 https://mathem.se se.mathem.mathem https://associatie.kuleuven.be/inschrijvingen/oli_login_50000050 https://webwsp.aps.kuleuven.be/sap/bc/ui5_ui5/sap/zc_oi_appl/ https://a.simplemdm.com/ https://auth2.pdq.tools/ https://library-staging.pdq.tools/ https://houston-staging.pdq.tools https://portal-staging.pdq.tools/ https://*.personiowhistleblowing.com *.personio-internal.de *.personio.tools https://*.personio.de https://hug.personio.com https://sec-test-<intigriti handle>-<nn>.personio.de https://www.personio.com/free-trial/ https://www.personio.de/kostenlos-testen/ Other assets owned by Personio *.c-point.be 188.118.8.0/25 94.107.237.192/26 api-accpt.portofantwerp.com api-accpt.portofantwerpbruges.com api.portofantwerp.com api.portofantwerpbruges.com apps-accpt.portofantwerp.com apps-accpt.portofantwerpbruges.com apps.portofantwerp.com apps.portofantwerpbruges.com as2-accpt.portofantwerp.com as2-accpt.portofantwerpbruges.com as2.portofantwerp.com as2.portofantwerpbruges.com digitalspecs.portofantwerpbruges.com login-accpt.portofantwerpbruges.com login-test.portofantwerpbruges.com/poam/XUI/ login.portofantwerpbruges.com maximo-accpt.portofantwerp.com maximo-accpt.portofantwerpbruges.com maximo.portofantwerp.com maximo.portofantwerpbruges.com my-accpt.portofantwerp.com my-accpt.portofantwerpbruges.com my.portofantwerp.com my.portofantwerpbruges.com notula-accpt.portofantwerpbruges.com oprc.portofantwerpbruges.com register-accpt.portofantwerp.com register-accpt.portofantwerpbruges.com servicedesk-accpt.portofantwerp.com servicedesk-accpt.portofantwerpbruges.com servicedesk.portofantwerp.com servicedesk.portofantwerpbruges.com share-accpt.portofantwerp.com share-accpt.portofantwerpbruges.com share.portofantwerp.com share.portofantwerpbruges.com webapps-accpt.portofantwerp.com webapps-accpt.portofantwerpbruges.com webapps-test.portofantwerpbruges.com/xui webapps.portofantwerp.com webapps.portofantwerpbruges.com wiki-accpt.portofantwerp.com wiki-accpt.portofantwerpbruges.com wiki.portofantwerp.com wiki.portofantwerpbruges.com www.oursustainableport.com www.portofantwerpbruges.com erpx.unit4cloud.com/u4erx_pab_acp1 erpx.unit4cloud.com/u4erx_pab_prev erpx.unit4cloud.com/u4erx_pab_prod access.ripe.net https://github.com/RIPE-NCC/rpki-commons https://github.com/RIPE-NCC/rpki-core https://github.com/RIPE-NCC/whois lirportal.ripe.net *.ripe.net 193.0.0.0/19 and 2001:67c:2e8::/48 https://github.com/RIPE-NCC/rpki-monitoring https://github.com/RIPE-NCC/rpki-publication-server https://github.com/RIPE-NCC/rpki-ta-0 https://github.com/RIPE-NCC/rsyncit *.randstad.* *.randstadrisesmart.* *.risesmart.* Any related Randstad domain *.rhinternal.net *.robinhood.com *.robinhood.net 1634080733 6462308655 938003185 com.robinhood.android com.robinhood.gateway com.robinhood.money Mobile Apps *.swisspass.ch www.sbb.ch *.sbb.ch Mobile Apps www.elvetino.ch www.sbbcargo.com www.transsicura.ch All other Web and mobile APPs owned by SBB https://*.say.rocks https://*.saytechnologies.com SimScale API SimScale Platform SimScale Forum SimScale Website 1632202810 cz.skodaauto.myskoda 910898851 app.nl.socialdeal http://socialdeal.nl/inspirations/bluemonday/ http://www.whynot.com/ https://www.socialdeal.nl/orderlist/5e834ae0bed5c/63d772e2ed277/ www.socialdeal.nl 1114799709 1114800186 api.soundtrackyourbrand.com billing.api.soundtrackyourbrand.com builds.soundtrackyourbrand.com business.soundtrackyourbrand.com com.soundtrackyourbrand.soundtrack.player https://auth.api.soundtrackyourbrand.com/ https://builds.soundtrackyourbrand.com/download/WIN32SOUNDTRACK/latest https://radio.api.soundtrackyourbrand.com/ https://www.soundtrackyourbrand.com macOS app *.sqills.com *.sqills.team aweb.suivo.com asupport.suivo.com *.tempo-team.* Any related Tempo-Team domain www.tempo-team.be www.tempo-team.com www.tempo-team.nl Brand Sites Corporate Sites Hindustan Coca-Cola Beverages Mobile Applications Publicly Facing Assets Related to The Coca-Cola Company *.weareone.world *.stag.weareone.world artists.tomorrowland.com/production-website/33117 belgium.tomorrowland.com brasil.tomorrowland.com com.tomorrowland.oneworldradio globaljourney.tomorrowland.com my.tomorrowland.com one-world-radio-tomorrowland/id1485778856 oneworldradio.tomorrowland.com sp1y1tpaf1.execute-api.eu-west-1.amazonaws.com tlbe.prod.tomorrowland.com tlbr.prod.tomorrowland.com tlfr.prod.tomorrowland.com winter.tomorrowland.com winterpackages.tomorrowland.com www.tomorrowland.com *.stag.tomorrowland.com *.tomorrowland.com components.stag.tomorrowland.com components.tomorrowland.com winkels.torfs.be www.schoenentorfs.be www.schoenentorfs.nl www.torfs.be www.torfs.nl www.samenfittorfs.be myaccount.trouw.nl shop.trouw.nl webwinkel.trouw.nl www.trouw.nl www.trouw.nl/abonnementen *.trouw.nl api.truelayer[-sandbox].com auth.truelayer[-sandbox].com login-api.truelayer[-sandbox].com login.truelayer[-sandbox].com onboarding-api.truelayer.com pay-api.truelayer[-sandbox].com pay.truelayer[-sandbox].com paydirect.truelayer[-sandbox].com payment.truelayer[-sandbox].com payouts.truelayer[-sandbox].com users-api.truelayer.com C# SDK console-backend.truelayer[-sandbox].com console.truelayer[-sandbox].com hpp.truelayer[-sandbox].com Java SDK PHP SDK TrueLayer for Magento (Magento plugin) TrueLayer for WooCommerce (WordPress plugin) truelayer-signing webhooks.truelayer[-sandbox].com *.truelayer.cloud *.truelayer.com *.truelayer.io iOS SDK React Native SDK Web SDK *.itprojects.talent-community.com *.tweakblogs.net *.tweakers.net *.tweakimg.net 134.58.179.102-103 autodiscover.uzleuven.be ecrf.uzleuven.be extranet-asa.uzleuven.be extranet.uzleuven.be liquidfiles.uzleuven.be mx1.uzleuven.be mx2.uzleuven.be pcrstudioruzb.uzleuven.be prddsplunkhf.uzleuven.be sts.uzleuven.be www.uzleuven.be dns1.uzleuven.be dns2.uzleuven.be liquidfilestest.uzleuven.be random.uzleuven.be/random/ teststs.uzleuven.be uzlcm12cmg1.uzleuven.be w1.uzleuven.be *.kwsdose.be *.playuzleuven.be *.uzleuven.* Ubisoft 1101145849 6444005221 api.uphold.com com.uphold.labs.uphodl.android com.uphold.wallet graphql.topperpay.com/graphql wallet.uphold.com api-sandbox.uphold.com api.sandbox.topperpay.com api.topperpay.com graphql.sandbox.topperpay.com/graphql wallet-sandbox.uphold.com www.uphold.com *.uphold.com API\'s cds.vrt.radio player.vrt.be profiel.vrt.be sporza.be vrt.be/vrtmax vrt.be/vrtnws myaccount.vtm.be vtm.be/vtmgo vtmgo.be *.vtm.be *.vtmgo.be api-wallet.venly.io api.arkane.network connect.arkane.network connect.venly.io login.arkane.network login.venly.io wallet.venly.io api-wallet-sandbox.venly.io 564141518 accountsettings.connect.identity.stagaws.visma.com admin.stage.vismaonline.com ai-testing.maventa.com aiassistant.stage.vismaonline.com api.workbox.dk app.workbox.dk authz.workbox.dk autointerface.stag.visma.net ax-stage.maventa.com com.visma.blue connect.identity.stagaws.visma.com eaccounting.stage.vismaonline.com eaccountingprinting.stage.vismaonline.com identity.stage.vismaonline.com myservices-api.stage.vismaonline.com myservices.stage.vismaonline.com oauth.developers.stagaws.visma.com testing.maventa.com 1395921017 https://api.voiapp.io/ io.voiapp.voi mds.voiapp.io *.voiscooters.com report.voi.com voi.com www.voiscooters.com https://desktop.water-link.be/ https://pit.water-link.be/ *.water-link.be/ https://www.water-link-jaarverslag.be https://www.water-link.be https://www.waterstoring.be/ authentication.wolt.com wolt.com corporate.wolt.com drive.wolt.com merchant.wolt.com ops.wolt.com restaurant-api.wolt.com *.wolt.com 1477299281 943905271 com.wolt.android com.wolt.courierapp *.yacht.nl *ensemble*.yahoo.com *omega*.yahoo.com 7 News AOL (misc) AOL Help AOL Homepage AOL Mail AOL Search apis.mail.yahoo.com data.mail.yahoo.com Engadget Gemini Low Cost Access Membership onepush.query.yahoo.com Online Marketplace Other (Misc) proddata.xobni.yahoo.com Social Media Accounts Techcrunch TW eCommerce: Auctions TW eCommerce: Shopping TW eCommerce: Used Car TW Media: Front Page TW Media: News TW Media: Stock Yahoo Calendar Yahoo Finance Yahoo HK News Yahoo Mail Yahoo News Yahoo Open Source Projects Yahoo Search Yahoo Sports: Best Ball Yahoo Sports: Daily Fantasy Yahoo Sports: Editorial Yahoo Sports: Fantasy Games Yahoo Sports: Fantasy Slate/PicknWin Yahoo Sports: Fantasy Sports Yahoo Sports: Fantasy Wallet Yahoo Sports: Mobile Yahoo Sports: Rivals Yahoo Sports: Rivals Forums Yahoo Video Yahoo Weather Yahoo! (Misc) yimg.com hub.vznkul.be/* hub.vznkul.be/services/interhub/InterHubService hub.vznkul.be/services/intrahub/IntraHubService hubacc.vznkul.be/* hubacc.vznkul.be/services/acceptance/interhub/InterHubService hubacc.vznkul.be/services/acceptance/intrahub/IntraHubService *pwn.intigriti.rocks www.intigriti.com api.vidaxl.com ar.vidaxl.sa.com b2b.vidaxl.com cms.woger-cdn.com customer-services.vidaxl.org en.vidaxl.ae en.vidaxl.ca fps-extr-services.vidaxl.org fr.vidaxl.ch is.vidaxl.is nexus.vidaxl.org nl.vidaxl.be serviceportal.vidaxl.com shops-services.vidaxl.org tracking.vidaxl.com uk.vidaxl.com.ua vidaxl.zendesk.com www.dropshippingxl.com www.vidaxl.<TLD> apigateway.vidaxl.io app.vidaxl.io corporate.vidaxl.com drone.vidaxl.io qa-db.vidaxl.io qa.vidaxl.io qa1-apigateway.vidaxl.io staging-apigateway.vidaxl.io staging-db.vidaxl.io staging.vidaxl.io *.9altitudes.* *.adultimagroup.* *.birds.bi *.birds.com *.dynamics.com *.jobmanager.dk Out of Scope *.aikido.dev *.allegro.sk *.allegro.cz *.allegro.pl *.allegrogroup.com Any production website owned by Allegro not listed in Domains technik.autobild.de technik.beta.autobild.de Automotive Security Domains from independent BMW Dealers, Resellers or Fanclubs *.info.buhlergroup.com *.virtualworld.buhlergroup.com *.virtualworld-portal.buhlergroup.com imap.buhlergroup.cn pop.buhlergroup.cn smtp.buhlergroup.cn channel.buhlergroup.com bestbuy.buhlergroup.com *.webinars.buhlergroup.com *.learnhub.buhlergroup.com */scripts/cgiip.exe/* help.capital.com *affiliates.backend-capital.com *eduapp.backend-capital.com *education.backend-capital.com 31.31.132.0/24 31.31.141.0/26 *.citymesh.recruitee.com *.digi-mobile.be *.insky.be 31.31.128.128/26 31.31.128.192/27 31.31.128.64/26 31.31.130.0/23 31.31.134.0/23 31.31.139.0/24 31.31.140.0-87 31.31.140.92-254 31.31.143.0-71 *.it.datacamp.com app.datacamp.com/recruit ast-viewer.datacamp.com confluence.datacamp.com intranet.datacamp.com jira.datacamp.com links.datacamp.com rdocumentation.datacamp.com signature.datacamp.com status.datacamp.com support.datacamp.com talent-jobs-api.datacamp.com abonnement.demorgen.be * demorgen.be/service * demorgen.be/inloggen * demorgen.be/login * demorgen.be/registreren https://www.vlaanderen.be/vlaamse-overheid/contact/stuur-een-e-mail https://www.vlaanderen.be/aanmelden/help/mail.html https://www.vlaanderen.be/aanmelden/help/mail.html?* bibis*.vlaanderen.be cdn.vlaanderen.be codex.opendata.api.vlaanderen.be ets*.omgeving.vlaanderen.be natura2000.vlaanderen.be opibus*.onderwijs*.vlaanderen.be *.db.ondigitalocean.com *.digitaloceanspaces.com *.doserverless.co *.k8s.ondigitalocean.com *.ondigitalocean.app Assets created by other DigitalOcean customers Marketplace Apps and Add-Ons Other DigitalOcean open source projects not listed registry.digitalocean.com/* www.driessen.nl/contact www.driessen.nl/mijn/solliciteren/ *.grafana.com *.grafana.net https://hotelservice.hrs.com/ https://jobs.hrs.com/ https://www.hrs.com/deals/ * hln.be/service abonnement.parool.nl * parool.nl/service * parool.nl/inloggen * parool.nl/login * parool.nl/registreren *.swop.com/* houseofhr.com/contact-us houseofhr.com/your-career/jobs rebel.houseofhr.com abonnement.humo.be * humo.be/service * humo.be/inloggen * humo.be/login Everything related to configurators, both on primary as other domains *.configuratoren.nl/* afspraakmaken.gamma.nl api.afspraakmaken.gamma.be api.afspraakmaken.gamma.nl api.maakafspraak.karwei.nl horrenconfigurator-fr.gamma.be horrenconfigurator-nl.gamma.be horrenconfigurator.karwei.nl karwei-2018.hetmooistegordijn.nl maakafspraak.karwei.nl mail.gamma.be mail.gamma.nl mail.karwei.nl www.trismegistos.org shop.kinepolis.be shop.kinepolis.es shop.kinepolis.fr shop.kinepolis.lu *.cineramabios.nl dev.kinepolis.com jobs.kinepolis.com l.kinepolis.com openx.kinepolis.com https://careers.kiwa.com/ https://qr.kiwa.com/ https://www.kiwa.com/en/contact/ lsrunase2.0 and lsencrypt2.0 careers.lansweeper.com www.lansweeper.com/forum * libelle.nl/service * libelle.nl/inloggen * libelle.nl/login * libelle.nl/registreren login.internal.monzo.com community.monzo.com academy.moralis.io docs.moralis.io forum.moralis.io merch.moralis.io roadmap.moralis.io status.moralis.io studygroup.moralis.io talent.moralis.io https://www.nexuzhealth.com/nl/mynexuzhealthpro ovo.itgcanopy.com *.oisl.gg appsfwd.ovoenergy.com askovo.net auth-retail.ovoenergy.com auth-www.ovoenergy.com cctv-mgr.ovoenergy.com cev.ovoenergy.com documentum.ovoenergy.com ecomms.ovoenergy.com fortivpn.ovoenergy.com forum.ovoenergy.com greeninstaller.co.uk hackable-lenny.com hackable-sarge.com hackable-slink.com hackable-woody.com learn.ovo.com lightning.ovoenergy.com ovo-comms-uat.co.uk ovo-comms.co.uk ovobyus.com ovocards.com ovocommunity.com ovofoundation.org.uk ovomyrewards.com paybylink.ovoenergy.com pma.ovoenergy.com survey.ovoenergy.com tech.ovoenergy.com testrailapp.ovoenergy.com thirdpartyassurance.ovoenergy.com tracking.ovo.com *.vectus.in https://*.pdq.com/ https://*.simplemdm.com/ https://*.smartdeploy.com/ https://detect.pdq.tools/ www.personio.de personio.slack.com statuspage.personio.de support.personio.de www.personio.com www.personio.es future.portofantwerp.com future.portofantwerpbruges.com jobs.portofantwerp.com jobs.portofantwerpbruges.com media.portofantwerp.com media.portofantwerpbruges.com register.portofantwerp.com register.portofantwerpbruges.com *.brightplus.be *.career.be *.entrili.com *.expressmedical.be *.jobinson.be *.public-sourcing.be *.rgfstaffing.be *.solvus.be *.startpeople.be *.unique.be *.uniqueselect.be *.usgprofessionals.be https://pen-app.entrili.com *.probes.atlas.ripe.net *.anchors.atlas.ripe.net RIPE Meeting network (2001:67c:64::/48 and 193.0.24.0/21) Any of the beta/dev environments Any *.ripe.net host that is located outside of the in-scope IP ranges 193.0.0.160/27 2001:67c:2e8:3::/64 ripe(1to87).ripe.net exams.ripe.net workplace.randstad.in apps.randstad.in cz.randstad.com *.newyorkredbulls.com shop.robinhood.com https://www.saytechnologies.com/contact/sales https://www.simscale.com/api/v1/projects/* www.simscale.com/forum/users/*.json https://sixt-leasing https://siemens.smc.sixt.com/ https://s004-px01.s004.smc.sixt.com/ https://s004-px02.s004.smc.sixt.com/ https://p001-slweb-px.p001.slweb.smc.sixt.com s003-lb-siemens-stage.s003.smc.sixt.com s002-lb-siemens-test.s002.smc.sixt.com s004-lb-siemens.s004.smc.sixt.com app.rental-images.sixt.com b2cleasing.typo3.sixt.de corporate.typo3.sixt.de domainparking.sixt.com fleetcheck.sixt.com intranet.sixt.com lacb2c.typo3.sixt.de lkw.sixt.com lkw.sixt.de logistics.sixt.com partner.sixt.de partner.typo3.sixt.de promo.sixt.com promo.typo3.sixt.de reporting.sixt.de rproxy-firenze1.sixt.de rproxy-firenze2.sixt.de sixtbook.sixt.com webservices.sixt.com drying-little-tears.org 185.97.224.12 185.97.224.13 booking.*.sqills.com booking.*.cloud.sqills.com careers.sqills.com *.red.sqills.team Assets that allow end user input (other than login) Stravito branded sites provided by partners or service providers *.tempo-team.de All Coke Stores Assets Related to China Coke One North America (CONA) Food and Beverage Dispensing Devices abonnement.trouw.nl * trouw.nl/service * trouw.nl/inloggen * trouw.nl/login * trouw.nl/registreren ok.truelayer.com banks.truelayer.com careers.truelayer.com docs.truelayer.com https://truelayer.com/contact/ index.truelayer.com info.truelayer.com signin.truelayer.com statuspage.truelayer.com support.truelayer.com truelayer.zendesk.com elect.tweakers.net uzleuven.atlassian.net jobs.uzleuven.be vacatures.uzleuven.be suppliers-ivalua.ubisoft.com ivalua.ubisoft.com innovatie.vrt.be shop.*.be shop.vtm.be * vtmgo.be/service * vtmgo.be/inloggen * vtmgo.be/login * vtmgo.be/registreren https://enterprise.vlerick.com https://enterprise2.vlerick.com https://mastersblog.vlerick.com/ https://repository.vlerick.com https://spoc.myshopify.com/ https://vlerick.myshopify.com/ https://webform.vlerick.com https://getflywheel.com/schedule-a-demo/ https://wpengine.com/contact/ aquawardsspatial.water-link.be gisacc(*).water-link.be https://aquawardsoperate.water-link.be/ https://aquawardsoperateacc.water-link.be https://feedback.water-link.be https://gis.water-link.be https://gis1.water-link.be https://gis2.water-link.be https://jobs.water-link.be https://wl_acc.water-link.be/ https://wl_dev.water-link.be/ blog.wolt.com gettest.wolt.com press.wolt.com wolt.atlassian.net Flurry TW eCommerce: Store www.vznkul.be *.intigriti.io *.intigriti.me *.intigriti.net any intigriti CTF or challenge api.intercom.io autodiscover.intigriti.com blog.intigriti.com careers.intigriti.com click.intigriti.com go.intigriti.com kb.intigriti.com mail.intigriti.com newsletter.intigriti.com our hubspot pages (/hs-fs/, /hubfs/, /hs/, /_hcms/, landing/, report/, webinar/, /datasheet, /customer/, /video/...) status.intigriti.com swag.intigriti.com t.intigriti.com trust.intigriti.com welcome.intigriti.com partners.vidaxl.com https://cockpit-eu-west-2.outscale.com/ https://fcu.eu-west-2.outscale.com https://lbu.eu-west-2.outscale.com https://osu.eu-west-2.outscale.com https://eim.eu-west-2.outscale.com https://icu.eu-west-2.outscale.com https://directlink.eu-west-2.outscale.com Any resource created or accessed with the Outscale Cloud, on all regions *.atg.se www.atg.se api.atg.se iam.atg.se https://apps.apple.com/se/app/atg/id1434660322 https://apps.apple.com/se/app/atg-live/id1608156355 https://play.google.com/store/apps/details?id=se.atg.live&hl=en&gl=SE app.alasco.de api.alasco.de *.alasco.de *.alasco.rocks In-Scope Applications can be found here: https://mysrc.group/project_detail?id=11 Log4j 2.x Log4j API for Kotlin Log4j API for Scala Log4cxx Log4net Agora for Android (see dowload link for APK file and mobile app GitHub repository in description) Agora for iOS (see dowload link for IPA file and mobile app GitHub repository in description) https://app.sandbox.agora.incubateur.net https://api.sandbox.agora.incubateur.net (source code available on GitHub, see description) https://content.agora.beta.gouv.fr https://www.bookbeat.com https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)) https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua) https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua) https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua) https://play.google.com/store/apps/details?id=com.comuto&hl=en https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8 https://api.blablalines.com https://daily.blablacar.fr https://blablacardaily.com https://play.google.com/store/apps/details?id=com.blablalines https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288 https://www.sncf-connect.com https://sncf-connect.com https//monidentifiant.sncf https://www.sncf-connect.com/bff *.coindcx.com api.coindcx.com https://play.google.com/store/apps/details?id=com.coindcx.btc https://apps.apple.com/in/app/coindcx-trade-bitcoin-crypto/id1517787269 *.contentsquare.com https://mobile-production.content-square.net/ https://m.csqtrk.net https://s.contentsquare.net Contentsquare SDK (cf : Program Description) https://bounty.cryptobox.com https://play.google.com/store/apps/details?id=com.ercom.cryptobox.release&hl=fr https://apps.apple.com/fr/app/cryptobox/id972602802 https://pprd.cybermalveillance.gouv.fr cyclonedx-bom cargo-cyclonedx https://play.google.com/store/apps/details?id=id.dana&hl=en https://apps.apple.com/id/app/dana/id1437123008 https://appgallery.huawei.com/#/app/C100570215 mgs-gw.m.dana.id api-saas.dana.id sec.m.dana.id m.dana.id https://www.demarches-simplifiees.fr https://www.demarches-simplifiees.fr/graphql https://www.demarches-simplifiees.fr/api/v2/graphql https://static.demarches-simplifiees.fr DS proxy (see https://github.com/demarches-simplifiees/ds_proxy) Specific scenarios (see program description) AgentConnect (see program description for github link) FranceConnect+ (see program description for github link) FranceConnect (see program description for github link) eIDAS Bridge (see program description for github link) User Dashboard (see program description for github link) https://www.tchap.gouv.fr https://matrix.agent.tchap.gouv.fr https://matrix.agent.*.tchap.gouv.fr https://github.com/tchapgouv https://play.google.com/store/apps/details?id=fr.gouv.tchap.a&hl=fr https://apps.apple.com/fr/app/tchap/id1446253779 https://www.beta.tchap.gouv.fr https://matrix.i.tchap.gouv.fr https://matrix.e.tchap.gouv.fr https://bounty-cloud.dracoon.app/api https://bounty-cloud.dracoon.app/oauth https://0-2744452194.s3.nbg01.de.dracoon.io https://bounty-cloud.dracoon.app/mediaserver https://bounty-cloud.dracoon.app/reporting/api https://bounty-cloud.dracoon.app/webdav https://bounty-cloud.dracoon.app/ https://bounty-server.dracoon.app/api https://bounty-server.dracoon.app/oauth https://bounty-server.dracoon.app/reporting/api https://bounty-server.dracoon.app/webdav https://bounty-server.dracoon.app/ *.dailymotion.com *.api.dailymotion.com developer.dailymotion.com *.dmcdn.net https://play.google.com/store/apps/details?id=com.dailymotion.dailymotion&hl=fr&gl=US https://apps.apple.com/fr/app/dailymotion/id336978041 ifttt-adaptor.pub.kube.dm.gg AS41690 dmxleo.com *.dm.gg Google Cloud Plateform Instances https://bounty-nodejs.datashield.co https://bounty-fastly.datashield.co https://bounty-nginx.datashield.co *.captcha-delivery.com js.datadome.co api-js.datadome.co https://app.datadome.co https://customer-api.datadome.co https://api.datadome.co https://api-js.datadome.co https://*.captcha-delivery.com https://auth.datadome.co https://datadome.co https://bot-tester.datadome.co/ www.deezer.com connect.deezer.com api.deezer.com payment.deezer.com https://play.google.com/store/apps/details?id=deezer.android.app https://apps.apple.com/fr/app/deezer-musique-podcast/id292738169 zen.deezer.com wellbeing.deezer.com wellbeing.dzcdn.net https://play.google.com/store/apps/details?id=com.deezer.zen https://apps.apple.com/be/app/zen-by-deezer-m%C3%A9ditation/id1597326355 account.deezer.com pipe.deezer.com www.doctolib.(fr|de|it) pro.doctolib.(fr|de|it) (see "Free features for healthcare professionals")) Special scenarios (see description) *.doctolib.(fr|de|it|com|net) https://apps.apple.com/fr/app/doctolib/id925339063 http://play.google.com/store/apps/details?id=fr.doctolib.www *.siilo.com https://apps.apple.com/ie/app/doctolib-siilo/id1083002150 https://play.google.com/store/apps/details?id=com.siilo.android&hl=en Dovecot IMAP Server and Pigeonhole SIEVE (see "Software packages" and "Source code") Hardware found on https://www.ezviz.com/category/security-wifi-cameras Hardware found on https://www.ezviz.com/category/smart-home i.ys7.com open.ys7.com auth.ys7.com api.ys7.com api.ezvizlife.com usauth.ezvizlife.com ius.ezvizlife.com *.ys7.com GLib glib-networking libsoup *.gov.sg Domains where GovTech is the registrar *.jbl.com *.harmanaudio.com *.harmankardon.com *.support.jbl.com *.jbl.nl *.jbl.ru *.uk.jbl.com *.uk.harmanaudio.com *.de.jbl.com *.in.jbl.com *.jp.jbl.com *.jbl.com.br Device: JBL Bar 300 Device: JBL Bar 500 Device: JBL Bar 700 Device: JBL Bar 800 Device: JBL Bar 1000 Device: JBL Bar 1300 a1ttqkupgmaxeg-ats.iot.us-east-1.amazonaws.com a1ttqkupgmaxeg-ats.iot.ap-east-1.amazonaws.com lsaconsumerevents2.onecloud.harman.com lsaconsumerevents3.onecloud.harman.com lsaconsumerevents1.onecloud.harman.com events.onecloud.harman.com ota-staging.onecloud.harman.com ota.onecloud.harman.com apis.onecloud.harman.com edgeapis.onecloud.harman.com things.onecloud.harman.com JBL Authentics 200 JBL Authentics 300 JBL Authentics 500 JBL Boombox 3 Wi-Fi JBL Charge 5 Wi-Fi JBL PartyBox Ultimate https://apps.apple.com/fr/app/jbl-one/id1610239857 https://play.google.com/store/apps/details?id=com.jbl.oneapp&hl=fr&gl=US JBL Flip 6 JBL Charge 5 *.kdrive.infomaniak.com api.infomaniak.com login.infomaniak.com manager.infomaniak.com/v3/* shop.infomaniak.com *.kchat.infomaniak.com calendar.infomaniak.com contacts.infomaniak.com etickets.infomaniak.com mail.infomaniak.com swiss-backup*.infomaniak.com vod.infomaniak.com *.vod2.infomaniak.com player-radio.infomaniak.com welcome.infomaniak.com www.swisstransfer.com www.infomaniak.com chk.infomaniak.com ai-tools.infomaniak.com kmeet.infomaniak.com kpaste.infomaniak.com sync.infomaniak.com storage*.infomaniak.com ix2smbdyjt.infomaniak.site 5k8vrbdyje.infomaniak.site fv3lfbdyjh.infomaniak.site l75pvbdyjo.infomaniak.site infomaniak.events sms.infomaniak.com developer.infomaniak.com invitation.infomaniak.com https://play.google.com/store/apps/details?id=com.infomaniak.drive https://apps.apple.com/app/infomaniak-kdrive/id1482778676 https://github.com/Infomaniak/desktop-kDrive https://apps.apple.com/fr/app/infomaniak-mail/id1622596573 https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US https://www.hpr.kiwai-normandie.fr/ https://www.api.hpr.kiwai-normandie.fr/ https://www.ppr.kiwai-enr.fr/ https://www.kiwai-enr.fr/ https://www.api.kiwai-normandie.fr https://www.kiwai-normandie.fr/ https://bounty.legapass.com hack1.mtrx.ovh https://hackme.matrixreq.com https://play.google.com/store/apps/details?id=com.paymaya https://apps.apple.com/am/app/maya-your-all-in-one-money-app/id991673877 https://appgallery.huawei.com/app/C101186357 https://api.paymaya.com/ https://pg.paymaya.com https://payoutapi.maya.ph/ https://op.paymaya.com/ https://connect.paymaya.com/ https://paymayabiller-prod.paymaya.com/ www.monespacesante.fr admincms.monespacesante.fr adminstore.monespacesante.fr api.monespacesante.fr auth.monespacesante.fr cms.monespacesante.fr editeur.api.monespacesante.fr editeurs.monespacesante.fr knowage.monespacesante.fr support.monespacesante.fr api.editeur.preprod.monespacesante.fr api.preprod.monespacesante.fr auth.preprod.monespacesante.fr preprod.api.monespacesante.fr preprod.auth.monespacesante.fr preprod.editeur.api.monespacesante.fr preprod.monespacesante.fr preprod1.monespacesante.fr preprod2.monespacesante.fr securite.monespacesante.fr am.monespacesante.fr editeur.am.monespacesante.fr am.editeur.preprod.monespacesante.fr am.preprod.monespacesante.fr preprod.am.monespacesante.fr preprod.editeur.am.monespacesante.fr www.preprod.monespacesante.fr www.preprod1.monespacesante.fr www.preprod2.monespacesante.fr www.am.monespacesante.fr www.editeur.am.monespacesante.fr www.editeur.api.monespacesante.fr apps.apple.com/fr/app/mon-espace-sant%C3%A9/id1589255019 (iOS) play.google.com/store/apps/details?id=fr.assurancemaladie.monespacesante&showAllReviews=true (Android) https://api.moneyboxapp.com/ https://admin.moneyboxapp.org/ https://admin-roundups.moneyboxapp.org/ https://apps.apple.com/gb/app/moneybox-save-and-invest/id1049797239 https://play.google.com/store/apps/details?id=com.moneyboxapp https://sycamore.moneyboxapp.org/ https://www.otto.de https://www.otto.de/jobs https://play.google.com/store/apps/details?id=de.cellular.ottohybrid&hl=de https://apps.apple.com/de/app/otto-shopping-m%C3%B6bel/id404844644 https://www.lascana.de/ https://teleoptiprd.otto.de https://mmp.otto.de https://partnerprogramm.otto.de https://orbidder.otto.de https://supplier-connect.otto.de https://retail-api.otto.de api.ovh.com www.ovh.com/manager www.ovh.com https://sandbox.open-xchange.com GitLab and GitHub repos listed on this page https://apps.apple.com/in/app/okto-wallet/id6450688229 https://play.google.com/store/apps/details?id=com.coindcx.okto *.okto.tech https://www.ooredoo.qa https://mobile.ooredoo.qa https://play.google.com/store/apps/details?id=qa.ooredoo.android&hl=en&gl=US https://apps.apple.com/qa/app/ooredoo-qatar/id619828745 Security Vulnerability in OpenPGP.js\'s high-level API Security Vulnerability in the OpenPGP Standard Interoperability Issue in OpenPGP.js https://billingserver.pinelabs.com/ dashboard.pluralonline.com https://lounge.pinelabs.com/loungeui/login https://pinepgconsole.in:9099 https://paymentoptimizerdashboard.pinepg.in/ analytics.pinelabs.com corporate.pineperks.in www.pineperks.in https://myplutus.pinelabs.my/ trm.pinepaymentsolutions.com https://trm.pinelabs.ae https://www.pinelabs.ae/ https://www.letspaylater.ph/ https://apps.apple.com/in/app/pineperks/id908644471 https://play.google.com/store/apps/details?id=com.pinegift https://credit.pinelabs.com https://play.google.com/store/apps/details?id=com.pinelabs.pinelabsone https://apps.apple.com/in/app/pine-labs-one/id6444654068 https://one.pinelabs.com/ https://plmcixt.pinelabs.com/ https://play.google.com/store/apps/details?id=com.pinelabs.emicatalogue.pinelabs&hl=uz https://emistores.pinelabs.com/ PowerDNS authoritative server, recursor and DNSdist (see "Software packages" and "Source-code") https://reptox.cnesst.gouv.qc.ca https://profile.pentest.clicsante.ca https://clients3.pentest.clicsante.ca https://portal3.pentest.clicsante.ca https://api3.pentest.clicsante.ca https://admin3.pentest.clicsante.ca https://poc-op-ywh.it.authentification.si.gouv.qc.ca https://auth-ywh.it.authentification.si.gouv.qc.ca https://www.cyber.gouv.qc.ca https://pab.donneesquebec.ca https://gap.citizenportal-test.bugbounty.akinox.dev https://test.m4sv.bugbounty.akinox.dev https://pbgq.upac.gouv.qc.ca/ https://pbgq-pes.upac.gouv.qc.ca/denonciation/ https://pbgq-pes.upac.gouv.qc.ca/nous-joindre/ https:/pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-acces-info/ https://pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-revision/ https://pbgq-pes.deontologie-policiere.gouv.qc.ca/reponses-questions/ www.qwant.com api.qwant.com s.qwant.com s1.qwant.com s2.qwant.com qwantjunior.com https://my.salt.ch https://eshop.salt.ch https://login.salt.ch buffered-reader nettle-sys nettle-rs SHA1-CD sequoia-openpgp sequoia-autocrypt sequoia-ipc sequoia-net Shared OpenPGP Certificate Directory sequoia-cert-store sequoia-wot sequoia-policy-config rpm-sequoia sqv sq sqop octopus sequoia-git OpenPGP Cert Directory Specification Web of Trust Specification Sequoia git Specification https://my.sogexia.com https://play.google.com/store/apps/details?id=io.gonative.android.xjndrq&hl=fr itmss://apps.apple.com/us/app/id1510360750?ign-mscache=1 https://spacelift.dev/ https://*.app.spacelift.dev Native K8S workers and operator OIDC-based API keys MFA api.swapcard.com chat-api.swapcard.com/graphql developer.swapcard.com/event-admin/graphql login.swapcard.com studio-api.swapcard.com app.swapcard.com studio.swapcard.com team.swapcard.com https://apps.apple.com/fr/app/swapcard/id879488719 https://play.google.com/store/apps/details?id=com.swapcard.apps.android&hl=fr img.swapcard.com t.swapcard.com (*.post.ch:80|*.post.ch:443) AND 194.41.128.0/17 https://account.post.ch https://shop.post.ch/shop https://service.post.ch/ekp-web/ https://service.post.ch/zopa/app/ https://play.google.com/store/apps/details?id=com.nth.swisspost&hl=de_CH&gl=US https://apps.apple.com/ch/app/die-post/id378676700 https://billingonline.post.ch/OnlinePayment/Web/v1/BOI https://service.post.ch/ele-klp/ele/ Source Code System Specification Scenarios with Special Bounties Protocol of the Swiss Post Voting System https://www.teamviewer.com/en/products/teamviewer/ https://web.teamviewer.com https://account.teamviewer.com https://login.teamviewer.com https://play.google.com/store/apps/details?id=com.teamviewer.teamviewer.market.mobile&hl=en&gl=US https://play.google.com/store/apps/details?id=com.teamviewer.quicksupport.market&hl=en&gl=US https://play.google.com/store/apps/details?id=com.teamviewer.host.market&hl=en&gl=US https://apps.apple.com/de/app/teamviewer-remote-control/id692035811 https://apps.apple.com/de/app/teamviewer-quicksupport/id661649585 *.telenor.se *.bredbandsbolaget.se *.europolitan.se *.ownit.se *.vimla.se *.vimla.work *.vimla.io In-Scope Products (for the full list please visit https://en.security.tencent.com/index.php/policy) https://thueringer-foerderportal.eu https://ecohesion.aufbaubank.de https://login.aufbaubank.de *.vfsglobal.(com|co.uk|ca) *.vfsevisa.com *.onevasco.com *.vascoworldwide.net www.vfsvisaonline.com www.dvpc.net www.vfsvisaservicesrussia.com *.directverify.in *.docswallet.com biometservices.com agents.tasheer.com https://gaadmin.vfsglobal.com/GlobalAdmin/ https://gaadmin.vfsglobal.com/Global-Admin/ https://rusadminappt.vfsglobal.com/Global-Admin/ https://gaadmin.vfsglobal.com/AustraliaApptAdmin/ https://gaadmin.vfsglobal.com/GAR1Ph1ApptAdmin/ https://onlinena.vfsglobal.dz/AppointmentAdmin/ https://gaadmin.vfsglobal.com/DHAAppointmentAdmin https://equatorialguinea-evisa.com https://online.srilankaevisa.lk/lka/en/login https://online.mustaqel.qa/qat/en/login https://appointment.vfsglobal.com.dz/forms/FRDZ/ https://vfs.mioot.com/ https://vfseu.mioot.com/ https://www.vfsvisaservice.com/ https://indonesiavoa.vfsevisa.id/ https://www.vfsglobalservices-germany.com/Global-Appointment/ https://www.vfsvisaservice.com/IHC-SouthKorea-Appointment https://vc.tasheer.com/ *.vfsglobal.by *. vfsevisa.id www.vinci.com leonard.vinci.com castor.vinci.com survey.vinci.com www.fondation-vinci.com www.lafabriquedelacite.com www.lab-recherche-environnement.org vœux.vinci.com www.vinci-vie.fr www.trajeoh.com actionnaires.vinci.com emag.vinci.com boost.vinci.com vinci-groupe.profils.org jobs.vinci.com solutions-environnement.vinci.com essentiel.vinci.com essentials.vinci.com www.chaire-arpenter.fr https://wbsapi.withings.net https://healthmate.withings.com https://account.withings.com https://app.withings.com https://developer.withings.com/dashboard/ https://scalews.withings.com Body Scan scale Body Comp scale Scanwatch Light Scanwatch 2 Scanwatch Nova Scanwatch https://yeswehack.com https://api.yeswehack.com https://apps.yeswehack.com https://www.yeswehack.com https://dojo-yeswehack.com/challenge-of-the-month/dojo-38 serveur12.notebleue.com ywh.comptage.zecible.fr ywh.static.zecible.fr ywh.fichiers.zecible.fr ywh.mydata.zecible.fr ywh.admin.zecible.fr ywh.api.zecible.fr ywh.dev.zecible.fr ywh.crons.zecible.fr ywh.routage.zecible.fr ywh.update.zecible.fr odoo14.notebleue.pro registre.notebleue.pro svn.notebleue.pro todo.notebleue.pro webtoolbox.notebleue.pro cam.notebleue.pro https://github.com/pendulum-project/ntpd-rs https://github.com/pendulum-project/timestamped-socket https://github.com/pendulum-project/clock-steering https://owncloud.org/install/#install-clients https://play.google.com/store/apps/details?id=com.owncloud.android https://apps.apple.com/app/id1359583808 https://github.com/owncloud/customgroups https://github.com/owncloud/guests https://github.com/owncloud/richdocuments https://github.com/owncloud/notifications https://github.com/owncloud/client https://github.com/owncloud/core https://github.com/owncloud/gallery https://github.com/owncloud/ocis https://github.com/owncloud/web https://github.com/owncloud/web-extensions https://github.com/owncloud/user_ldap https://github.com/owncloud/oauth2 https://github.com/owncloud/openidconnect https://github.com/owncloud/activity https://github.com/owncloud/impersonate https://github.com/owncloud/updater https://github.com/owncloud/core/tree/master/apps/files https://github.com/owncloud/android https://github.com/owncloud/ios-app systemd (the manager itself) systemd-boot systemd-stub systemd-udev systemd-journald systemd-logind systemd-networkd libsystemd systemd-timesyncd systemd-hostnamed systemd-resolved systemd-cryptenroll systemd-cryptsetup systemd-veritysetup systemd-fstab-generator systemd-gpt-auto-generator systemd-ask-password https://toom.de https://api.toom.de Other subdomains on outscale.com (wiki.outscale.net, fr.outscale.com, en.outscale.com... ) Social engineering of Outscale employees and contractors Attack against Outscale offices (malware, backdoor, DoS, etc.) Denial of service attacks Vulnerabilities on products or services other than Cockpit or APIs Issues in our DNS and NTP Issues not leading to confidentiality, traceability or integrity problems. You can report it to support@outscale.com. Same behavior as Amazon Web Services E-mail server configuration (DKIM/SPF/DMARC) Dataleaks or 3DS OUTSCALE-related vulnerabilities outside the scope of the IaaS Cloud Service. fraga.atg.se (external supplier) hittabutik.atg.se (external supplier) kundo.atg.se (external supplier) shop.atg.se (external supplier) r124.news.atg.se (external supplier) r123.news.atg.se (external supplier) r122.news.atg.se (external supplier) r121.news.atg.se (external supplier) webbshop.atg.se (external supplier) All other domains or subdomains not listed in the above list of \'Scopes\'. explore.alasco.com explore.alasco.de www.alasco.de alasco.de Please note that all non-authenticated areas of our systems are in scope for this program. This means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward. However, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program. Alasco will not provide access credentials to any system, not for testing and also not for issue validation. All domains or subdomains not listed in the above list of \'Scopes\'. Third-party applications and websites Not Belonging to Ant Group’s Products or Systems. https://logging.apache.org Anything related to mailing lists or other ASF infrastructure topics. Cassandra Appender Kafka Appender CouchDB components JSP Tag library Everything which is excluded on this page is also out-of-scope: https://logging.apache.org/security.html All assets not listed as in scope must be considered as out of the scope of this program Production environments are out of the scope of this program agora.beta.gouv.fr Web application\'s Github repository (https://github.com/agora-gouv/agora-webapp), you may refer to the mobile app\'s repository All domains not listed In-Scope Please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope. Any website that is not listed explicitly in the scope. However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty. Finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. Therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. However, a fraud activity enabled by a CSRF exploit for example is valid. Please note sncf-connect.com doesn\'t own the SNCF.com domains. Anything that is not listed as part of the scope, example : - https://www.sncf.com/ - https://tgvinoui.sncf/ - https://www.sncf-voyageurs.com/ - https://www.maxjeune-tgvinoui.sncf/ - https://www.malocationavis.sncf-connect.com/ The SNCF Connect mobile applications (Android and Apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by \'https://www.sncf-connect.com/bff\'). All domains or subdomains not listed in the above list of \'Scopes\' Zendesk and other third parties CMS websites own by Coindcx (Anything related to Wordpress etc) coindcx.com/blog info.coindcx.com otcdesk.coindcx.com careers.coindcx.com partnerportal.contentsquare.com uxawards.contentsquare.com www.contentsquare.com community.contentsquare.com brand.contentsquare.com blog.contentsquare.com csquad.contentsquare.com csd-*.contentsquare.com go.contentsquare.com hackathon.contentsquare.com security.contentsquare.com support.contentsquare.com learn.contentsquare.com university.contentsquare.com foundation.contentsquare.com content.contentsquare.com partners.contentsquare.com incident.contentsquare.com *.wwko*.contentsquare.com explore.contentsquare.com get.contentsquare.com trust.contentsquare.com loyalty.contentsquare.com Testing any other system than https://bounty.cryptobox.com, in particular *.cryptobox.com or *.ercom.fr. https://www.cybermalveillance.gouv.fr Anything that is not explicitely listed in scope section webdev.dana.id wp.dana.id fiat.dana.id cmsdev.dana.id techops.dana.id dm.dana.id encrypt.dana.id All domains or subdomains not listed in the above list of "Scopes" are considered out of scope https://doc.demarches-simplifiees.fr https://beta.gouv.fr/startups/demarches-simplifiees.fr \'démarches\' other than the two provided for the prupose of your tests AgentConnect/FranceConnect authentication feature All partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope). The local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify). The production environment (*.gouv.fr) is out of scope. https://fcp.integ01.dev-franceconnect.fr https://tableaudebord.integ01.dev-franceconnect.fr Everything that not listed as in scope is to be considered as out of scope of this program Please note that Tchap is hosted by a third party and thus vulnerabilities related to the host are out of the scope Any other host, tenant or service than the ones explicitly stated. www.dracoon.com *.dracoon.com *.dracoon.net *.dracoon.team *.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app) *.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io) *.fp-sign.com *.usersnap.com *.gdata.com *.retarus.com Anything not specifically listed as in-scope is out-of-scope. Distributed attacks (scraping must be done using only 1 IP at a time). Third-party widgets on www.datadome.co and app.datadome.co developers.deezer.com partners.deezer.com cdn-files.deezer.com cdn-content.deezer.com support.deezer.com deezercommunity.com deezer-blog.com deezer-brandsolutions.com deezerjobs.com desktop apps (electron) Note: should you discover a critical issue within an asset that falls outside the program\'s scope, we would appreciate it and may choose to offer a reward at our discretion. community.doctolib.com|.fr|.de|.it doctocommit.doctolib.fr doctolib.atlassian.net doctolib.zendesk.com store.doctolib.com share.doctolib.net All content which is not listed as "Scopes", especially any production system operated by customers "Scopes" in this program refer to the binary packages and source-code provided there, the systems providing those artefacts are out of scope Everything that is not directly related to the application or source-code in scope (e.g. GitHub, domain settings) scc-chat.ys7.com Test environment (for example: test.ys7.com) Pre-release environment (for example: pb.ys7.com) Only the list of modules in the description is in scope. We may add more modules in the future such as json-glib libxml2 libxslt gdk-pixbuf librsvg vte gtk flatpak xdg-desktop-portal xdg-desktop-portal-gnome GNOME Shell (particularly lock screen) gdm tracker-miners libsecret oo7 Anything apart from valid subdomains or otherwise explicitly listed entries in the Scope section is Out-Of-Scope. cloud.cloud2.harmanaudio.com cloud.cloud1.harmanaudio.com cloud.cloud3.harmanaudio.com https://secondchance.jbl.com/module/stripe_official/createIntent Anything not explicitly listed in the Scope section is Out-Of-Scope. For example, our e-commerce websites are out of scope in this program. Assets not listed in the in scope section are to be considered as out of the scope of this program and won\'t be eligible for reward https://api.pub1.infomaniak.cloud We do not manage Open Stack dashboard which is therefore out of scope newsletter.infomaniak.com ov-XX.infomaniak.ch and od-XX.infomaniak.ch sub domains This domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. This is only office application, an external app to open MS office documents. FTP credentials from our customers, like *.ftp.infomaniak.com VPS instances from our customers, like *.vps.infomaniak.com MySQL credentials from our customers, like *.myd.infomaniak.com Jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com User email verification Any security issue on Yousign & mangopay not related with Kiwai https://legapass.com app.legapass.com mailing.legapass.com url1490.legapass.com 29544328.legapass.com mato.legapass.com https://matrixreq.com https://demo.matrixreq.com Any domain not explicitely listed in scope Other subdomain of paymaya.com that has no direct integration/part of the mobile application Non-Production environments (test, dev, staging, or sandbox) Anything that is not explicitely listed as part of the Scope The Moneybox public website https://www.moneyboxapp.com/ and other moneyboxapp.com / moneyboxapp.org domains not listed are out of scope. Content served by the Cloudflare Access service (https://moneyboxapp.cloudflareaccess.com/*) is out of scope. These pages intentionally do not set a CORS Allow-Origin policy. We have seen this reported several times as a vulnerability, but it is intended behaviour and is considered out of scope. Security concerns originating from https://moneyboxapp.onelogin.com/ are typically considered out of scope. These pages and their content are served by OneLogin, and any issues should be reported to them directly. However, if an exploit explicitly enables bypassing OneLogin to access Moneybox systems or leaking Moneybox sensitive data, it is crucial to raise the concerns to both OneLogin and Moneybox. Out-Of-Scope are also other applications hosted under the www.otto.de domain but have a different path, that is not part of our core online shop itself (you will notice, since the design of the page is completely different) Those include but are not limited to (if unsure, contact us before executing the tests): https://www.otto.de/reblog https://www.otto.de/roombeez https://www.otto.de/twoforfashion https://www.otto.de/soulfully https://www.otto.de/updated https://www.otto.de/newsroom https://www.otto.de/kundenchat https://www.otto.de/clara https://www.otto.de/user/sendcallbackrequest https://www.otto.de/user/contactFormSubmit https://keycloak.apps.otto.de /apps-messenger (the chatbot in general is out of scope) /tracking Please let us know if you have any questions regarding the scope. Vulnerabilities reported on other services or applications are not allowed. Vulnerabilities reported on client services *.osp.ovh.com All domains which are not listed as "Scopes", especially any production system operated by customers Antivirus and anti-spam filtering on the sandbox environment, this has been disabled to avoid research disruption The components "imageconverter", "documentconverter", "spellchecker" and "cacheservice" are temporarily out of scope. CMS websites own by Okto (Anything related to Wordpress etc) Customer support form (https://help-okto.sprinklr.com/help/) All other third parties Security Vulnerabilities that can only be caused by using OpenPGP.js\'s low-level API, or by using OpenPGP.js\'s high-level API in an incorrect or unintended way Security Vulnerabilities in the OpenPGP Standard that are not possible to fix or work around in OpenPGP.js (without causing interoperability issues) Interoperability Issues that are caused by other OpenPGP implementations\' non-compliance with the OpenPGP Standard All other Pine Labs assets that are not listed above are to be treated as out of scope All domains not listed In-Scope. chameleon: https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg Anything related to https://sequoia-pgp.org all domains not listed in scopes, noteworthy: www.sogexia.com support.sogexia.com www.sogexiaclub.com Social media accounts Session keeps using old user group permissions if user group permissions are changed during a given session\'s lifespan Contact form (especially HubSpot ones) Any other Spacelift assets not specifically listed as in-scope. Any communication with Spacelift colleagues. Attacks against any account other than the specified target accounts. Data breaches or credential dumps. Third-party companies that perform business transactions for Spacelift By default all the endpoints that are not listed in the allowed scopes are out of scope of the program. *dev.swapcard.com page.swapcard.com blog.swapcard.com (Hubspot) aide.swapcard.com (Zoho) help.swapcard.com (Zoho) books.swapcard.com (Zoho) l.swapcard.com c.swapcard.com sentry.swapcard.com (Except if you notice a miss-configuration) survey.swapcard.com www.swapcard.com (static corporate website) Anything that has not been described as in scope in the previous section is automatically out of scope. Attacks on administrative and surrounding systems that are not used for the in-scope services are not permitted (this includes DNS, NTP, routers, systems of the ISP, etc.). The alternative login (https://login.swissid.ch) is out of scope. It also leads to the in-scope service, (https://account.post.ch) but we have designated it as out of scope. Any services related to Incamail (for example https://incamail-dev.post.ch (194.41.248.224) and https://incamail-test.post.ch (194.41.248.58)) Please note that some of the applications may contain links or redirect you away from the URIs described in the scope section. This means you are leaving the scope if you follow these links / redirects. Anything that is not explicitely listed in the ‘Scope’ section. *.bbcust.telenor.se *.cust.telenor.se *.sme.telenor.se *.cust.bredbandsbolaget.se *.customers.ownit.se *.cust.ownit.se stage-vimla-se.vimla.io Any domain that looks like it\'s owned by a third party or customer due customer\'s privacy Mobile services and devices provided by Telenor Sweden and subsidiaries not reachable from Internet Connect ID - Hosted by Telenor Group Other business units of the Telenor Group - including *.telenor.com Please note that the vulnerabilities reported for the following assets will not be eligible for bounties. *.qzoneapp.com *. myqcloud.com *Notes about Tencent Cloud (cloud.tencent.com as included in *.tencent.com) Only vulnerabilities affecting the platform itself and IP owned by Tencent will be accepted. If an IP belongs to Tencent Cloud external customer, it is not considered in scope. All 3rd parties are out of scope All other VFS assets that are not listed above as in scope are automatically out of scope https://india-usa.vfsglobal.com https://vire.vfsglobal.com vfsglobal.com.ru myeasydocs.co.il nssr-7.vfsglobal.com https://uat-lift.vfsglobal.com/_angular/main.8dbd1aa97c38b188.js?v=6.0.29 https://liftassets.vfsglobal.com/_nuxt/46217fc777819548fddb.js https://ukvitest.vfsglobal.com/_angular/main.3ca04c44a2718f71.js?v=1.0.22 https://online.vfsevisa.com/main-es2015.521ef2e1d9f68fd1bb90.js https://online.vfsevisa.com/main-es5.521ef2e1d9f68fd1bb90.js?v=3.1.6 https://portal.vfsevisa.com/main-es2015.987b1b526aa8041bfdee.js https://portal.vfsevisa.com/main-es5.987b1b526aa8041bfdee.js?v=3.1.6 https://uat-lift.vfsglobal.com/_angular/main.c05c54e8703c3a9f.js?v=6.0.36 https://online.vfsevisa.com/main-es2015.6d514e86ec7c6492aafc.js?v=3.1.2 https://portal.vfsevisa.com/main-es2015.7857657af609ca5e4bc5.js?v=3.1.4 https://egonline.vfsevisa.com/main-es2015.c7bb991442356b23f23e.js?v=3.1.3 !! Links pointing to other FQDNs are always out of scope !! only exception: wishes.vinci.com (english version of voeux.vinci.com) is included in the scope All PDF documents published or served on castor.vinci.com are public, thank you for not reporting any bug linked to the accessibility of these documents. All domains, devices and mobile Apps not listed In-Scope. Any issues with Wallet or KYC features (There are third party services) Everything that\'s out of the scope root URL Anything that is not listed explicitly in the scope. Known protocol limitations related to the NTP protocol Anything related to the NTPv5 and/or NTS Pool KE features (both disabled by default), unless it impacts other parts of the software Anything related to *.ntpd-rs.pendulum-project.org Anything related to the CI pipeline or GitHub related hosting *.owncloud.org *.owncloud.com journal sealing in systemd-journald: there are known issue that need to be solved first, before this feature can be included in the program Anything related to https://systemd.io '; preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0); // Print the entire match result var_dump($matches);

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php