Regular Expressions 101

Save & Share

  • Regex Version: ver. 3
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

#include <StringConstants.au3> ; to declare the Constants of StringRegExp #include <Array.au3> ; UDF needed for _ArrayDisplay and _ArrayConcatenate Local $sRegex = "(?m)(\*-[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|\*\.?[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|[a-zA-Z0-9]+(\.\*)?\.[a-zA-Z0-9]+(\.[a-zA-Z]{2,}))" Local $sString = "https://acorns.com/" & @CRLF & _ "*.acorns.com/" & @CRLF & _ "https://apps.apple.com/us/app/acorns-invest-spare-change/id883324671" & @CRLF & _ "Acorns for iOS" & @CRLF & _ "https://graphql.acorns.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.acorns.android&hl=en_US&gl=US" & @CRLF & _ "Acorns for Android" & @CRLF & _ "https://www.gohenry.com/" & @CRLF & _ "https://www.pixpay.fr/" & @CRLF & _ "https://apps.apple.com/au/app/afterpay-shop-now-pay-later/id1230286588" & @CRLF & _ "Afterpay iOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.afterpaymobile.us&hl=en_US&gl=US" & @CRLF & _ "Afterpay Android App" & @CRLF & _ "https://portal.afterpay.com" & @CRLF & _ "portal.afterpay.com" & @CRLF & _ "https://afterpay.com" & @CRLF & _ "*.afterpay.com" & @CRLF & _ "https://mobileapi.afterpay.com" & @CRLF & _ "mobileapi.afterpay.com" & @CRLF & _ "https://portalapi.us.afterpay.com" & @CRLF & _ "portalapi.*.afterpay.com" & @CRLF & _ "https://developers.afterpay.com" & @CRLF & _ "developers.afterpay.com" & @CRLF & _ "https://apps.apple.com/gb/app/clearpay-buy-now-pay-later/id1474022186" & @CRLF & _ "Clearpay iOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.afterpaymobile.uk" & @CRLF & _ "Clearpay Android App" & @CRLF & _ "https://clearpay.co.uk" & @CRLF & _ "clearpay.co.uk" & @CRLF & _ "https://clearpay.com" & @CRLF & _ "clearpay.com" & @CRLF & _ "https://portal.clearpay.com" & @CRLF & _ "portal.clearpay.com" & @CRLF & _ "https://portal.clearpay.co.uk" & @CRLF & _ "portal.clearpay.co.uk" & @CRLF & _ "https://mobileapi.clearpay.com" & @CRLF & _ "mobileapi.clearpay.com" & @CRLF & _ "https://portalapi.eu.clearpay.co.uk" & @CRLF & _ "portalapi.eu.clearpay.co.uk" & @CRLF & _ "https://api.clearpay.com" & @CRLF & _ "api.clearpay.com" & @CRLF & _ "Aiven for Clickhouse" & @CRLF & _ "" & @CRLF & _ "Aiven for Dragonfly" & @CRLF & _ "Aiven for Metrics" & @CRLF & _ "Aiven for Valkey" & @CRLF & _ "Aiven for Apache Cassandra" & @CRLF & _ "Aiven for AlloyDB Omni" & @CRLF & _ "Aiven for OpenSearch" & @CRLF & _ "Aiven for Grafana" & @CRLF & _ "Aiven for Apache Kafka" & @CRLF & _ "Aiven for M3" & @CRLF & _ "Aiven for PostgreSQL" & @CRLF & _ "Aiven for Caching" & @CRLF & _ "Aiven for MySQL" & @CRLF & _ "Aiven for Apache Flink" & @CRLF & _ "https://aiven.io/" & @CRLF & _ "aiven.io" & @CRLF & _ "https://console.aiven.io/login" & @CRLF & _ "console.aiven.io" & @CRLF & _ "https://api.aiven.io/login" & @CRLF & _ "api.aiven.io" & @CRLF & _ "https://github.com/Aiven-Open" & @CRLF & _ "github.com/Aiven-Open" & @CRLF & _ "https://github.com/Aiven" & @CRLF & _ "github.com/Aiven" & @CRLF & _ "http://falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com/" & @CRLF & _ "falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com" & @CRLF & _ "https://ampol.com.au/" & @CRLF & _ "Ampol Website" & @CRLF & _ "https://apps.apple.com/au/app/caltex-australia/id1314768594" & @CRLF & _ "Ampol iOS mobile app" & @CRLF & _ "https://play.google.com/store/apps/details?id=au.com.ampol.flagship&hl=en_AU&gl=US" & @CRLF & _ "Ampol Android mobile app" & @CRLF & _ "https://ampcharge.ampol.com.au/" & @CRLF & _ "Ampcharge" & @CRLF & _ "https://ampolenergy.com.au" & @CRLF & _ "Ampol Energy" & @CRLF & _ "https://play.google.com/store/apps/details?id=au.com.ampol.teamapp" & @CRLF & _ "Work@ampol" & @CRLF & _ "https://my.ampol.com.au/" & @CRLF & _ "My Ampol" & @CRLF & _ "https://carbonneutral.ampol.com.au/" & @CRLF & _ "Carbon Neutral Fuel" & @CRLF & _ "https://cards.ampol.com.au" & @CRLF & _ "Ampol Card" & @CRLF & _ "Arlo Safe Android App" & @CRLF & _ "Arlo Safe iOS App" & @CRLF & _ "Arlo Secure Android App" & @CRLF & _ "null" & @CRLF & _ "Arlo Secure iOS App" & @CRLF & _ "Arlo" & @CRLF & _ "Arlo All-In-One Sensor (Home Security System)" & @CRLF & _ "Arlo Baby" & @CRLF & _ "Arlo Base Station" & @CRLF & _ "Arlo Bridge" & @CRLF & _ "Arlo Cellular & Battery Backup (Home Security System)" & @CRLF & _ "Arlo Chime / Chime 2" & @CRLF & _ "Arlo Essential" & @CRLF & _ "Arlo Floodlight" & @CRLF & _ "Arlo Go / Go 2" & @CRLF & _ "Arlo Home Security System" & @CRLF & _ "Arlo Pro" & @CRLF & _ "Arlo Pro 2" & @CRLF & _ "Arlo Pro 3" & @CRLF & _ "Arlo Pro 4" & @CRLF & _ "Arlo Pro 5S" & @CRLF & _ "Arlo Q / Q+" & @CRLF & _ "Arlo Safe Button" & @CRLF & _ "Arlo Security Light" & @CRLF & _ "Arlo Ultra" & @CRLF & _ "Arlo Video Doorbell" & @CRLF & _ "Arlo Wireless Video Doorbell" & @CRLF & _ "Arlo Wire-Free Outdoor Siren (Home Security System)" & @CRLF & _ "*.arlo.com" & @CRLF & _ "*.arloxcld.com" & @CRLF & _ "https://*-prod.arlo.com" & @CRLF & _ "https://arlo-device.messaging.netgear.com" & @CRLF & _ "https://beta.arlo.com" & @CRLF & _ "https://community.arlo.com" & @CRLF & _ "https://downloads.arlo.com" & @CRLF & _ "https://mcs.arlo.com" & @CRLF & _ "https://my.arlo.com" & @CRLF & _ "https://myapi.arlo.com" & @CRLF & _ "https://www.arlo.com" & @CRLF & _ "https://updates.arlo.com" & @CRLF & _ "Aruba Wireless – ArubaOS and Aruba Instant" & @CRLF & _ "Aruba ClearPass Policy Manager" & @CRLF & _ "ArubaOS-CX Wired Switches" & @CRLF & _ "Aruba EdgeConnect Enterprise Orchestrator" & @CRLF & _ "Aruba EdgeConnect Enterprise" & @CRLF & _ "Aruba InstantOn APs and supporting backend infrastructure" & @CRLF & _ "Aruba Fabric Composer" & @CRLF & _ "Aruba NetEdit" & @CRLF & _ "*.central.arubanetworks.com" & @CRLF & _ "Aruba InstantOn Switches" & @CRLF & _ "Aruba AirWave AMP" & @CRLF & _ "https://www.arubanetworks.com/products/networking/analytics-and-assurance/user-experience-insight-sensors/" & @CRLF & _ "Aruba User Experience Insight Sensors" & @CRLF & _ "asp-stg-develop.eks-stg-use1.getaws.arubanetworks.com" & @CRLF & _ "lms-stg-develop.eks-stg-use1.getaws.arubanetworks.com" & @CRLF & _ "www.arubanetworks.com" & @CRLF & _ "www.arubainstanton.com" & @CRLF & _ "mspshowcase.arubanetworks.com" & @CRLF & _ "ase.arubanetworks.com" & @CRLF & _ "blogs.arubanetworks.com" & @CRLF & _ "aed.arubanetworks.com" & @CRLF & _ "connect.arubanetworks.com" & @CRLF & _ "devhub.arubanetworks.com" & @CRLF & _ "https://app.asana.com" & @CRLF & _ "app.asana.com" & @CRLF & _ "https://asana.com" & @CRLF & _ "asana.com" & @CRLF & _ "https://asana.com/apps?category=made-by-asana" & @CRLF & _ "*.asana.plus" & @CRLF & _ "*.asana.biz" & @CRLF & _ "https://asana.com/download" & @CRLF & _ "Asana Desktop App" & @CRLF & _ "https://apps.apple.com/us/app/asana-mobile/id489969512" & @CRLF & _ "Asana iOS app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.asana.app&hl=en" & @CRLF & _ "Asana Android app" & @CRLF & _ "https://form.asana.com" & @CRLF & _ "form.asana.com" & @CRLF & _ "*.app.asana.com" & @CRLF & _ "https://admin.atlassian.com/atlassian-access" & @CRLF & _ "Atlassian Access (https://admin.atlassian.com/atlassian-access)" & @CRLF & _ "https://admin.atlassian.com/" & @CRLF & _ "Atlassian Admin (https://admin.atlassian.com/)" & @CRLF & _ "https://id.atlassian.com/login" & @CRLF & _ "Atlassian Identity (https://id.atlassian.com/login)" & @CRLF & _ "https://start.atlassian.com" & @CRLF & _ "Atlassian Start (https://start.atlassian.com)" & @CRLF & _ "https://bitbucket.org" & @CRLF & _ "Bitbucket Cloud including Bitbucket Pipelines (https://bitbucket.org)" & @CRLF & _ "https://www.atlassian.com/software/confluence" & @CRLF & _ "Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)" & @CRLF & _ "https://www.atlassian.com/software/confluence/premium" & @CRLF & _ "Confluence Cloud Premium (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.atlassian.android.confluence.core&hl=en_US&gl=US" & @CRLF & _ "Confluence Cloud Mobile App for Android" & @CRLF & _ "https://apps.apple.com/us/app/confluence-cloud/id1006971684" & @CRLF & _ "Confluence Cloud Mobile App for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&hl=en_US&gl=US" & @CRLF & _ "Jira Cloud Mobile App for Android" & @CRLF & _ "https://apps.apple.com/us/app/jira-cloud-by-atlassian/id1006972087" & @CRLF & _ "Jira Cloud Mobile App for iOS" & @CRLF & _ "https://www.atlassian.com/software/jira/service-management" & @CRLF & _ "Jira Service Management Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)" & @CRLF & _ "https://www.atlassian.com/software/jira" & @CRLF & _ "Jira Software Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)" & @CRLF & _ "https://www.atlassian.com/software/jira/work-management" & @CRLF & _ "Jira Work Management Cloud formerly Jira Core (bugbounty-test-<bugcrowd-name>.atlassian.net)" & @CRLF & _ "Any associated *.atlassian.com or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance" & @CRLF & _ "https://www.atlassian.com/software/rovo" & @CRLF & _ "Rovo" & @CRLF & _ "https://www.atlassian.com/software/compass" & @CRLF & _ "Atlassian Compass" & @CRLF & _ "https://marketplace.atlassian.com" & @CRLF & _ "Atlassian Marketplace (https://marketplace.atlassian.com)" & @CRLF & _ "https://www.atlassian.com/software/atlas" & @CRLF & _ "Atlassian Atlas" & @CRLF & _ "https://www.atlassian.com/enterprise/data-center/bitbucket" & @CRLF & _ "Bitbucket Data Center" & @CRLF & _ "https://www.atlassian.com/enterprise/data-center/confluence" & @CRLF & _ "Confluence Data Center" & @CRLF & _ "https://www.atlassian.com/enterprise/data-center/crowd" & @CRLF & _ "Crowd" & @CRLF & _ "https://www.atlassian.com/enterprise/data-center/jira" & @CRLF & _ "Jira Core Data Center" & @CRLF & _ "https://www.atlassian.com/enterprise/data-center/jira/service-management" & @CRLF & _ "Jira Service Management Data Center" & @CRLF & _ "Jira Software Data Center" & @CRLF & _ "https://*.atlastunnel.com" & @CRLF & _ "*.atlastunnel.com" & @CRLF & _ "Any other *.atlassian.com or *.atl-paas.net domain that cannot be exploited directly from a *.atlassian.net instance" & @CRLF & _ "https://www.atlassian.com/software/bamboo" & @CRLF & _ "Bamboo" & @CRLF & _ "https://confluence.atlassian.com/doc/install-atlassian-companion-992678880.html" & @CRLF & _ "Confluence Companion App for macOS and Windows" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.atlassian.confluence.server" & @CRLF & _ "Confluence Data Center Mobile App for Android" & @CRLF & _ "https://apps.apple.com/us/app/confluence-server/id1288365159" & @CRLF & _ "Confluence Data Center Mobile App for iOS" & @CRLF & _ "https://www.atlassian.com/software/crucible" & @CRLF & _ "Crucible" & @CRLF & _ "https://www.atlassian.com/software/fisheye" & @CRLF & _ "FishEye" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.atlassian.jira.server&hl=en_US&gl=US" & @CRLF & _ "Jira Data Center Mobile App for Android" & @CRLF & _ "https://apps.apple.com/us/app/jira-server/id1405353949" & @CRLF & _ "Jira Data Center Mobile App for iOS" & @CRLF & _ "https://www.sourcetreeapp.com/" & @CRLF & _ "Sourcetree for macOS and Windows (https://www.sourcetreeapp.com/)" & @CRLF & _ "Other - (all other Atlassian targets)" & @CRLF & _ "https://www.atlassian.com/software/jira/product-discovery" & @CRLF & _ "Jira Product Discovery" & @CRLF & _ "Forge Platform" & @CRLF & _ "GraphQL API (bugbounty-test-<bugcrowd-name>.atlassian.net/gateway/api/graphql)" & @CRLF & _ "https://www.npmjs.com/package/@forge/cli " & @CRLF & _ "https://www.npmjs.com/package/@forge/cli" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud" & @CRLF & _ "Jira Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud" & @CRLF & _ "Jira Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud" & @CRLF & _ "Jira Service Management Widget - Cloud - https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud" & @CRLF & _ "Embedded Marketplace for Jira - Cloud - https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud" & @CRLF & _ "Statuspage for Jira - Cloud - https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud" & @CRLF & _ "Spreadsheets for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud" & @CRLF & _ "Opsgenie - Cloud - https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud" & @CRLF & _ "Confluence Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud" & @CRLF & _ "Confluence Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud" & @CRLF & _ "Embedded Marketplace for Confluence - Cloud - https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud" & @CRLF & _ "Analytics for Confluence - Cloud - https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud" & @CRLF & _ "Automation for Jira - Cloud - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud" & @CRLF & _ "Opsgenie Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud" & @CRLF & _ "Opsgenie Incident Timeline EU - Cloud - https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud" & @CRLF & _ "Jira Cloud for Outlook (Official) - Cloud - https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server" & @CRLF & _ "Project transfer for Crucible - Server - https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server" & @CRLF & _ "Reconcile unknown attachments - Server - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud" & @CRLF & _ "Training for Jira - Cloud - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter" & @CRLF & _ "Training for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server" & @CRLF & _ "Training for Jira - Server - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter" & @CRLF & _ "Reconcile unknown attachments - Data Center - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server" & @CRLF & _ "Change Management Workflow for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud" & @CRLF & _ "Admin Kit for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud" & @CRLF & _ "Form macro builder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud" & @CRLF & _ "Admin Kit for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud" & @CRLF & _ "GitHub for Jira - Cloud - https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloudhttps://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloud" & @CRLF & _ "Confluence Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter" & @CRLF & _ "Bitbucket Server Protect Unmerged Hook - Data Center - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter" & @CRLF & _ "Change Management Workflow for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud" & @CRLF & _ "Confluence recent edits overview - Cloud - https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server" & @CRLF & _ "Bitbucket Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams?hosting=cloud" & @CRLF & _ "Jira Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter" & @CRLF & _ "Cloud Compatibility for Jira - DataCenter - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud" & @CRLF & _ "Decisions Helper for Confluence - Cloud - https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server" & @CRLF & _ "Jira Enterprise Scale Assessment Tool - Server - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter" & @CRLF & _ "Troubleshooting and Support - Bamboo - Data Center - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "Bitbucket Cloud Migration Assistant - Data Center - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud" & @CRLF & _ "Hackathon Workflow Alan - Cloud - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter" & @CRLF & _ "Hackathon Workflow Alan - Data Center - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server" & @CRLF & _ "Application tunnels - Server - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter" & @CRLF & _ "Application tunnels - DataCenter - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud" & @CRLF & _ "Comms Dashboard - Cloud - https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud" & @CRLF & _ "Ipython Notebook Viewer - Cloud - https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview" & @CRLF & _ "Atlas for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview" & @CRLF & _ "Jira Enterprise Scale Assessment Tool - DataCenter - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud" & @CRLF & _ "Add watchers at issue creation - Cloud - https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212137/assets?hosting=server" & @CRLF & _ "Assets - Server - https://marketplace.atlassian.com/apps/1212137/assets?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud" & @CRLF & _ "Developer Assistant for Confluence - Cloud - https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud" & @CRLF & _ "Developer Assistant for Jira - Cloud - https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud" & @CRLF & _ "Cloud Migration Planner - Cloud - https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud" & @CRLF & _ "Team Calendars for Confluence - Cloud - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=datacenter" & @CRLF & _ "Automation for Jira - DataCenter - https://marketplace.atlassian.com/apps/1215460/automation-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server" & @CRLF & _ "Automation for Jira - Data Center and Server - Server - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter" & @CRLF & _ "Team Calendars for Confluence - DataCenter - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server" & @CRLF & _ "Team Calendars for Confluence - Server - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter" & @CRLF & _ "Advanced Roadmaps (formerly Portfolio) - DataCenter - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server" & @CRLF & _ "Advanced Roadmaps (formerly Portfolio) - Server - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server" & @CRLF & _ "Atlassian Universal Plugin Manager - Server - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter" & @CRLF & _ "Atlassian Universal Plugin Manager - DataCenter - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter" & @CRLF & _ "Questions for Confluence - DataCenter - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server" & @CRLF & _ "Questions for Confluence - Server - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud" & @CRLF & _ "Questions for Confluence - Cloud - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter" & @CRLF & _ "Troubleshooting and Support - Jira - DataCenter - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server" & @CRLF & _ "Troubleshooting and Support - Jira - Server - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter" & @CRLF & _ "Troubleshooting and Support - Confluence - DataCenter - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server" & @CRLF & _ "Troubleshooting and Support - Confluence - Server - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "Confluence Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server" & @CRLF & _ "Confluence Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter" & @CRLF & _ "SSO for Atlassian Server and Data Center - DataCenter - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server" & @CRLF & _ "SSO for Atlassian Server and Data Center - Server - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server" & @CRLF & _ "Jira Calendar Plugin - Server - https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server" & @CRLF & _ "Automation for Jira - Server Lite - Server - https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter" & @CRLF & _ "Jira Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server" & @CRLF & _ "Jira Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud" & @CRLF & _ "Google Drive for Confluence (Official) - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "Auto Unapprove for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server" & @CRLF & _ "Auto Unapprove for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server" & @CRLF & _ "Troubleshooting and Support - Bamboo - Server - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server" & @CRLF & _ "Web Post Hooks for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server" & @CRLF & _ "Look and Feel for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server" & @CRLF & _ "Icons for Jira - Server - https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server" & @CRLF & _ "Troubleshooting and Support - FeCru - Server - https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud" & @CRLF & _ "Jira Cloud for CRM (Official) - Cloud - https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server" & @CRLF & _ "Trello Connector for Jira Server - Server - https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter" & @CRLF & _ "Confluence Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server" & @CRLF & _ "Confluence Server for Slack (Official) - Sever - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server" & @CRLF & _ "Statuspage for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter" & @CRLF & _ "Statuspage for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud" & @CRLF & _ "Statuspage for Jira Service Management - Cloud - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server" & @CRLF & _ "Reviewer Suggester for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server" & @CRLF & _ " Mobile Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server" & @CRLF & _ "Jira Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter" & @CRLF & _ "Bitbucket Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server" & @CRLF & _ "Bitbucket Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server" & @CRLF & _ "Bitbucket Server Protect Unmerged Hook - Server - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server" & @CRLF & _ "Advanced Roadmaps for Jira in Confluence - Server - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter" & @CRLF & _ "Advanced Roadmaps for Jira in Confluence - DataCenter - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud" & @CRLF & _ "Microsoft OneDrive for Business - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server" & @CRLF & _ "Centralized license visibility - Server - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter" & @CRLF & _ "Centralized license visibility - DataCenter - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server" & @CRLF & _ "Atlassian Team Playbook blueprints - Server - https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server" & @CRLF & _ "Troubleshooting and Support - Crowd - Server - https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server" & @CRLF & _ "Jet by Jira Align - Server - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter" & @CRLF & _ "Jet by Jira Align - DataCenter - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud" & @CRLF & _ "Jet by Jira Align - Cloud - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server" & @CRLF & _ "Pre-Post Build Command Runner - Server - https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "Permission Lockdown for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server" & @CRLF & _ "Permission Lockdown for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server" & @CRLF & _ "Directory Scanning Plugin - Server - https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud" & @CRLF & _ "AWS Service Catalog for JSM Cloud - Cloud - https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server" & @CRLF & _ "VFS for Git for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server" & @CRLF & _ "Delegated Directory Pruning for Crowd - Server - https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server" & @CRLF & _ "Cloud Compatibility for Jira - Server - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server" & @CRLF & _ "Xcode for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview" & @CRLF & _ "Jira Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud" & @CRLF & _ "Confluence Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server" & @CRLF & _ "Jenkins integration for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server" & @CRLF & _ "Atlassian Plugin SDK - Mac OS X - Server - https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server" & @CRLF & _ "Atlassian Plugin SDK - TGZ - Server - https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud" & @CRLF & _ "Jira Cloud Power-Up for Trello - Cloud - https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud" & @CRLF & _ "Jira Cloud for Google Sheets (Official) - Cloud - https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server" & @CRLF & _ "Atlassian Plugin SDK - Windows - Server - https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud" & @CRLF & _ "Bitbucket Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server" & @CRLF & _ "Atlassian Plugin SDK - RPM - Server - https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server" & @CRLF & _ "Atlassian Plugin SDK - DEB - Server - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud" & @CRLF & _ "Atlassian Plugin SDK - DEB - Cloud - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server" & @CRLF & _ "Bitbucket Server Backup Client - Server - https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud" & @CRLF & _ "Jira Cloud for Excel (official) - Cloud - https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud" & @CRLF & _ "Jenkins for Jira (official) - Cloud - https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud" & @CRLF & _ "Atlassian Cloud for Gmail - Cloud - https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud" & @CRLF & _ "Bitbucket Pipelines for Jira - Cloud - https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter" & @CRLF & _ "Mobile Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server" & @CRLF & _ "Confluence Source Editor - Server - https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server" & @CRLF & _ "AutoLink Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=server" & @CRLF & _ "Assets Tempo Integration - Server - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=datacenter" & @CRLF & _ "Assets - Tempo Integration - DataCenter - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=server" & @CRLF & _ "Assets - Jamf Integration - Server - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=datacenter" & @CRLF & _ "Assets - Jamf Integration - DataCenter - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server" & @CRLF & _ "JMeter Aggregator for Bamboo - Server - https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=server" & @CRLF & _ "Assets - Device42 Integration - Server - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=datacenter" & @CRLF & _ "Assets - Device42 Integration - DataCenter - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212137/insight-asset-management?hosting=datacenter" & @CRLF & _ "Assets - DataCenter - https://marketplace.atlassian.com/apps/1212137/assets?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=server" & @CRLF & _ "Assets - AWS Integration - Server - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=datacenter" & @CRLF & _ "Assets - AWS Integration - DataCenter - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=datacenter" & @CRLF & _ "Assets - Google Cloud Integration - DataCenter - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=server" & @CRLF & _ "Assets - Google Cloud Integration - Server - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=datacenter" & @CRLF & _ "Assets - NVD Integration - DataCenter - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=server" & @CRLF & _ "Assets - NVD Integration - Server - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server" & @CRLF & _ "Variable tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server" & @CRLF & _ "Change Management for JSM - Server - https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server" & @CRLF & _ "Microsoft Teams for Jira - Server - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter" & @CRLF & _ "Microsoft Teams for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server" & @CRLF & _ "Disable Referer for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=datacenter" & @CRLF & _ "Assets Discovery - DataCenter - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server" & @CRLF & _ "Jira to Jira Issue Copy - Server - https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud" & @CRLF & _ "JavaScript Charts for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud" & @CRLF & _ "Entity Property Tool for Jira - Cloud - https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server" & @CRLF & _ "Confluence Issue Tab Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud" & @CRLF & _ "My Reminders for Jira - Cloud - https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server" & @CRLF & _ "Code Coverage for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server" & @CRLF & _ "Agent Usage Visualization for Bamboo - Server - https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=server" & @CRLF & _ "Assets - ServiceNow Integration - Server - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=datacenter" & @CRLF & _ "Assets - ServiceNow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server" & @CRLF & _ "Asana Importer Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server" & @CRLF & _ "Announcement Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server" & @CRLF & _ "GitHub webhooks for Fisheye - Server - https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server" & @CRLF & _ "Assign Reviewer Groups - Server - https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server" & @CRLF & _ "Mandatory Reviewers for Crucible - Server - https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server" & @CRLF & _ "Release Report for Fisheye - Server - https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server" & @CRLF & _ "Archive Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud" & @CRLF & _ "Rich Text Gadget for Jira - Cloud - https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server" & @CRLF & _ "Continuous Plugin Deployment for Bamboo - Server - https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud" & @CRLF & _ "Previous/next navigation - Cloud - https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud" & @CRLF & _ "Hackathon for Jira - Cloud - https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud" & @CRLF & _ "Who's Looking for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server" & @CRLF & _ "Predator Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server" & @CRLF & _ "SBT Task Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server" & @CRLF & _ "Dependency Graph Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server" & @CRLF & _ "Agent Notifications for Bamboo - Server - https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server" & @CRLF & _ "Conditional tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server" & @CRLF & _ "Build Times for Bamboo 5.10+ - Server - https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server" & @CRLF & _ "Fail Build Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server" & @CRLF & _ "After Deployment Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server" & @CRLF & _ "Queue Priority Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=server" & @CRLF & _ "Assets - Confluence Macro - Server - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=datacenter" & @CRLF & _ "Assets - Azure Integration - DataCenter - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=server" & @CRLF & _ "Assets - SCCM Integration - Server - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=datacenter" & @CRLF & _ "Assets - SCCM Integration - DataCenter - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=datacenter" & @CRLF & _ "Assets - Snow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=datacenter" & @CRLF & _ "Assets - Jira & Bitbucket Integration - DataCenter - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=server" & @CRLF & _ "Assets - Snow Integration - Server - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=datacenter" & @CRLF & _ "Assets - Confluence Macro - DataCenter - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=server" & @CRLF & _ "Assets - Azure Integration - Server - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=server" & @CRLF & _ "Assets - Jira & Bitbucket Integration - Server - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server" & @CRLF & _ " Mobile Plugin for Confluence Data Center and Server - Server - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter" & @CRLF & _ " Mobile Plugin for Confluence Data Center and Server - Data Center - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server" & @CRLF & _ "Inbox Hook for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server" & @CRLF & _ "Release Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server" & @CRLF & _ "Image Paste for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server" & @CRLF & _ "Copy Source for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server" & @CRLF & _ "Look and Feel for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server" & @CRLF & _ "Repository QuickAdd for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server" & @CRLF & _ "Review Creator for Fisheye - Server - https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server" & @CRLF & _ "Bulk delete review files for Crucible - Server - https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server" & @CRLF & _ "File Tagging Plugin for Crucible - Server - https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server" & @CRLF & _ "Copy Space for Confluence - Server - https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server" & @CRLF & _ "Favorites Dialog for Confluence - Server - https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server" & @CRLF & _ "Jira Charting Plugin - Server - https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server" & @CRLF & _ "Workflow Screenshot for Jira - Server - https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server" & @CRLF & _ "Toolkit Plugin for Jira - Server - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server" & @CRLF & _ "Mobile Connect Plugin for Jira - Server - https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server" & @CRLF & _ "SSL for Jira - Server - https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server" & @CRLF & _ "Data Generator for Jira - Server - https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "Jira Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server" & @CRLF & _ "Thready - Give Tomcat threads a name - Server - https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server" & @CRLF & _ "Atlassian REST API Browser - Server - https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server" & @CRLF & _ "Issue Edit Notifications for Jira - Server - https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud" & @CRLF & _ "Sticker Printer for Jira - Cloud - https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud" & @CRLF & _ "Better Code Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud" & @CRLF & _ "Microsoft Teams for Bitbucket Cloud - Cloud - https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud" & @CRLF & _ "Microsoft Teams for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "Disable Referer for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server" & @CRLF & _ "opsgenie-bamboo-plugin - Server - https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "Look and Feel for Bitbucket Server - Datacenter - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=cloud" & @CRLF & _ "Assets Discovery - Cloud - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server" & @CRLF & _ "Bamboo build status notifier - Server - https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server" & @CRLF & _ "Crucible build status - Server - https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server" & @CRLF & _ "ProForma Lite: Forms & Checklists - Server - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server" & @CRLF & _ "ProForma: Forms & Checklist for Jira - Server - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter" & @CRLF & _ "ProForma: Forms & Checklist for Jira - Datacenter - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter" & @CRLF & _ "ProForma Lite: Forms & Checklists - Datacenter - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud" & @CRLF & _ "JSM Assets - Microsoft Entra ID (Azure AD) Beta Integration - Cloud - https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud" & @CRLF & _ "Mermaid diagrams viewer-Cloud-https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud" & @CRLF & _ "Extension Point Finder for Jira - Cloud - https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud" & @CRLF & _ "Extension Point Finder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud" & @CRLF & _ "Issue Status Helper - Cloud - https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud" & @CRLF & _ "Databricks Visualization - Cloud - https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud" & @CRLF & _ "Audio Recorder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud" & @CRLF & _ "Localised Date Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter" & @CRLF & _ "Bump Build Number - DataCenter - https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud" & @CRLF & _ "Event Sign-up for Confluence - Cloud - https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud" & @CRLF & _ "Data Manager Clients for JSM Assets - Cloud - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter" & @CRLF & _ "Data Manager Clients for JSM Assets - DataCenter - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter" & @CRLF & _ "App Usage for Jira - DatCenter - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server" & @CRLF & _ "App Usage for Jira - Server - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud" & @CRLF & _ "Azure DevOps for Jira (Official) - Cloud - https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud" & @CRLF & _ "JSM Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Sentry for Compass - Cloud - https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "GitHub for Compass - Cloud - https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "GitLab for Compass - Cloud - https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Bitbucket for Compass - Cloud - https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Snyk for Compass - Cloud - https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Slack for Compass - Cloud - https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Opsgenie for Compass - Cloud - https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Statuspage for Compass - Cloud - https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "New Relic for Compass - Cloud - https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "CircleCI for Compass - Cloud - https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "Swagger UI for Compass - Cloud -https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "PagerDuty for Compass - Cloud - https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud" & @CRLF & _ "Jira & Confluence Smart Chips for Google Docs Slides Sheets - Cloud - https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter" & @CRLF & _ "Confluence Mail Archiving Plugin - DataCenter - https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter" & @CRLF & _ "AutoLink Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud" & @CRLF & _ "Confluence Widget for Figma (Beta) - Cloud - https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud" & @CRLF & _ "Jira Board Buddy - Cloud - https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter" & @CRLF & _ "Toolkit Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter" & @CRLF & _ "https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud" & @CRLF & _ "Bitbucket Cloud - https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud" & @CRLF & _ "https://trello.com/power-ups/55a5d915446f517774210001/box" & @CRLF & _ "Box - https://trello.com/power-ups/55a5d915446f517774210001/box" & @CRLF & _ "https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater" & @CRLF & _ "Card Repeater - https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater" & @CRLF & _ "https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze" & @CRLF & _ "Card Snooze - https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze" & @CRLF & _ "https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud" & @CRLF & _ "Confluence Cloud - https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud" & @CRLF & _ "https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields" & @CRLF & _ "Custom Fields - https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields" & @CRLF & _ "https://trello.com/power-ups/55a5d915446f517774210003/evernote" & @CRLF & _ "Evernote - https://trello.com/power-ups/55a5d915446f517774210003/evernote" & @CRLF & _ "https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy" & @CRLF & _ "Giphy - https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy" & @CRLF & _ "https://trello.com/power-ups/55a5d916446f517774210004/github" & @CRLF & _ "GitHub - https://trello.com/power-ups/55a5d916446f517774210004/github" & @CRLF & _ "https://trello.com/power-ups/55a5d916446f517774210006/google-drive" & @CRLF & _ "Google Drive - https://trello.com/power-ups/55a5d916446f517774210006/google-drive" & @CRLF & _ "https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts" & @CRLF & _ "Google Hangouts - https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts" & @CRLF & _ "https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align-" & @CRLF & _ "Jira Align - https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align-" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp" & @CRLF & _ "MailChimp - https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp" & @CRLF & _ "https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive" & @CRLF & _ "OneDrive - https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker" & @CRLF & _ "Package Tracker - https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker" & @CRLF & _ "https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me" & @CRLF & _ "Read Me - https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210009/salesforce" & @CRLF & _ "Salesforce - https://trello.com/power-ups/55a5d917446f517774210009/salesforce" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f51777421000a/slack" & @CRLF & _ "Slack - https://trello.com/power-ups/55a5d917446f51777421000a/slack" & @CRLF & _ "https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey" & @CRLF & _ "SurveyMonkey - https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f51777421000b/twitter" & @CRLF & _ "Twitter - https://trello.com/power-ups/55a5d917446f51777421000b/twitter" & @CRLF & _ "https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk" & @CRLF & _ "Zendesk - https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk" & @CRLF & _ "https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards" & @CRLF & _ "Dashcards - https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards" & @CRLF & _ "https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira" & @CRLF & _ "Jira - https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira" & @CRLF & _ "Third Party Marketplace Apps" & @CRLF & _ "https://app.aurory.io" & @CRLF & _ "https://store.epicgames.com/en-US/p/seekers-of-tokane-a5986d" & @CRLF & _ "Seekers of Tokane" & @CRLF & _ "https://play.google.com/store/apps/details?id=io.aurory.seekersoftokane&hl=en_CA" & @CRLF & _ "Android Mobile - Testing" & @CRLF & _ "https://testflight.apple.com/join/FuaxsScP" & @CRLF & _ "IOS Mobile - Testing" & @CRLF & _ "https://www.australiansuper.com/" & @CRLF & _ "www.australiansuper.com" & @CRLF & _ "https://portal.australiansuper.com/" & @CRLF & _ "portal.australiansuper.com" & @CRLF & _ "https://business.australiansuper.com/" & @CRLF & _ "business.australiansuper.com" & @CRLF & _ "https://adviser.australiansuper.com/" & @CRLF & _ "adviser.australiansuper.com" & @CRLF & _ "https://apis.australiansuper.com/" & @CRLF & _ "apis.australiansuper.com" & @CRLF & _ "https://apis-v5.australiansuper.com/" & @CRLF & _ "apis-v5.australiansuper.com" & @CRLF & _ "config.cic-bug-bounty.auth0app.com" & @CRLF & _ "https://manage.cic-bug-bounty.auth0app.com/" & @CRLF & _ "manage.cic-bug-bounty.auth0app.com (Management Dashboard)" & @CRLF & _ "*.cic-bug-bounty.auth0app.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.auth0.guardian&hl=en_US&gl=US" & @CRLF & _ "Auth0 Guardian Android" & @CRLF & _ "https://apps.apple.com/us/app/auth0-guardian/id1093447833" & @CRLF & _ "Auth0 Guardian IoS" & @CRLF & _ "https://marketplace.auth0.com" & @CRLF & _ "marketplace.auth0.com (Auth0 Marketplace)" & @CRLF & _ "MFA Integrations " & @CRLF & _ "https://github.com/auth0/auth0.js" & @CRLF & _ "https://github.com/auth0/auth0.js (Auth0 SDK for Web)" & @CRLF & _ "https://github.com/auth0/lock" & @CRLF & _ "https://github.com/auth0/lock (Lock for Web)" & @CRLF & _ "https://github.com/auth0/auth0-spa-js" & @CRLF & _ "https://github.com/auth0/auth0-spa-js (Auth0 Single Page App SDK)" & @CRLF & _ "https://github.com/auth0/Auth0.Net" & @CRLF & _ "https://github.com/auth0/Auth0.Net (.NET SDK)" & @CRLF & _ "https://github.com/auth0/nextjs-auth0" & @CRLF & _ "https://github.com/auth0/nextjs-auth0 (Next.js SDK)" & @CRLF & _ "https://github.com/auth0/auth0-java" & @CRLF & _ "https://github.com/auth0/auth0-java (Java SDK)" & @CRLF & _ "https://github.com/auth0/react-native-auth0" & @CRLF & _ "https://github.com/auth0/react-native-auth0 (react-native SDK)" & @CRLF & _ "https://github.com/auth0/auth0-php" & @CRLF & _ "https://github.com/auth0/auth0-php (PHP SDK)" & @CRLF & _ "https://dashboard.fga.dev/" & @CRLF & _ "https://api.us1.fga.dev/" & @CRLF & _ "https://customers.us1.fga.dev/" & @CRLF & _ "https://play.fga.dev/" & @CRLF & _ "auth0.com " & @CRLF & _ "samltool.io " & @CRLF & _ "webauthn.me " & @CRLF & _ "openidconnect.net " & @CRLF & _ "jwt.io" & @CRLF & _ "auth0.net" & @CRLF & _ "https://195.60.68.241" & @CRLF & _ "Bounty Cam1" & @CRLF & _ "https://195.60.68.242" & @CRLF & _ "Bounty Cam2" & @CRLF & _ "https://195.60.68.243" & @CRLF & _ "Bounty Cam3" & @CRLF & _ "https://195.60.68.244" & @CRLF & _ "Bounty Cam4" & @CRLF & _ "https://195.60.68.245" & @CRLF & _ "Bounty Cam5" & @CRLF & _ "https://195.60.68.246" & @CRLF & _ "Bounty Cam6" & @CRLF & _ "https://195.60.68.247" & @CRLF & _ "Bounty Cam7" & @CRLF & _ "https://195.60.68.248" & @CRLF & _ "Bounty Cam8" & @CRLF & _ "https://195.60.68.249" & @CRLF & _ "Bounty Cam9" & @CRLF & _ "https://195.60.68.250" & @CRLF & _ "Bounty Cam10" & @CRLF & _ "https://www.pornhub.com/" & @CRLF & _ "https://mobile.pornhub.com/" & @CRLF & _ "https://api.pornhub.com/" & @CRLF & _ "https://www.pornhubpremium.com/" & @CRLF & _ "https://www.redtube.com/" & @CRLF & _ "https://www.redtubepremium.com/" & @CRLF & _ "https://www.youporn.com/" & @CRLF & _ "https://www.youpornpremium.com/" & @CRLF & _ "https://pornhub.mainhub.com" & @CRLF & _ "https://*.tube8.com" & @CRLF & _ "*. tube8.com" & @CRLF & _ "https://www.thumbzilla.com/" & @CRLF & _ "https://*.trafficjunky.com" & @CRLF & _ "*.trafficjunky.com " & @CRLF & _ "https://*.adultforce.com" & @CRLF & _ "*.adultforce.com " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.backblaze.android&hl=en_US&gl=US" & @CRLF & _ "Backblaze Android mobile application" & @CRLF & _ "https://apps.apple.com/us/app/backblaze/id628638330" & @CRLF & _ "Backblaze iOS mobile application" & @CRLF & _ "Mac Personal Backup Clients" & @CRLF & _ "Windows Personal Backup Clients" & @CRLF & _ "Mac Restore Downloaders" & @CRLF & _ "Windows Restore Downloaders" & @CRLF & _ "Git Repositories (b2-sdk-java & B2 Command Line Tool)" & @CRLF & _ "https://*.backblazeb2.com" & @CRLF & _ "B2 APIs (*.backblazeb2.com)" & @CRLF & _ "https://backblaze.com" & @CRLF & _ "Backblaze Website (*.backblaze.com)" & @CRLF & _ "Balsamiq Cloud" & @CRLF & _ "Balsamiq Wireframes for Desktop" & @CRLF & _ "https://marketplace.atlassian.com/apps/1213404/balsamiq-wireframes-for-confluence-cloud?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212796/balsamiq-wireframes-for-jira-cloud?hosting=cloud&tab=overview" & @CRLF & _ "https://balsamiq.com" & @CRLF & _ "https://marketplace.atlassian.com/apps/5161/balsamiq-wireframes-for-jira?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/256/balsamiq-wireframes-for-confluence?hosting=datacenter&tab=overview" & @CRLF & _ "https://www.barracuda.com/products/messagearchiver" & @CRLF & _ "Barracuda Message Archiver" & @CRLF & _ "https://www.barracuda.com/products/websecuritygateway" & @CRLF & _ "Barracuda Web Security Gateway" & @CRLF & _ "https://www.barracuda.com/products/loadbalancer?utm_source=google&utm_medium=search_cpc&utm_campaign=387189501&utm_adgroup=116181947964&utm_term=&utm_position=&utm_matchtype=b&utm_device=c&utm_content=484352050459&_bt=484352050459&_bk=&_bm=b&_bn=g&_bg=116181947964&gclid=Cj0KCQjwvr6EBhDOARIsAPpqUPFtfKELYb2ysp1O29NyBMwStaYpYAxq1oso9BaXpcPo9yrcy13uuc0aAtQDEALw_wcB" & @CRLF & _ "Barracuda ADC" & @CRLF & _ "https://www.barracuda.com/products/webapplicationfirewall" & @CRLF & _ "Barracuda Web Application Firewall" & @CRLF & _ "https://www.barracuda.com/products/emailsecuritygateway" & @CRLF & _ "Barracuda Email Security Gateway" & @CRLF & _ "https://www.barracuda.com/products/cloudgenfirewall" & @CRLF & _ "Barracuda CloudGen Firewall" & @CRLF & _ "https://*.<researcher-store>.mybigcommerce.com" & @CRLF & _ "https://www.bigcommerce.com" & @CRLF & _ "*.bigcommerce.com" & @CRLF & _ "login.bigcommerce.com" & @CRLF & _ "https://apps.apple.com/au/app/bigcommerce/id1418570678" & @CRLF & _ "BigCommerce iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.bigcommerce.mobile" & @CRLF & _ "BigCommerce Android" & @CRLF & _ "https://github.com/bigcommerce/" & @CRLF & _ "BigCommerce's Open Source Code" & @CRLF & _ "https://bigcommerce.com/make-it-big" & @CRLF & _ "https://bigcommerce.com/blog" & @CRLF & _ "https://*.bigcommerce.net" & @CRLF & _ "api.coinmarketcap.com" & @CRLF & _ "pro-api.coinmarketcap.com" & @CRLF & _ "https://www.binance.com/" & @CRLF & _ "*.binance.com" & @CRLF & _ "Binance Desktop Application" & @CRLF & _ "Binance Mobile Application for Android" & @CRLF & _ "Binance Mobile Application for iOS" & @CRLF & _ "api.binance.com" & @CRLF & _ "Binance macOS Application" & @CRLF & _ "pro.coinmarketcap.com" & @CRLF & _ "CoinMarketCap Android app" & @CRLF & _ "Trustwallet Android App" & @CRLF & _ "Trustwallet iOS App" & @CRLF & _ "https://github.com/trustwallet/wallet-core/" & @CRLF & _ "CoinMarketCap iOS app" & @CRLF & _ "portal-api.coinmarketcap.com" & @CRLF & _ "coinmarketcap.com" & @CRLF & _ "3rdparty-apis.coinmarketcap.com" & @CRLF & _ "https://www.binance.us/" & @CRLF & _ "*.binance.us" & @CRLF & _ "https://binance.tr" & @CRLF & _ "binance.tr" & @CRLF & _ "Trustwallet Chrome Extension" & @CRLF & _ "Bitdefender Total Security" & @CRLF & _ "*.bitdefender.net" & @CRLF & _ "Bitdefender Antimalware Engines" & @CRLF & _ "*.bitdefender.com" & @CRLF & _ "https://www.bitdefender.com/business/smb-products/business-security.html?cid=ppc|b|google|smb&s_kwcid=AL!6076!3!514235572261!p!!g!!bitdefender%20business&utm_term=bitdefender%20business&utm_campaign=USA+SMB+Branded+30&utm_source=adwords&utm_medium=ppc&hsa_acc=8155205354&hsa_cam=7848657822&hsa_grp=124745713150&hsa_ad=514235572261&hsa_src=g&hsa_tgt=kwd-308396066873&hsa_kw=bitdefender%20business&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwqIiFBhAHEiwANg9szk-Rr3iSn4mrwsvAUOn-pzrO12ufWDmyCLopWigaLQW0t_xtlBE65RoCr6kQAvD_BwE" & @CRLF & _ "Bitdefender GravityZone Business Security " & @CRLF & _ "Bitdefender BOX v2" & @CRLF & _ "https://www.bitgo.com" & @CRLF & _ "*.bitgo.com" & @CRLF & _ "https://app.bitgo.com" & @CRLF & _ "app.bitgo.com " & @CRLF & _ "https://app.bitgo-test.com" & @CRLF & _ "app.bitgo-test.com" & @CRLF & _ "https://web.bitpanda.com" & @CRLF & _ "https://www.bitpanda.com/" & @CRLF & _ "https://www.bitpanda.com" & @CRLF & _ "https://api.bitpanda.com" & @CRLF & _ "wss://socket.bitpanda.com" & @CRLF & _ "All the Blockchain Infrastructure" & @CRLF & _ "https://account.bitpanda.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.bitpanda.bitpanda" & @CRLF & _ "Bitpanda Broker Android App" & @CRLF & _ "https://apps.apple.com/app/bitpanda-buy-bitcoin-crypto/id1449018960" & @CRLF & _ "Bitpanda Broker iOS App" & @CRLF & _ "https://blog.bitpanda.com/en" & @CRLF & _ "https://blog.bitpanda.com" & @CRLF & _ "https://www.bitpanda.com/academy/en/" & @CRLF & _ "https://www.bitpanda.com/academy/" & @CRLF & _ "https://www.bitstamp.net/" & @CRLF & _ "www.bitstamp.net - Bitstamp Application & API" & @CRLF & _ "*.bitstamp.net - Bitstamp Supporting Services" & @CRLF & _ "https://apps.apple.com/us/app/bitstamp/id1406825640" & @CRLF & _ "Bitstamp Mobile Application for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=net.bitstamp.app" & @CRLF & _ "Bitstamp Pro Mobile Application for Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=net.bitstamp.appgo" & @CRLF & _ "Bitstamp Mobile Application For Android" & @CRLF & _ "https://bug-bounty-api.k8s.tools-001.d-use-1.braze-dev.com" & @CRLF & _ "https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com" & @CRLF & _ "https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com/" & @CRLF & _ "https://docs.bugcrowd.com/" & @CRLF & _ "docs.bugcrowd.com" & @CRLF & _ "https://bugcrowd.com/programs" & @CRLF & _ "bugcrowd.com" & @CRLF & _ "https://tracker.bugcrowd.com" & @CRLF & _ "Crowdcontrol" & @CRLF & _ "https://api.bugcrowd.com" & @CRLF & _ "api.bugcrowd.com" & @CRLF & _ "https://identity.bugcrowd.com/" & @CRLF & _ "https://identity.bugcrowd.com/ " & @CRLF & _ "*.bugcrowd.com/auth/*" & @CRLF & _ "https://bullish.com/" & @CRLF & _ "https://investor.bullish.com/" & @CRLF & _ "https://investor.bullish.com" & @CRLF & _ "https://simnext.bullish-test.com" & @CRLF & _ "https://api.simnext.bullish-test.com" & @CRLF & _ "████████████████████████" & @CRLF & _ "████████████████████████████" & @CRLF & _ "███████████████████████████" & @CRLF & _ "███████████████████████" & @CRLF & _ "████████████" & @CRLF & _ "███████████████████" & @CRLF & _ "█████████████████████████████" & @CRLF & _ "██████████████████████████" & @CRLF & _ "*.canva.cn" & @CRLF & _ "Canva (Android)" & @CRLF & _ "Canva (Chrome Extension)" & @CRLF & _ "Canva (iOS)" & @CRLF & _ "*.canva.com" & @CRLF & _ "*.canva-apps.com" & @CRLF & _ "*.canva-apps.cn" & @CRLF & _ "https://canva.com/developers" & @CRLF & _ "Canva Developer Platform" & @CRLF & _ "https://*.canva.tech" & @CRLF & _ "*.canva.tech" & @CRLF & _ "Canva Desktop (macOS / Windows)" & @CRLF & _ "https://itunes.apple.com/app/carrefour-uae/id626805470" & @CRLF & _ "Carrefour UAE iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.aswat.carrefouruae" & @CRLF & _ "Carrefour UAE Android" & @CRLF & _ "https://www.carrefouruae.com/" & @CRLF & _ "carrefouruae.com" & @CRLF & _ "https://api-prod.retailsso.com" & @CRLF & _ "https://itunes.apple.com/us/app/cash-app/id711923939?mt=8" & @CRLF & _ "Cash App Mobile Application for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.squareup.cash" & @CRLF & _ "Cash App Mobile Application for Android" & @CRLF & _ "https://cash.app" & @CRLF & _ "*.cash.app" & @CRLF & _ "*.cashstaging.app" & @CRLF & _ "https://www.foreignaffairs.com/" & @CRLF & _ "https://www.cfr.org/" & @CRLF & _ "https://thinkglobalhealth.org" & @CRLF & _ "https://education.cfr.org/" & @CRLF & _ "*.meraki.com" & @CRLF & _ "*.ikarem.io" & @CRLF & _ "Cisco Meraki Systems Manager" & @CRLF & _ "Cisco Meraki Virtual Security Appliances" & @CRLF & _ "*.network-auth.com" & @CRLF & _ "Cisco Meraki Dashboard Mobile Application (iOS and Android)" & @CRLF & _ "Cisco Meraki MX Security Appliances" & @CRLF & _ "Cisco Meraki MS Switches" & @CRLF & _ "Cisco Meraki MR Access Points" & @CRLF & _ "Cisco Meraki MV Security Cameras" & @CRLF & _ "Cisco Meraki Z Series (Z1,Z3(C))" & @CRLF & _ "https://meraki.cisco.com" & @CRLF & _ "meraki.cisco.com" & @CRLF & _ "apps.meraki.io" & @CRLF & _ "https://apps.apple.com/us/app/classdojo/id552602056" & @CRLF & _ "IoS App" & @CRLF & _ "https://api.classdojo.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.classdojo.android" & @CRLF & _ "Android App" & @CRLF & _ "https://teach.classdojo.com" & @CRLF & _ "https://student.classdojo.com" & @CRLF & _ "https://www.classdojo.com" & @CRLF & _ "https://home.classdojo.com" & @CRLF & _ "https://dev.tutoring.classdojo.com" & @CRLF & _ "https://ws.multiplayer.classdojo.com/" & @CRLF & _ "wss://ws.multiplayer.classdojo.com" & @CRLF & _ "https://ticket.multiplayer.classdojo.com" & @CRLF & _ "https://clients.multiplayer.classdojo.com/launcher/prod/latest" & @CRLF & _ "https://monster-customizer.classdojo.com/cf6dfa68-1a81-4c6d-bc0b-38f3666b37d6/index.html" & @CRLF & _ "*.classdojo.com" & @CRLF & _ "*.classdojo.co.uk" & @CRLF & _ "*.doj.io" & @CRLF & _ "*.dojo.me" & @CRLF & _ "https://clickhou.se/bugcrowd" & @CRLF & _ "ClickHouse Cloud environment hosted by ClickHouse" & @CRLF & _ "https://github.com/ClickHouse/ClickHouse" & @CRLF & _ "https://cloudinary.com/console" & @CRLF & _ "https://api.cloudinary.com" & @CRLF & _ "https://res.cloudinary.com" & @CRLF & _ "https://mediaflows.cloudinary.com/" & @CRLF & _ "mediaflows.cloudinary.com" & @CRLF & _ "https://dimensions.cloudinary.com" & @CRLF & _ "dimensions.cloudinary.com" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218652/deep-clone-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219514/merge-agent-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220136/quick-filters-for-jira-dashboards?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219476/comment-custom-fields-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1221733/external-data-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219288/comment-history-log-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215055/slack-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219807/version-sync-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1218211/secure-google-calendar-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219994/external-data-for-jira-fields?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1232630/external-data-for-jira-fields-extension?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222978/dynamic-fields-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223455/advanced-bulk-edit-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226627/prime-custom-fields-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1230689/easy-confluence-gadget-for-jira-dashboards?hosting=cloud" & @CRLF & _ "https://adhoc-bugcrowd.cdn-code.org" & @CRLF & _ "adhoc-bugcrowd.cdn-code.org" & @CRLF & _ "https://adhoc-bugcrowd-studio.cdn-code.org" & @CRLF & _ "adhoc-bugcrowd-studio.cdn-code.org" & @CRLF & _ "staging.coindesk.com" & @CRLF & _ "staging.auth.coindesk.com" & @CRLF & _ "*.xfinity.com " & @CRLF & _ "*.comcast.com" & @CRLF & _ "*.xcal.tv" & @CRLF & _ "Staging, QA, Dev, and Test Environments" & @CRLF & _ "*.sys.comcast.net" & @CRLF & _ "https://business.comcast.com/account" & @CRLF & _ "TV - Xfinity hardware and services" & @CRLF & _ "Flex - Xfinity hardware and services" & @CRLF & _ "Voice - Hardware and service" & @CRLF & _ "https://www.xfinity.com/apps" & @CRLF & _ "Mobile Apps iOS and Android" & @CRLF & _ "https://www.contrastsecurity.com/" & @CRLF & _ "www.contrastsecurity.com" & @CRLF & _ "https://contrastsecurity.dev/" & @CRLF & _ "contrastsecurity.dev" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?tab=overview&hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1223249/mailto-wiki-email-for-confluence?hosting=datacenter&tab=overview" & @CRLF & _ "CyberGhost VPN servers" & @CRLF & _ "https://apps.apple.com/us/app/id583009522" & @CRLF & _ "CyberGhost iOS application" & @CRLF & _ "https://play.google.com/store/apps/details?id=de.mobileconcepts.cyberghost" & @CRLF & _ "CyberGhost Android application" & @CRLF & _ "https://www.cyberghostvpn.com/en_US/apps/linux-vpn" & @CRLF & _ "CyberGhost Linux application" & @CRLF & _ "https://www.cyberghostvpn.com/en_US/apps/macos-vpn" & @CRLF & _ "CyberGhost macOS application" & @CRLF & _ "https://www.cyberghostvpn.com/en_US/apps/windows-vpn" & @CRLF & _ "CyberGhost Windows application" & @CRLF & _ "https://addons.mozilla.org/en-US/firefox/addon/cyberghost-vpn-free-proxy/" & @CRLF & _ "CyberGhost Firefox extension" & @CRLF & _ "https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb" & @CRLF & _ "CyberGhost Chrome extension" & @CRLF & _ "CyberGhost APIs" & @CRLF & _ "CyberGhost PS3+PS4 apps" & @CRLF & _ "CyberGhost Xbox One + Xbox360 apps" & @CRLF & _ "https://cyberghost.com" & @CRLF & _ "cyberghost.com" & @CRLF & _ "*.cyberghost.com" & @CRLF & _ "cyberghost.app" & @CRLF & _ "https://www.cyberghostvpn.com/" & @CRLF & _ "*.cyberghostvpn.com" & @CRLF & _ "*.dell.com/*" & @CRLF & _ "*.delltechnologies.com/* " & @CRLF & _ "https://console.delltechnologies.com/nav/administration" & @CRLF & _ "https://console.delltechnologies.com/nav/invoice" & @CRLF & _ "https://console.delltechnologies.com/nav/billing" & @CRLF & _ "Any Verified Dell-Controlled Endpoint (domains/IP space/etc.) " & @CRLF & _ "Actively Supported, Bounty Eligible Dell Products" & @CRLF & _ "Actively Supported, Non-Reward Eligible Dell Products" & @CRLF & _ "app.sandbox.directly.com" & @CRLF & _ "*.sandbox.directly.com/" & @CRLF & _ "https://sandbox.directly.com/dashboard/index" & @CRLF & _ "api.dropboxapi.com" & @CRLF & _ "*.dropbox.com " & @CRLF & _ "*.hellosign.com" & @CRLF & _ "*.helloworks.com" & @CRLF & _ "*.hellofax.com" & @CRLF & _ "*.dropboxforum.com" & @CRLF & _ "*.docsend.com" & @CRLF & _ "*.dropboxer.net" & @CRLF & _ "https://www.dash.ai/" & @CRLF & _ "dash.ai" & @CRLF & _ "https://dropboxpartners.com" & @CRLF & _ "*.dropboxpartners.com" & @CRLF & _ "https://reclaim.ai" & @CRLF & _ "*.reclaim.ai" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.dropbox.paper&hl=en_US&gl=US" & @CRLF & _ "Dropbox Paper Android App" & @CRLF & _ "https://apps.apple.com/us/app/dropbox-secure-cloud-storage/id327630330" & @CRLF & _ "Dropbox iOS app" & @CRLF & _ "https://apps.apple.com/us/app/paper-by-dropbox/id1126623662" & @CRLF & _ "Dropbox Paper iOS app" & @CRLF & _ "https://apps.apple.com/us/app/dropbox-emm/id1080074001" & @CRLF & _ "Dropbox EMM iOS" & @CRLF & _ "https://www.dropbox.com/desktop" & @CRLF & _ "Dropbox Desktop Application" & @CRLF & _ "https://www.dropbox.com/capture" & @CRLF & _ "Dropbox Capture Windows Desktop App " & @CRLF & _ "Dropbox Capture macOS Desktop App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.dropbox.android&hl=en_US&gl=US" & @CRLF & _ "Dropbox Android App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.dropbox.app.hellosign&hl=en_US&gl=US" & @CRLF & _ "Dropbox Sign (formerly HelloSign) Android App" & @CRLF & _ "https://www.dropbox.com/paper" & @CRLF & _ "Paper Desktop Application" & @CRLF & _ "https://dropbox.com/dash/download" & @CRLF & _ "Dropbox Dash App" & @CRLF & _ "https://app.reclaim.ai" & @CRLF & _ "Reclaim.ai App" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=datacenter" & @CRLF & _ "https://docs.eazybi.com/" & @CRLF & _ "docs.eazybi.com" & @CRLF & _ "https://my.electroneum.com/" & @CRLF & _ "https://electroneum.com/" & @CRLF & _ "https://api.electroneum.com/" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.electroneum.mobile&hl=en_US" & @CRLF & _ "Electroneum Android App" & @CRLF & _ "https://apps.apple.com/us/app/electroneum/id1270774992" & @CRLF & _ "Electroneum iOS App" & @CRLF & _ "https://api.anytask.com/" & @CRLF & _ "https://www.anytask.com/" & @CRLF & _ "https://github.com/electroneum/electroneum-sc/" & @CRLF & _ "Smartchain Blockchain" & @CRLF & _ "https://blockexplorer.electroneum.com" & @CRLF & _ "Smartchain Block Explorer" & @CRLF & _ "https://my.thesecurityteam.rocks/" & @CRLF & _ "https://anytask.thesecurityteam.rocks/" & @CRLF & _ "https://elementor.com/" & @CRLF & _ "https://elementor.com/*" & @CRLF & _ "https://my.elementor.com/" & @CRLF & _ "https://go.elementor.com/" & @CRLF & _ "https://translate.elementor.com/" & @CRLF & _ "https://developers.elementor.com/" & @CRLF & _ "https://he.elementor.com/" & @CRLF & _ "https://code.elementor.com/" & @CRLF & _ "https://library.elementor.com/" & @CRLF & _ "https://app.strattic.com" & @CRLF & _ " app.strattic.com" & @CRLF & _ "https://casino.partycasino.com" & @CRLF & _ "https://casino.bwin.com" & @CRLF & _ "https://casino.sportingbet.com" & @CRLF & _ "https://www.ladbrokes.com/en/games" & @CRLF & _ "https://www.coral.co.uk/en/games" & @CRLF & _ "https://casino.*.betmgm.com/en/games (read "Find a Game to test on our targets")" & @CRLF & _ "https://www.partypoker.com" & @CRLF & _ "Partypoker Website (and all its subdomains)" & @CRLF & _ "https://www.ladbrokes.com" & @CRLF & _ "Ladbrokes Digital (and all its subdomains)" & @CRLF & _ "https://www.coral.co.uk" & @CRLF & _ "Coral Sports (and all its subdomains)" & @CRLF & _ "https://www.galabingo.com" & @CRLF & _ "Gala Bingo (and all its subdomains)" & @CRLF & _ "https://www.partycasino.com" & @CRLF & _ "Partycasino Website (and all its subdomains)" & @CRLF & _ "https://www.bwin.com" & @CRLF & _ "Bwin Website (and all its subdomains)" & @CRLF & _ "http://media.itsfogo.com/media/upload/mobile/android/apk/partycasino_com.apk" & @CRLF & _ "Partycasino APK" & @CRLF & _ "https://apps.apple.com/gb/app/bwin-poker-and-casino-games/id410242773" & @CRLF & _ "Bwin Poker-Casino iOS" & @CRLF & _ "https://apps.apple.com/gb/app/bwin-sports-betting/id393760245" & @CRLF & _ "Bwin Sports iOS" & @CRLF & _ "https://apps.apple.com/gb/app/partycasino-play-casino-games/id818432894" & @CRLF & _ "Partycasino iOS" & @CRLF & _ "https://apps.apple.com/gb/app/partypoker-texas-holdem-poker/id687740281" & @CRLF & _ "Partypoker iOS" & @CRLF & _ "https://www.galacasino.com" & @CRLF & _ "Gala Casino Website (and all its subdomains)" & @CRLF & _ "https://www.epam.com/" & @CRLF & _ "*.epam.com" & @CRLF & _ "https://projects.epam.com" & @CRLF & _ "*.projects.epam.com" & @CRLF & _ "https://lab.epam.com" & @CRLF & _ "*.lab.epam.com" & @CRLF & _ "https://opensource.epam.com" & @CRLF & _ "*.opensource.epam.com" & @CRLF & _ "*.emakina.nl " & @CRLF & _ "*.emakina.group" & @CRLF & _ "*.emakina.com" & @CRLF & _ "*.emakina.ch" & @CRLF & _ "*.emakina.fr" & @CRLF & _ "*.emakina.us" & @CRLF & _ "*.emakina.at" & @CRLF & _ "https://*.epam.com" & @CRLF & _ "Subdomain takeover" & @CRLF & _ "open redirect at *.epam.com" & @CRLF & _ "Open redirect at *.projects.epam.com, *.lab.epam.com, *.opensource.epam.com" & @CRLF & _ "In Scope - Points only" & @CRLF & _ "https://www.etsy.com" & @CRLF & _ "www.etsy.com" & @CRLF & _ "https://www.etsy.com/mobile" & @CRLF & _ "Etsy Mobile Application (Android)" & @CRLF & _ "Etsy Mobile Application (iPhone)" & @CRLF & _ "https://www.etsy.com/developers/documentation/getting_started/api_basics" & @CRLF & _ "Etsy API (see documentation below)" & @CRLF & _ "https://etsypayments.com" & @CRLF & _ "etsypayments.com" & @CRLF & _ "https://blog.etsy.com" & @CRLF & _ "blog.etsy.com" & @CRLF & _ "https://careers.etsy.com" & @CRLF & _ "careers.etsy.com" & @CRLF & _ "https://help.etsy.com" & @CRLF & _ "help.etsy.com" & @CRLF & _ "https://community.etsy.com" & @CRLF & _ "community.etsy.com" & @CRLF & _ "*.etsy.com" & @CRLF & _ "Virtualisation layer" & @CRLF & _ "https://sks-ch-gva-2.exo.io" & @CRLF & _ "SKS Clusters" & @CRLF & _ "https://portal.exoscale.com/" & @CRLF & _ "Web Portal" & @CRLF & _ "https://api-ch-gva-2.exoscale.com/v2" & @CRLF & _ "API" & @CRLF & _ "https://sos-ch-gva-2.exo.io/" & @CRLF & _ "Simple Object Storage (SOS)" & @CRLF & _ "https://internal.exoscale.ch" & @CRLF & _ "Internal Web services - https://*.internal.exoscale.ch" & @CRLF & _ "Managed Scalable Kubernetes Service (SKS)" & @CRLF & _ "Database as a Service (DBaaS)" & @CRLF & _ "VPN servers" & @CRLF & _ "ExpressVPN iOS application" & @CRLF & _ "ExpressVPN Android application" & @CRLF & _ "ExpressVPN Linux application" & @CRLF & _ "ExpressVPN macOS application" & @CRLF & _ "ExpressVPN Windows application" & @CRLF & _ "ExpressVPN Router" & @CRLF & _ "ExpressVPN Firefox extension" & @CRLF & _ "ExpressVPN Chrome extension" & @CRLF & _ "MediaStreamer DNS servers" & @CRLF & _ "ExpressVPN APIs" & @CRLF & _ "https://www.expressvpn.com" & @CRLF & _ "www.expressvpn.com" & @CRLF & _ "*.expressvpn.com" & @CRLF & _ "*.xvservice.net" & @CRLF & _ "*.xvtest.net" & @CRLF & _ "http://expressobutiolem.onion" & @CRLF & _ "expressobutiolem.onion" & @CRLF & _ "Google Play (com.expressvpn.vpn)" & @CRLF & _ "Apple App Store (886492891)" & @CRLF & _ "https://github.com/expressvpn/lightway-core" & @CRLF & _ "Lightway Core" & @CRLF & _ "ExpressVPN Keys Browser Extension" & @CRLF & _ "https://financialforce.com" & @CRLF & _ "*.financialforce.com" & @CRLF & _ "https://*.certinia.com" & @CRLF & _ "*.certinia.com" & @CRLF & _ "Any FIS asset is in scope" & @CRLF & _ "https://flo.uri.sh" & @CRLF & _ "flo.uri.sh" & @CRLF & _ "https://flourish.studio/" & @CRLF & _ "*.flourish.studio" & @CRLF & _ "https://xyzbmojn.net/" & @CRLF & _ "*.xyzbmojn.net" & @CRLF & _ "flourish-user-templates.com" & @CRLF & _ "flourish-user-preview.com" & @CRLF & _ "https://*.kiln.it" & @CRLF & _ "*.kiln.it" & @CRLF & _ "█████████████████████████████████████" & @CRLF & _ "███████████████████████████████████" & @CRLF & _ "████████████████████████████████" & @CRLF & _ "██████████████████████" & @CRLF & _ "█████████████████████████" & @CRLF & _ "█████████████████████" & @CRLF & _ "██████████████████████████████████████████████" & @CRLF & _ "██████████████████████████████████████████████████" & @CRLF & _ "*-bugcrowd.foxycart.com (read below for details)" & @CRLF & _ "https://admin.foxycart.com" & @CRLF & _ "admin.foxycart.com" & @CRLF & _ "https://admin.foxy.io/" & @CRLF & _ "admin.foxy.io" & @CRLF & _ "https://auth.foxy.io/" & @CRLF & _ "auth.foxy.io" & @CRLF & _ "https://foxycart-demo.foxycart.com/cart" & @CRLF & _ "foxycart-demo.foxycart.com" & @CRLF & _ "https://api.foxycart.com/" & @CRLF & _ "api.foxycart.com" & @CRLF & _ "https://github.com/freedomofpress/securedrop" & @CRLF & _ "https://github.com/freedomofpress/securedrop-log" & @CRLF & _ "https://github.com/freedomofpress/securedrop-proxy" & @CRLF & _ "https://github.com/freedomofpress/securedrop-sdk" & @CRLF & _ "https://github.com/freedomofpress/securedrop-workstation" & @CRLF & _ "https://github.com/freedomofpress/securedrop-client" & @CRLF & _ "https://github.com/freedomofpress/securedrop-export" & @CRLF & _ "https://github.com/freedomofpress/securedrop-debian-packaging" & @CRLF & _ "██████████████████" & @CRLF & _ "███████████" & @CRLF & _ "https://staging.gearset.com/" & @CRLF & _ "staging.gearset.com" & @CRLF & _ "staging-api.gearset.com" & @CRLF & _ "https://hipaa.staging.gearset.com/" & @CRLF & _ "hipaa.staging.gearset.com" & @CRLF & _ "https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1" & @CRLF & _ "Frontend portal: https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1" & @CRLF & _ "Backend endpoint: bug-bounty-be.glean.com" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview" & @CRLF & _ "Scio Search Crawler for Confluence- https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview" & @CRLF & _ "Scio Search Crawler for Jira- https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview" & @CRLF & _ "Glean Activity Plugin for Jira Cloud- https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview" & @CRLF & _ "https://www.hostgator.com.br/" & @CRLF & _ "hostgator.com.br/" & @CRLF & _ "https://financeiro.hostgator.com.br" & @CRLF & _ "https://bugcrowd.hotdoc.com.au" & @CRLF & _ "https://bugcrowd.hotdoc.com.au (Patients)" & @CRLF & _ "https://bugcrowd.hotdoc.com.au/api" & @CRLF & _ "https://bugcrowd.hotdoc.com.au/dashboard" & @CRLF & _ "https://bugcrowd.hotdoc.com.au/dashboard (Clinic Dashboard)" & @CRLF & _ "https://app.hubspot.com/" & @CRLF & _ "app.hubspot.com" & @CRLF & _ "https://app-eu1.hubspot.com" & @CRLF & _ "app-eu1.hubspot.com" & @CRLF & _ "https://api.hubspot.com/" & @CRLF & _ "api.hubspot.com" & @CRLF & _ "https://developers.hubspot.com/docs/api/overview" & @CRLF & _ "api.hubapi.com" & @CRLF & _ "https://chatspot.ai" & @CRLF & _ "chatspot.ai" & @CRLF & _ "https://connect.com" & @CRLF & _ "connect.com" & @CRLF & _ "*.hubspotemail.net" & @CRLF & _ "*.hs-sites(-eu1)?.com" & @CRLF & _ "*.hubspotpagebuilder.com" & @CRLF & _ "*.hubspotpagebuilder.eu" & @CRLF & _ "https://knowledge.hubspot.com/inbox/set-up-a-customer-portal" & @CRLF & _ "Customer Portal (1)" & @CRLF & _ "Customer connected domain (2)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.hubspot.android&hl=en_US&gl=US" & @CRLF & _ "HubSpot Android Mobile App" & @CRLF & _ "https://apps.apple.com/us/app/hubspot/id1107711722" & @CRLF & _ "HubSpot iOS Mobile App" & @CRLF & _ "https://knowledge.hubspot.com/connected-email/get-started-with-the-hubspot-sales-office-365-add-in" & @CRLF & _ "HubSpot Sales Office 365 add-in" & @CRLF & _ "Other HubSpot-owned (sub)domains not listed as Out of Scope . Please make sure to exercise due diligence before testing. You must include proof that the subdomain is registered to HubSpot to be eligible for a reward." & @CRLF & _ "Special Conditions" & @CRLF & _ "https://www.ameliorate.com/" & @CRLF & _ "https://*.ameliorate.com/" & @CRLF & _ "https://www.beautyexpert.com/" & @CRLF & _ "https://*.beautyexpert.com/" & @CRLF & _ "https://www.cultbeauty.co.uk/" & @CRLF & _ "https://www.dermstore.com" & @CRLF & _ "https://*.dermstore.com" & @CRLF & _ "https://www.espaskincare.com/" & @CRLF & _ "https://*.espaskincare.com/" & @CRLF & _ "https://www.exantediet.com/" & @CRLF & _ "https://*.exantediet.com/" & @CRLF & _ "https://www.eyeko.com/" & @CRLF & _ "https://*.eyeko.com/" & @CRLF & _ "https://www.glossybox.com/" & @CRLF & _ "https://*.glossybox.com/" & @CRLF & _ "https://www.growgorgeous.com/" & @CRLF & _ "https://*.growgorgeous.com/" & @CRLF & _ "https://www.hqhair.com/" & @CRLF & _ "https://*.hqhair.com/" & @CRLF & _ "https://www.illamasqua.com/" & @CRLF & _ "https://*.illamasqua.com/" & @CRLF & _ "https://www.mioskincare.com/" & @CRLF & _ "https://*.mioskincare.com/" & @CRLF & _ "https://www.mankind.co.uk/" & @CRLF & _ "https://*.mankind.co.uk/" & @CRLF & _ "https://www.mybag.com/" & @CRLF & _ "https://*.mybag.com/" & @CRLF & _ "https://www.myvitamins.com/" & @CRLF & _ "https://*.myvitamins.com/" & @CRLF & _ "https://www.powerman.co.uk/" & @CRLF & _ "https://*.powerman.co.uk/" & @CRLF & _ "https://www.skinstore.com/" & @CRLF & _ "https://*.skinstore.com/" & @CRLF & _ "https://www.thehut.com/" & @CRLF & _ "https://*.thehut.com/" & @CRLF & _ "https://checkout.myvitamins.com" & @CRLF & _ "https://checkout.eyeko.com" & @CRLF & _ "https://checkout.glossybox.com" & @CRLF & _ "https://chrome.google.com/webstore/detail/ibotta-browser-extension/mfaedmjlefifhnhpgipjjiiekchaimpk?hl=en-US" & @CRLF & _ "Chrome Extension" & @CRLF & _ "http://market.android.com/details?id=com.ibotta.android" & @CRLF & _ "http://itunes.apple.com/us/app/ibotta/id559887125" & @CRLF & _ "https://content-server.ibotta.com/graphql" & @CRLF & _ "https://api.ibotta.com" & @CRLF & _ "https://api.ibops.net" & @CRLF & _ "https://api.int.ibops.net" & @CRLF & _ "https://api.int.ibops.net/customer-loyalty-service" & @CRLF & _ "https://api.ibops.net/ad-management" & @CRLF & _ " https://api.ibops.net/ad-management" & @CRLF & _ "Ibotta App Data & Memory" & @CRLF & _ "https://app.ibotta.com/sign-in
" & @CRLF & _ "Web v2" & @CRLF & _ "http://ibotta.com" & @CRLF & _ "https://backend.ibotta.com/" & @CRLF & _ "https://www.ifood.com.br" & @CRLF & _ "https://*.movilepay.com" & @CRLF & _ "*.movilepay.com" & @CRLF & _ "https://*.movilepay.com.br" & @CRLF & _ "*.movilepay.com.br" & @CRLF & _ "https://shop.ifood.com.br" & @CRLF & _ "https://marketplace.ifood.com.br" & @CRLF & _ "https://wsloja.ifood.com.br" & @CRLF & _ "https://wslatam.ifood.com.br" & @CRLF & _ "https://static-images.ifood.com.br" & @CRLF & _ "https://gestordepedidos.ifood.com.br" & @CRLF & _ "Gestor de pedidos - Web ONLY" & @CRLF & _ "https://developer.ifood.com.br" & @CRLF & _ "https://api.fstr.rocks" & @CRLF & _ "https://rc.fstr.rocks" & @CRLF & _ "https://play.google.com/store/apps/details?id=br.com.brainweb.ifood&hl=pt_BR" & @CRLF & _ "iFood Customer Android Application" & @CRLF & _ "https://apps.apple.com/br/app/ifood-pedir-comida-e-mercado/id483017239" & @CRLF & _ "iFood Customer iOS Application" & @CRLF & _ "https://guildofguardians.com" & @CRLF & _ "guildofguardians.com" & @CRLF & _ "*.guildofguardians.com" & @CRLF & _ "https://passport.immutable.com/" & @CRLF & _ "passport.immutable.com - Passport web3 wallet" & @CRLF & _ "https://auth.immutable.com" & @CRLF & _ "auth.immutable.com - Passport authentication backend" & @CRLF & _ "https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport/" & @CRLF & _ "Passport SDK" & @CRLF & _ "https://hub.immutable.com/" & @CRLF & _ "hub.immutable.com - Developer Hub" & @CRLF & _ "https://api.immutable.com" & @CRLF & _ "https://api.x.immutable.com/" & @CRLF & _ "*.immutable.com" & @CRLF & _ "*.imtbl.com" & @CRLF & _ "testnet.immutable.com" & @CRLF & _ "*.testnet.immutable.com" & @CRLF & _ "https://link.x.immutable.com/" & @CRLF & _ "https://market.immutable.com/" & @CRLF & _ "https://docs.immutable.com/" & @CRLF & _ "imx.community" & @CRLF & _ "https://*.imperva.com" & @CRLF & _ "https://www.cloudvector.com/" & @CRLF & _ "https://*.cloudvector.com/" & @CRLF & _ "https://*.incapsula.com" & @CRLF & _ "PTaaS Reference" & @CRLF & _ "https://*.indeed.com" & @CRLF & _ "https://*.indeedflex.com" & @CRLF & _ "https://apis.indeed.com/graphql" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.indeed.android.jobsearch" & @CRLF & _ "Indeed Job Search Android" & @CRLF & _ "https://apps.apple.com/us/app/indeed-job-search/id309735670" & @CRLF & _ "Indeed Job Search iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.syftapp.android" & @CRLF & _ "Android Indeed Flex App" & @CRLF & _ "https://apps.apple.com/gb/app/indeed-flex-job-search/id1013812731" & @CRLF & _ "iOS Indeed Flex App" & @CRLF & _ "https://*.indeed.tech" & @CRLF & _ "https://*.indeed.net" & @CRLF & _ "https://resume.com" & @CRLF & _ "https://wowjobs.ca" & @CRLF & _ "https://apps.apple.com/us/app/%E5%B1%A5%E6%AD%B4%E6%9B%B8%E4%BD%9C%E6%88%90-%E3%82%A4%E3%83%B3%E3%83%87%E3%82%A3%E3%83%BC%E3%83%89/id1484451230" & @CRLF & _ "履歴書作成 (Universal Resume) iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.indeed.resume" & @CRLF & _ "履歴書作成 (Universal Resume) Android" & @CRLF & _ "https://apps.apple.com/us/app/indeed-connect-for-employers/id6443822731" & @CRLF & _ "Indeed Connect for Employers" & @CRLF & _ "https://chromewebstore.google.com/detail/indeed-recruiter-extensio/kiodpphbmnmcmnfgpnmkkhmkllnlflef" & @CRLF & _ "Indeed Recruiter Extension (Chrome)" & @CRLF & _ "Any host/web property/mobile app verified to be owned by Indeed" & @CRLF & _ "https://developers.intercom.com/installing-intercom/docs/about-the-sdk-ios" & @CRLF & _ "iOS SDK" & @CRLF & _ "https://api.intercom.com" & @CRLF & _ "https://api.intercom.io" & @CRLF & _ "https://app.intercom.com" & @CRLF & _ "*.intercomassets.com / *.intercomcdn.com" & @CRLF & _ "https://app.intercom.io/" & @CRLF & _ "https://app.intercom.io" & @CRLF & _ "https://developers.intercom.com/installing-intercom/docs/about-the-sdk-android" & @CRLF & _ "Android SDK" & @CRLF & _ "https://www.intercom.com/" & @CRLF & _ "https://www.intercom.com" & @CRLF & _ "iRobot cloud-connected robot that you own (i.e. j7, s9, i7, 980, 960, 690, Braava, etc.)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.irobot.home" & @CRLF & _ "https://itunes.apple.com/us/app/irobot-home/id1012014442?mt=8" & @CRLF & _ "https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements" & @CRLF & _ " https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements" & @CRLF & _ "https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements/{entitlement_id}" & @CRLF & _ "https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/notifications/raas" & @CRLF & _ "https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/users/{user_id}/entitlements" & @CRLF & _ "iRobot API Endpoint" & @CRLF & _ "https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/robots/{robot_id}/entitlements" & @CRLF & _ "*.jora.com" & @CRLF & _ "*.jora.xyz" & @CRLF & _ "https://apps.apple.com/us/app/jora-jobs-job-search-app/id917565665 " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.jora.android&hl=en_US " & @CRLF & _ "restaurant-api.takeaway.com" & @CRLF & _ "*.lieferando.at" & @CRLF & _ "*.yourdelivery.de" & @CRLF & _ "*.takeaway.com" & @CRLF & _ "*.scoober.com" & @CRLF & _ "*.citymeal.com" & @CRLF & _ "*.lieferando.de" & @CRLF & _ "*.thuisbezorgd.nl" & @CRLF & _ "https://itunes.apple.com/us/app/lieferando-de/id419724490?l=es&mt=8" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.yopeso.lieferando&hl=en_US" & @CRLF & _ "https://takeawaypay.azurefd.net/en/takeawaypay/" & @CRLF & _ "*.bistro.sk" & @CRLF & _ "*.just-eat.fr" & @CRLF & _ "*.eat.ch" & @CRLF & _ "*.just-eat.no" & @CRLF & _ "*.just-eat.dk" & @CRLF & _ "*.pyszne.pl" & @CRLF & _ "https://www.justeattakeaway.com" & @CRLF & _ "*.justeattakeaway.com" & @CRLF & _ "https://www.justeat.it/rider" & @CRLF & _ "https://status-takeaway.com/status" & @CRLF & _ "https://status-takeaway.com/status." & @CRLF & _ "*.10bis.co.il" & @CRLF & _ "https://www.takeaway.com/foodwiki/" & @CRLF & _ "www.takeaway.com/foodwiki/" & @CRLF & _ "https://www.takeaway.com/drivers" & @CRLF & _ "www.takeaway.com/drivers" & @CRLF & _ "https://www.takeaway.com/deals" & @CRLF & _ "www.takeaway.com/deals" & @CRLF & _ "https://www.thuisbezorgd.nl/aanmelden" & @CRLF & _ "www.thuisbezorgd.nl/aanmelden" & @CRLF & _ "https://shop.thuisbezorgd.nl" & @CRLF & _ "shop.thuisbezorgd.nl" & @CRLF & _ "https://tv.takeaway.com" & @CRLF & _ "tv.takeaway.com" & @CRLF & _ "static.thuisbezorgd.nl" & @CRLF & _ "dev.takeaway.com/html/" & @CRLF & _ "intranet.takeaway.com" & @CRLF & _ "atarkasher.co.il" & @CRLF & _ "https://brand.takeaway.com" & @CRLF & _ "brand.takeaway.com" & @CRLF & _ "https://careers.takeaway.com" & @CRLF & _ "careers.takeaway.com" & @CRLF & _ "https://newsletter.thuisbezorgd.nl" & @CRLF & _ "newsletter.thuisbezorgd.nl" & @CRLF & _ "https://www.status-takeaway.com/status" & @CRLF & _ "www.status-takeaway.com/status" & @CRLF & _ "https://www.lieferando.de/thetakeaway/" & @CRLF & _ "cloud.update.takeaway.com" & @CRLF & _ "cloud.connect.takeaway.com" & @CRLF & _ "cloud.connect.justeattakeaway.com" & @CRLF & _ "cloud.update.justeattakeaway.com" & @CRLF & _ "*.beta.scoober.com" & @CRLF & _ "*.just-data.io" & @CRLF & _ "https://api.justeat-int.com" & @CRLF & _ "*.justeat-int.com" & @CRLF & _ "https://www.just-eat.co.uk" & @CRLF & _ "*.just-eat.co.uk - UK food ordering" & @CRLF & _ "https://www.just-eat.ie" & @CRLF & _ "*.just-eat.ie - Ireland food ordering" & @CRLF & _ "https://menulog.co.nz" & @CRLF & _ "*.menulog.co.nz - New Zealand food ordering" & @CRLF & _ "https://menulog.com.au" & @CRLF & _ "*.menulog.com.au - Australia food ordering" & @CRLF & _ "*.just-eat.com " & @CRLF & _ "https://public.je-apis.com" & @CRLF & _ "*.je-apis.com - UK legacy API" & @CRLF & _ "https://just-eat.it" & @CRLF & _ "*.just-eat.it - Italy food ordering" & @CRLF & _ "https://just-eat.es" & @CRLF & _ "*.just-eat.es - Spain food ordering" & @CRLF & _ "https://skipthedishes.com" & @CRLF & _ "*.skipthedishes.com - Canada food ordering" & @CRLF & _ "https://just-eat.io/" & @CRLF & _ "*.just-eat.io" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217037/scroll-exporter-extensions?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210818/scroll-versions-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211616/scroll-translations-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence?hosting=cloud" & @CRLF & _ "https://www.remove.bg" & @CRLF & _ "*.remove.bg" & @CRLF & _ "https://www.designify.com" & @CRLF & _ "*.designify.com" & @CRLF & _ "https://www.kaleido.ai" & @CRLF & _ "*.kaleido.ai" & @CRLF & _ "https://www.unscreen.com" & @CRLF & _ "*.unscreen.com" & @CRLF & _ "https://www.keepersecurity.com/download.html" & @CRLF & _ "Keeper Browser Extension (Chrome, Safari, Firefox, Edge)" & @CRLF & _ "Keeper for iOS" & @CRLF & _ "https://www.microsoft.com/en-us/p/keeperchat/9pdqtcpn4kxn#activetab=pivot:overviewtab" & @CRLF & _ "KeeperChat for Windows" & @CRLF & _ "https://keepersecurity.com" & @CRLF & _ "Keeper Security Website" & @CRLF & _ "Keeper for Mac, PC, Linux" & @CRLF & _ "https://keepersecurity.com/vault" & @CRLF & _ "Keeper Web Vault (US, EU, AU, CA, JP, GovCloud)" & @CRLF & _ "https://docs.keeper.io/keeper-bridge/" & @CRLF & _ "Keeper AD / LDAP Bridge" & @CRLF & _ "https://apps.apple.com/app/id1216446440" & @CRLF & _ "KeeperChat for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.keepersecurity.chat&hl=en_US&gl=US" & @CRLF & _ "KeeperChat for Android" & @CRLF & _ "https://apps.apple.com/us/app/keeperchat/id1273303729?mt=12" & @CRLF & _ "KeeperChat for Mac" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.callpod.android_apps.keeper&hl=en_US&gl=US" & @CRLF & _ "Keeper for Android" & @CRLF & _ "https://docs.keeper.io/kcm" & @CRLF & _ "Keeper Connection Manager (KCM)" & @CRLF & _ "https://keepersecurity.com/console" & @CRLF & _ "Keeper Admin Console (US, EU, AU, CA, JP, GovCloud)" & @CRLF & _ "https://docs.keeper.io/en/v/secrets-manager" & @CRLF & _ "Keeper Secrets Manager and Keeper Commander APIs" & @CRLF & _ "https://docs.keeper.io/sso-connect-guide/" & @CRLF & _ "SSO Connect On-Prem" & @CRLF & _ "https://docs.keeper.io/sso-connect-cloud/" & @CRLF & _ "SSO Connect Cloud and Automator Service" & @CRLF & _ "██████████████████████████████████████████" & @CRLF & _ "██████████████████████████████████████████████████████████████" & @CRLF & _ "https://kw-bugcrowd-pub.bounty.kiteworks.dev/" & @CRLF & _ "Kohl’s entire public digital footprint that is not Out-Of-Scope(See list below)" & @CRLF & _ "https://www.kohls.com" & @CRLF & _ "www.kohls.com" & @CRLF & _ "https://www.kohls.com/feature/app.jsp" & @CRLF & _ "Kohl's Mobile Application for iOS" & @CRLF & _ "Kohl's Mobile Application for Android" & @CRLF & _ "https://kucoin.com" & @CRLF & _ "https://apps.apple.com/us/app/kucoin-buy-bitcoin-crypto/id1378956601?mt=8" & @CRLF & _ "Kucoin IOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.kubi.kucoin" & @CRLF & _ "Kucoin Android" & @CRLF & _ "https://lastpass.com" & @CRLF & _ "https://lastpass.com/misc_download2.php" & @CRLF & _ "LastPass browser extensions (Chrome / Safari / Edge / Firefox)" & @CRLF & _ "Local computer apps (UWP application / Windows installer (MSI) / MacOS)" & @CRLF & _ "https://support.lastpass.com" & @CRLF & _ "Workstation MFA (WMFA)" & @CRLF & _ "https://blog.lastpass.com" & @CRLF & _ "https://admin.lastpass.com" & @CRLF & _ "https://auth.lastpass.com" & @CRLF & _ "https://accounts.lastpass.com" & @CRLF & _ "https://www.lastpass.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.lastpass.lpandroid" & @CRLF & _ "LastPass Password Manager (Android)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.lastpass.authenticator&hl=en_US&gl=US" & @CRLF & _ "LastPass Authenticator (Android)" & @CRLF & _ "https://apps.apple.com/us/app/lastpass-password-manager/id324613447" & @CRLF & _ "LastPass Password Manager (iOS)" & @CRLF & _ "https://apps.apple.com/us/app/lastpass-authenticator/id1079110004" & @CRLF & _ "LastPass Authenticator (iOS)" & @CRLF & _ "https://api.test.latitudefinancial.com" & @CRLF & _ "https://master.servicecentre.digitalservicing-np.lfscnp.com/" & @CRLF & _ "https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/ " & @CRLF & _ "https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/" & @CRLF & _ "https://28degreescard.com.au" & @CRLF & _ "*.28degreescard.com.au" & @CRLF & _ "https://buyersedge.co.nz" & @CRLF & _ "*.buyersedge.com.au" & @CRLF & _ "https://carecredit.com.au" & @CRLF & _ "*.carecredit.com.au" & @CRLF & _ "https://gemcreditline.co.nz" & @CRLF & _ "*.gemcreditline.co.nz" & @CRLF & _ "https://gemfinance.co.nz" & @CRLF & _ "*.gemfinance.co.nz" & @CRLF & _ "https://gemvisa.com.au" & @CRLF & _ "*.gemvisa.com.au" & @CRLF & _ "*.genoapay.co.nz" & @CRLF & _ "*.genoapay.com" & @CRLF & _ "https://gomastercard.com.au" & @CRLF & _ "*.gomastercard.com.au" & @CRLF & _ "https://interestfree.com.au" & @CRLF & _ "*.interestfree.com.au" & @CRLF & _ "*.latitudefinancial.co.nz" & @CRLF & _ "*.latitudefinancial.com" & @CRLF & _ "*.latitudefinancial.com.au" & @CRLF & _ "https://latitudeinfinity.com.au" & @CRLF & _ "*.latitudeinfinity.com.au" & @CRLF & _ "*.latitudepay.com.au" & @CRLF & _ "*.latitudepay.com" & @CRLF & _ "https://umiloans.com.au" & @CRLF & _ "*.umiloans.com.au" & @CRLF & _ "https://images.latitudepayapps.com/" & @CRLF & _ "images.latitudepayapps.com" & @CRLF & _ "https://app.latitudepayapps.com/" & @CRLF & _ "app.latitudepayapps.com" & @CRLF & _ " *.test.*.lfscnp.com" & @CRLF & _ "*.dev.*.lfscnp.com" & @CRLF & _ "*.sandbox.*.lfscnp.com" & @CRLF & _ "*.-np.*.lfscnp.com" & @CRLF & _ "https://manager.trial.lsk.lightspeed.app/ " & @CRLF & _ "https://manager.trial.lsk.lightspeed.app/" & @CRLF & _ "https://hq.breadcrumb.com/hq/restaurants/bounty-cafe-2/" & @CRLF & _ "https://secure.vendhq.com" & @CRLF & _ "secure.vendhq.com" & @CRLF & _ "https://developers.vendhq.com/" & @CRLF & _ " developers.vendhq.com" & @CRLF & _ "https://payment-connectors.vendhq.com/" & @CRLF & _ "payment-connectors.vendhq.com" & @CRLF & _ "https://www.vendhq.com/" & @CRLF & _ "www.vendhq.com" & @CRLF & _ "https://store.retail.lightspeed.app" & @CRLF & _ "store.retail.lightspeed.app" & @CRLF & _ "https://apps.apple.com/us/app/ecwid-ecommerce/id626731456" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.ecwid.android&pli=1" & @CRLF & _ "https://app.ecwid.com/api/v3/ " & @CRLF & _ "proxy-production.lime.bike" & @CRLF & _ "web-message.lime.bike" & @CRLF & _ "web-message-high.lime.bike" & @CRLF & _ "https://apps.apple.com/ca/app/lime-supply/id1620058457" & @CRLF & _ "Supply iOS" & @CRLF & _ "web-production.lime.bike" & @CRLF & _ "external-api.lime.bike" & @CRLF & _ "Data.lime.bike " & @CRLF & _ "https://apps.apple.com/ca/app/lime-ridegreen/id1199780189" & @CRLF & _ "Rider iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.limebike" & @CRLF & _ "Rider Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.lime.supply&hl=en_US" & @CRLF & _ "Supply Android" & @CRLF & _ "admintool.lime.bike" & @CRLF & _ "juicer.lime.bike" & @CRLF & _ "https://data.limeinternal.com" & @CRLF & _ "Data portal" & @CRLF & _ "help.lime.bike" & @CRLF & _ "https://admintool.lime.bike" & @CRLF & _ "Admintool" & @CRLF & _ "ops.lime.bike" & @CRLF & _ "https://lp.lime.bike/" & @CRLF & _ "LP dashboard" & @CRLF & _ "https://orchard.limeinternal.com" & @CRLF & _ "Inhouse deployment pipeline" & @CRLF & _ "https://www.li.me/" & @CRLF & _ "Lime website" & @CRLF & _ "https://gpt.lime.bike" & @CRLF & _ "Lime GPT" & @CRLF & _ "https://linktr.ee" & @CRLF & _ "*.linktr.ee" & @CRLF & _ "https://linktree.com" & @CRLF & _ "*.linktree.com" & @CRLF & _ "https://tr.ee" & @CRLF & _ "*.tr.ee" & @CRLF & _ "*.linktree-extensions.com" & @CRLF & _ "https://odesli.co" & @CRLF & _ "*.odesli.co" & @CRLF & _ "https://odesli.com" & @CRLF & _ "*.odesli.com" & @CRLF & _ "https://song.link" & @CRLF & _ "*.song.link" & @CRLF & _ "https://songlink.io" & @CRLF & _ "*.songlink.io" & @CRLF & _ "https://album.link" & @CRLF & _ "*.album.link" & @CRLF & _ "https://artist.link" & @CRLF & _ "*.artist.link" & @CRLF & _ "https://pods.link" & @CRLF & _ "*.pods.link" & @CRLF & _ "https://playlist.link" & @CRLF & _ "*.playlist.link" & @CRLF & _ "https://mylink.page" & @CRLF & _ "*.mylink.page" & @CRLF & _ "https://*.plannthat.com" & @CRLF & _ "plannthat.com" & @CRLF & _ "https://linktree.app.link/LinktreeWebsite?utm_medium=Linktree_Footer" & @CRLF & _ "Linktree iOS app" & @CRLF & _ "Linktree Android app" & @CRLF & _ "https://apps.apple.com/au/app/plann-preview-for-instagram/id1106201141" & @CRLF & _ "Plann iOS app" & @CRLF & _ "https://play.google.com/store/search?q=plann&c=apps" & @CRLF & _ "Plann Android app" & @CRLF & _ "███████████████" & @CRLF & _ "https://play.google.com/store/apps/details?hl=en&id=co.bitx.android.wallet" & @CRLF & _ "Luno Android Application" & @CRLF & _ "https://apps.apple.com/app/bitx-wallet/id927362479" & @CRLF & _ "Luno iOS Application" & @CRLF & _ "https://mobileapi.staging.luno.com/" & @CRLF & _ "https://staging.luno.com/" & @CRLF & _ "https://ajax.staging.luno.com/" & @CRLF & _ "https://api.staging.luno.com/" & @CRLF & _ "https://app.staging.luno.com/" & @CRLF & _ "https://www.crateandbarrel.me" & @CRLF & _ "www.crateandbarrel.me" & @CRLF & _ "https://api-prod.thatconceptstore.com/" & @CRLF & _ "https://apps.apple.com/app/id1503045795" & @CRLF & _ "THAT Concept Store iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.maf.thatandroid" & @CRLF & _ "THAT Concept Store Android" & @CRLF & _ "https://thatconceptstore.com" & @CRLF & _ "https://www.cb2.ae/en" & @CRLF & _ "https://www.allsaints.me/" & @CRLF & _ "https://www.lululemon.me" & @CRLF & _ "www.lululemon.me" & @CRLF & _ "https://lapi.yellowblocks.me" & @CRLF & _ "lapi.yellowblocks.me" & @CRLF & _ "https://www.shiseido.me/" & @CRLF & _ "lego.me" & @CRLF & _ "psychobunny.me" & @CRLF & _ "fashion4less.me" & @CRLF & _ "https://www.sharerewards.com/" & @CRLF & _ "https://apps.apple.com/us/app/share-rewards/id1465450657" & @CRLF & _ "Share Rewards Programme iOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.maf.share&hl=en_US&gl=US" & @CRLF & _ "Share Rewards Android App" & @CRLF & _ "https://www.vtcprodapi.maf.ae/svc/svcHifi.svc/SaveOCRReceipt" & @CRLF & _ "https://production.maf.auth0.com/api/v2/" & @CRLF & _ "https://production.maf.auth0.com" & @CRLF & _ "https://maf-holding-prod.apigee.net" & @CRLF & _ "https://www.malloftheemirates.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.belongi.moe" & @CRLF & _ "https://apps.apple.com/app/mall-of-the-emirates-moe/id1449578693" & @CRLF & _ "https://api.mafshoppingmalls.com/" & @CRLF & _ "https://www.premogiftcards.com" & @CRLF & _ "https://www.premogiftcards.com/" & @CRLF & _ "https://identity.majidalfuttaim.com" & @CRLF & _ "https://www.simplify.com/commerce/ " & @CRLF & _ "Simplify Commerce - www.simplify.com/commerce/ " & @CRLF & _ "https://www.mastercard.us/en-us.html" & @CRLF & _ "MasterCard.us - www.mastercard.us/en-us.html" & @CRLF & _ "https://www.mastercard.ch/de-ch.html" & @CRLF & _ "MasterCard.ch - (German) - www.mastercard.ch/de-ch.html" & @CRLF & _ "https://www.mastercard.ch/fr-ch.html" & @CRLF & _ "MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html" & @CRLF & _ "https://www.mastercard.com.au/en-au.html" & @CRLF & _ "MasterCard.com.au - www.mastercard.com.au/en-au.html" & @CRLF & _ "https://www.mastercard.nl/nl-nl.html" & @CRLF & _ "MasterCard.nl - www.mastercard.nl/nl-nl.html" & @CRLF & _ "https://developer.mastercard.com" & @CRLF & _ "https://donate.mastercard.com" & @CRLF & _ "donate.mastercard.com" & @CRLF & _ "https://demo.priceless.com/" & @CRLF & _ "Core Priceless.com - demo.priceless.com" & @CRLF & _ "https://europe.priceless.com/shb" & @CRLF & _ "https://priceless.com/golf/" & @CRLF & _ "https://pricelesssurprises.com/" & @CRLF & _ "https://priceless.com/aa/" & @CRLF & _ "https://priceless.com/aviator/" & @CRLF & _ "https://priceless.com/citiaadvantage/" & @CRLF & _ "https://performancemarketing.mastercard.com/portal/" & @CRLF & _ "https://src.mastercard.com/profile/enroll" & @CRLF & _ "https://src.mastercard.com/*" & @CRLF & _ "SRC integration on https://masterpassteststore.com/. Only the Masterpass checkout functionality is in scope" & @CRLF & _ " Finicity Connect" & @CRLF & _ "Finicity- Data Services" & @CRLF & _ "Finicity Decisioning" & @CRLF & _ "https://www.finicity.com" & @CRLF & _ "https://consumer.finicityreports.com" & @CRLF & _ "Finicity- Open Banking Payment History application" & @CRLF & _ "Finicity - OBB (Open Banking Business Service) " & @CRLF & _ "Public Others Target" & @CRLF & _ "https://play.google.com/store/search?q=mattermost&c=apps" & @CRLF & _ "Mattermost Mobile Android" & @CRLF & _ "https://apps.apple.com/us/app/mattermost/id1257222717" & @CRLF & _ "Mattermost Mobile iOS" & @CRLF & _ "https://mattermost.com/apps/" & @CRLF & _ "Mattermost Desktop Apps" & @CRLF & _ "https://bugcrowd-*your-own-instance*.cloud.mattermost.com/" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-jira " & @CRLF & _ "Mattermost Jira Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-zoom" & @CRLF & _ "Mattermost Zoom Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-github" & @CRLF & _ "Mattermost Github Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-gitlab" & @CRLF & _ "Mattermost Gitlab Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-calls" & @CRLF & _ "Mattermost Calls Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-playbooks" & @CRLF & _ "Mattermost Playbooks Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-boards" & @CRLF & _ "Mattermost Boards Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-ai" & @CRLF & _ "Mattermost Copilot Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-mscalendar" & @CRLF & _ "Mattermost Microsoft Calendar Plugin" & @CRLF & _ "https://github.com/mattermost/mattermost-plugin-msteams-meetings" & @CRLF & _ "Mattermost Plugin for Microsoft Teams Meetings" & @CRLF & _ "██████████████████████████████" & @CRLF & _ "██████████████████████████████████" & @CRLF & _ "https://identity.monash.edu/" & @CRLF & _ " identity.monash.edu" & @CRLF & _ " mix.monash.edu " & @CRLF & _ "https://connect.monash.edu" & @CRLF & _ "connect.monash.edu" & @CRLF & _ "https://identity.monash.edu" & @CRLF & _ "identity.monash.edu" & @CRLF & _ "https://www.monash.edu" & @CRLF & _ "monash.edu" & @CRLF & _ "https://staff.monash" & @CRLF & _ "Staff.monash" & @CRLF & _ "http://apps.connect.monash.edu/" & @CRLF & _ "apps.connect.monash.edu/" & @CRLF & _ "VPN: vpn.monash.edu" & @CRLF & _ "eassessment.monash.edu" & @CRLF & _ "https://fileshare.ze.monash.edu" & @CRLF & _ "fileshare.ze.monash.edu" & @CRLF & _ "https://cms.mobile.monash/ " & @CRLF & _ "cms.mobile.monash" & @CRLF & _ "https://mobile.monash/ " & @CRLF & _ "mobile.monash" & @CRLF & _ "https://status.mobile.monash/" & @CRLF & _ "status.mobile.monash" & @CRLF & _ "https://monashcollege.edu.au" & @CRLF & _ "https://online.monash.edu/" & @CRLF & _ "https://apps.apple.com/us/app/monash-study/id1462126829" & @CRLF & _ "Monash Study iOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=edu.monash.monashmobile" & @CRLF & _ "Monash Study Android app" & @CRLF & _ "https://myapp.monash.edu/" & @CRLF & _ "https://alumni-friends.monash.edu" & @CRLF & _ "https://agent.apps.monash.edu/" & @CRLF & _ "https://compulsoryunits.monash.edu/" & @CRLF & _ "https://monash.app.nutrip.com" & @CRLF & _ "monash.app.nutrip.com" & @CRLF & _ "https://studentplacements.monash.edu" & @CRLF & _ "studentplacements.monash.edu" & @CRLF & _ "https://unihub.monash.edu/" & @CRLF & _ "unihub.monash.edu" & @CRLF & _ "https://interviews.monash.edu/" & @CRLF & _ "interviews.monash.edu" & @CRLF & _ "https://shop.monash.edu/" & @CRLF & _ "shop.monash.edu" & @CRLF & _ "https://mlivetickets.monash.edu" & @CRLF & _ "mlivetickets.monash.edu" & @CRLF & _ "alumni-friends.monash.edu" & @CRLF & _ "https://partner.apps.monash.edu" & @CRLF & _ "partner.apps.monash.edu" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.scu.bsafe" & @CRLF & _ "bSafe Android App" & @CRLF & _ "https://apps.apple.com/au/app/monash-bsafe/id1462241951" & @CRLF & _ "bSafe iPhone App" & @CRLF & _ "https://forms.apps.monash.edu/" & @CRLF & _ "forms.apps.monash.edu" & @CRLF & _ "https://formative.eassessment.monash.edu/" & @CRLF & _ "formative.eassessment.monas.edu" & @CRLF & _ "https://www.monashprofessional.edu.au/" & @CRLF & _ "monashprofessional.edu.au" & @CRLF & _ "https://account-registration.monash.edu/" & @CRLF & _ "account-registration.monash.edu" & @CRLF & _ "http://pay.monashcollege.edu.au/" & @CRLF & _ "pay.monashcollege.edu.au" & @CRLF & _ "https://evigilation.monash.edu" & @CRLF & _ "Monash e-Vigilation" & @CRLF & _ "https://student.monash" & @CRLF & _ "student.monash" & @CRLF & _ "https://mids.monash.edu/" & @CRLF & _ "mids.monash.edu" & @CRLF & _ "https://ims.monash.edu" & @CRLF & _ "ims.monash.edu" & @CRLF & _ "https://research.monash.edu/" & @CRLF & _ "research.monash.edu" & @CRLF & _ "https://researchmgt.monash.edu/" & @CRLF & _ "researchmgt.monash.edu" & @CRLF & _ "https://move.monash.edu/" & @CRLF & _ "move.monash.edu" & @CRLF & _ "mix-qat.monash.edu/*" & @CRLF & _ "mix-dev.monash.edu/*" & @CRLF & _ "https://apps.apple.com/vc/app/moneytree-finance-made-easy/id586847189" & @CRLF & _ "Moneytree iOS Mobile Application (production; see below)" & @CRLF & _ "https://wwws-staging.moneytree.jp/link/" & @CRLF & _ "https://vault-staging.getmoneytree.com" & @CRLF & _ "https://redash-staging.getmoneytree.com/" & @CRLF & _ "https://app-staging.getmoneytree.com" & @CRLF & _ "https://wwws-staging.moneytree.jp/link/mobile/" & @CRLF & _ "https://wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh" & @CRLF & _ "https://myaccount-staging.getmoneytree.com" & @CRLF & _ "https://jp-api-staging.getmoneytree.com" & @CRLF & _ "https://jp-api-staging.getmoneytree.com " & @CRLF & _ "https://business-staging.getmoneytree.com/" & @CRLF & _ "https://play.google.com/store/apps/details?id=jp.moneytree.moneytree&hl=en_AU&gl=US" & @CRLF & _ "Moneytree staging Android Mobile Application (see below)" & @CRLF & _ "All Motorola Devices running Android 13 and above. " & @CRLF & _ "https://staging-prime.navan.com" & @CRLF & _ "https://secure.neogov.com" & @CRLF & _ "https://login.neogov.com" & @CRLF & _ "https://performance.neogov.com" & @CRLF & _ "https://learn.neogov.com" & @CRLF & _ "https://api.neogov.com" & @CRLF & _ "https://onboard.neogov.com" & @CRLF & _ "https://unified.neogov.com" & @CRLF & _ "https://eforms.neogov.com" & @CRLF & _ "https://cdn.neogov.com" & @CRLF & _ "https://www.governmentjobs.com" & @CRLF & _ "https://analytics.neogov.com" & @CRLF & _ "https://powerdms.com/" & @CRLF & _ "https://secure.cuehit.net" & @CRLF & _ "https://secure.cuehit.net/" & @CRLF & _ "https://app.agency360.com" & @CRLF & _ "https://app.agency360.com/" & @CRLF & _ "https://securesignin.neogov.com" & @CRLF & _ "https://securesignin.neogov.com/" & @CRLF & _ "https://securesignin.powerdms.com/" & @CRLF & _ "https://hr.neogov.com" & @CRLF & _ "Nighthawk Pro Gaming Switch" & @CRLF & _ "Nighthawk Router" & @CRLF & _ "Nighthawk Switch" & @CRLF & _ "Nighthawk iOS App" & @CRLF & _ "Nighthawk Android App" & @CRLF & _ "Orbi " & @CRLF & _ "Orbi iOS App " & @CRLF & _ "Orbi Android App " & @CRLF & _ "Insight Managed Smart Cloud Wireless Access Point" & @CRLF & _ "https://api.netgear.com" & @CRLF & _ "Insight iOS App" & @CRLF & _ "Insight Android App" & @CRLF & _ "CHP Cloud Portal" & @CRLF & _ "Meural" & @CRLF & _ "https://one.newrelic.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.newrelic.rpm" & @CRLF & _ "New Relic Android Application" & @CRLF & _ "https://apps.apple.com/ie/app/new-relic/id594038638" & @CRLF & _ "New Relic iOS Application" & @CRLF & _ "*.nr-data.net" & @CRLF & _ "*.nr-ops.net" & @CRLF & _ "https://docs.newrelic.com/" & @CRLF & _ "https://newrelic.com/" & @CRLF & _ "https://newrelic.com/*" & @CRLF & _ "https://newrelic.com/blog" & @CRLF & _ "https://support.newrelic.com/" & @CRLF & _ "https://forum.newrelic.com" & @CRLF & _ "https://knowledge.newrelic.com/" & @CRLF & _ "https://learn.newrelic.com/" & @CRLF & _ "https://developer.newrelic.com/" & @CRLF & _ "████████████████████████████████████████████████████████████████████████████████████████████████████" & @CRLF & _ "██████████████████████████████████████████████████████████████████████████████████████████████████████████████" & @CRLF & _ "███████████████████████████████████████████████████████████████████████████████████████████████████" & @CRLF & _ "██████████████████████████████████████████████████████████████████████████████████████████████████████" & @CRLF & _ "████████████████████████████████████████████████████████████████████████████████████████████████████████████████" & @CRLF & _ "Anything Owned by Northwestern Mutual on the Public Internet Not Listed as Out of Scope" & @CRLF & _ "216.20.176.0/20" & @CRLF & _ "https://northwesternmutual.com" & @CRLF & _ "*.northwesternmutual.com" & @CRLF & _ "https://*.nml.com" & @CRLF & _ "*.nml.com" & @CRLF & _ "https://*.nmfn.com" & @CRLF & _ "*.nmfn.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.nm.nm&hl=en_US&gl=US" & @CRLF & _ "NM Android Mobile App" & @CRLF & _ "https://apps.apple.com/us/app/northwestern-mutual/id1132579006" & @CRLF & _ "NM iOS Mobile App" & @CRLF & _ "Anything that Clearly Affects Northwestern Mutual But is Not Own by Northwestern Mutual" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.nu.production&hl=pt_BR&gl=US&pli=1" & @CRLF & _ "Nubank Android: Playstore" & @CRLF & _ "https://apps.apple.com/br/app/nubank-conta-e-cart%C3%A3o/id814456780" & @CRLF & _ "Nubank iOS App" & @CRLF & _ "prod-*.nubank.com.br" & @CRLF & _ "prod-*.nu.com.mx" & @CRLF & _ "prod-*.nu.com.co" & @CRLF & _ "https://nubank.com.br/" & @CRLF & _ "*nubank.com.br" & @CRLF & _ "https://nubank.com.mx" & @CRLF & _ "*nu.com.mx" & @CRLF & _ "https://nubank.com.co" & @CRLF & _ "*nu.com.co" & @CRLF & _ "https://www.nuinvest.com.br/" & @CRLF & _ "*.nuinvest.com.br " & @CRLF & _ "https://octopus.com/downloads" & @CRLF & _ "Octopus Tentacle" & @CRLF & _ "Octopus Server" & @CRLF & _ "*.octopus.com" & @CRLF & _ "https://github.com/OctopusDeploy" & @CRLF & _ "Octopus Deploy Git Repo" & @CRLF & _ "https://octopus.com" & @CRLF & _ "octopus.com" & @CRLF & _ "bugcrowd-pam-###.oktapreview.com" & @CRLF & _ "bugcrowd-pam-###.pam.oktapreview.com" & @CRLF & _ "https://bugcrowd-oie-%username%-1.workflows.oktapreview.com" & @CRLF & _ "https://bugcrowd-oie-%username%-2.workflows.oktapreview.com" & @CRLF & _ "https://bugcrowd-pam-###.workflows.oktapreview.com" & @CRLF & _ "Desktop MFA for Windows" & @CRLF & _ "Desktop MFA for macOS" & @CRLF & _ "Password Sync for macOS" & @CRLF & _ "https://support.okta.com" & @CRLF & _ "support.okta.com" & @CRLF & _ "bugcrowd-oie-%username%-1.at.oktapreview.com" & @CRLF & _ "bugcrowd-oie-%username%-2.at.oktapreview.com" & @CRLF & _ "https://bugcrowd-pam-###.at.oktapreview.com" & @CRLF & _ "bugcrowd-oie-%username%-1.oktapreview.com" & @CRLF & _ "bugcrowd-oie-%username%-2.oktapreview.com" & @CRLF & _ "https://bugcrowd-pam-###.oktapreview.com" & @CRLF & _ "https://www.okta.com/fastpass/" & @CRLF & _ "Okta Verify Fastpass" & @CRLF & _ "bugcrowd-oie-%username%-1-admin.oktapreview.com" & @CRLF & _ "bugcrowd-oie-%username%-2-admin.oktapreview.com" & @CRLF & _ "https://www.okta.com/products/advanced-server-access/" & @CRLF & _ "Advanced Server Access (ASA) / (ScaleFT)" & @CRLF & _ "http://app.scaleft.com/" & @CRLF & _ "https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm" & @CRLF & _ "Advanced Server Access Client / Agents" & @CRLF & _ "https://apps.apple.com/us/app/okta-verify/id490179405" & @CRLF & _ "Okta Verify (iOS)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US" & @CRLF & _ "Okta Verify (Android)" & @CRLF & _ "Okta Verify (Mac OS)" & @CRLF & _ "Okta Verify (Windows)" & @CRLF & _ "Okta On-Prem Agents ( AD, LDAP, RDP, IWA )" & @CRLF & _ "https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm" & @CRLF & _ "Okta Agent Windows" & @CRLF & _ "https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm" & @CRLF & _ "Okta Browser Plugin (IE / Firefox / Chrome)" & @CRLF & _ "https://pentest-app.onetrust.com/" & @CRLF & _ "https://api.openai.com" & @CRLF & _ "api.openai.com" & @CRLF & _ "https://chat.openai.com" & @CRLF & _ "ChatGPT" & @CRLF & _ "ChatGPT Plugins" & @CRLF & _ "Third Party Targets" & @CRLF & _ "OpenAI API Keys" & @CRLF & _ "https://*.openai.org" & @CRLF & _ "https://openai.org" & @CRLF & _ "*.openai.org" & @CRLF & _ "https://openai.com/" & @CRLF & _ "openai.com" & @CRLF & _ "*.openai.com" & @CRLF & _ "https://platform.openai.com/playground" & @CRLF & _ "Developer Platform Playground" & @CRLF & _ "Other" & @CRLF & _ "https://opensea.io/" & @CRLF & _ "opensea.io" & @CRLF & _ "https://pro.opensea.io/" & @CRLF & _ "pro.opensea.io" & @CRLF & _ "http://wallets.opensea.io/" & @CRLF & _ "https://play.google.com/store/apps/details?id=io.opensea&hl=en_US&gl=US" & @CRLF & _ "io.opensea - Android App" & @CRLF & _ "https://apps.apple.com/us/app/opensea-nft-marketplace/id1582861796" & @CRLF & _ "io.opensea - iOS App" & @CRLF & _ "https://github.com/ProjectOpenSea/seaport#deployments" & @CRLF & _ "https://etherscan.io/address/0x0000a26b00c1F0DF003000390027140000fAa719" & @CRLF & _ "https://etherscan.io/address/0x00005EA00Ac477B1030CE78506496e8C2dE24bf5" & @CRLF & _ "Broken Link" & @CRLF & _ "https://auth.opera.com" & @CRLF & _ "auth.opera.com" & @CRLF & _ "https://accounts.opera.com" & @CRLF & _ "accounts.opera.com" & @CRLF & _ "https://flow.opera.com" & @CRLF & _ "flow.opera.com" & @CRLF & _ "https://autoupdate.geo.opera.com" & @CRLF & _ "autoupdate.geo.opera.com" & @CRLF & _ "https://net.geo.opera.com" & @CRLF & _ "net.geo.opera.com" & @CRLF & _ "https://download.opera.com" & @CRLF & _ "download.opera.com" & @CRLF & _ "https://speeddials.opera.com" & @CRLF & _ "speeddials.opera.com" & @CRLF & _ "https://browser-notifications.opera.com" & @CRLF & _ "browser-notifications.opera.com" & @CRLF & _ "https://www.opera.com/" & @CRLF & _ "www.opera.com" & @CRLF & _ "https://www.opera.com/computer/thanks?ni=stable&os=windows" & @CRLF & _ "Opera PC" & @CRLF & _ "https://www.opera.com/computer/thanks?ni=eapgx&os=windows" & @CRLF & _ "Opera GX" & @CRLF & _ "https://get.geo.opera.com" & @CRLF & _ "get.geo.opera.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.opera.browser" & @CRLF & _ "Opera for Android " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.opera.app.news" & @CRLF & _ "Opera News" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.opera.gx" & @CRLF & _ "Opera GX for Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.opera.mini.native" & @CRLF & _ "Opera Mini" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.opera.app.sports" & @CRLF & _ "Apex Football" & @CRLF & _ "https://cryptowallet.opera-api.com" & @CRLF & _ "cryptowallet.opera-api.com" & @CRLF & _ "https://suggestions.opera-api.com" & @CRLF & _ "suggestions.opera-api.com" & @CRLF & _ "*.opera.software" & @CRLF & _ "weather.opera-api.com" & @CRLF & _ "push.opera.com" & @CRLF & _ "*.osp.opera.software" & @CRLF & _ "https://bugs.opera.com/" & @CRLF & _ "bugs.opera.com" & @CRLF & _ "*.opera.technology" & @CRLF & _ "https://gx.games" & @CRLF & _ "https://create.gx.games" & @CRLF & _ "Loomi.tv" & @CRLF & _ "https://features.opera-api.com" & @CRLF & _ "features.opera-api.com" & @CRLF & _ "https://cdn-store.opera-api.com" & @CRLF & _ "cdn-store.opera-api.com" & @CRLF & _ "*.sec-tunnel.com" & @CRLF & _ "*.opera.com" & @CRLF & _ "exchange.opera.com" & @CRLF & _ "merchandise.opera-api.com" & @CRLF & _ "blocklist.opera-api.com" & @CRLF & _ "https://gx.opera-api.com" & @CRLF & _ "gx.opera-api.com" & @CRLF & _ "37.228.104.0/21" & @CRLF & _ "77.111.244.0/22" & @CRLF & _ "82.145.208.0/20" & @CRLF & _ "91.203.96.0/22" & @CRLF & _ "102.23.96.0/22" & @CRLF & _ "103.83.120.0/22" & @CRLF & _ "107.167.96.0/19" & @CRLF & _ "141.0.8.0/21" & @CRLF & _ "185.26.180.0/22" & @CRLF & _ "195.189.143.0/24" & @CRLF & _ "203.89.100.0/22" & @CRLF & _ "marketplace.gamemaker.io" & @CRLF & _ "*.opera-mini.net" & @CRLF & _ "*.opera.news" & @CRLF & _ "*.operanewsapp.com" & @CRLF & _ "GameMaker Studio 2" & @CRLF & _ "*.yoyogames.com" & @CRLF & _ "https://www.gamemaker.io" & @CRLF & _ "www.gamemaker.io" & @CRLF & _ "https://cashback.opera.com/" & @CRLF & _ "cashback.opera.com" & @CRLF & _ "*.apex-football.com" & @CRLF & _ "*.operafootball.com" & @CRLF & _ "*.feednews.com" & @CRLF & _ "*.dailyadvent.com" & @CRLF & _ "api.gx.games/gxc" & @CRLF & _ "api.gx.games/dc" & @CRLF & _ "api.gx.games/dev " & @CRLF & _ "api.gx.games/profile" & @CRLF & _ "api.gx.games/session" & @CRLF & _ "https://app.opsgenie.com" & @CRLF & _ "app.opsgenie.com" & @CRLF & _ "https://mobileapp.opsgenie.com" & @CRLF & _ "mobileapp.opsgenie.com" & @CRLF & _ "*.opsgenie.com" & @CRLF & _ "Opsgenie (IoS)" & @CRLF & _ "Opsgenie (Android)" & @CRLF & _ "https://app.optimizely.com/" & @CRLF & _ "https://cdn.optimizely.com/" & @CRLF & _ "https://cdn-pci.optimizely.com/" & @CRLF & _ "https://optimizely-edge.com" & @CRLF & _ "https://api.optimizely.com/" & @CRLF & _ "https://dxc.episerver.net/ " & @CRLF & _ "https://paasportal.episerver.net/" & @CRLF & _ "https://paasportal.episerver.net/api/v1.0/" & @CRLF & _ "https://app.welcomesoftware.com/" & @CRLF & _ "https://accounts.welcomesoftware.com/" & @CRLF & _ "https://api.welcomesoftware.com/" & @CRLF & _ "https://api.welcomesoftware.com/ " & @CRLF & _ "https://cdn-app.welcomesoftware.com/" & @CRLF & _ "https://analytics.welcomesoftware.com/" & @CRLF & _ "https://flags.expeng.optimizely.com" & @CRLF & _ "https://accounts.cmp.optimizely.com/" & @CRLF & _ "https://orderly.network/" & @CRLF & _ "https://api.orderly.org/" & @CRLF & _ "https://api-evm.orderly.org/" & @CRLF & _ "https://www.originenergy.com.au/" & @CRLF & _ "*.origindigital-pac.com.au" & @CRLF & _ "*.odcdn.com.au" & @CRLF & _ "https://dataportal.originenergy.com.au" & @CRLF & _ "dataportal.originenergy.com.au" & @CRLF & _ "*.support.originenergy.com.au" & @CRLF & _ "*.api.originenergy.com.au" & @CRLF & _ "*.download.originenergy.com.au" & @CRLF & _ "https://api.rx.originenergy.com.au/v1/gateway/schema/graphql" & @CRLF & _ "https://api.rx.originenergy.com.au/v1/gateway/schema/kraken/graphql" & @CRLF & _ "https://api.rx.originenergy.com.au/v1/lpg/graphql" & @CRLF & _ "https://www.winconnect.com.au/moving-out/" & @CRLF & _ "https://www.winconnect.com.au/get-connected/" & @CRLF & _ "https://customerportal.winconnect.com.au/login" & @CRLF & _ "signup.myconnect.com.au" & @CRLF & _ "portal.myconnect.com.au" & @CRLF & _ "myconnect.com.au" & @CRLF & _ "portal.myconnect.com.au/new-connection" & @CRLF & _ "ssu.myconnect.com.au/signup/get-connected " & @CRLF & _ "hub.myconnect.com.au" & @CRLF & _ "https://dashboard.pantheon.io" & @CRLF & _ "https://devstaging.pcapcloud.com/*" & @CRLF & _ "https://www.pexels.com/" & @CRLF & _ "*.pexels.com" & @CRLF & _ "██████████████" & @CRLF & _ "api.pinterest.com" & @CRLF & _ "*.pinterest.com Web Apps" & @CRLF & _ "https://apps.apple.com/us/app/pinterest/id429047995" & @CRLF & _ "Pinterest iOS Mobile Application" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.pinterest&hl=en_US&gl=US" & @CRLF & _ "Pinterest Android Mobile Application" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.pinterest.twa&hl=en_US&gl=US" & @CRLF & _ "Pinterest Lite Android Mobile Application" & @CRLF & _ "https://microsoftedge.microsoft.com/addons/detail/pinterest-save-button/bkgoflemacdadndiohhdnphcmdhacabg" & @CRLF & _ "Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b )" & @CRLF & _ "https://chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en" & @CRLF & _ "Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en)" & @CRLF & _ "https://addons.mozilla.org/en-US/firefox/addon/pinterest/" & @CRLF & _ "Firefox extension (download at: https://addons.mozilla.org/firefox/addon/pinterest/)" & @CRLF & _ "https://github.com/pinterest/" & @CRLF & _ "Open source projects(non-forked) listed at github.com/pinterest/" & @CRLF & _ "https://pixabay.com/" & @CRLF & _ "*.pixabay.com/" & @CRLF & _ "https://my.planethoster.com" & @CRLF & _ "my.planethoster.com" & @CRLF & _ "https://api.planethoster.net" & @CRLF & _ "api.planethoster.net" & @CRLF & _ "https://world.planethoster.net" & @CRLF & _ " world.planethoster.net" & @CRLF & _ "https://mg.n0c.com/" & @CRLF & _ "https://www.planethoster.com" & @CRLF & _ "www.planethoster.com" & @CRLF & _ "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter&tab=overview" & @CRLF & _ "https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter" & @CRLF & _ "*.points.com" & @CRLF & _ "PIA VPN servers" & @CRLF & _ "https://apps.apple.com/us/app/private-internet-access-anonymous/id955626407" & @CRLF & _ "PIA iOS application" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.privateinternetaccess.android&hl=en" & @CRLF & _ "PIA Android application" & @CRLF & _ "https://www.privateinternetaccess.com/download/linux-vpn" & @CRLF & _ "PIA Linux application" & @CRLF & _ "https://www.privateinternetaccess.com/download/mac-vpn" & @CRLF & _ "PIA macOS application" & @CRLF & _ "https://www.privateinternetaccess.com/download/windows-vpn" & @CRLF & _ "PIA Windows application" & @CRLF & _ "https://addons.mozilla.org/en-US/firefox/addon/private-internet-access-ext/" & @CRLF & _ "PIA Firefox extension" & @CRLF & _ "https://chrome.google.com/webstore/detail/private-internet-access/jplnlifepflhkbkgonidnobkakhmpnmh" & @CRLF & _ "PIA Chrome extension" & @CRLF & _ "https://addons.opera.com/en/extensions/details/private-internet-access-extension/" & @CRLF & _ "PIA Opera extension" & @CRLF & _ "PIA APIs" & @CRLF & _ "https://www.privateinternetaccess.com/" & @CRLF & _ "privateinternetaccess.com" & @CRLF & _ "*.privateinternetaccess.com" & @CRLF & _ "piaservers.com" & @CRLF & _ "https://dealflow.prosus.com" & @CRLF & _ "dealflow.prosus.com" & @CRLF & _ "https://dealflowapi.prosus.com" & @CRLF & _ "dealflowapi.prosus.com" & @CRLF & _ "https://analytics-admin.prosus.com" & @CRLF & _ "analytics-admin.prosus.com" & @CRLF & _ "http://analytics.prosus.com" & @CRLF & _ "analytics.prosus.com" & @CRLF & _ "https://data.prosus.com/" & @CRLF & _ "data.prosus.com" & @CRLF & _ "https://hr.prosus.com/" & @CRLF & _ "hr.prosus.com" & @CRLF & _ "https://tracker.naspers.com/" & @CRLF & _ "tracker.naspers.com" & @CRLF & _ "https://cfc.naspers.com/" & @CRLF & _ "cfc.naspers.com" & @CRLF & _ "https://peopleview.naspers.com" & @CRLF & _ "peopleview.naspers.com" & @CRLF & _ "http://nav.naspers.com/" & @CRLF & _ "nav.naspers.com" & @CRLF & _ "https://*.quizlet.com" & @CRLF & _ "https://itunes.apple.com/us/app/quizlet-flashcards/id546473125" & @CRLF & _ "IoS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.quizlet.quizletandroid" & @CRLF & _ "Android" & @CRLF & _ "3.0 API" & @CRLF & _ "api.rapyd.net" & @CRLF & _ "https://dashboard.rapyd.net/" & @CRLF & _ "dashboard.rapyd.net" & @CRLF & _ "verify.rapyd.net" & @CRLF & _ "checkout.rapyd.net" & @CRLF & _ "*.rapyd.net" & @CRLF & _ "*.neatcommerce.com" & @CRLF & _ "*.korta.is" & @CRLF & _ "*.neattest.com" & @CRLF & _ "https://jointhemoment.net/" & @CRLF & _ "jointhemoment.net" & @CRLF & _ "*.rapyd.com" & @CRLF & _ "*.rapyd.org" & @CRLF & _ "*.neat.com.hk" & @CRLF & _ "*.kortathjonustan.is" & @CRLF & _ "*.neat.hk" & @CRLF & _ "*.neat.wtf" & @CRLF & _ "████████████████" & @CRLF & _ "█████████████████" & @CRLF & _ "████████████████████" & @CRLF & _ "https://rec.net/download" & @CRLF & _ "Rec Room PC Standalone App" & @CRLF & _ "https://store.steampowered.com/app/471710/Rec_Room/" & @CRLF & _ "Steam: PC Game for Windows" & @CRLF & _ "https://www.oculus.com/experiences/quest/2173678582678296" & @CRLF & _ "Oculus Quest: All-in-one gaming system for VR" & @CRLF & _ "https://www.oculus.com/experiences/rift/1257029974329451" & @CRLF & _ "Oculus Rift: VR headset" & @CRLF & _ "https://www.nintendo.com/us/store/products/rec-room-switch/" & @CRLF & _ "Nintendo Switch" & @CRLF & _ "https://apps.apple.com/app/id1450306065" & @CRLF & _ "iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.AgainstGravity.RecRoom" & @CRLF & _ "https://store.playstation.com/en-us/product/UP2662-PPSA05532_00-6681199027107223" & @CRLF & _ "PlayStation 5" & @CRLF & _ "https://store.playstation.com/en-us/product/UP2662-CUSA08481_00-RECROOM000000001" & @CRLF & _ "PlayStation 4" & @CRLF & _ "https://www.xbox.com/en-us/games/store/rec-room/9pgpqk0xthrz" & @CRLF & _ "Xbox" & @CRLF & _ "https://recroom.com/studio" & @CRLF & _ "Rec Room Studio" & @CRLF & _ "https://rec.net/" & @CRLF & _ "https://*.rec.net/*" & @CRLF & _ "https://api.rec.net" & @CRLF & _ "https://api.rec.net/" & @CRLF & _ "https://devportal.rec.net/" & @CRLF & _ "SAP SuccessFactors" & @CRLF & _ "SAP S/4HANA Cloud Public Edition" & @CRLF & _ "SAP S/4HANA Cloud Private Edition" & @CRLF & _ "SAP Integrated Business Planning for Supply Chain" & @CRLF & _ "SAP Cloud ALM" & @CRLF & _ "SAP Customer Data Cloud portfolio from Gigya" & @CRLF & _ "SAP S/4HANA migration cockpit" & @CRLF & _ "SAP Risk and Assurance Management" & @CRLF & _ "SAP Order Management for Sourcing and Availability" & @CRLF & _ "SAP Continuous Integration and Delivery" & @CRLF & _ "SAP Business Network for Logistics " & @CRLF & _ "SAP Order Management foundation" & @CRLF & _ "SAP Signavio" & @CRLF & _ "SAP Revenue Growth Optimization " & @CRLF & _ "SAP Enable Now" & @CRLF & _ "SAP Omnichannel Promotion Pricing" & @CRLF & _ "https://api.thesecurityteam.rocks" & @CRLF & _ "api.thesecurityteam.rocks" & @CRLF & _ "https://api.anytask.thesecurityteam.rocks" & @CRLF & _ "api.anytask.thesecurityteam.rocks" & @CRLF & _ "https://anytask.thesecurityteam.rocks" & @CRLF & _ "anytask.thesecurityteam.rocks" & @CRLF & _ "https://my.thesecurityteam.rocks" & @CRLF & _ "my.thesecurityteam.rocks" & @CRLF & _ "https://github.com/electroneum/electroneum/" & @CRLF & _ "Legacy Blockchain " & @CRLF & _ "https://legacy-blockexplorer.electroneum.com" & @CRLF & _ "Legacy Block Explorer" & @CRLF & _ "https://public.thesecurityteam.rocks/resources/app/android/etnapp-5.2.2-staging.apk" & @CRLF & _ "Staging Electroneum Android App" & @CRLF & _ "*.seek.com.au" & @CRLF & _ "https://seekcdn.com" & @CRLF & _ "https://apps.apple.com/au/app/seek-jobs-job-search/id520400855" & @CRLF & _ "SEEK mobile app for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=au.com.seek&hl=en_AU&gl=US" & @CRLF & _ "SEEK mobile app for Android" & @CRLF & _ "*.skinfra.xyz" & @CRLF & _ "*.outfra.xyz" & @CRLF & _ "*.sol-data.com" & @CRLF & _ "*.jobapi.net" & @CRLF & _ "*.seekpass.co" & @CRLF & _ "*.seekpass-staging.com" & @CRLF & _ "*.aips-internal.com" & @CRLF & _ "*.certsy.com" & @CRLF & _ "*.certsynonprod.com" & @CRLF & _ "https://apps.apple.com/au/app/certsy/id1617796159" & @CRLF & _ "SEEK Pass Mobile App for iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.certsy.app" & @CRLF & _ "SEEK Pass Mobile App for Android" & @CRLF & _ "https://graphql.seek.com" & @CRLF & _ "graphql.seek.com" & @CRLF & _ "https://auth.seek.com" & @CRLF & _ "auth.seek.com" & @CRLF & _ "https://dashboard.sendbird.com/" & @CRLF & _ "https://dashboard.sendbird.com" & @CRLF & _ "https://gate.sendbird.com" & @CRLF & _ "https://api-{app-id}.sendbird.com" & @CRLF & _ "https://ws-{app-id}.sendbird.com" & @CRLF & _ "https://desk-api-{region}.sendbird.com" & @CRLF & _ "https://ws-{app-id}.calls.sendbird.com" & @CRLF & _ "https://api-{app-id}.calls.sendbird.com" & @CRLF & _ "https://api-{app-id}.notifications.sendbird.com" & @CRLF & _ "https://sendbird.com/docs" & @CRLF & _ "https://sendbird.com" & @CRLF & _ "https://1shoppingcart.com" & @CRLF & _ "1shoppingcart.com" & @CRLF & _ "https://mcssl.com" & @CRLF & _ "mcssl.com" & @CRLF & _ "*.mcssl.com" & @CRLF & _ "https://www.skroutz.gr/" & @CRLF & _ "Skyscanner iOS App" & @CRLF & _ "Skyscanner Android App" & @CRLF & _ "gateway.skyscanner.net/*" & @CRLF & _ "skyscanner.net/hotels/book/*" & @CRLF & _ "skyscanner.net/*" & @CRLF & _ "partnerportal.skyscanner.net/*" & @CRLF & _ "*.skyscanner.net" & @CRLF & _ "Skyscanner Android app" & @CRLF & _ "Skyscanner iOS app" & @CRLF & _ "AWS Infrastructure" & @CRLF & _ "https://smartmockups.com/" & @CRLF & _ "*.smartmockups.com/" & @CRLF & _ "https://snapnames.com/" & @CRLF & _ "https://www.namejet.com/" & @CRLF & _ "https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial " & @CRLF & _ "Intercept X Endpoint (Windows) - Zero-click RCE" & @CRLF & _ "https://central.sophos.com/" & @CRLF & _ "Sophos Central (Production) - Special Target" & @CRLF & _ "Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCE" & @CRLF & _ "https://central.sophos.com" & @CRLF & _ "Sophos Central (Production)" & @CRLF & _ "https://www.sophos.com/en-us/products/next-gen-firewall" & @CRLF & _ "Sophos Firewall (XG/XGS, SFOS)" & @CRLF & _ "https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial" & @CRLF & _ "Intercept X Endpoint (Windows)" & @CRLF & _ "Intercept X Endpoint (MacOS)" & @CRLF & _ "Intercept X Endpoint (Linux)" & @CRLF & _ "https://www.sophos.com/en-us/products/mobile-control/free-trial" & @CRLF & _ "Intercept X Mobile (iOS)" & @CRLF & _ "Intercept X Mobile (Android)" & @CRLF & _ "https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/Sophos/NDR/index.html" & @CRLF & _ "Sophos NDR Appliances (NDR, Investigation Console)" & @CRLF & _ "https://www.sophos.com/en-us/products" & @CRLF & _ "Other Sophos Appliances (RED, Switch, Access Points, ...)" & @CRLF & _ "https://www.sophos.com/" & @CRLF & _ "Sophos-owned IT infrastructure (*.sophos.com)" & @CRLF & _ "3rd party services hosted at *.sophos.com" & @CRLF & _ "Sophos IT Infrastructure (all other Sophos domains)" & @CRLF & _ "Any Other Sophos Product or Service" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.soundcloud.android&hl=en&gl=US" & @CRLF & _ "SoundCloud Android app" & @CRLF & _ "https://soundcloud.com" & @CRLF & _ "soundcloud.com" & @CRLF & _ "*.soundcloud.org" & @CRLF & _ "*.s-cloud.net" & @CRLF & _ "https://apps.apple.com/us/app/soundcloud-music-audio/id336353151" & @CRLF & _ "SoundCloud iOS app" & @CRLF & _ "https://connect.soundcloud.com" & @CRLF & _ "*.soundcloud.com" & @CRLF & _ "*.services.repostnetwork.com" & @CRLF & _ "api-*.soundcloud.com" & @CRLF & _ "http://artists.soundcloud.com/" & @CRLF & _ "artists.soundcloud.com" & @CRLF & _ "https://soundcloud.org" & @CRLF & _ "soundcloud.org" & @CRLF & _ "SpaceX and Starlink assets (target information and rewards detailed above on the brief)" & @CRLF & _ "*.square.com" & @CRLF & _ "*.squareup.com" & @CRLF & _ "https://square.online" & @CRLF & _ "square.online" & @CRLF & _ "https://www.weebly.com/" & @CRLF & _ "weebly.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.squareup&hl=en_US&gl=US" & @CRLF & _ "Square Point of Sale Mobile Application for Android" & @CRLF & _ "https://apps.apple.com/us/app/square-point-of-sale-pos/id335393788" & @CRLF & _ "Square Point of Sale Mobile Application for iOS" & @CRLF & _ "Square Register" & @CRLF & _ "Square Terminal" & @CRLF & _ "███████████████████████████████████████" & @CRLF & _ "█████████████████████████████████" & @CRLF & _ "████████████████████████████████████" & @CRLF & _ "███████████████████████████████" & @CRLF & _ "https://manage.statuspage.io" & @CRLF & _ "manage.statuspage.io" & @CRLF & _ "*.statuspage.io" & @CRLF & _ "Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against" & @CRLF & _ "https://www.driveuconnect.com" & @CRLF & _ "www.driveuconnect.com" & @CRLF & _ "https://www.driveuconnect.eu" & @CRLF & _ "www.driveuconnect.eu" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.acn.uc&hl=en" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect" & @CRLF & _ "https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8" & @CRLF & _ "https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8" & @CRLF & _ "https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8" & @CRLF & _ "https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214110/courses-and-quizzes-lms-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222084/spreadsheet-issue-field-editor?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=datacenter" & @CRLF & _ "https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=server" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212507/smart-attachments-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1212531/customer-case-jira-support-feedback?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1210766/teamcity-integration-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1214971/handy-macros-for-confluence?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222102/webhook-manager-for-confluence-cloud?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222001/employee-performance-ratings?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1224994/poll-maker-for-confluence?hosting=cloud" & @CRLF & _ "Self Register Account on T-Mobile Microsoft Entra ID" & @CRLF & _ "Cellular Network Auth Bypass via Web/Mobile App" & @CRLF & _ "T&P Servers" & @CRLF & _ "Internal Server via Internet Network" & @CRLF & _ "https://portal.lrs.t-mobile.com" & @CRLF & _ "portal.lrs.t-mobile.com" & @CRLF & _ "https://account.t-mobile.com" & @CRLF & _ "account.t-mobile.com" & @CRLF & _ "https://metrobyt-mobile.com" & @CRLF & _ "metrobyt-mobile.com" & @CRLF & _ "https://sprint.com" & @CRLF & _ "sprint.com" & @CRLF & _ "https://t-mobile.com" & @CRLF & _ "t-mobile.com" & @CRLF & _ "https://api.t-mobile.com" & @CRLF & _ "*.api.t-mobile.com" & @CRLF & _ "https://tfb.t-mobile.com" & @CRLF & _ "tfb.t-mobile.com" & @CRLF & _ "https://devedge.t-mobile.com" & @CRLF & _ "devedge.t-mobile.com" & @CRLF & _ "https://tess.service-now.com" & @CRLF & _ "tess.service-now.com" & @CRLF & _ "https://digits.t-mobile.com" & @CRLF & _ "digits.t-mobile.com" & @CRLF & _ "*.t-mobile.com" & @CRLF & _ "*.metrobyt-mobile.com" & @CRLF & _ "*.sprint.com" & @CRLF & _ "Assets labeled as in-scope" & @CRLF & _ "https://apps.apple.com/us/app/t-mobile/id561625752" & @CRLF & _ "T-Mobile - iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile" & @CRLF & _ "T-Mobile - Android" & @CRLF & _ "https://apps.apple.com/us/app/syncup-drive/id1576574297" & @CRLF & _ "SyncUP DRIVE - iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tmobile.drive" & @CRLF & _ "SyncUP DRIVE - Android" & @CRLF & _ "https://apps.apple.com/us/app/syncup-kids/id1503394062" & @CRLF & _ "SyncUP KIDS - iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tmobile.kids" & @CRLF & _ "SyncUP KIDS - Android" & @CRLF & _ "https://apps.apple.com/us/app/syncup-tracker/id1526380335" & @CRLF & _ "SyncUP TRACKER - iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tmobile.syncuptag" & @CRLF & _ "SyncUP TRACKER - Android" & @CRLF & _ "https://digits.t-mobile.com/" & @CRLF & _ "DIGITS - Mobile & Desktop" & @CRLF & _ "https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388" & @CRLF & _ "T-Life - iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US" & @CRLF & _ "T-Life - Android" & @CRLF & _ "https://biocorellc.com" & @CRLF & _ "https://tempus-ex.com" & @CRLF & _ "https://infiniteathlete.ai" & @CRLF & _ "https://platform.infiniteathlete.ai" & @CRLF & _ "https://docs.tempus-ex.com" & @CRLF & _ "https://github.com/tempus-ex" & @CRLF & _ "*.tesla.cn" & @CRLF & _ "*.tesla.services" & @CRLF & _ "https://apps.apple.com/us/app/tesla/id582007913" & @CRLF & _ "Official Tesla iOS apps" & @CRLF & _ "*.tesla.com" & @CRLF & _ "*.teslamotors.com" & @CRLF & _ "Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.)" & @CRLF & _ "*.solarcity.com" & @CRLF & _ "*.teslainsuranceservices.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.teslamotors.tesla&hl=en_US&gl=US" & @CRLF & _ "Official Tesla Android apps" & @CRLF & _ "Tesla Energy hardware you own" & @CRLF & _ "Tesla vehicle hardware that you own" & @CRLF & _ "https://www.thefork.com/" & @CRLF & _ "https://m.thefork.com" & @CRLF & _ "https://blog.thefork.com/" & @CRLF & _ "https://api.thefork.com" & @CRLF & _ "https://api.lafourchette.com" & @CRLF & _ "https://review-api.lafourchette.com" & @CRLF & _ "https://google-reserve-api.thefork.io" & @CRLF & _ "https://google-reserve-api.thefork.io " & @CRLF & _ "https://m-api.lafourchette.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.lafourchette.lafourchette" & @CRLF & _ "The Fork Android App" & @CRLF & _ "https://apps.apple.com/app/thefork-restaurants-bookings/id424850908" & @CRLF & _ "The Fork iOS App" & @CRLF & _ "https://*.tools.thefork.tech" & @CRLF & _ "*.tools.thefork.tech" & @CRLF & _ "https://www.restaurant-information.com" & @CRLF & _ "www.restaurant-information.com" & @CRLF & _ "https://widget.thefork.com" & @CRLF & _ "widget.thefork.com" & @CRLF & _ "https://api.thousandeyes.com/" & @CRLF & _ "https://app.thousandeyes.com/" & @CRLF & _ "https://www.thousandeyes.com/" & @CRLF & _ "ThousandEyes Enterprise Agent" & @CRLF & _ "ThousandEyes Endpoint Agent " & @CRLF & _ "https://tidal.com/" & @CRLF & _ "*.tidal.com" & @CRLF & _ "*.wimpmusic.com" & @CRLF & _ "*.tidalhifi.com" & @CRLF & _ "api.tidal.com" & @CRLF & _ "*tidalhi.fi" & @CRLF & _ "*.tdl.sh" & @CRLF & _ "Tidal Client for iOS" & @CRLF & _ "Tidal Client for Android" & @CRLF & _ "https://offer.tidal.com/download" & @CRLF & _ "Tidal Desktop Client" & @CRLF & _ "Tidal Official Clients (e.g. Sonos integration, Tesla integration, etc.)" & @CRLF & _ "trello.com" & @CRLF & _ "api.trello.com" & @CRLF & _ "*.trello.services" & @CRLF & _ "Trello Desktop Client" & @CRLF & _ "Trello Mobile App for Android" & @CRLF & _ "Trello Mobile App for iOS" & @CRLF & _ "https://butlerfortrello.com/" & @CRLF & _ "Butler for Trello" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up" & @CRLF & _ "Calendar Power-Up" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210012/card-aging" & @CRLF & _ "Card Aging Power-Up" & @CRLF & _ "https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits" & @CRLF & _ "List Limits Power-Up" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210013/voting" & @CRLF & _ "Voting Power-Up" & @CRLF & _ "https://trello.com/power-ups/6052d130068a8c0de7b022b4" & @CRLF & _ "Microsoft Teams Integration" & @CRLF & _ "Trello Third Party Powerups" & @CRLF & _ "https://api.production.cde.tamg.cloud" & @CRLF & _ "api.production.cde.tamg.cloud" & @CRLF & _ "https://partnerapi.tapayments.com" & @CRLF & _ "partnerapi.tapayments.com" & @CRLF & _ "https://partnerapi1.tapayments.com" & @CRLF & _ "partnerapi1.tapayments.com" & @CRLF & _ "https://partnerapi2.tapayments.com" & @CRLF & _ "partnerapi2.tapayments.com" & @CRLF & _ "https://walletproxy.tapayments.com" & @CRLF & _ "walletproxy.tapayments.com" & @CRLF & _ "https://walletproxy1.tapayments.com" & @CRLF & _ "walletproxy1.tapayments.com" & @CRLF & _ "https://walletproxy2.tapayments.com" & @CRLF & _ "walletproxy2.tapayments.com" & @CRLF & _ "https://www.tripadvisor.com" & @CRLF & _ "www.tripadvisor.com" & @CRLF & _ "Localized versions of www.tripadvisor.com available from the site's header or footer" & @CRLF & _ "https://api.tripadvisor.com" & @CRLF & _ "api.tripadvisor.com" & @CRLF & _ "https://service.platform.tripadvisor.com" & @CRLF & _ "service.platform.tripadvisor.com" & @CRLF & _ "https://gwapi.tripadvisor.com" & @CRLF & _ "gwapi.tripadvisor.com" & @CRLF & _ "https://gwapi1.tripadvisor.com" & @CRLF & _ "gwapi1.tripadvisor.com" & @CRLF & _ "https://gwapi2.tripadvisor.com" & @CRLF & _ "gwapi2.tripadvisor.com" & @CRLF & _ "Any publicly accessible Tripadvisor web asset or host (domains, ip space, etc) - except for assets listed as Out-of-Scope below. " & @CRLF & _ "Tripadvisor Android App" & @CRLF & _ "Tripadvisor iOS App" & @CRLF & _ "https://rentals.tripadvisor.com" & @CRLF & _ "rentals.tripadvisor.com" & @CRLF & _ "https://*.vacationhomerentals.com" & @CRLF & _ "*.vacationhomerentals.com" & @CRLF & _ "https://*.holidaylettings.com" & @CRLF & _ "*.holidaylettings.com" & @CRLF & _ "https://*.flipkey.com" & @CRLF & _ "*.flipkey.com" & @CRLF & _ "https://*.niumba.com" & @CRLF & _ "*.niumba.com" & @CRLF & _ "https://*.housetrip.com" & @CRLF & _ "*.housetrip.com" & @CRLF & _ "https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8" & @CRLF & _ "Tripadvisor Owner APP (https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8)" & @CRLF & _ "http://marlo.ext.tripadvisor.com" & @CRLF & _ "marlo.ext.tripadvisor.com" & @CRLF & _ "https://*.bokundemo.com" & @CRLF & _ "*.bokundemo.com" & @CRLF & _ "https://*.bokuntest.com" & @CRLF & _ "*.bokuntest.com" & @CRLF & _ "https://www.20min.ch" & @CRLF & _ "https://coral.20min.ch/" & @CRLF & _ "https://cm.20min.ch/" & @CRLF & _ "https://api.20min.ch/" & @CRLF & _ "https://videoplayer.20min.ch" & @CRLF & _ "https://partner-feeds.20min.ch" & @CRLF & _ "https://screenplayer.20min.ch" & @CRLF & _ "https://audio.20min.ch/" & @CRLF & _ "https://audio.20min.ch" & @CRLF & _ "https://api.twilio.com" & @CRLF & _ "api.twilio.com" & @CRLF & _ "Twilio APIs" & @CRLF & _ "https://tsock.us1.twilio.com" & @CRLF & _ " tsock.us1.twilio.com" & @CRLF & _ " *.sip.*.twilio.com" & @CRLF & _ "https://www.twilio.com/blog/get-started-webrtc" & @CRLF & _ " Twilio WebRTC Client" & @CRLF & _ "https://www.twilio.com/wireless" & @CRLF & _ " Twilio Wireless" & @CRLF & _ "https://www.twilio.com/docs/libraries" & @CRLF & _ "Twilio SDKs" & @CRLF & _ "https://www.twilio.com/console" & @CRLF & _ "Twilio Console" & @CRLF & _ " Twilio Helper Libraries" & @CRLF & _ " Twilio CDNs (static*.twilio.com)" & @CRLF & _ "https://twilio.com/blog" & @CRLF & _ "twilio.com/blog" & @CRLF & _ "https://build.twilio.com/s/" & @CRLF & _ "https://sendgrid.com" & @CRLF & _ "https://app.sendgrid.com/" & @CRLF & _ "https://signup.sendgrid.com/" & @CRLF & _ "https://api.sendgrid.com" & @CRLF & _ "api.sendgrid.com" & @CRLF & _ "https://mc.sendgrid.com/" & @CRLF & _ "smtp.sendgrid.net" & @CRLF & _ "https://authy.com/download/" & @CRLF & _ "Authy iOS app" & @CRLF & _ "Authy Android App" & @CRLF & _ "Authy Desktop app" & @CRLF & _ "https://www.twilio.com/authy" & @CRLF & _ "Twilio Authy - https://api.authy.com" & @CRLF & _ "https://www.twilio.com/docs/verify/api" & @CRLF & _ "Twilio Verify - https://verify.twilio.com" & @CRLF & _ "https://www.twilio.com/docs/authy/api" & @CRLF & _ "Twilio Authy API" & @CRLF & _ "https://www.twilio.com/docs/authy/api/dashboard" & @CRLF & _ "Twilio Authy Dashboard API" & @CRLF & _ "Any host/web property verified to be owned by Twilio" & @CRLF & _ "https://app.segment.com/" & @CRLF & _ "app.segment.com" & @CRLF & _ "https://api.segment.io/" & @CRLF & _ "api.segment.io" & @CRLF & _ "https://segment.com/docs/sources/" & @CRLF & _ "Source code of Website, Mobile, or Server Libraries (https://segment.com/docs/sources/)" & @CRLF & _ "Any host / web property verified to be owned by Segment (domains/IP space/etc.) " & @CRLF & _ "https://opendata-demo.test-socrata.com" & @CRLF & _ "https://opendata.test-socrata.com" & @CRLF & _ "https://opendata.test-socrata.com/admin/gateway" & @CRLF & _ "https://mintmobile.com" & @CRLF & _ "https://www.mintmobile.com" & @CRLF & _ "https://ultramobile.com" & @CRLF & _ "https://www.ultramobile.com" & @CRLF & _ "https://web-retailer-portal.ultramobile.com" & @CRLF & _ "Web Retailer Portal" & @CRLF & _ "https://www.underarmour.com" & @CRLF & _ "www.underarmour.com" & @CRLF & _ "https://www.underarmour.co.uk" & @CRLF & _ "www.underarmour.co.uk" & @CRLF & _ "https://apps.apple.com/us/app/under-armour/id1092704571" & @CRLF & _ "UA Shop iOS" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.ua.shop&hl=en" & @CRLF & _ "UA Shop Android" & @CRLF & _ "https://api.shop.ua.com/graphql" & @CRLF & _ "https://www.underarmournext.co.uk/" & @CRLF & _ "https://underarmournext.com/" & @CRLF & _ "https://*.api.ua.com/" & @CRLF & _ "*.api.ua.com" & @CRLF & _ "https://consumer-sustainability.underarmour.com/en" & @CRLF & _ "https://apphouse.underarmour.com/" & @CRLF & _ "apphouse.underarmour.com" & @CRLF & _ "http://ourhouse.underarmour.com/" & @CRLF & _ "ourhouse.underarmour.com" & @CRLF & _ "https://transfer.underarmour.com/" & @CRLF & _ "transfer.underarmour.com" & @CRLF & _ "https://vpe-us.underarmour.com/" & @CRLF & _ "vpe-us.underarmour.com" & @CRLF & _ "https://snc.underarmour.com/" & @CRLF & _ "snc.underarmour.com" & @CRLF & _ "https://snctest-s.underarmour.com/" & @CRLF & _ "snctest-s.underarmour.com" & @CRLF & _ "https://snctest-c.underarmour.com/" & @CRLF & _ "snctest-c.underarmour.com" & @CRLF & _ "https://supplier.underarmour.com/" & @CRLF & _ "supplier.underarmour.com" & @CRLF & _ "https://vtxapp9p.underarmour.com/" & @CRLF & _ "vtxapp9p.underarmour.com" & @CRLF & _ "https://vtxapp9q.underarmour.com/" & @CRLF & _ "vtxapp9q.underarmour.com" & @CRLF & _ "https://vtxapp9d.underarmour.com/" & @CRLF & _ "vtxapp9d.underarmour.com" & @CRLF & _ "https://vtxappd.underarmour.com/" & @CRLF & _ "vtxappd.underarmour.com" & @CRLF & _ "204.29.196.0/23" & @CRLF & _ "3.223.149.182" & @CRLF & _ "3.230.219.249" & @CRLF & _ "34.237.130.2" & @CRLF & _ "34.239.5.227" & @CRLF & _ "52.220.158.49" & @CRLF & _ "52.76.174.107" & @CRLF & _ "52.67.69.35" & @CRLF & _ "52.44.176.187" & @CRLF & _ "52.86.17.52" & @CRLF & _ "54.83.32.16" & @CRLF & _ "13.58.121.166" & @CRLF & _ "3.133.230.28" & @CRLF & _ "3.19.172.158" & @CRLF & _ "https://id.unity.com" & @CRLF & _ "id.unity.com" & @CRLF & _ "https://api.unity.com" & @CRLF & _ "api.unity.com" & @CRLF & _ "https://cloud.unity.com" & @CRLF & _ "cloud.unity.com" & @CRLF & _ "https://store.unity.com" & @CRLF & _ "store.unity.com" & @CRLF & _ "https://pay.unity.com" & @CRLF & _ "pay.unity.com" & @CRLF & _ "https://syncsketch.dev" & @CRLF & _ "syncsketch.dev" & @CRLF & _ "player-login.unity.com" & @CRLF & _ "https://unity3d.com/get-unity/download/archive" & @CRLF & _ "Latest Supported LTS versions of the Unity Editor ( 2020.x / 2021.x / 2022.x ) " & @CRLF & _ "https://unity3d.com/get-unity/download" & @CRLF & _ "Unity Hub" & @CRLF & _ "https://www.upwork.com" & @CRLF & _ "www.upwork.com" & @CRLF & _ "Upwork - Android Application" & @CRLF & _ "Upwork - iOS Application" & @CRLF & _ "Upwork Dash Messenger Desktop Version (www.upwork.com/downloads)" & @CRLF & _ "www.upwork.com/api " & @CRLF & _ "Direct Contracts" & @CRLF & _ "api.upwork.com/graphql" & @CRLF & _ "Upwork - Marketplace Portal" & @CRLF & _ "Upwork - Messages" & @CRLF & _ "Upwork - Mobile Application IOS" & @CRLF & _ "Upwork - Mobile Application Android" & @CRLF & _ "Upwork - api.upwork.com/graphql" & @CRLF & _ "https://www.usaa.com" & @CRLF & _ "usaa.com" & @CRLF & _ "https://mobile.usaa.com" & @CRLF & _ "mobile.usaa.com" & @CRLF & _ "https://api.usaa.com/" & @CRLF & _ "api.usaa.com" & @CRLF & _ "https://partners.usaa.com" & @CRLF & _ "partners.usaa.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.usaa.mobile.android.usaa&hl=en" & @CRLF & _ "USAA Mobile Application for Android" & @CRLF & _ "https://apps.apple.com/us/app/usaa-mobile/id312325565" & @CRLF & _ "USAA Mobile Application for iOS" & @CRLF & _ "https://aemdam.usaa360.com/" & @CRLF & _ "aemdam.usaa360.com" & @CRLF & _ "https://api-a.usaa.com" & @CRLF & _ "api-a.usaa.com" & @CRLF & _ "https://authn.usaa.com/" & @CRLF & _ "authn.usaa.com" & @CRLF & _ "https://b2bapi-a.usaa.com" & @CRLF & _ "b2bapi-a.usaa.com" & @CRLF & _ "https://b2bapi.usaa.com" & @CRLF & _ "b2bapi.usaa.com" & @CRLF & _ "https://b2blsapi-a.usaa.com" & @CRLF & _ "b2blsapi-a.usaa.com" & @CRLF & _ "https://b2blsapi.usaa.com" & @CRLF & _ "b2blsapi.usaa.com" & @CRLF & _ "https://content.usaa.com" & @CRLF & _ "content.usaa.com" & @CRLF & _ "https://d1.utv.usaa.com" & @CRLF & _ "d1.utv.usaa.com" & @CRLF & _ "https://d2.utv.usaa.com" & @CRLF & _ "d2.utv.usaa.com" & @CRLF & _ "https://externalconnect.usaa.com/" & @CRLF & _ "externalconnect.usaa.com" & @CRLF & _ "https://guest.usaa.com/" & @CRLF & _ "guest.usaa.com" & @CRLF & _ "https://l.usaa.com/" & @CRLF & _ "l.usaa.com" & @CRLF & _ "https://liveassist.usaa.com/" & @CRLF & _ "liveassist.usaa.com" & @CRLF & _ "https://liveassist11.usaa.com/" & @CRLF & _ "liveassist11.usaa.com" & @CRLF & _ "https://liveassist12.usaa.com/" & @CRLF & _ "liveassist12.usaa.com" & @CRLF & _ "https://liveassist21.usaa.com/" & @CRLF & _ "liveassist21.usaa.com" & @CRLF & _ "https://liveassist22.usaa.com/" & @CRLF & _ "liveassist22.usaa.com" & @CRLF & _ "https://liveassist23.usaa.com" & @CRLF & _ "liveassist23.usaa.com" & @CRLF & _ "https://liveassist24.usaa.com" & @CRLF & _ "liveassist24.usaa.com" & @CRLF & _ "https://mapi-a.usaa.com" & @CRLF & _ "mapi-a.usaa.com" & @CRLF & _ "https://mapi.usaa.com/" & @CRLF & _ "mapi.usaa.com" & @CRLF & _ "https://mguest.usaa.com/" & @CRLF & _ "mguest.usaa.com" & @CRLF & _ "https://mobileapps.usaa.com/" & @CRLF & _ "mobileapps.usaa.com" & @CRLF & _ "https://mstatic.usaa.com" & @CRLF & _ "mstatic.usaa.com" & @CRLF & _ "https://mydesktop.usaa.com" & @CRLF & _ "mydesktop.usaa.com" & @CRLF & _ "https://myvpn.usaa.com" & @CRLF & _ "myvpn.usaa.com" & @CRLF & _ "https://nice.wfmusaa.com" & @CRLF & _ "nice.wfmusaa.com" & @CRLF & _ "https://nvoice.usaa.com/" & @CRLF & _ "nvoice.usaa.com" & @CRLF & _ "https://s.usaa.com/" & @CRLF & _ "s.usaa.com" & @CRLF & _ "https://s1.utv.usaa.com" & @CRLF & _ "s1.utv.usaa.com" & @CRLF & _ "https://s2.utv.usaa.com" & @CRLF & _ "s2.utv.usaa.com" & @CRLF & _ "https://securemail.usaa.com" & @CRLF & _ "securemail.usaa.com" & @CRLF & _ "https://static.usaa.com" & @CRLF & _ "static.usaa.com" & @CRLF & _ "https://www.usaainsurance.com/" & @CRLF & _ "usaainsurance.com" & @CRLF & _ "https://utv.usaa.com" & @CRLF & _ "utv.usaa.com" & @CRLF & _ "https://v.utv.usaa.com" & @CRLF & _ "v.utv.usaa.com" & @CRLF & _ "https://vendorss.usaa.com" & @CRLF & _ "vendorss.usaa.com" & @CRLF & _ "https://vlagg.usaa.com" & @CRLF & _ "vlagg.usaa.com" & @CRLF & _ "https://vlapi.usaa.com" & @CRLF & _ "vlapi.usaa.com" & @CRLF & _ "https://webmail.usaa.com" & @CRLF & _ "webmail.usaa.com" & @CRLF & _ "https://ws.usaa.com" & @CRLF & _ "ws.usaa.com" & @CRLF & _ "https://wsmbr.usaa.com/" & @CRLF & _ "wsmbr.usaa.com" & @CRLF & _ "epptool-ctld.verisign-grs.com (EPP service; DNS related)" & @CRLF & _ "a.root-servers.net (DNS service; DNS related)" & @CRLF & _ "j.root-servers.net (DNS service; DNS related)" & @CRLF & _ "*.gtld-servers.net (DNS service; DNS related)" & @CRLF & _ "https://www.verisign.com" & @CRLF & _ "www.verisign.com (Website; non-DNS related)" & @CRLF & _ "https://youcouldbe.com" & @CRLF & _ "*.youcouldbe.com" & @CRLF & _ "https://blog.verisign.com" & @CRLF & _ "blog.verisign.com (Website; non-DNS related)" & @CRLF & _ "https://namestudioforsocial.com/" & @CRLF & _ "*.namestudioforsocial.com" & @CRLF & _ "https://namestudio.com" & @CRLF & _ "*.namestudio.com" & @CRLF & _ "*.verisign.com" & @CRLF & _ "*.verisign-grs.com (DNS service; DNS related)" & @CRLF & _ "https://apps.apple.com/us/app/viator-tours-activities/id434832826" & @CRLF & _ "iOS Viator Tours & Activities App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.viator.mobile.android&hl=en_US&gl=US" & @CRLF & _ "Android Viator Tours & Activities App" & @CRLF & _ "https://supplier.viator.com/" & @CRLF & _ "https://viatorapi.viator.com/service/directory" & @CRLF & _ "https://www.toursgds.com/" & @CRLF & _ "https://www.toursgds.com/ToursGdsService?wsdl" & @CRLF & _ "https://www.toursgds.com/SupplierService?wsdl" & @CRLF & _ "https://partners.viator.com" & @CRLF & _ "https://travelagents.viator.com" & @CRLF & _ "travelagents.viator.com" & @CRLF & _ "https://help.supplier.viator.com/en" & @CRLF & _ "https://kiwi.partner.viator.com" & @CRLF & _ "kiwi.partner.viator.com" & @CRLF & _ "https://*.viatorinc.com" & @CRLF & _ "*.viatorinc.com" & @CRLF & _ "https://selector.viator.com" & @CRLF & _ "selector.viator.com" & @CRLF & _ "https://partnerhelp.viator.com/" & @CRLF & _ "partnerhelp.viator.com/" & @CRLF & _ "https://*.viator.com" & @CRLF & _ "*.viator.com" & @CRLF & _ "Vox Cinemas iOS" & @CRLF & _ "Vox Cinemas Android" & @CRLF & _ "https://uae.voxcinemas.com/" & @CRLF & _ "https://www.skidxb.com/" & @CRLF & _ "https://www.magicplanetmena.com/" & @CRLF & _ "https://www.web.com" & @CRLF & _ " www.web.com" & @CRLF & _ "http://www.register.com" & @CRLF & _ " www.register.com" & @CRLF & _ "https://www.networksolutions.com" & @CRLF & _ "www.networksolutions.com" & @CRLF & _ "https://uk.web.com" & @CRLF & _ "uk.web.com" & @CRLF & _ "https://www.bluehost.com/" & @CRLF & _ "https://www.hostgator.com/" & @CRLF & _ "██████████████████████████████████████" & @CRLF & _ "██████" & @CRLF & _ "█████████████████████████████████████████████████████████████████████████" & @CRLF & _ "https://transferwise.com" & @CRLF & _ "transferwise.com" & @CRLF & _ "*.transferwise.com" & @CRLF & _ "https://wise.com" & @CRLF & _ "wise.com" & @CRLF & _ "*.wise.com" & @CRLF & _ "https://apps.apple.com/us/app/wise-ex-transferwise/id612261027" & @CRLF & _ "Latest version of Wise iOS App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.transferwise.android&hl=en_US&gl=US" & @CRLF & _ "Latest version of Wise Android App" & @CRLF & _ "AWS infrastructure and services in use by Wise (eg: S3 buckets)" & @CRLF & _ "https://github.com/transferwise/*" & @CRLF & _ "github.com/transferwise/*" & @CRLF & _ "https://api.woox.io/" & @CRLF & _ "https://woox.io/" & @CRLF & _ "https://play.google.com/store/apps/details?id=network.woo.mobile&hl=en&gl=US&pli=1" & @CRLF & _ "WOO X: Buy Crypto & BTC (Android)" & @CRLF & _ "https://apps.apple.com/mt/app/woo-x-buy-crypto-btc/id1576648404" & @CRLF & _ "WOO X: Buy Crypto & BTC (IOS)" & @CRLF & _ "Any Worldpay asset is in scope" & @CRLF & _ "https://auth.wyze.com" & @CRLF & _ "https://my.wyze.com" & @CRLF & _ "https://api.wyzecam.com" & @CRLF & _ "Wyze Cam V3" & @CRLF & _ "https://home.xfinity.com" & @CRLF & _ "Home.xfinity.com (see below)" & @CRLF & _ "Internet.xfinity.com" & @CRLF & _ "*-cvr-aws-*.sys.comcast.net" & @CRLF & _ "*signalservice.comcast.net" & @CRLF & _ "*.dh-commerce.com " & @CRLF & _ "*.ssr.ccp.xcal.tv " & @CRLF & _ "orc-xfi.com" & @CRLF & _ "*.xfiplatform.com" & @CRLF & _ "https://apps.apple.com/us/app/xfinity/id1178765645" & @CRLF & _ "Xfinity Home iOS mobile app" & @CRLF & _ "Xfinity iOS mobile app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.xfinity.digitalhome&hl=en_US&gl=US" & @CRLF & _ "Xfinity Home Android mobile app" & @CRLF & _ "Xfinity Android mobile app" & @CRLF & _ "xhomeapi-*.codebig2.net" & @CRLF & _ "xhomeapi-*.cloud.comcast.net" & @CRLF & _ "Xfinity Home Hardware (items listed below in brief)" & @CRLF & _ "Xfinity Home cameras" & @CRLF & _ "speedtest.xfinity.com" & @CRLF & _ "siorc.xfinity.com" & @CRLF & _ "smartinet.xfinity.com" & @CRLF & _ "gw.api.dh.comcast.com" & @CRLF & _ "xFi Gateways (e.g., XB3, XB6, XB7)" & @CRLF & _ "xFi Pods" & @CRLF & _ "https://csp-prod.codebig2.net" & @CRLF & _ "csp-pci.prod.codebig2.net" & @CRLF & _ "aiq-prod.codebig2.net" & @CRLF & _ "*.xfinityhome.com" & @CRLF & _ "https://bc.yieldstreet.net" & @CRLF & _ "bc.yieldstreet.net" & @CRLF & _ "staging-app.bany.dev" & @CRLF & _ "share.acorns.com" & @CRLF & _ "" & @CRLF & _ "grow.acorns.com" & @CRLF & _ "store.acorns.com" & @CRLF & _ "https://afterpaytechblog.com" & @CRLF & _ "afterpaytechblog.com" & @CRLF & _ "https://genderfree.afterpay.com" & @CRLF & _ "genderfree.afterpay.com" & @CRLF & _ "https://www.moneybyafterpay.com/" & @CRLF & _ "moneybyafterpay.com" & @CRLF & _ "aquarium.aiven.io " & @CRLF & _ "uptime.aiven.io " & @CRLF & _ "video.aiven.io " & @CRLF & _ "https://aiven.io/community" & @CRLF & _ "aiven.io/community" & @CRLF & _ "https://aiven.io/contact" & @CRLF & _ "aiven.io/contact" & @CRLF & _ "Customer services you did not create" & @CRLF & _ "*.aiven.fi" & @CRLF & _ "github.com/Aiven-Labs" & @CRLF & _ "*.avns.net" & @CRLF & _ "https://events.aiven.io" & @CRLF & _ "events.aiven.io" & @CRLF & _ "ideas.aiven.io" & @CRLF & _ "https://aivenhelp.zendesk.com" & @CRLF & _ "aivenhelp.zendesk.com" & @CRLF & _ "https://support.aiven.io" & @CRLF & _ "support.aiven.io" & @CRLF & _ "Creation of support tickets" & @CRLF & _ "https://regatta.aiven.io/" & @CRLF & _ "regatta.aiven.io" & @CRLF & _ "Microsoft Azure B2C" & @CRLF & _ "null" & @CRLF & _ "Commonwealth Bank - CommWeb" & @CRLF & _ "MasterCard MPGS" & @CRLF & _ "First Data xTP" & @CRLF & _ "SendGrid" & @CRLF & _ "Twilio" & @CRLF & _ "Diebold Nixdorf Services - *.dieboldnixdorf.com " & @CRLF & _ "*.arubanetworks.com not in scope above - see in scope" & @CRLF & _ "*.hpe.com" & @CRLF & _ "http://outdoorplanner.arubanetworks.com/" & @CRLF & _ "*.atl.arubanetworks.com" & @CRLF & _ "*.getaws.arubanetworks.com" & @CRLF & _ "asp-notifications.arubanetworks.com" & @CRLF & _ "quickconnect.arubanetworks.com" & @CRLF & _ "community.arubanetworks.com" & @CRLF & _ "https://*.iot.developer.arubanetworks.com" & @CRLF & _ "*.iot.developer.arubanetworks.com" & @CRLF & _ "innovate.arubanetworks.com" & @CRLF & _ "*.isb.arubanetworks.com" & @CRLF & _ "enews.arubanetworks.com" & @CRLF & _ "sirt.arubanetworks.com" & @CRLF & _ "*.arubademo.net" & @CRLF & _ "news.arubanetworks.com" & @CRLF & _ "demos.arubanetworks.com" & @CRLF & _ "supportcase.arubanetworks.com" & @CRLF & _ "https://community.arubainstanton.com/home " & @CRLF & _ "community.arubainstanton.com" & @CRLF & _ "action.arubainstanton.com" & @CRLF & _ "chat.arubainstanton.com" & @CRLF & _ "asp.arubanetworks.com" & @CRLF & _ "lms.arubanetworks.com" & @CRLF & _ "afp.arubanetworks.com" & @CRLF & _ "csaf.arubanetworks.com" & @CRLF & _ "Other subdomains of asana.com" & @CRLF & _ "Social engineering against Asana Support or Asana Employees" & @CRLF & _ "jira*.integrations.asana.plus" & @CRLF & _ "asana.okta.com" & @CRLF & _ "assets.asana.biz" & @CRLF & _ "Forms that you do not own" & @CRLF & _ "Any internal or development services." & @CRLF & _ "https://bugcrowd.com/atlassianapps" & @CRLF & _ "First and third party apps and plugins from the marketplace are excluded from this bounty but may be in scope for https://bugcrowd.com/atlassianapps" & @CRLF & _ "https://shop.atlassian.com" & @CRLF & _ "shop.atlassian.com" & @CRLF & _ " bytebucket.org" & @CRLF & _ "*.bitbucket.io" & @CRLF & _ "https://blog.bitbucket.org" & @CRLF & _ "HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile)" & @CRLF & _ "Stride (inc. Stride Video, Stride Desktop, Stride Mobile)" & @CRLF & _ "https://support.atlassian.com" & @CRLF & _ "support.atlassian.com" & @CRLF & _ "Any customer instance. Do not test customer instances or affect customer data. Customer cloud instances may be in the form of <customer>.atlassian.net or <customer>.jira.com. Test only your own instances." & @CRLF & _ "Any repository that you are not an owner of - do not impact Atlassian customers in any way." & @CRLF & _ "https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud" & @CRLF & _ "Halp - Slack and Microsoft Teams Jira Integration - Cloud - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud" & @CRLF & _ "Confluence Slack Automation Integration by Halp - Cloud - https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud" & @CRLF & _ "https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server" & @CRLF & _ "Halp - Slack and Microsoft Teams Jira Integration - Server - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up" & @CRLF & _ "Calendar Power-Up" & @CRLF & _ "https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits" & @CRLF & _ "List Limits Power-Up" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210012/card-aging" & @CRLF & _ "Card Aging Power-Up" & @CRLF & _ "https://trello.com/power-ups/55a5d917446f517774210013/voting" & @CRLF & _ "Voting Power-Up" & @CRLF & _ "https://marketplace.atlassian.com (Website)" & @CRLF & _ "https://trello.com/power-ups/*" & @CRLF & _ "https://blog.aurory.io " & @CRLF & _ "https://docs.aurory.io/" & @CRLF & _ "australiansuper.atlassian.net" & @CRLF & _ "australiansuper.sharepoint.com" & @CRLF & _ "*.australiansuper.com " & @CRLF & _ "auth0.auth0.com" & @CRLF & _ "manage.auth0.com" & @CRLF & _ "accounts.auth0.com" & @CRLF & _ "webtask.io " & @CRLF & _ "phenix.rocks " & @CRLF & _ "Auth0 Docs (including quickstarts)" & @CRLF & _ "sharelock.io" & @CRLF & _ "goextend.io " & @CRLF & _ "https://support.auth0.com/tickets/new" & @CRLF & _ "support.auth0.com" & @CRLF & _ "community.auth0.com" & @CRLF & _ "https://www.youporn.com/information/#support" & @CRLF & _ "*.pornhub.com/live " & @CRLF & _ "*.pornhub.com/insights " & @CRLF & _ "*.pronstore.com " & @CRLF & _ "*.pornhub.com/jobs " & @CRLF & _ "*.pornhub.com/sex " & @CRLF & _ "*.redtube.com " & @CRLF & _ "*.redtubepremium.com " & @CRLF & _ "*.pornhub.com " & @CRLF & _ "*.pornhubpremium.com" & @CRLF & _ "cms.pornhub.com " & @CRLF & _ "cms.redtube.com " & @CRLF & _ "*.youporn.com " & @CRLF & _ "*.youpornpremium.com " & @CRLF & _ "http://*.pornmd.com" & @CRLF & _ "*.youporn.com/world " & @CRLF & _ "blog.tube8.com " & @CRLF & _ "http://www.tube8.com/contact.html " & @CRLF & _ "*.thumbzilla.com " & @CRLF & _ "*.pornhubapparel.com " & @CRLF & _ "*.pornhub.org " & @CRLF & _ "www.tube8vip.com " & @CRLF & _ "https://www.trafficjunky.com/blog/ " & @CRLF & _ "https://www.adultforce.com/#/blog/ " & @CRLF & _ "*.<not-researcher-store>.mybigcommerce.com" & @CRLF & _ "support.bigcommerce.com" & @CRLF & _ "partners.bigcommerce.com" & @CRLF & _ "start.bigcommerce.com " & @CRLF & _ "grc.bigcommerce.com" & @CRLF & _ "careers.bigcommerce.com" & @CRLF & _ "events.bigcommerce.com" & @CRLF & _ "security.bigcommerce.com" & @CRLF & _ "partnernews.bigcommerce.com" & @CRLF & _ "content.product.bigcommerce.com" & @CRLF & _ "dam.bigcommerce.com" & @CRLF & _ "jobs.coinmarketcap.com" & @CRLF & _ "support.binance.*" & @CRLF & _ "binance.sg" & @CRLF & _ "*.trustwallet.com" & @CRLF & _ "*.trustwalletapp.com" & @CRLF & _ "*.binance.org" & @CRLF & _ "blog.coinmarketcap.com" & @CRLF & _ "support.coinmarketcap.com" & @CRLF & _ "blockchain.coinmarketcap.com" & @CRLF & _ "*.coinmarketcap.com" & @CRLF & _ "partner-marketing.bitdefender.com/" & @CRLF & _ "businessinsights.bitdefender.com" & @CRLF & _ "businessemail.bitdefender.com" & @CRLF & _ "businessresources.bitdefender.com" & @CRLF & _ "oemhub.bitdefender.com" & @CRLF & _ "oemresources.bitdefender.com" & @CRLF & _ "community.bitdefender.com/" & @CRLF & _ "resellerportal.bitdefender.com/" & @CRLF & _ "brand.bitdefender.com/" & @CRLF & _ "stats.bitdefender.com/" & @CRLF & _ "sstats.bitdefender.com/" & @CRLF & _ "lsems.gravityzone.bitdefender.com/" & @CRLF & _ "ssems.gravityzone.bitdefender.com/" & @CRLF & _ "https://crp.bitdefender.com" & @CRLF & _ "crp.bitdefender.com" & @CRLF & _ "https://telcosuccess.bitdefender.com" & @CRLF & _ "telcosuccess.bitdefender.com" & @CRLF & _ "demo.bitdefender.com" & @CRLF & _ "Bitdefender Central (iOS App)" & @CRLF & _ "Bitdefender Central (Android App)" & @CRLF & _ "central.bitdefender.com" & @CRLF & _ "https://support.bitpanda.com" & @CRLF & _ "https://maintenance.bitpanda.com" & @CRLF & _ "https://beta.bitpanda.com" & @CRLF & _ "https://developers.bitpanda.com" & @CRLF & _ "http://partners.whitelabel.bitpanda.com/" & @CRLF & _ "http://status.bitpanda.com" & @CRLF & _ "https://requests.bitpanda.com" & @CRLF & _ "https://*.exchange.bitpanda.com" & @CRLF & _ "*.exchange.bitpanda.com" & @CRLF & _ "https://perps-test.bitstamp.net" & @CRLF & _ "https://*.appboy.com/" & @CRLF & _ "*.appboy.com" & @CRLF & _ "https://*.braze.eu/" & @CRLF & _ "*.braze.eu" & @CRLF & _ "https://*.braze.com/" & @CRLF & _ "*.braze.com" & @CRLF & _ "Any Braze Owned Host not listed as in Scope" & @CRLF & _ "bugcrowd*.freshdesk.com" & @CRLF & _ "https://www.bugcrowd.com" & @CRLF & _ "www.bugcrowd.com" & @CRLF & _ "blog.bugcrowd.com" & @CRLF & _ "researcherdocs.bugcrowd.com" & @CRLF & _ "pages.bugcrowd.com" & @CRLF & _ "forum.bugcrowd.com" & @CRLF & _ "email.bugcrowd.com" & @CRLF & _ "email.forum.bugcrowd.com" & @CRLF & _ "https://go.bugcrowd.com" & @CRLF & _ "go.bugcrowd.com" & @CRLF & _ "events.bugcrowd.com" & @CRLF & _ "https://assetinventory.bugcrowd.com" & @CRLF & _ "assetinventory.bugcrowd.com" & @CRLF & _ "https://community.bugcrowd.com" & @CRLF & _ "community.bugcrowd.com" & @CRLF & _ "trust.bugcrowd.com" & @CRLF & _ "https://*.bullish.com" & @CRLF & _ "*.bullish.com" & @CRLF & _ "https://simnext.bullish-test.com" & @CRLF & _ "*.bullish.com/" & @CRLF & _ "███████████████████████████" & @CRLF & _ "████████████████████████████████████████████████████" & @CRLF & _ "█████████████████████" & @CRLF & _ "*.0.canva.cn" & @CRLF & _ "*.0.canva-apps.cn" & @CRLF & _ "https://cwingsfe.mafrservices.com/login" & @CRLF & _ "https://subs.foreignaffairs.com" & @CRLF & _ "https://subscribe.foreignaffairs.com " & @CRLF & _ "https://world101.cfr.org/" & @CRLF & _ "https://modeldiplomacy.cfr.org" & @CRLF & _ "merakipartners.com" & @CRLF & _ "developers.meraki.com" & @CRLF & _ "smhelp.meraki.com" & @CRLF & _ "community.meraki.com" & @CRLF & _ "community-staging.meraki.com" & @CRLF & _ "*.cisco.com" & @CRLF & _ "meraki.cisco.com/form/contact" & @CRLF & _ "Customer API Keys" & @CRLF & _ "Meraki MC Phones" & @CRLF & _ "documentation.meraki.com" & @CRLF & _ "New support cases, Chat, Request new integration form" & @CRLF & _ "Share feedback form" & @CRLF & _ "Vulnerability scanners" & @CRLF & _ "https://learn.clickhouse.com/" & @CRLF & _ "learn.clickhouse.com" & @CRLF & _ "https://support.cloudinary.com" & @CRLF & _ "wiki.cloudinary.com" & @CRLF & _ "hourofcode.com" & @CRLF & _ "advocacy.code.org" & @CRLF & _ "https://www.coindesk.com/" & @CRLF & _ "coindesk.com" & @CRLF & _ "https://uat.coindesk.com/indices" & @CRLF & _ "CoinDesk Indices" & @CRLF & _ "https://uat.coindesk.com/events" & @CRLF & _ "CoinDesk Events" & @CRLF & _ "https://events.coindesk.com" & @CRLF & _ "Production CoinDesk Events" & @CRLF & _ "https://consensus2023.coindesk.com/" & @CRLF & _ "Consensus2023 Site" & @CRLF & _ "https://consensus2024.coindesk.com/" & @CRLF & _ "Consensus2024 Site" & @CRLF & _ "https://consensus2025.coindesk.com/" & @CRLF & _ "Consensus2025 Site" & @CRLF & _ "https://consensus-hongkong2025.coindesk.com/" & @CRLF & _ "Consensus HK Site" & @CRLF & _ "https://uat.coindesk.com/" & @CRLF & _ "uat.coindesk.com" & @CRLF & _ "https://uat.accounts.coindesk.com" & @CRLF & _ "uat.accounts.coindesk.com" & @CRLF & _ "*.hfc.comcastbusiness.net" & @CRLF & _ "*.hsd1.*.comcast.net" & @CRLF & _ "*business.comcast.com" & @CRLF & _ "10.0.0.0/8" & @CRLF & _ "50.128.0.0/12" & @CRLF & _ "50.152.0.0/13" & @CRLF & _ "96.201.0.0/16" & @CRLF & _ "96.202.128.0/17" & @CRLF & _ "96.203.0.0/16" & @CRLF & _ "172.26.128.0/18" & @CRLF & _ "184.112.0.0/13" & @CRLF & _ "184.122.0.0/15" & @CRLF & _ "NBC Universal" & @CRLF & _ "Sky" & @CRLF & _ "*.sys.comcast.net" & @CRLF & _ "admin.selectwifi.xfinity.com" & @CRLF & _ "https://www.comcastbiz.net/" & @CRLF & _ "Comcastbiz.net" & @CRLF & _ "*.contrast.ninja" & @CRLF & _ "Any Contrast Corporate Asset" & @CRLF & _ "runner.contrastsecurity.com" & @CRLF & _ "https://status.contrastsecurity.com" & @CRLF & _ "status.contrastsecurity.com" & @CRLF & _ "https://www.facebook.com/contrastsec/" & @CRLF & _ "Contrast Official Facebook Account" & @CRLF & _ "https://www.twitter.com/contrastsec/" & @CRLF & _ "Contrast Official Twitter Account" & @CRLF & _ "https://twitter.com/ContrastEMEA/" & @CRLF & _ "Contrast Official Twitter EMEA Account" & @CRLF & _ "https://www.twitter.com/ContrastSecHelp/" & @CRLF & _ "Contrast Official Twitter Help Account" & @CRLF & _ "https://www.youtube.com/channel/UColYZvBpgxXaLlqD2E4QC0g" & @CRLF & _ "Contrast Official Youtube Account" & @CRLF & _ "https://www.linkedin.com/company/contrast-security" & @CRLF & _ "Contrast Official Linkedin Account" & @CRLF & _ "https://www.instagram.com/contrast__security/" & @CRLF & _ "Contrast Official Instagram Account" & @CRLF & _ "Purposefully Vulnerable WebGoat Application" & @CRLF & _ "WebGoat with Contrast Agent " & @CRLF & _ "https://console.delltechnologies.com/ " & @CRLF & _ "https://console.delltechnologies.com/nav/catalog" & @CRLF & _ "https://console.delltechnologies.com/nav/support" & @CRLF & _ "https://console.delltechnologies.com/nav/subscriptions" & @CRLF & _ "educate.dell.com" & @CRLF & _ "console.dell.com" & @CRLF & _ "console-test.dell.com" & @CRLF & _ "salesproductivity.dell.com" & @CRLF & _ "*.dell.com/*" & @CRLF & _ "*.delltechnologies.com/*" & @CRLF & _ "Virtual Appliance (vApp) Manager" & @CRLF & _ "Dell ObjectScale" & @CRLF & _ "Dell Digital Delivery" & @CRLF & _ "www.directly.com" & @CRLF & _ "resources.directly.com/*" & @CRLF & _ "*.sandbox.directly.com/schedule-a-demo/* OR /product/* OR /careers/* OR /about/* OR /legal/* OR /trust/*" & @CRLF & _ "https://ethics.epam.com/" & @CRLF & _ "ethics.epam.com" & @CRLF & _ "https://profile.epam.com" & @CRLF & _ "profile.epam.com" & @CRLF & _ "https://carbon.epam.com/" & @CRLF & _ "carbon.epam.com" & @CRLF & _ "https://www.infongen.com/" & @CRLF & _ "infongen.com" & @CRLF & _ "http://ebn.epam.com/" & @CRLF & _ "ebn.epam.com" & @CRLF & _ "https://solutionshub.epam.com/" & @CRLF & _ "solutionshub.epam.com" & @CRLF & _ "https://www.telescopeai.com/" & @CRLF & _ "telescopeai.com" & @CRLF & _ "https://wearecommunity.io/" & @CRLF & _ "wearecommunity.io" & @CRLF & _ "https://cami.lab.epam.com/" & @CRLF & _ "cami.lab.epam.com" & @CRLF & _ "https://ellie.lab.epam.com/" & @CRLF & _ "ellie.lab.epam.com" & @CRLF & _ "https://apex.lab.epam.com/" & @CRLF & _ "apex.lab.epam.com" & @CRLF & _ "https://investors.epam.com/" & @CRLF & _ "investors.epam.com" & @CRLF & _ "https://ecsd00300769.epam.com/" & @CRLF & _ "ecsd00300769.epam.com" & @CRLF & _ "https://display.epam.com/" & @CRLF & _ "display.epam.com" & @CRLF & _ "https://info.epam.com" & @CRLF & _ "info.epam.com" & @CRLF & _ "https://admin-ui.preship.gcp.gnrg-osdu.projects.epam.com" & @CRLF & _ "admin-ui.preship.gcp.gnrg-osdu.projects.epam.com" & @CRLF & _ "https://support.epam.com/" & @CRLF & _ "support.epam.com/" & @CRLF & _ "https://customersupport.epam.com/" & @CRLF & _ "customersupport.epam.com" & @CRLF & _ "https://supportnow.epam.com/" & @CRLF & _ "supportnow.epam.com" & @CRLF & _ "https://anywhere.epam.com/" & @CRLF & _ "anywhere.epam.com" & @CRLF & _ "icht.etsysecure.com" & @CRLF & _ "https://www.exoscale.com" & @CRLF & _ "Public Website" & @CRLF & _ "https://community.exoscale.com" & @CRLF & _ "Public Documentation Website" & @CRLF & _ "Marketplace products" & @CRLF & _ "https://academy.exoscale.com" & @CRLF & _ "Exoscale Academy" & @CRLF & _ "CDN service" & @CRLF & _ "https://jobs.exoscale.com" & @CRLF & _ "Job Board" & @CRLF & _ "https://changelog.exoscale.com" & @CRLF & _ "Changelog" & @CRLF & _ "https://openapi-v2.exoscale.com/" & @CRLF & _ "OpenAPI V2 Documentation" & @CRLF & _ "http://zammad.internal.exoscale.ch/" & @CRLF & _ "Zammad" & @CRLF & _ "https://exoscalestatus.com/" & @CRLF & _ "Runstatus" & @CRLF & _ "gslink.financialforce.com" & @CRLF & _ "CVE-2021-26086 Limited Remote File Read/Include on Jir" & @CRLF & _ "https://apuat-aaa.fisglobal.com" & @CRLF & _ "Reference above out of scope targets" & @CRLF & _ "https://training.flourish.studio" & @CRLF & _ "training.flourish.studio" & @CRLF & _ "████████████████" & @CRLF & _ "api.gearset.com" & @CRLF & _ "app.gearset.com" & @CRLF & _ "us.app.gearset.com" & @CRLF & _ "eu.app.gearset.com" & @CRLF & _ "ap.app.gearest.com" & @CRLF & _ "gearset.com" & @CRLF & _ "███████████████" & @CRLF & _ "Anything not explicitly listed as "In Scope"." & @CRLF & _ "Android App" & @CRLF & _ "IoS App" & @CRLF & _ "https://try.hotdoc.com.au/hotdoc-profiles" & @CRLF & _ " https://try.hotdoc.com.au/hotdoc-profiles" & @CRLF & _ "https://shop.hubspot.com" & @CRLF & _ "shop.hubspot.com" & @CRLF & _ "https://trust.hubspot.com" & @CRLF & _ "trust.hubspot.com" & @CRLF & _ "https://thespot.hubspot.com" & @CRLF & _ "thespot.hubspot.com" & @CRLF & _ "https://ir.hubspot.com" & @CRLF & _ "ir.hubspot.com" & @CRLF & _ "Out of Scope Vulnerabilities" & @CRLF & _ "https://www.cultbeauty.co.uk/matchme" & @CRLF & _ "https://matchme.cultbeauty.co.uk/" & @CRLF & _ "http://sampling.ibotta.com/" & @CRLF & _ "https://backend.ibotta.com/duplicate_receipt_moderation" & @CRLF & _ "https://ir.ibotta.com" & @CRLF & _ "https://trust.ibotta.com" & @CRLF & _ "legal.ibotta.com" & @CRLF & _ "*dev.ibotta.com" & @CRLF & _ "blog-empresas.ifood.com.br" & @CRLF & _ "blog-parceiros.ifood.com.br" & @CRLF & _ "*.ecomanda.com.br" & @CRLF & _ "*.ecomanda.app" & @CRLF & _ "*.allin.movilepay.com" & @CRLF & _ "*.starsoft.movilepay.com" & @CRLF & _ "Gestor de Pedidos - Desktop Client" & @CRLF & _ "*.godsunchained.com" & @CRLF & _ "*.gogbackend.com" & @CRLF & _ "gogbackend.com" & @CRLF & _ "godsunchained.com" & @CRLF & _ "Anything that does not belong to Immutable" & @CRLF & _ "Any data exposure bug that are classified as Public Data such as Ethereum Wallet Address, NFT Purchase activity, or other public blockchain activity." & @CRLF & _ "*.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions)" & @CRLF & _ "http://docs.imperva.com/" & @CRLF & _ "http://docs-be.imperva.com/" & @CRLF & _ "https://www.irobot.com" & @CRLF & _ "https://homesupport.irobot.com" & @CRLF & _ "https://global.irobot.com/My%20Privacy" & @CRLF & _ "irobot.in" & @CRLF & _ "https://homesupport.irobot.com/app/chat/chat_launch" & @CRLF & _ "*.joralocal.com.au " & @CRLF & _ "https://www.lieferando.at/en/vouchercode/new-customer" & @CRLF & _ "https://www.lieferando.at/gutschein/neukunde" & @CRLF & _ "www.integration-takeaway.com" & @CRLF & _ "rain-of-gifts.10bis.co.il" & @CRLF & _ "treatmas.takeaway.com" & @CRLF & _ "orderandwin.takeaway.com" & @CRLF & _ "orderandwin.lieferando.de" & @CRLF & _ "orderandwin.thuisbezorgd.nl" & @CRLF & _ "wow-nachten.lieferando.at" & @CRLF & _ "december-surprises.takeaway.com" & @CRLF & _ "dekemvriiski-iznenadi.takeaway.com" & @CRLF & _ "wow-nachten.lieferando.de" & @CRLF & _ "december-cadeautjes.thuisbezorgd.nl" & @CRLF & _ "pyszne-prezenty.pyszne.pl" & @CRLF & _ "vianocne-prekvapenia.bistro.sk" & @CRLF & _ "so-schmeckt-der-sommer.lieferando.at" & @CRLF & _ "taste-the-summer.takeaway.com" & @CRLF & _ "so-schmeckt-der-sommer.lieferando.de" & @CRLF & _ "proef-de-zomer.thuisbezorgd.nl" & @CRLF & _ "smak-lata.pyszne.pl" & @CRLF & _ "schmeckt-wie-sommer.lieferando.at" & @CRLF & _ "schmeckt-wie-sommer.lieferando.de" & @CRLF & _ "orderandwin.pyszne.pl" & @CRLF & _ "orderandwin.bistro.sk" & @CRLF & _ "orderandwin.pizza.be" & @CRLF & _ "orderandwin.lieferando.at" & @CRLF & _ "*.takeawayriders.com/" & @CRLF & _ "Any other subdomains of k15t.com, including but not limited to www.k15t.com, www.k15t.de and help.k15t.com" & @CRLF & _ "https://marketplace.atlassian.com/*" & @CRLF & _ "████████████████████████████████████████████████████████" & @CRLF & _ "█████████████████████████████" & @CRLF & _ "https://bugcrowd-pub.bounty.kiteworks.dev" & @CRLF & _ "apply.kohls.com" & @CRLF & _ "*kohls.com/kohlscredit/prequal" & @CRLF & _ "*kohlsecommerce.com/kohlscredit/prequal" & @CRLF & _ "corporate.kohls.com" & @CRLF & _ "productchampions.kohls.com" & @CRLF & _ "link-preprod.kohls.com" & @CRLF & _ "developer.kohls.com" & @CRLF & _ "lclive.kohls.com" & @CRLF & _ "author-mykohls.kohls.com" & @CRLF & _ "mykohls-origin.kohls.com" & @CRLF & _ "origin-stage65-corporate.kohls.com" & @CRLF & _ "origin-stage65-mykohls.kohls.com" & @CRLF & _ "author-stage65-mykohls.kohls.com" & @CRLF & _ "stage65-corporate.kohls.com" & @CRLF & _ "stage65-mykohls.kohls.com" & @CRLF & _ "author-qa65-mykohls.kohls.com" & @CRLF & _ "mykohls.kohls.com" & @CRLF & _ "any domain with archaius.json endoint is out of scope" & @CRLF & _ "*kohls.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter" & @CRLF & _ "*kohls.com/checkout/prequal_inquiry.jsp#/preQualEligible" & @CRLF & _ "*kohlsecommerce.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter" & @CRLF & _ "*kohlsecommerce.com/checkout/prequal_inquiry.jsp#/preQualEligible" & @CRLF & _ "vp-*.kohls.com" & @CRLF & _ "*qa*.kohls.com" & @CRLF & _ "wfh*.kohls.com" & @CRLF & _ "kconnect.kohls.com" & @CRLF & _ "connection.kohls.com" & @CRLF & _ "kohlsmerch.kohls.com/" & @CRLF & _ "support.kucoin.plus" & @CRLF & _ "store.kucoin.com" & @CRLF & _ "docs.kucoin.com" & @CRLF & _ "intro.kucoin.com" & @CRLF & _ "cert.kucoin.com" & @CRLF & _ "sandbox.kucoin.com" & @CRLF & _ "passport.kucoin.com" & @CRLF & _ "*-sdb.kucoin.com" & @CRLF & _ "*-sandbox.kucoin.com" & @CRLF & _ "https://identity.lastpass.com" & @CRLF & _ "Lastpass CLI tool" & @CRLF & _ "https://info.lastpass.com" & @CRLF & _ "https://forums.lastpass.com" & @CRLF & _ "https://investors.latitudefinancial.com.au" & @CRLF & _ "https://auth.latitudefinancial.com" & @CRLF & _ "https://auth.*.latitudefinancial.com" & @CRLF & _ "*.latitudefs.com" & @CRLF & _ "https://*.my.latitudepay.com/" & @CRLF & _ "https://*.sg.latitudepay.com/" & @CRLF & _ "https://my.latitudepay.com" & @CRLF & _ "https://sg.latitudepay.com" & @CRLF & _ "https://t.latitudefinancial.com/*" & @CRLF & _ "https://t.latitudefinancial.com" & @CRLF & _ "https://p.latitudefinancial.com" & @CRLF & _ "https://lightspeedhq.com/trial " & @CRLF & _ "lightspeedhq.com/trial " & @CRLF & _ "https://pos-admin.trial.lsk.lightspeed.app" & @CRLF & _ "pos-admin.trial.lsk.lightspeed.app" & @CRLF & _ "x-series-support.lightspeedhq.com" & @CRLF & _ "vendhq.force.com" & @CRLF & _ "vendimageuploadcdn.global.ssl.fastly.net" & @CRLF & _ "partners.vendhq.com" & @CRLF & _ "track.api.vendhq.com" & @CRLF & _ "your-store.vendecommerce.com" & @CRLF & _ "partnerportal.vendhq.com" & @CRLF & _ "https://support.ecwid.com/hc/en-us" & @CRLF & _ "https://www.ecwid.com/" & @CRLF & _ "community.li.me" & @CRLF & _ "https://help.li.me (zendesk)" & @CRLF & _ "*.limeinternal.com" & @CRLF & _ "*.lime.bike" & @CRLF & _ "https://li.me (hubspot)" & @CRLF & _ "https://filestack.com" & @CRLF & _ "*.filestack.com" & @CRLF & _ "https://freshdesk.com" & @CRLF & _ "*.freshdesk.com" & @CRLF & _ "https://blstr.xyz" & @CRLF & _ "*.blstr.xyz" & @CRLF & _ "https://blstr.co" & @CRLF & _ "*.blstr.co" & @CRLF & _ "https://community.linktr.ee" & @CRLF & _ "community.linktr.ee" & @CRLF & _ "██████████████" & @CRLF & _ "██████████████████████████" & @CRLF & _ "██████████████████████████████" & @CRLF & _ "████████████" & @CRLF & _ "███████████" & @CRLF & _ "www.americangirlmena.com" & @CRLF & _ "moneytree.jp" & @CRLF & _ "Any production asset of Moneytree KK (excepting the iOS app)" & @CRLF & _ "getmoneytree.com" & @CRLF & _ "Vulnerabilities related to web-app related issues" & @CRLF & _ "tripactions.com" & @CRLF & _ "https://status.newrelic.com" & @CRLF & _ "New Relic open source software repos in github.com not in the list of agents or on docs.newrelic.com; New Relic Example Code, New Relic Experimental and Archived repos are explicitly out of scope." & @CRLF & _ "https://iopipe.com" & @CRLF & _ "northwesternmutual.com/find-a-financial-advisor/" & @CRLF & _ "northwesternmutual.com/financial/advisor/*" & @CRLF & _ "northwesternmutual.com/careers-apply/" & @CRLF & _ "northwesternmutual.com/report-a-death/" & @CRLF & _ "northwesternmutual.com/notice-of-long-term-care-form/" & @CRLF & _ "northwesternmutual.com/financial-professionals/?name=*" & @CRLF & _ "northwesternmutual.com/notice-of-disability-form/" & @CRLF & _ "northwesternmutual.com/notice-of-group-disability-form/" & @CRLF & _ "calculator.northwesternmutual.com" & @CRLF & _ "clientwise.com" & @CRLF & _ "cloud.em.northwesternmutual.com" & @CRLF & _ "events.nmfn.com" & @CRLF & _ "eventscloud.com" & @CRLF & _ "ftph1.northwesternmutual.com" & @CRLF & _ "gbpwealth.com" & @CRLF & _ "icims.com" & @CRLF & _ "ideas.northwesternmutual.com" & @CRLF & _ "m3.nml.com" & @CRLF & _ "metrics.northwesternmutual.com" & @CRLF & _ "metricssecure.northwesternmutual.com" & @CRLF & _ "mynmcu.com" & @CRLF & _ "nmcreative.space" & @CRLF & _ "nmis-stage.netxinvestor.com" & @CRLF & _ "nmresearchlibrary.nml.com" & @CRLF & _ "pugetsound.nmfn.com" & @CRLF & _ "sparks-financial.com" & @CRLF & _ "theandersonfinancialgroupnm.com" & @CRLF & _ "themint.org" & @CRLF & _ "nwm.benselect.com" & @CRLF & _ "*nuinternational.com " & @CRLF & _ "*nat-a.nubank.com.br" & @CRLF & _ "*.octopus.app" & @CRLF & _ "artifactorysample.octopus.com" & @CRLF & _ "bamboosample.octopus.com" & @CRLF & _ "jenkinssample.octopus.com" & @CRLF & _ "teamcitysample.octopus.com" & @CRLF & _ "nexussample.octopus.com" & @CRLF & _ "myget.octopus.com" & @CRLF & _ " partners.octopus.com" & @CRLF & _ "trust.octopus.com" & @CRLF & _ "bugcrowd-%username%-1.oktapreview.com" & @CRLF & _ "bugcrowd-%username%-2.oktapreview.com" & @CRLF & _ "*.okta.com" & @CRLF & _ "*.trexcloud.com" & @CRLF & _ "login.okta.com" & @CRLF & _ "pages.okta.com" & @CRLF & _ "developer.okta.com" & @CRLF & _ "trust.okta.com" & @CRLF & _ "www.okta.com (static site)" & @CRLF & _ "https://scaleft.com" & @CRLF & _ "https://app.scaleft.com/p/signup" & @CRLF & _ "https://github.com/oktadev" & @CRLF & _ "Backend Okta non-app infrastructure" & @CRLF & _ "Network layer issues" & @CRLF & _ "AtSpoke - Okta Workflows actions in access requests" & @CRLF & _ "AtSpoke - Entitlement bundles as a resource in access requests" & @CRLF & _ "Anything not explicitly called out above as in-scope" & @CRLF & _ "https://*.onetrust.com" & @CRLF & _ "https://store.onetrust.com" & @CRLF & _ "https://*.convercent.com" & @CRLF & _ "https://*.dataguidance.com" & @CRLF & _ "https://app.vendorpedia.com" & @CRLF & _ "https://*.preferencechoice.com" & @CRLF & _ "https://*.redacted.ai" & @CRLF & _ "https://*.sharedassessments.org" & @CRLF & _ "https://developer.onetrust.com" & @CRLF & _ "https://my.onetrust.com" & @CRLF & _ "https://*.vendorpedia.com" & @CRLF & _ "https://*.onetrustgrc.com" & @CRLF & _ "https://*.cookiepro.com" & @CRLF & _ "https://tv.onetrust.com/" & @CRLF & _ "https://*.cookielaw.org" & @CRLF & _ "https://*.onetrustpro.com" & @CRLF & _ "https://*.privacyconnect.com" & @CRLF & _ "https://*.onetrust.de" & @CRLF & _ "https://*.onetrust.se" & @CRLF & _ "https://*.onetrust.es" & @CRLF & _ "https://*.onetrust.fr" & @CRLF & _ "https://*.onetrust.it" & @CRLF & _ "https://*.privacytech.com" & @CRLF & _ "https://*.privacypedia.com" & @CRLF & _ "https://*.esgiq.com" & @CRLF & _ "https://*.trustweek2021.com" & @CRLF & _ "concurso.opera.com " & @CRLF & _ "investor.opera.com" & @CRLF & _ "help.yoyogames.com" & @CRLF & _ "bugs.yoyogames.com" & @CRLF & _ "admanager.opera.com" & @CRLF & _ "accountsstage.yoyogames.com" & @CRLF & _ "control.gx-servers.opera.com" & @CRLF & _ "help.gx-servers.opera.com" & @CRLF & _ "verizon-us-seattle.opera-mini.net" & @CRLF & _ "s2{1,2}-05-08-v09.opera-mini.net" & @CRLF & _ "verizon-us-lvs-seattle.opera-mini.net" & @CRLF & _ "107.167.127.4{0,1}" & @CRLF & _ "jobs.opera.com" & @CRLF & _ "verizon-us-lvs-ashburn.opera-mini.net" & @CRLF & _ "interstitial.opera-mini.net" & @CRLF & _ "certs.opera.com" & @CRLF & _ "checkout.opera.com" & @CRLF & _ "contest.opera.com" & @CRLF & _ "catch.opera.com" & @CRLF & _ "wallpaper.opera.com" & @CRLF & _ "tabfulness.opera.com" & @CRLF & _ "Opsgenie Production (billing systems, third parties)" & @CRLF & _ "https://www.optimizely.com/" & @CRLF & _ "https://www.originenergy.com.au/moving/" & @CRLF & _ "https://auth.api.originenergy.com.au/**" & @CRLF & _ "https://origin-energy.formstack.com/**" & @CRLF & _ "https://www.compareandconnect.com.au/" & @CRLF & _ "https://agent.compareandconnect.com.au/" & @CRLF & _ "https://fastconnect.co.nz" & @CRLF & _ "https://Yourporter.com.au" & @CRLF & _ "https://raywhitehomenow.com/ " & @CRLF & _ "███████████████████" & @CRLF & _ "██████████████████" & @CRLF & _ "2.0 API" & @CRLF & _ "https://help.quizlet.com/hc/en-us" & @CRLF & _ " help.quizlet.com (zendesk)" & @CRLF & _ "community.rapyd.net" & @CRLF & _ "support.rapyd.net" & @CRLF & _ "docs.rapyd.net" & @CRLF & _ "sandbox.rapyd.net" & @CRLF & _ "3rd party services" & @CRLF & _ "ghost.rapyd.net" & @CRLF & _ "████████████████████" & @CRLF & _ "█████████████████" & @CRLF & _ "All submissions reported to this program will be marked as Not Applicable" & @CRLF & _ "*.1shoppingcart.com" & @CRLF & _ "Corporate Email (*@skyscanner.net)" & @CRLF & _ "community.sophos.com" & @CRLF & _ "Any Cyberoam Product or Service" & @CRLF & _ "sophos.atlassian.net (Public service desk)" & @CRLF & _ "SPF/DKIM/DMARC issues" & @CRLF & _ "blog.soundcloud.com" & @CRLF & _ "status.soundcloud.com" & @CRLF & _ "help.soundcloud.com" & @CRLF & _ " community.soundcloud.com" & @CRLF & _ "copyright.soundcloud.com" & @CRLF & _ "advertising.soundcloud.com" & @CRLF & _ "https://soundcloudmail.com" & @CRLF & _ "soundcloudmail.com" & @CRLF & _ "press.soundcloud.com" & @CRLF & _ "https://scdrops.soundcloud.com" & @CRLF & _ "scdrops.soundcloud.com" & @CRLF & _ "https://promote.soundcloud.com" & @CRLF & _ "promote.soundcloud.com" & @CRLF & _ "contest.soundcloud.com" & @CRLF & _ "playback.soundcloud.com" & @CRLF & _ "jobs.soundcloud.com" & @CRLF & _ "playerone.soundcloud.com" & @CRLF & _ "support.soundcloud.org" & @CRLF & _ "https://afterpay.com" & @CRLF & _ "*.afterpay.com" & @CRLF & _ "https://cash.me" & @CRLF & _ "*.cash.me" & @CRLF & _ "https://designers.weebly.com/" & @CRLF & _ "designers.weebly.com" & @CRLF & _ "https://tidal.com/" & @CRLF & _ "*.tidal.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.squareup.cash" & @CRLF & _ "Cash App Mobile Application for Android" & @CRLF & _ "https://itunes.apple.com/us/app/cash-app/id711923939?mt=8" & @CRLF & _ "Cash App Mobile Application for iOS" & @CRLF & _ "Any vulnerabilities found in Third-party software" & @CRLF & _ "Any host/web property or products verified to be owned by Stellantis (domains/IP space/etc.) but not listed in Primary targets." & @CRLF & _ "https://*.atlassian.com" & @CRLF & _ "*.atlassian.com" & @CRLF & _ "https://sprint.net" & @CRLF & _ "*.sprint.net" & @CRLF & _ "https://techapps.t-mobile.com" & @CRLF & _ "techapps.t-mobile.com" & @CRLF & _ "Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus." & @CRLF & _ "████████████████████████████" & @CRLF & _ "███████████████████████████████" & @CRLF & _ "employeefeedback.tesla.com" & @CRLF & _ "energysupport.tesla.com (you can report vulnerabilities to bugbounty.zoho.com)" & @CRLF & _ "https://engage.tesla.com/" & @CRLF & _ "engage.tesla.com" & @CRLF & _ "*.engage.tesla.com" & @CRLF & _ "feedback.tesla.com" & @CRLF & _ "feedback.teslamotors.com" & @CRLF & _ "ir.tesla.com" & @CRLF & _ "ir.teslamotors.com" & @CRLF & _ "mkto.teslamotors.com" & @CRLF & _ "shop.eu.teslamotors.com" & @CRLF & _ "service.tesla.com/docs/*" & @CRLF & _ "service.tesla.cn/docs/*" & @CRLF & _ "Any domains from acquisitions, such as maxwell.com" & @CRLF & _ "Any other third-party websites hosted by non-Tesla entities" & @CRLF & _ "https://*.eltenedor.*" & @CRLF & _ "https://www.thefork.*" & @CRLF & _ "Customer semi-login / PartialLogin feature" & @CRLF & _ "https://module.thefork.com" & @CRLF & _ "module.thefork.com" & @CRLF & _ "https://www.lafourchette.com" & @CRLF & _ "https://blog.thousandeyes.com/" & @CRLF & _ "https://app.thousandeyes.com/sfdc/community" & @CRLF & _ "https://developer.tidal.com" & @CRLF & _ "developer.tidal.com" & @CRLF & _ "https://embed.tidal.com" & @CRLF & _ "embed.tidal.com" & @CRLF & _ "http://bugcrowd.com/atlassianapps" & @CRLF & _ "First party (made-by-trello) power-ups other than those inscope are excluded from this program but can be reported to http://bugcrowd.com/atlassianapps" & @CRLF & _ "e.trello.com" & @CRLF & _ "help.trello.com" & @CRLF & _ "trello-attachments.s3.amazonaws.com" & @CRLF & _ " ir.tripadvisor.com" & @CRLF & _ "*.tripadviser.at" & @CRLF & _ "*.tripadvisor.cn" & @CRLF & _ "www.tripadvisor.*/Trips" & @CRLF & _ "www.tripadvisor.*/Mobile*" & @CRLF & _ "www.tripadvisor.*/engineering" & @CRLF & _ "www.tripadvisor.*/WidgetEmbed-*" & @CRLF & _ "spotlight-dev.tripadvisor.com" & @CRLF & _ "spotlight.tripadvisor.*" & @CRLF & _ "careers.tripadvisor.com" & @CRLF & _ "*.tripadvisoradexpress.*" & @CRLF & _ "*.tripadvisorwifi.*" & @CRLF & _ "*.bokun.io" & @CRLF & _ "*.bokun.is" & @CRLF & _ "*.bokun.com" & @CRLF & _ "*.bokun.app" & @CRLF & _ "*.bokun.eu" & @CRLF & _ "*.bokun.team" & @CRLF & _ "*.bokun.tools" & @CRLF & _ "*.bokun.website" & @CRLF & _ "*.bokunmobile.website" & @CRLF & _ "*.experiences.zone" & @CRLF & _ "https://tgt.tamedia.ch" & @CRLF & _ "http://auth.20min.ch" & @CRLF & _ "https://cre-api.tamedia.ch" & @CRLF & _ "https://track.20min.ch" & @CRLF & _ "Social Media Links (older than 2 years)" & @CRLF & _ "Subdomain Takeover " & @CRLF & _ "DMARC, SPF, DKIM" & @CRLF & _ "https://*.connect.ringier.ch" & @CRLF & _ "*.onelog.ch" & @CRLF & _ "*.20min-tv.ch" & @CRLF & _ "*.newsnetz.tv" & @CRLF & _ "*.appuser.ch" & @CRLF & _ "*.iagentur.ch" & @CRLF & _ "*.streamboat.ch" & @CRLF & _ "*.streamboatserver.ch" & @CRLF & _ "Other Domains and Subdomains not specifically in scope" & @CRLF & _ "support.twilio.com" & @CRLF & _ "s.signal.twilio.com" & @CRLF & _ "ahoy-eloqua.twilio.com" & @CRLF & _ "Ytica and its assets " & @CRLF & _ "TwimlBins" & @CRLF & _ "store.twilio.com" & @CRLF & _ "Demo websites e.g. lab.authy.com" & @CRLF & _ "https://dashboard.authy.com" & @CRLF & _ "All Kurento domains" & @CRLF & _ "twiliotraining.com" & @CRLF & _ "www.twilio.com/labs" & @CRLF & _ "www.twilio.com/quest" & @CRLF & _ "surveys.twilio.com" & @CRLF & _ "support.sendgrid.com" & @CRLF & _ "status.sendgrid.com" & @CRLF & _ "Third-party services used by SendGrid" & @CRLF & _ "issues-sendgrid.dev.twilio.com" & @CRLF & _ "https://www.zipwhip.com/" & @CRLF & _ "zipwhip.com" & @CRLF & _ "All Twilio acquisitions until explicitly noted under the in-scope targets" & @CRLF & _ "community.segment.com" & @CRLF & _ "segment.com/contact" & @CRLF & _ "segment.com/jobs " & @CRLF & _ "http://twil.io/" & @CRLF & _ "twil.io" & @CRLF & _ "www.underarmour.<country>" & @CRLF & _ "www.underarmour.com/en-us/affiliate-home" & @CRLF & _ " www.uabiz.com," & @CRLF & _ "investor.underarmour.com" & @CRLF & _ "productsafety.underarmour.com" & @CRLF & _ "uabusiness.force.com" & @CRLF & _ "www.underarmour.jobs" & @CRLF & _ "blog.underarmour.com" & @CRLF & _ "www.uateamcatalogs.com " & @CRLF & _ "www.uaretail.com " & @CRLF & _ "www.plankindustries.com" & @CRLF & _ "investor.underarmour.com " & @CRLF & _ "careers.underarmour.com" & @CRLF & _ "www.underarmour.<country> " & @CRLF & _ "www.uabiz.com" & @CRLF & _ "www.uaretail.com" & @CRLF & _ "uaallaccess.com" & @CRLF & _ "Social media hijacking" & @CRLF & _ "Any subdomain/domain/property not listed in the 'in scope' section, is out of scope. " & @CRLF & _ "Any Third-party Services" & @CRLF & _ "support.upwork.com" & @CRLF & _ "community.stage.upwork.com" & @CRLF & _ "community.upwork.com" & @CRLF & _ "stage.upwork.com" & @CRLF & _ "e.upwork.com" & @CRLF & _ "status.upwork.com" & @CRLF & _ "signature.upwork.com" & @CRLF & _ "careers.upwork.com" & @CRLF & _ "tip.upwork.com" & @CRLF & _ "tip.upwork.com " & @CRLF & _ "pardot.upwork.com" & @CRLF & _ "*.rc.viator.com" & @CRLF & _ "*.sandbox.viator.com" & @CRLF & _ "*.partner.viator.com" & @CRLF & _ "https://agentcenter.viator.com" & @CRLF & _ "agentcenter.viator.com" & @CRLF & _ "https://operatorresources.viator.com" & @CRLF & _ "operatorresources.viator.com" & @CRLF & _ "https://partnerresources.viator.com" & @CRLF & _ "partnerresources.viator.com" & @CRLF & _ "partner.viator.com" & @CRLF & _ "http://www.theplaymania.com/" & @CRLF & _ "*.web.com" & @CRLF & _ "*.register.com" & @CRLF & _ "*.networksolutions.com" & @CRLF & _ " https://app.gator.com/" & @CRLF & _ "*.bluehost.com" & @CRLF & _ "*.hostgator.com" & @CRLF & _ "app.web.com" & @CRLF & _ "█████████████████████████" & @CRLF & _ "████████████████████████████████████████" & @CRLF & _ "█████████████████████████████████████" & @CRLF & _ "██████████████████████████████████" & @CRLF & _ "██████████████████████████████████████████████████████████" & @CRLF & _ "Wise Affiliate Program" & @CRLF & _ "Third party services not hosted by Wise" & @CRLF & _ "Any Github asset not under the “transferwise” organization" & @CRLF & _ "Third party authentication services (eg: Facebook and Google)" & @CRLF & _ "https://transferwise.com/help/contact" & @CRLF & _ "https://wise.com/help/contact" & @CRLF & _ "*.tw.com" & @CRLF & _ "*.tw.ee" & @CRLF & _ "Non-current version of the Android app" & @CRLF & _ "Non-current version of the iOS app" & @CRLF & _ "*.transferwise.tech" & @CRLF & _ "brand.wise.com" & @CRLF & _ "links.wise.com" & @CRLF & _ "widgets.transferwise.com" & @CRLF & _ "brand.transferwise.com" & @CRLF & _ "bootstrap.transferwise.com" & @CRLF & _ "links.transferwise.com" & @CRLF & _ "status.wise.com" & @CRLF & _ "status.transferwise.com" & @CRLF & _ "tech.transferwise.com" & @CRLF & _ "3rd Party Devices (known as Works with Xfinity)" & @CRLF & _ "oauth.xfinity.com" & @CRLF & _ "https://login.xfinity.com" & @CRLF & _ "login.xfinity.com" & @CRLF & _ "*.xerxessecure.com" & @CRLF & _ "*.cimcontent.net" & @CRLF & _ "*.identity.xfinity.com" & @CRLF & _ "\*\business.comcast.com" & @CRLF & _ "*.pulseinsights.com" & @CRLF & _ "*.wurfulcloud.com" & @CRLF & _ "*.appcenter.ms" & @CRLF & _ "*.kampyle.com" & @CRLF & _ "*.demdex.net" & @CRLF & _ "*.openx.net" & @CRLF & _ "*.criteo.net" & @CRLF & _ "*.webcontentassessor.com" & @CRLF & _ "*.amazon-adsystem.com" & @CRLF & _ "*.adobedtm.com" & @CRLF & _ "*.adnxs.com" & @CRLF & _ "*.fwmrm.net" & @CRLF & _ "https://app.ynab.com/" & @CRLF & _ "Any previous version of the desktop apps: YNAB 4, YNAB 3, YNAB Pro, YNAB Basic (Spreadsheet)" & @CRLF & _ "https://develop-app.ynab.com" & @CRLF & _ "https://support.ynab.com" & @CRLF & _ "██████████████████████████████████████" & @CRLF & _ "https://bugbounty-ctf.1password.com/" & @CRLF & _ "null" & @CRLF & _ "<Your own 1Password account> —> Latest stable, beta, or nightly Browser Extension (Chrome, Brave, Firefox, Edge, and Safari)" & @CRLF & _ "<Your own 1Password account> —> Latest stable, beta, or nightly Command Line Interface (CLI)" & @CRLF & _ "http://--your-own-1password-account--.1password.com" & @CRLF & _ "https://events.1password.com/" & @CRLF & _ "Arc on Mac" & @CRLF & _ "Arc on Window" & @CRLF & _ "arc.net" & @CRLF & _ "bcny.com" & @CRLF & _ "company.thebrowser.arc" & @CRLF & _ "id6472513080" & @CRLF & _ "thebrowser.company" & @CRLF & _ "https://*.granularinsurance.com/" & @CRLF & _ "https://*.onduo.com/" & @CRLF & _ "" & @CRLF & _ "https://*.projectbaseline.com/" & @CRLF & _ "https://*.signalpath.com/" & @CRLF & _ "https://*.verily.com/" & @CRLF & _ "https://apps.apple.com/us/app/onduo/id1138490045" & @CRLF & _ "https://apps.apple.com/us/app/verily-me/id6448808133" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.google.android.apps.diabetes" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.verily.me" & @CRLF & _ "http://bumba.global" & @CRLF & _ "Starbucks Japan Android" & @CRLF & _ "Download the App:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.jp" & @CRLF & _ "Starbucks Japan iOS" & @CRLF & _ "https://apps.apple.com/jp/app/%E3%82%B9%E3%82%BF%E3%83%BC%E3%83%90%E3%83%83%E3%82%AF%E3%82%B9-%E3%82%B8%E3%83%A3%E3%83%91%E3%83%B3%E5%85%AC%E5%BC%8F%E3%83%A2%E3%83%90%E3%82%A4%E3%83%AB%E3%82%A2%E3%83%97%E3%83%AA/id1113037275?l=en-US" & @CRLF & _ "cart.starbucks.co.jp" & @CRLF & _ "gift.starbucks.co.jp" & @CRLF & _ "login.starbucks.co.jp" & @CRLF & _ "www.cart.starbucks.co.jp/" & @CRLF & _ "Starbucks Japan" & @CRLF & _ "www.starbucks.co.jp" & @CRLF & _ "Starbucks Australia Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.au" & @CRLF & _ "Starbucks Australia iOS" & @CRLF & _ "https://apps.apple.com/au/app/starbucks-australia/id653757988" & @CRLF & _ "Starbucks Cambodia Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.kh" & @CRLF & _ "Starbucks Cambodia iOS" & @CRLF & _ "https://apps.apple.com/kh/app/starbucks-cambodia/id1456402324" & @CRLF & _ "Starbucks Hong Kong Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.hk" & @CRLF & _ "Starbucks Hong Kong iOS" & @CRLF & _ "https://apps.apple.com/hk/app/starbucks-hong-kong/id636266448" & @CRLF & _ "Starbucks India Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.in" & @CRLF & _ "Starbucks India iOS" & @CRLF & _ "https://apps.apple.com/in/app/starbucks-india/id1210203958" & @CRLF & _ "Starbucks Indonesia Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.id" & @CRLF & _ "Starbucks Indonesia iOS" & @CRLF & _ "https://apps.apple.com/id/app/starbucks-indonesia/id1126488844" & @CRLF & _ "Starbucks Korea Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.co" & @CRLF & _ "Starbucks Malaysia Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.my" & @CRLF & _ "Starbucks Malaysia iOS" & @CRLF & _ "https://apps.apple.com/my/app/starbucks-malaysia/id888509698" & @CRLF & _ "Starbucks New Zealand Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.nz" & @CRLF & _ "Starbucks New Zealand iOS" & @CRLF & _ "https://apps.apple.com/nz/app/starbucks-new-zealand/id1534351477" & @CRLF & _ "Starbucks Philippines Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.ph" & @CRLF & _ "Starbucks Philippines iOS" & @CRLF & _ "https://apps.apple.com/ph/app/starbucks-philippines/id1363216428" & @CRLF & _ "Starbucks Singapore Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.singapore" & @CRLF & _ "Starbucks Singapore iOS" & @CRLF & _ "https://apps.apple.com/sg/app/starbucks-singapore/id574621564" & @CRLF & _ "Starbucks Taiwan Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.tw" & @CRLF & _ "Starbucks Taiwan iOS" & @CRLF & _ "https://apps.apple.com/tw/app/starbucks-tw/id829317669" & @CRLF & _ "Starbucks Thailand Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.thailand" & @CRLF & _ "Starbucks Thailand iOS" & @CRLF & _ "https://apps.apple.com/th/app/starbucks-thailand/id898062370" & @CRLF & _ "Starbucks Vietnam Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.vn" & @CRLF & _ "Starbucks Vietnam iOS" & @CRLF & _ "https://apps.apple.com/vn/app/starbucks-vietnam/id1410451879" & @CRLF & _ "www.starbucks.co.id/" & @CRLF & _ "Starbucks Indonesia" & @CRLF & _ "www.starbucks.co.kr/" & @CRLF & _ "Starbucks Korea" & @CRLF & _ "www.starbucks.co.nz/" & @CRLF & _ "Starbucks New Zealand" & @CRLF & _ "www.starbucks.co.th/" & @CRLF & _ "Starbucks Thailand" & @CRLF & _ "www.starbucks.com.au/" & @CRLF & _ "Starbucks Australia " & @CRLF & _ "www.starbucks.com.bn/" & @CRLF & _ "Starbucks Brunei" & @CRLF & _ "www.starbucks.com.hk/" & @CRLF & _ "Starbucks Hong Kong" & @CRLF & _ "www.starbucks.com.kh/" & @CRLF & _ "Starbucks Cambodia" & @CRLF & _ "www.starbucks.com.my/" & @CRLF & _ "Starbucks Malaysia" & @CRLF & _ "www.starbucks.com.sg/" & @CRLF & _ "Starbucks Singapore" & @CRLF & _ "www.starbucks.com.tw/" & @CRLF & _ "Starbucks Taiwan" & @CRLF & _ "www.starbucks.in/" & @CRLF & _ "Starbucks India" & @CRLF & _ "www.starbucks.la/" & @CRLF & _ "Starbucks Laos" & @CRLF & _ "www.starbucks.ph/" & @CRLF & _ "Starbucks Philippines " & @CRLF & _ "www.starbucks.vn/" & @CRLF & _ "Starbucks Vietnam" & @CRLF & _ "Starbucks Austria Android App" & @CRLF & _ "Download the app here: " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.at" & @CRLF & _ "Starbucks Austria iOS" & @CRLF & _ "Download the app here:" & @CRLF & _ "https://apps.apple.com/at/app/starbucks-%C3%B6sterreich/id976355440" & @CRLF & _ "Starbucks Czech Republic" & @CRLF & _ "https://apps.apple.com/cz/app/starbucks-czechia/id6476321104" & @CRLF & _ "Starbucks Czech Republic " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.cz&hl" & @CRLF & _ "Starbucks France Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.fr" & @CRLF & _ "Starbucks France iOS" & @CRLF & _ "https://apps.apple.com/fr/app/starbucks-france/id943993603" & @CRLF & _ "Starbucks Germany Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.de" & @CRLF & _ "Starbucks Germany iOS" & @CRLF & _ "https://apps.apple.com/de/app/starbucks-deutschland/id948562829" & @CRLF & _ "Starbucks Ireland Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.ie" & @CRLF & _ "Starbucks Ireland iOS" & @CRLF & _ "https://apps.apple.com/ie/app/starbucks-ireland/id1532285370" & @CRLF & _ "Starbucks Poland iOS" & @CRLF & _ "https://apps.apple.com/pl/app/starbucks-cee/id1048524289" & @CRLF & _ "Starbucks Portugal Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.pt" & @CRLF & _ "Starbucks Portugal iOS" & @CRLF & _ "https://apps.apple.com/pt/app/starbucks-portugal/id6447920609" & @CRLF & _ "Starbucks Romania Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.ro" & @CRLF & _ "Starbucks Romania iOS" & @CRLF & _ "https://apps.apple.com/ro/app/starbucks-romania/id6472733341" & @CRLF & _ "Starbucks South Africa Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.za" & @CRLF & _ "Starbucks South Africa iOS" & @CRLF & _ "https://apps.apple.com/za/app/starbucks-south-africa/id1137700631" & @CRLF & _ "Starbucks Spain Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.es" & @CRLF & _ "Starbucks Spain iOS" & @CRLF & _ "https://apps.apple.com/es/app/starbucks-espa%C3%B1a/id6447769086" & @CRLF & _ "Starbucks Switzerland Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.ch&hl=en_US" & @CRLF & _ "Starbucks Switzerland iOS" & @CRLF & _ "https://apps.apple.com/ch/app/starbucks-switzerland/id976349872" & @CRLF & _ "Starbucks Turkey Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.tr" & @CRLF & _ "Starbucks Turkey iOS" & @CRLF & _ "https://apps.apple.com/tr/app/starbucks-t%C3%BCrkiye/id1100698915" & @CRLF & _ "Starbucks United Kingdom Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.uk&hl=en_US" & @CRLF & _ "Starbucks United Kingdom iOS" & @CRLF & _ "https://apps.apple.com/gb/app/starbucks-uk/id1499149941" & @CRLF & _ "card.starbucks.com.cy/" & @CRLF & _ "Starbucks Cyprus" & @CRLF & _ "card.starbucks.com.gr/" & @CRLF & _ "Starbucks Greece" & @CRLF & _ "https://www.starbucks.at" & @CRLF & _ "Starbucks Austria" & @CRLF & _ "www.roastery.starbucks.it" & @CRLF & _ "Starbucks Reserve™ Roastery Milano" & @CRLF & _ "www.starbucks.ae" & @CRLF & _ "Starbucks United Arab Emirates" & @CRLF & _ "www.starbucks.be" & @CRLF & _ "Starbucks Belgium" & @CRLF & _ "www.starbucks.bg" & @CRLF & _ "Starbucks Bulgaria" & @CRLF & _ "www.starbucks.ch" & @CRLF & _ "Starbucks Switzerland" & @CRLF & _ "www.starbucks.co.ma" & @CRLF & _ "Starbucks Morocco" & @CRLF & _ "www.starbucks.co.uk/" & @CRLF & _ "Starbucks United Kingdom" & @CRLF & _ "www.starbucks.co.za" & @CRLF & _ "Starbucks South Africa" & @CRLF & _ "www.starbucks.co.za/" & @CRLF & _ "www.starbucks.com.bh" & @CRLF & _ "Starbucks Bahrein" & @CRLF & _ "www.starbucks.com.jo" & @CRLF & _ "Starbucks Jordan" & @CRLF & _ "www.starbucks.com.kw" & @CRLF & _ "Starbucks Kuwait" & @CRLF & _ "www.starbucks.com.kz" & @CRLF & _ "Starbucks Kazakhstan" & @CRLF & _ "www.starbucks.com.lb" & @CRLF & _ "Starbucks Lebanon" & @CRLF & _ "www.starbucks.com.om" & @CRLF & _ "Starbucks Oman" & @CRLF & _ "www.starbucks.com.tr" & @CRLF & _ "Starbucks Turkey" & @CRLF & _ "www.starbucks.cz/" & @CRLF & _ "Starbucks Czech Republic" & @CRLF & _ "www.starbucks.de" & @CRLF & _ "Starbucks Germany" & @CRLF & _ "www.starbucks.eg" & @CRLF & _ "Starbucks Egypt" & @CRLF & _ "www.starbucks.es" & @CRLF & _ "Starbucks Spain" & @CRLF & _ "www.starbucks.fr/" & @CRLF & _ "Starbucks France" & @CRLF & _ "www.starbucks.hu" & @CRLF & _ "Starbucks Hungary" & @CRLF & _ "www.starbucks.ie/" & @CRLF & _ "Starbucks Ireland" & @CRLF & _ "www.starbucks.it/" & @CRLF & _ "Starbucks Italy" & @CRLF & _ "www.starbucks.mt" & @CRLF & _ "Starbucks Malta" & @CRLF & _ "www.starbucks.nl" & @CRLF & _ "Starbucks Netherlands" & @CRLF & _ "www.starbucks.no" & @CRLF & _ "Starbucks Norway" & @CRLF & _ "www.starbucks.pl" & @CRLF & _ "Starbucks Poland" & @CRLF & _ "www.starbucks.pt/" & @CRLF & _ "Starbucks Portugal" & @CRLF & _ "www.starbucks.qa" & @CRLF & _ "Starbucks Qatar" & @CRLF & _ "www.starbucks.ro" & @CRLF & _ "Starbucks Romania" & @CRLF & _ "www.starbucks.rs" & @CRLF & _ "Starbucks Serbia" & @CRLF & _ "www.starbucks.sa" & @CRLF & _ "Starbucks Saudi Arabia" & @CRLF & _ "www.starbucksslovakia.sk/" & @CRLF & _ "Starbucks Slovakia" & @CRLF & _ "Starbucks Argentina Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.ar" & @CRLF & _ "Starbucks Argentina iOS" & @CRLF & _ "https://apps.apple.com/ar/app/starbucks-argentina/id1209110211" & @CRLF & _ "Starbucks Chile Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.cl" & @CRLF & _ "Starbucks Chile iOS" & @CRLF & _ "Starbucks El Salvador Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucksrewards.sv" & @CRLF & _ "Starbucks El Salvador iOS" & @CRLF & _ "https://apps.apple.com/sv/app/starbucks-el-salvador/id6535501479" & @CRLF & _ "Starbucks Mexico Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.mx" & @CRLF & _ "Starbucks Mexico iOS" & @CRLF & _ "https://apps.apple.com/us/app/starbucks-m%C3%A9xico/id570779372" & @CRLF & _ "Starbucks Peru Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.peru" & @CRLF & _ "Starbucks Peru iOS" & @CRLF & _ "https://apps.apple.com/pe/app/starbucks-per%C3%BA/id1409811746" & @CRLF & _ "www.starbucks.cl" & @CRLF & _ "Starbucks Chile" & @CRLF & _ "www.starbucks.co.cr/" & @CRLF & _ "Starbucks Costa Rica" & @CRLF & _ "www.starbucks.com.ar/" & @CRLF & _ "Starbucks Argentina" & @CRLF & _ "www.starbucks.com.mx/" & @CRLF & _ "Starbucks Mexico" & @CRLF & _ "www.starbucks.com.py/" & @CRLF & _ "Starbucks Paraguay" & @CRLF & _ "www.starbucks.com.sv" & @CRLF & _ "Starbucks El Salvador" & @CRLF & _ "www.starbucks.com.uy" & @CRLF & _ "Starbucks Uruguay" & @CRLF & _ "www.starbucks.pa/" & @CRLF & _ "Starbucks Panama" & @CRLF & _ "www.starbucks.pe" & @CRLF & _ "Starbucks Peru" & @CRLF & _ "www.starbucks.tt" & @CRLF & _ "Starbucks Trinidad and Tobago" & @CRLF & _ "www.starbuckspr.com/" & @CRLF & _ "Starbucks Puerto Rico" & @CRLF & _ "Starbucks China Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.cn" & @CRLF & _ "Starbucks China iOS" & @CRLF & _ "https://apps.apple.com/us/app/%E6%98%9F%E5%B7%B4%E5%85%8B%E4%B8%AD%E5%9B%BD/id499819758" & @CRLF & _ "www.starbucks.com.cn/" & @CRLF & _ "Starbucks China" & @CRLF & _ "2kleague.nba.com" & @CRLF & _ "bal.nba.com" & @CRLF & _ "cdn-bal.nba.com" & @CRLF & _ "cdn.nba.com" & @CRLF & _ "cms.nba.com" & @CRLF & _ "com.nbaimd.gametime.nba2011" & @CRLF & _ "com.nbaimd.gametime.universal" & @CRLF & _ "content-api-nextgen-prod.nba.com" & @CRLF & _ "content-api-prod.nba.com" & @CRLF & _ "core-api.nba.com" & @CRLF & _ "corp-dev.nba.com" & @CRLF & _ "cweb-ott.nba.com" & @CRLF & _ "elm.nba.com" & @CRLF & _ "gleague.nba.com" & @CRLF & _ "id.nba.com" & @CRLF & _ "identity.nba.com" & @CRLF & _ "lockervision.nba.com" & @CRLF & _ "manage-teams.nba.com" & @CRLF & _ "manage.nba.com" & @CRLF & _ "mcd.nba.com" & @CRLF & _ "mcdalerts.nba.com" & @CRLF & _ "nbafedsvc.nba.com" & @CRLF & _ "stats-trafficcop-prod.nba.com" & @CRLF & _ "stats.2kleague.nba.com" & @CRLF & _ "stats.gleague.nba.com" & @CRLF & _ "stats.nba.com" & @CRLF & _ "stats.wnba.com" & @CRLF & _ "syndication.nba.com" & @CRLF & _ "teamportal.nba.com" & @CRLF & _ "vote.nba.com" & @CRLF & _ "www.nba.com" & @CRLF & _ "www.wnba.com" & @CRLF & _ "api.circle.com" & @CRLF & _ "Testing should be done on api-sandbox.circle.com." & @CRLF & _ "app.circle.com" & @CRLF & _ "Testing should be done on app-sandbox.circle.com." & @CRLF & _ "console.circle.com" & @CRLF & _ "Only the web2 portion of console.circle.com is in scope. Anything smart contract/smart contract platform or otherwise web3 related is not in scope. " & @CRLF & _ "Researchers should make it clear they're HackerOne researchers in their username and email domain, and must be using testnet. " & @CRLF & _ "http://github.com/circlefin/noble-cctp" & @CRLF & _ "https://github.com/circlefin/buidl-wallet-contracts" & @CRLF & _ "https://github.com/circlefin/evm-cctp-contracts" & @CRLF & _ "https://github.com/circlefin/noble-fiattokenfactory" & @CRLF & _ "https://github.com/circlefin/solana-cctp-contracts" & @CRLF & _ "https://github.com/circlefin/stablecoin-aptos" & @CRLF & _ "https://github.com/circlefin/stablecoin-evm" & @CRLF & _ "https://github.com/circlefin/stablecoin-sui" & @CRLF & _ "https://github.com/circlefin/sui-cctp" & @CRLF & _ "*.varonis.com" & @CRLF & _ "*.varonis.io" & @CRLF & _ "*.varonis.net" & @CRLF & _ "Merchant Portal" & @CRLF & _ "https://portal.playground.klarna.com" & @CRLF & _ "https://github.com/nimiq/core-rs-albatross" & @CRLF & _ "Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward." & @CRLF & _ "Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact." & @CRLF & _ "When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced)." & @CRLF & _ "Multiple vulnerabilities caused by one underlying issue will be awarded one bounty." & @CRLF & _ "Social engineering (e.g. phishing, vishing, smishing) is prohibited." & @CRLF & _ "Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service." & @CRLF & _ "## Exploring our repository:" & @CRLF & _ "- Blockchain: Manages the blockchain structure, block validation, and chain state." & @CRLF & _ "- Consensus: Implements the consensus mechanism and synchronization." & @CRLF & _ "- Validator: Contains logic for the validator role, including signing and verification processes." & @CRLF & _ "- Primitives: Includes fundamental types and utilities used across other crates, such as data structures for accounts, blocks, transactions, and various cryptographic functions." & @CRLF & _ "## Quick start:" & @CRLF & _ "- Prerequisites: " & @CRLF & _ " - Install the latest version of Rust by following the instructions on the [Rust website](https://www.rust-lang.org/learn/get-started#installing-rust)." & @CRLF & _ "- Installation:" & @CRLF & _ " - Clone the Repository: `git clone https://github.com/nimiq/core-rs-albatross.git`" & @CRLF & _ " - Move to the Repository: `cd core-rs-albatross`" & @CRLF & _ " - Build the project and start a basic full node: `cargo run --release --bin nimiq-" & @CRLF & _ "client`" & @CRLF & _ "For more details, check the repository [Reame file](https://github.com/nimiq/core-rs-albatross/blob/albatross/README.md)." & @CRLF & _ "api.vault.chiatest.net" & @CRLF & _ "Chia Cloud crypto wallet API" & @CRLF & _ "https://apps.apple.com/app/chia-signer/id6504493785 " & @CRLF & _ "IOS cryptographic signing application" & @CRLF & _ "https://github.com/Chia-Network/chia-blockchain" & @CRLF & _ "Chia core" & @CRLF & _ "https://github.com/Chia-Network/chia-blockchain-gui" & @CRLF & _ "Chia desktop" & @CRLF & _ "https://github.com/Chia-Network/chia_rs" & @CRLF & _ "Chia RUST implementations" & @CRLF & _ "https://github.com/Chia-Network/chiapos" & @CRLF & _ "Chia Proof of Space plotter" & @CRLF & _ "https://github.com/Chia-Network/chiavdf" & @CRLF & _ "ChiaVDF (Verifiable Delay Function) for Timelords" & @CRLF & _ "https://github.com/Chia-Network/clvm_rs" & @CRLF & _ "https://vault.chiatest.net/" & @CRLF & _ "Chia Cloud crypto wallet" & @CRLF & _ "3CX Live chat WordPress plugin" & @CRLF & _ "This is a plugin that integrates 3CX Livechat into a WordPress site. A 3CX installation is required (On Premise or in the Cloud)." & @CRLF & _ "Link to the plugin: https://wordpress.org/plugins/wp-live-chat-support/" & @CRLF & _ "Link to the documentation: https://www.3cx.com/docs/manual/live-chat/" & @CRLF & _ "3CX Phone System" & @CRLF & _ "1. Register on www.3cx.com using your **hackerone email address**. Confirm your email and follow the wizard to select a deployment type. (Please refer to our documentation for more information about each deployment type https://www.3cx.com/docs/manual/install/)" & @CRLF & _ "2. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version and ensure it is still valid. On linux you can manually update by running `apt update && apt upgrade` in your server's terminal.**" & @CRLF & _ "3. For any additional technical documentation you can refer to our website." & @CRLF & _ "3CX SBC" & @CRLF & _ "1. 3CX SBC requires an existing installation of 3CX Server. " & @CRLF & _ "2. Use the following ISO instead to deploy 3CX SBC on-premise: https://downloads-global.3cx.com/downloads/debian12iso/debian-amd64-netinst-3cx.iso . " & @CRLF & _ "3. In the 3CX Installer select 3CX SBC (not PBX)" & @CRLF & _ "4. During the Installation you will be asked to enter the PBX FQDN and SBC key." & @CRLF & _ "5. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version (both 3CX PBX and 3CX SBC) and ensure it is still valid. You can update by running `apt update && apt upgrade` in your server's terminal.**" & @CRLF & _ "6. For any additional technical documentation you can refer to our website." & @CRLF & _ "https://apps.apple.com/us/app/3cx/id992045982" & @CRLF & _ "The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension's QR code." & @CRLF & _ "User manual: https://www.3cx.com/user-manual/installation-iphone/" & @CRLF & _ "https://apps.microsoft.com/detail/3cx/9NW77489NGJ0" & @CRLF & _ "The 3CX softphone app for Windows allows you to make calls, view the status of colleagues, chat, schedule a video conference and check voicemail from your desktop" & @CRLF & _ " " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.tcx.sipphone14" & @CRLF & _ "The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension's QR code. " & @CRLF & _ "User manual: https://www.3cx.com/user-manual/installation-android/" & @CRLF & _ "https://portal.3cx.com" & @CRLF & _ "This is the portal where customers and partners can manage their 3CX account/license keys." & @CRLF & _ "https://etherscan.io/address/0x000000000000204327E6669f00901a57CE15aE15" & @CRLF & _ "Please refer to the contract at this address, not etherscan.io itself." & @CRLF & _ "https://etherscan.io/address/0x000000000000a53f64b7bcf4cd59624943c43fc7" & @CRLF & _ "https://etherscan.io/address/0x0000003E0000a96de4058e1E02a62FaaeCf23d8d" & @CRLF & _ "Please refer to the contract at this address, not etherscan.io itself. " & @CRLF & _ "https://etherscan.io/address/0x000000e92d78d90000007f0082006fda09bd5f11" & @CRLF & _ "https://etherscan.io/address/0x0046000000000151008789797b54fdb500E2a61e" & @CRLF & _ "https://etherscan.io/address/0xcE0000007B008F50d762D155002600004cD6c647" & @CRLF & _ "https://github.com/alchemyplatform/modular-account" & @CRLF & _ "Alchemy's Modular Account is a maximally modular, upgradeable smart contract account that is compatible with ERC-4337 and ERC-6900." & @CRLF & _ "auth.privy.io" & @CRLF & _ "dashboard.privy.io" & @CRLF & _ "https://www.npmjs.com/package/@privy-io/react-auth" & @CRLF & _ "*.nflxext.com" & @CRLF & _ "**Primary Target**" & @CRLF & _ "Static content is served over this domain" & @CRLF & _ "*.nflximg.net" & @CRLF & _ "*.nflxso.net" & @CRLF & _ "*.nflxvideo.net" & @CRLF & _ "*.prod.cloud.netflix.com" & @CRLF & _ "The primary Netflix experience is driven by microservices that are hosted and called through our API." & @CRLF & _ "You may see the API referenced as `api*.netflix.com` as well as `www.netflix.com/api/*`" & @CRLF & _ "*.prod.dradis.netflix.com" & @CRLF & _ "The primary Netflix experience is driven by microservices that are hosted and called through our API. " & @CRLF & _ "You may see the API referenced as` api*.netflix.com` as well as `www.netflix.com/api/*`" & @CRLF & _ "*.prod.ftl.netflix.com" & @CRLF & _ "Content Authorization Targets" & @CRLF & _ "**Device & Content Authorization Findings**" & @CRLF & _ "High severity targets include methods of subverting content authorization or obtaining private keys. Medium severity targets include leaked private keys for content decryption. Submissions of hardware-backed private keys (i.e. from a TEE) & key exfiltration methods will have higher payouts than submissions of software-backed private keys & key exfiltration methods." & @CRLF & _ "Corporate Assets" & @CRLF & _ "** Netflix.com Google G suite **" & @CRLF & _ "**For targets listed in the "Corporate Targets Overview" section, we only reward for the bugs that are critical or High based on the CVSS.** " & @CRLF & _ "- We do accept submissions of overly exposed Google documents (as described in Corporate Targets above), which start at Low severity. " & @CRLF & _ "- Submissions must meet other applicable requirements (e.g. not an Excluded Submission Type). " & @CRLF & _ "- Medium and Low severity reports will be accepted but will not be eligible for a bounty. " & @CRLF & _ "Microsites" & @CRLF & _ "## Secondary Target" & @CRLF & _ "Microsites are sites that Netflix typically publishes for promotion or in support of Netflix titles." & @CRLF & _ "Not all microsites are hosted by Netflix. Some are hosted by vendors or partners. We cannot authorize you to test these sites as we do not own the computers that host them. It is critical that you confirm that Netflix is the owner of a particular microsite before testing. When in doubt, please reach out to the Netflix team to confirm." & @CRLF & _ "Netflix Mobile Application for Android" & @CRLF & _ "## Mobile target" & @CRLF & _ "**App Id on play store - com.netflix.mediaclient**" & @CRLF & _ "We only accept Critical and High-level vulnerabilities in the apps" & @CRLF & _ "Netflix Mobile Application for iOS" & @CRLF & _ "**App ID on app store - 363590051**" & @CRLF & _ "Open Source - Atlas" & @CRLF & _ "## https://github.com/Netflix/atlas" & @CRLF & _ "**Secondary Target**" & @CRLF & _ "Open Source - Consoleme" & @CRLF & _ "https://github.com/netflix/consoleme" & @CRLF & _ "Open Source - Dispatch" & @CRLF & _ "https://github.com/Netflix/dispatch" & @CRLF & _ "Open Source - Spectator" & @CRLF & _ "## https://github.com/Netflix/spectator" & @CRLF & _ "Open Source - Weep" & @CRLF & _ "https://github.com/netflix/weep" & @CRLF & _ "Open Source - Zuul" & @CRLF & _ "## https://github.com/Netflix/zuul" & @CRLF & _ "Secondary Assets" & @CRLF & _ "api*.netflix.com" & @CRLF & _ "beacon.netflix.com" & @CRLF & _ "Beacon is a logging endpoint used to collect client information from member's browsers and streaming devices." & @CRLF & _ "customerevents.netflix.com" & @CRLF & _ "`customerevents.netflix.com`, `nmtracking.netflix.com`, and `presentationtracking.netflix.com` are all alias of `beacon.netflix.com`. " & @CRLF & _ "Submissions containing variations of the URL will not be treated as unique." & @CRLF & _ "help.netflix.com" & @CRLF & _ "Our help site provides a knowledge base and customer service chat" & @CRLF & _ "ichnaea.netflix.com" & @CRLF & _ "Ichanaea is a logging endpoint used to collect client information" & @CRLF & _ "meechum.netflix.com" & @CRLF & _ "Netflix partner page" & @CRLF & _ "nmtracking.netflix.com" & @CRLF & _ "presentationtracking.netflix.com" & @CRLF & _ "secure.netflix.com" & @CRLF & _ "Secure static assets are hosted on this domain" & @CRLF & _ "www.netflix.com" & @CRLF & _ "## Primary Target" & @CRLF & _ "The primary Netflix experience is hosted on this top level domain. The UI uses a combination of React JS and Node." & @CRLF & _ "api.23andme.com" & @CRLF & _ "First API from original codebase, responsible for less services at the moment but still integrated into the product." & @CRLF & _ "auth.23andme.com" & @CRLF & _ "Responsible for all authenticated services throughout the product." & @CRLF & _ "blog.23andme.com" & @CRLF & _ "Official blog of 23andMe, sharing insightful articles, updates, and stories on genetics, health, and personal genomics." & @CRLF & _ "education.23andme.com" & @CRLF & _ "23andMe's dedicated education site, offering resources and insights to enhance genetic literacy through informative content and educational materials" & @CRLF & _ "mediacenter.23andme.com" & @CRLF & _ "Media center for 23andMe, providing press releases, media assets, and comprehensive information for journalists and media professionals" & @CRLF & _ "medical.23andme.com" & @CRLF & _ "Medical and therapeutics site containing information about 23andMe's medical research." & @CRLF & _ "research.23andme.com" & @CRLF & _ "research.23andMe.com is the official research domain of 23andMe" & @CRLF & _ "store.23andme.com" & @CRLF & _ "Online store for 23andMe products, offering DNA testing kits, genetic insights, and personalized merchandise." & @CRLF & _ "therapeutics.23andme.com" & @CRLF & _ "23andMe's site exclusively dedicated to therapeutics to share and market what we've done and what we have in the pipeline in regards to therapeutics." & @CRLF & _ "you.23andme.com" & @CRLF & _ "you.23andme.com is our main consumer site which contains users DNA kit results, dna relatives, and more. Users can interact with relatives and perform profile related features such as downloading data." & @CRLF & _ "1641486558" & @CRLF & _ "com.einnovation.temu" & @CRLF & _ "www.temu.com" & @CRLF & _ "http://api.lightspark.com" & @CRLF & _ "http://app.lightspark.com" & @CRLF & _ "https://link.uma.me" & @CRLF & _ "Login and signup for Lightspark Extend for UMA." & @CRLF & _ "*.bybit.com" & @CRLF & _ "Web3 Smart Contract" & @CRLF & _ "https://apps.apple.com/us/app/bybit-app/id1488296980" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.bybit.app&hl=en" & @CRLF & _ "*.cheaptickets.nl" & @CRLF & _ "Low priority Scope" & @CRLF & _ "*.trainpal.com,*.mytrainpal.com" & @CRLF & _ "*.travix.com" & @CRLF & _ "*.travix.io" & @CRLF & _ "*.trip.com" & @CRLF & _ "Except for the domain name of <local>. trip.com" & @CRLF & _ "<locale>.trip.com" & @CRLF & _ "Trip Main Sites" & @CRLF & _ "High priority Scope" & @CRLF & _ "com.trip.android" & @CRLF & _ "com.trip.ios" & @CRLF & _ "*.bykea.net" & @CRLF & _ "1351179184" & @CRLF & _ "The customer iOS app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services." & @CRLF & _ "belaz.bykea.net" & @CRLF & _ "This microservice facilitates the pick-and-drop service and associated functionalities within our apps." & @CRLF & _ "bykea.com" & @CRLF & _ "com.bykea.pk" & @CRLF & _ "The customer android app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services." & @CRLF & _ "com.bykea.pk.partner" & @CRLF & _ "The driver app offers core features such as wallet management, invoicing, booking visibility, and acceptance, supporting seamless driver operations on the platform." & @CRLF & _ "https://*test*.bykea.net" & @CRLF & _ "https://api.bykea.net" & @CRLF & _ "This core microservice handles booking creation and facilitates communication between critical microservices, powering both the apps and overall business operations." & @CRLF & _ "https://geocode-beta.bykea.net" & @CRLF & _ "https://googleplace*.bykea.net" & @CRLF & _ "https://kronos*.bykea.net" & @CRLF & _ "This API-based microservice manages invoicing functionalities, playing a vital role in our platform’s financial operations. " & @CRLF & _ "https://leaflet-map.bykea.net" & @CRLF & _ "https://loadboard*.bykea.net/" & @CRLF & _ "This asset is an API-based microservice that allows drivers to view and accept customer bookings." & @CRLF & _ "https://maps.bykea.net" & @CRLF & _ "https://nominatim.bykea.net" & @CRLF & _ "https://raptor*.bykea.net" & @CRLF & _ "This asset is an API-based microservice responsible for authentication processes." & @CRLF & _ "e-Commerce" & @CRLF & _ "This scope covers Inditex's entire e-commerce platform, mainly made up of the following domains:" & @CRLF & _ "- www.zara.com" & @CRLF & _ "- www.bershka.com" & @CRLF & _ "- www.oysho.com" & @CRLF & _ "- www.stradivarius.com" & @CRLF & _ "- www.zarahome.com" & @CRLF & _ "- www.pullandbear.com" & @CRLF & _ "- www.massimodutti.com" & @CRLF & _ "- www.lefties.com" & @CRLF & _ "- www.zara.cn" & @CRLF & _ "- www.bershka.cn" & @CRLF & _ "- www.oysho.cn" & @CRLF & _ "- www.stradivarius.cn" & @CRLF & _ "- www.zarahome.cn" & @CRLF & _ "- www.pullandbear.cn" & @CRLF & _ "- www.massimodutti.cn" & @CRLF & _ "If the bug is in a service not explicitly named in the above list, but you are able to demonstrate that exploitation of the bug would affect directly and clearly to e-commerce operations, we will consider it to be in scope, (e.g. cache poisoning within static.zara.com will affect the operations of www.zara.com)." & @CRLF & _ "Because the e-commerce platform shares a common technological foundation, multiple reports describing the same vulnerability against multiple assets or endpoints where the root cause is the same will be treated as one report. Do not submit duplicate reports for the same issue across multiple sites, as the duplicates will be closed, and the issue will be treated as one report." & @CRLF & _ "https://github.com/leather-wallet/extension" & @CRLF & _ "www.leather.io" & @CRLF & _ "com.secretkeylabs.xverse" & @CRLF & _ "https://chrome.google.com/webstore/detail/xverse-wallet/idnnbdplmphpflfnlkomgpfbpcgelopg" & @CRLF & _ "https://github.com/fireblocks/mpc-lib" & @CRLF & _ "aw.visa.com" & @CRLF & _ "bb.visa.com" & @CRLF & _ "bd.visa.com" & @CRLF & _ "bm.visa.com" & @CRLF & _ "bq.visa.com" & @CRLF & _ "console.tink.com" & @CRLF & _ "cw.visa.com" & @CRLF & _ "developer.authorize.net" & @CRLF & _ "developer.currencycloud.com" & @CRLF & _ "developer.cybersource.com" & @CRLF & _ "developer.visa.com" & @CRLF & _ "direct-demo.currencycloud.com" & @CRLF & _ "ebctest.cybersource.com" & @CRLF & _ "An account can be created via https://developer.cybersource.com/hello-world/sandbox.html" & @CRLF & _ "ht.visa.com" & @CRLF & _ "http://myvisainfinite.com/suntrust/en_us/home.html" & @CRLF & _ "http://www.myvisacardportal.com/welcome/enbd/product/#" & @CRLF & _ "sandbox.authorize.net" & @CRLF & _ "An account can be created via https://developer.authorize.net/hello_world/sandbox.html" & @CRLF & _ "sandbox.secure.checkout.visa.com" & @CRLF & _ "test.payworks.io" & @CRLF & _ "usa.visa.com" & @CRLF & _ "visa.co.cr" & @CRLF & _ "visa.co.ni" & @CRLF & _ "visa.co.za" & @CRLF & _ "visa.com.au" & @CRLF & _ "visa.com.jm" & @CRLF & _ "visa.com.ru" & @CRLF & _ "visa.com.ua" & @CRLF & _ "www.authorize.net" & @CRLF & _ "www.cardinalcommerce.com" & @CRLF & _ "www.currencycloud.com" & @CRLF & _ "www.cybersource.com" & @CRLF & _ "www.fraedom.com" & @CRLF & _ "www.practicalbusinessskills.org" & @CRLF & _ "www.practicalmoneyskills.com" & @CRLF & _ "www.practicalmoneyskills.org" & @CRLF & _ "www.tink.com" & @CRLF & _ "www.visa.co.ao" & @CRLF & _ "www.visa.co.id" & @CRLF & _ "www.visa.co.il" & @CRLF & _ "www.visa.co.in" & @CRLF & _ "www.visa.co.jp" & @CRLF & _ "www.visa.co.ke" & @CRLF & _ "www.visa.co.nz" & @CRLF & _ "www.visa.co.th" & @CRLF & _ "www.visa.co.uk" & @CRLF & _ "www.visa.co.ve" & @CRLF & _ "www.visa.com.az" & @CRLF & _ "www.visa.com.br" & @CRLF & _ "www.visa.com.cn" & @CRLF & _ "www.visa.com.cy" & @CRLF & _ "www.visa.com.ge" & @CRLF & _ "www.visa.com.hk" & @CRLF & _ "www.visa.com.hr" & @CRLF & _ "www.visa.com.kh" & @CRLF & _ "www.visa.com.kz" & @CRLF & _ "www.visa.com.lc" & @CRLF & _ "www.visa.com.lk" & @CRLF & _ "www.visa.com.ms" & @CRLF & _ "www.visa.com.mx" & @CRLF & _ "www.visa.com.my" & @CRLF & _ "www.visa.com.ng" & @CRLF & _ "www.visa.com.ph" & @CRLF & _ "www.visa.com.sg" & @CRLF & _ "www.visa.com.tr" & @CRLF & _ "www.visa.com.tw" & @CRLF & _ "www.visa.com.vn" & @CRLF & _ "www.visainfinite.ca" & @CRLF & _ "www.yellowpepper.com" & @CRLF & _ "*.consumer.worldcoin.org" & @CRLF & _ "**Secondary Asset**" & @CRLF & _ "World App backend. TFH-owned asset" & @CRLF & _ "*.toolsforhumanity.com" & @CRLF & _ "TFH-owned asset" & @CRLF & _ "*.worldcoin-distributors.com" & @CRLF & _ "Worldcoin Foundation-owned asset" & @CRLF & _ "*.worldcoin.dev" & @CRLF & _ "*.worldcoin.org" & @CRLF & _ "Primary Assets" & @CRLF & _ "bioid-management.app" & @CRLF & _ "developer.worldcoin.org" & @CRLF & _ "**Primary Asset**" & @CRLF & _ "getworldcoin.com" & @CRLF & _ "https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847" & @CRLF & _ "https://docs.world.org/world-chain/reference/address-book" & @CRLF & _ "Worldcoin Foundation-owned asset." & @CRLF & _ "Smart contracts listed in this page are within scope for our program." & @CRLF & _ "https://github.com/worldcoin" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.worldcoin" & @CRLF & _ "World App for Android. TFH-owned asset" & @CRLF & _ "id.worldcoin.org" & @CRLF & _ "toolsforhumanity.com" & @CRLF & _ "worldcoin.org" & @CRLF & _ "com.nicehash.metallum" & @CRLF & _ "com.nicehash.mobile" & @CRLF & _ "https://api-test.nicehash.com" & @CRLF & _ "https://test.nicehash.com/shop/" & @CRLF & _ "For NiceHash Shop, you can try following discount codes:" & @CRLF & _ "**BB-ACTIVE** is the valid code for 50% discount, you should be able to use it." & @CRLF & _ "**BB-EXPIRED** is the expired code for 25% discount, you should not be able to use it." & @CRLF & _ "test.nicehash.com" & @CRLF & _ "You can self register by using a valid email, Google or Apple account." & @CRLF & _ "Web client uses JavaScript to get a data from the NiceHash API and present it to the user or to get data from the user and send it to the NiceHash API." & @CRLF & _ "This is the test environment (copy of the production environment) where testnet blockchains are used , that you can acquire for free from internet faucet sites, so you can freely try to manipulate any financial transaction (deposit, withdrawal, purchase...)." & @CRLF & _ "To get free test coins to your NiceHash account, after registration and login first find your NiceHash deposit address (https://test.nicehash.com/my/wallets/). " & @CRLF & _ "Then do internet search for "BTC testnet faucet", open found site and enter your NiceHash deposit address - you should receive deposit of test coins from a testnet faucet to your NiceHash account in couple of hours." & @CRLF & _ "https://github.com/AleoHQ/snarkOS/" & @CRLF & _ "https://github.com/AleoHQ/snarkVM/" & @CRLF & _ "1013961111" & @CRLF & _ "1218902777" & @CRLF & _ "https://apps.apple.com/us/app/id1218902777" & @CRLF & _ "926252661" & @CRLF & _ "Blink Indoor" & @CRLF & _ "ASIN: B086DL32QX" & @CRLF & _ "Blink Mini" & @CRLF & _ "ASIN: B07X27VK3D" & @CRLF & _ "Blink Outdoor" & @CRLF & _ "ASIN: B086DKMSSM" & @CRLF & _ "Blink Sync Module 2" & @CRLF & _ "ASIN: B084RQ6MHJ" & @CRLF & _ "Blink Video Doorbell" & @CRLF & _ "https://www.amazon.com/dp/B08SG2MS3V" & @CRLF & _ "Chime" & @CRLF & _ "Gen 2 and 2 Pro, ASIN: B07WML2XTD, B07WML1QM4" & @CRLF & _ "Indoor Cam" & @CRLF & _ "ASIN: B07Q9VBYV8" & @CRLF & _ "Peephole Cam" & @CRLF & _ "ASIN: B07WHMQNPC" & @CRLF & _ "Ring Alarm" & @CRLF & _ "Gen 2, ASIN: B07ZPMCW64" & @CRLF & _ "Ring Smart Lighting Bridge" & @CRLF & _ "Gen 1" & @CRLF & _ "Stickup Cam" & @CRLF & _ "Gen 3, ASIN: B07Q3T177V" & @CRLF & _ "Video Doorbell" & @CRLF & _ "2nd Gen, 3 & 3 Plus, ASINs: B0849J7W5X, B08N5NQ869, B07WLP395R" & @CRLF & _ "com.immediasemi.android.blink" & @CRLF & _ "com.ring.neighborhoods" & @CRLF & _ "com.ringapp" & @CRLF & _ "https://*.blinkforhome.com/*" & @CRLF & _ "https://*.immedia-semi.com/*" & @CRLF & _ "https://admin.ring.com/*" & @CRLF & _ "https://api.ring.com/*" & @CRLF & _ "https://app.ring.com/*" & @CRLF & _ "https://billing.ring.com/*" & @CRLF & _ "https://fw.ring.com/*" & @CRLF & _ "https://nw.ring.com/*" & @CRLF & _ "https://oauth.ring.com/*" & @CRLF & _ "https://ring.com/*" & @CRLF & _ "prd-ring-web-us.prd.rings.solutions" & @CRLF & _ "153.46.96.0/20" & @CRLF & _ "193.110.154.0/24" & @CRLF & _ "https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB" & @CRLF & _ "https://apps.apple.com/mx/app/debix/id1581440132" & @CRLF & _ "https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871" & @CRLF & _ "https://apps.apple.com/mx/app/six-id/id1620496931" & @CRLF & _ "https://apps.apple.com/us/app/bme-conecta/id6443938949" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.sixgroup.debixplus" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1" & @CRLF & _ "https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta" & @CRLF & _ "https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps" & @CRLF & _ "https://web3.sdx.com" & @CRLF & _ "https://www.sdx.com/" & @CRLF & _ "www.bolsasymercados.es" & @CRLF & _ "www.six-group.com" & @CRLF & _ "com.anker.AnkerMake" & @CRLF & _ "The App for AnkerMake 3D Printer" & @CRLF & _ "com.eufylife.EufyHome" & @CRLF & _ "The eufy Clean/eufy Home App for roboVac" & @CRLF & _ "com.oceanwing.FDMPrint" & @CRLF & _ "The Android App for AnkerMake 3D Printer" & @CRLF & _ "com.oceanwing.battery.cam" & @CRLF & _ "Most features shall use the eufy Security hardware devices." & @CRLF & _ "com.oceanwing.care.cam" & @CRLF & _ "This is the Android version App works for eufy baby monitor, mainly working offline." & @CRLF & _ "com.security.BatteryCam" & @CRLF & _ "The major features shall connect with the hardware devices of eufy Security." & @CRLF & _ "com.security.care" & @CRLF & _ "This is the iOS version App works for eufy baby monitor, mainly working offline." & @CRLF & _ "https://us.eufy.com/products/e8213181" & @CRLF & _ "S330 Video Doorbell-Battery" & @CRLF & _ "https://us.eufy.com/products/t8410121" & @CRLF & _ "S220 Indoor Cam" & @CRLF & _ "https://us.eufy.com/products/t88511d1" & @CRLF & _ "eufyCam 2 Pro" & @CRLF & _ "https://us.eufy.com/products/t88711w1" & @CRLF & _ "https://www.ankermake.com/products/m5?variant=42744298373269" & @CRLF & _ "This is the hardware of AnkerMake M5. It is the FDM (fused deposition modeling) tech 3D printer." & @CRLF & _ "1023499075" & @CRLF & _ "com.eero.android" & @CRLF & _ "eero (2nd Generation)" & @CRLF & _ "eero 6 (3rd Generation)" & @CRLF & _ "eero 6 Extender (3rd Generation)" & @CRLF & _ "eero 6 Pro" & @CRLF & _ "eero 6+ (4th Gen)" & @CRLF & _ "eero 6E Pro (4th Gen)" & @CRLF & _ "eero Beacon (2nd Generation)" & @CRLF & _ "eero Pro (2nd Generation)" & @CRLF & _ "https://api-user.e2ro.com/*" & @CRLF & _ "https://node.e2ro.com/*" & @CRLF & _ "Mozilla Ad Routing Service" & @CRLF & _ "** Critical Site **" & @CRLF & _ "Mozilla Ad Routing Service (MARS) under the below domains:" & @CRLF & _ "- ads.mozilla.org (mars.prod.ads.prod.webservices.mozgcp.net)" & @CRLF & _ "- ads.allizom.org (mars.stage.ads.nonprod.webservices.mozgcp.net)" & @CRLF & _ "- mars.qa.ads.nonprod.webservices.mozgcp.net" & @CRLF & _ "- ads-img.mozilla.org" & @CRLF & _ "- ads-img.allizom.org" & @CRLF & _ "- contile.services.mozilla.com" & @CRLF & _ "- spocs.getpocket.com" & @CRLF & _ "- spocs.getpocket.dev" & @CRLF & _ "- spocs.mozilla.net" & @CRLF & _ "- spocs.allizom.net" & @CRLF & _ "Testing to be done on the staging instance: " & @CRLF & _ "- ads.allizom.org" & @CRLF & _ "Source Code: https://github.com/mozilla-services/mars" & @CRLF & _ "Mozilla VPN Clients" & @CRLF & _ "** Critical Site**" & @CRLF & _ "Mozilla VPN iOS, Android, Desktop Clients. " & @CRLF & _ "Note that Mozilla VPN subscriptions are only open in [these countries](https://support.mozilla.org/en-US/kb/mozilla-vpn-countries-available-subscribe)." & @CRLF & _ "Source Code: https://github.com/mozilla-mobile/mozilla-vpn-client" & @CRLF & _ "Product Delivery" & @CRLF & _ "**Do not run automated scans on those domains**" & @CRLF & _ "Firefox Downloads which include the below sites:" & @CRLF & _ "- archive.mozilla.org" & @CRLF & _ "- download.mozilla.org" & @CRLF & _ "- download-installer.cdn.mozilla.net" & @CRLF & _ "- treeherder.mozilla.org" & @CRLF & _ "Note that content on these assets is intentionally public." & @CRLF & _ "Source Code: https://github.com/mozilla/treeherder" & @CRLF & _ "accounts.firefox.com" & @CRLF & _ "Mozilla Accounts (previously known as Firefox Accounts)" & @CRLF & _ "Additional domains in scope for Firefox Accounts:" & @CRLF & _ "* api.accounts.firefox.com" & @CRLF & _ "* oauth.accounts.firefox.com" & @CRLF & _ "* profile.accounts.firefox.com" & @CRLF & _ "* verifier.accounts.firefox.com" & @CRLF & _ "* subscriptions.firefox.com" & @CRLF & _ "Source Code: https://github.com/mozilla/fxa" & @CRLF & _ "addons.allizom.org" & @CRLF & _ "This is the staging server for Firefox Addons. Testing should be restricted to this instance without any testing on production." & @CRLF & _ "Additional domains for Addons:" & @CRLF & _ " - services.addons.allizom.org" & @CRLF & _ " - versioncheck-bg.addons.allizom.org" & @CRLF & _ " - versioncheck.addons.allizom.org" & @CRLF & _ "Source Code: https://github.com/mozilla/addons-server" & @CRLF & _ "api.profiler.firefox.com" & @CRLF & _ "**Core Site**" & @CRLF & _ "API server for Firefox Profiler" & @CRLF & _ "Source Code: https://github.com/firefox-devtools/profiler" & @CRLF & _ "aus5.mozilla.org" & @CRLF & _ "Backend update system for Mozilla products." & @CRLF & _ "No disruptive testing or scanning tools to be run on production." & @CRLF & _ "Source Code: https://github.com/mozilla-releng/balrog " & @CRLF & _ "bugzilla.mozilla.org" & @CRLF & _ "Mozilla owned Bugzilla instance." & @CRLF & _ "Please do not use automated scanners, create, or modify bugs when testing Bugzilla. Instead, testing should be only done on the development instance, bugzilla-dev.allizom.org." & @CRLF & _ "Source Code: https://github.com/mozilla-bteam/bmo" & @CRLF & _ "community-tc.services.mozilla.com" & @CRLF & _ "Community instance of TaskCluster CI/CD tool." & @CRLF & _ "Source Code: https://github.com/taskcluster/taskcluster" & @CRLF & _ "crash-reports.allizom.org" & @CRLF & _ "Endpoint for sending Firefox crash reports." & @CRLF & _ "Testing to be done on staging instance: https://crash-reports.allizom.org/" & @CRLF & _ "Source Code: https://github.com/mozilla-services/socorro" & @CRLF & _ "crash-stats.allizom.org" & @CRLF & _ "Analytics site for Firefox crash reports data." & @CRLF & _ "Testing to be done on staging instance only: https://crash-stats.allizom.org/" & @CRLF & _ "developer.mozilla.org" & @CRLF & _ "Please use the staging instance for intrusive tests or for tests which change the content: https://developer.allizom.org" & @CRLF & _ "Source Code: https://github.com/mdn/mdn" & @CRLF & _ "firefox-ci-tc.services.mozilla.com" & @CRLF & _ "TaskCluster CI/CD tool instance used for Firefox builds." & @CRLF & _ "firefox.settings.services.mozilla.com" & @CRLF & _ "Additional domains for Remote Settings:" & @CRLF & _ "- firefox-settings-attachments.cdn.mozilla.net" & @CRLF & _ "Testing to be performed on staging instance only: https://firefox.settings.services.allizom.org/v1/" & @CRLF & _ "hg.mozilla.org" & @CRLF & _ "The website used for source code and version control hosting for Firefox." & @CRLF & _ "Web vulnerabilities that affect the website itself and not the source code will be considered as vulnerabilities in a **Core Site**." & @CRLF & _ "Vulnerabilities that affect the source code itself will be considered as vulnerabilities in a **Critical Site**." & @CRLF & _ "Source Code: https://github.com/mozilla/version-control-tools" & @CRLF & _ "lando.services.mozilla.com" & @CRLF & _ "Tool used to land Firefox code into Mercurial." & @CRLF & _ "Additional Domain: api.lando.services.mozilla.com" & @CRLF & _ "Testing to be done on staging or development instances only:" & @CRLF & _ "- ui.dev.lando.nonprod.cloudops.mozgcp.net" & @CRLF & _ "- ui.stage.lando.nonprod.cloudops.mozgcp.net" & @CRLF & _ "- api.dev.lando.nonprod.cloudops.mozgcp.net" & @CRLF & _ "- api.stage.lando.nonprod.cloudops.mozgcp.net" & @CRLF & _ "Source Code: " & @CRLF & _ "- https://github.com/mozilla-conduit/lando" & @CRLF & _ "- https://github.com/mozilla-conduit/lando-api " & @CRLF & _ "- https://github.com/mozilla-conduit/lando-ui" & @CRLF & _ "merino.services.mozilla.com" & @CRLF & _ "Firefox Suggest" & @CRLF & _ "Testing to be performed on staging instance only: https://stage.merino.nonprod.cloudops.mozgcp.net/api/v1/suggest" & @CRLF & _ "Source Code: https://github.com/mozilla-services/merino-py" & @CRLF & _ "monitor.mozilla.org" & @CRLF & _ "Mozilla Monitor" & @CRLF & _ "Testing to be done on the staging instance: https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net/" & @CRLF & _ "Source Code: https://github.com/mozilla/blurts-server" & @CRLF & _ "mozilla-pontoon-staging.herokuapp.com" & @CRLF & _ "Staging instance for Mozilla Localization Service." & @CRLF & _ "Testing is to be done on this instance only, testing on production is not acceptable." & @CRLF & _ "Source Code: https://github.com/mozilla/pontoon" & @CRLF & _ "phabricator.allizom.org" & @CRLF & _ "Testing to be done **only** on the development instance (phabricator-dev.allizom.org) or the staging instance (phabricator.allizom.org)" & @CRLF & _ "Source Code: https://github.com/mozilla-conduit/phabricator" & @CRLF & _ "profiler.firefox.com" & @CRLF & _ "Web application for Firefox Profiler" & @CRLF & _ "push.services.mozilla.com" & @CRLF & _ "Firefox Push Service." & @CRLF & _ "Additional domain in scope: updates.push.services.mozilla.com" & @CRLF & _ "Testing to be done on below staging instances:" & @CRLF & _ "- wss://autopush.stage.mozaws.net" & @CRLF & _ "- https://updates-autopush.stage.mozaws.net" & @CRLF & _ "Source Code: https://github.com/mozilla-services/autopush-rs" & @CRLF & _ "relay.firefox.com" & @CRLF & _ "Testing to be done on the staging instance only: https://stage.fxprivaterelay.nonprod.cloudops.mozgcp.net." & @CRLF & _ "The team would like testing to be focused on the APIs listed here: https://dev.fxprivaterelay.nonprod.cloudops.mozgcp.net/api/v1/docs/" & @CRLF & _ "Source Code: https://github.com/mozilla/fx-private-relay" & @CRLF & _ "shavar.services.mozilla.com" & @CRLF & _ "Anti-tracking protection service in Firefox." & @CRLF & _ "Additional domain: shavar.prod.mozaws.net." & @CRLF & _ "Please do not run automated scans or denial of service testing on this service." & @CRLF & _ "Source Code: https://github.com/mozilla-services/shavar" & @CRLF & _ "stage.taskcluster.nonprod.cloudops.mozgcp.net" & @CRLF & _ "Staging instance for TaskCluster CI/CD tool." & @CRLF & _ "support.mozilla.org" & @CRLF & _ "Support platform for all of Mozilla Products." & @CRLF & _ "**Testing to be done on staging instance only to avoid disrupting users: support.allizom.org**" & @CRLF & _ "Source Code: https://github.com/mozilla/kitsune" & @CRLF & _ "sync.services.mozilla.com" & @CRLF & _ "Firefox Sync Domains:" & @CRLF & _ "- *.sync.services.mozilla.com" & @CRLF & _ "- token.services.mozilla.com" & @CRLF & _ "- https://github.com/mozilla-services/syncstorage-rs" & @CRLF & _ "- https://github.com/mozilla-services/tokenlib/" & @CRLF & _ "vpn.mozilla.org" & @CRLF & _ "This is the backend server behind Mozilla VPN." & @CRLF & _ "www.mozilla.org" & @CRLF & _ "Mozilla Marketing Website aka Bedrock." & @CRLF & _ " Please use our staging instance, www.allizom.org, for testing to avoid site disruption." & @CRLF & _ "Source Code: https://github.com/mozilla/bedrock" & @CRLF & _ "10x.redoxengine.com" & @CRLF & _ "api.gamma.redoxstage.com" & @CRLF & _ "app.gamma.redoxstage.com" & @CRLF & _ "blob.gamma.redoxstage.com" & @CRLF & _ "clientcert.gamma.redoxstage.com" & @CRLF & _ "dashboard.gamma.redoxstage.com" & @CRLF & _ "docs.redoxengine.com" & @CRLF & _ "eets-sftp-listener.gamma.redoxstage.com" & @CRLF & _ "eets.gamma.redoxstage.com" & @CRLF & _ "evening-earth.gamma.redoxstage.com" & @CRLF & _ "explore.redoxengine.com" & @CRLF & _ "This is a marketing site with all public information. Findings here have lesser security implication than our application" & @CRLF & _ "fhir.redoxengine.com" & @CRLF & _ "gamma.redoxstage.com" & @CRLF & _ "help.redoxengine.com" & @CRLF & _ "launch.gamma.redoxstage.com" & @CRLF & _ "sftp.gamma.redoxstage.com" & @CRLF & _ "test*.redoxengine.com" & @CRLF & _ "testapi.redoxengine.com" & @CRLF & _ "testapp.redoxengine.com" & @CRLF & _ "webhooks.gamma.redoxstage.com" & @CRLF & _ "www.redoxengine.com" & @CRLF & _ "This is our wordpress marketing site. Findings here have lesser security implication than our application" & @CRLF & _ "*.oklink.com" & @CRLF & _ "*.okx.com" & @CRLF & _ "Mac OS Executable" & @CRLF & _ "https://www.okx.com/download" & @CRLF & _ "OKT Chain" & @CRLF & _ "https://github.com/okx/exchain" & @CRLF & _ "OKX Android APK" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.okinc.okex.gp" & @CRLF & _ "OKX Wallet Chrome Extension" & @CRLF & _ "https://chromewebstore.google.com/detail/okx-wallet/mcohilncbfahbmgdjkbpemcciiolgcge" & @CRLF & _ "OKX Wallet Edge Add-ons" & @CRLF & _ "https://microsoftedge.microsoft.com/addons/detail/okx-wallet/pbpjkcldjiffchgbbndmhojiacbgflha" & @CRLF & _ "OKX Wallet Safari Extension" & @CRLF & _ "https://apps.apple.com/us/app/okx-wallet/id6463797825" & @CRLF & _ "OKX iOS APP" & @CRLF & _ "https://apps.apple.com/us/app/okx-buy-bitcoin-btc-crypto/id1327268470" & @CRLF & _ "Web3 DEX Open Source" & @CRLF & _ "https://github.com/okx/WEB3-DEX-OPENSOURCE" & @CRLF & _ "https://github.com/okx/WEB3-DEX-SOLANA-OPENSOURCE" & @CRLF & _ "Windows OS Executable" & @CRLF & _ "api.wisdomtreeprimeapp.com" & @CRLF & _ "com.wisdomtree.wtprime" & @CRLF & _ "www.analvids.com" & @CRLF & _ "www.ddfcontent.com" & @CRLF & _ "www.pornbox.com" & @CRLF & _ "www.pornworld.com" & @CRLF & _ "https://github.com/tronprotocol/java-tron" & @CRLF & _ "*.luckydays.ca" & @CRLF & _ "we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com." & @CRLF & _ "*.luckydays.com" & @CRLF & _ "*.magicjackpot.ro" & @CRLF & _ "You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s." & @CRLF & _ "*.napoleoncasino.be" & @CRLF & _ "You need a real/fake Belgium ID to register an account on the main casino/sport app." & @CRLF & _ "You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution" & @CRLF & _ "*.napoleondice.be" & @CRLF & _ "*.napoleongames.be" & @CRLF & _ "*.napoleonsports.be" & @CRLF & _ "*.spinaway.com" & @CRLF & _ "we have a lot of 3rd party's such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com. " & @CRLF & _ "*.superbet.com" & @CRLF & _ "*.superbet.pl" & @CRLF & _ "*.superbet.ro" & @CRLF & _ "For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s." & @CRLF & _ "Or use a test account from this list( some of them might not work so try multiple ones):" & @CRLF & _ "synack1 - rNc7pGnzxaWRaK" & @CRLF & _ "synack2 - tQWdwGX4B5agoe" & @CRLF & _ "synack3 - 2hZHsnFhZPTT3D" & @CRLF & _ "synack4 - 6qE8ZG8JQgSWCU" & @CRLF & _ "synack5 - yfjzvoWLYZn4GM" & @CRLF & _ "synack6 - JUKzSYr626V7zZ" & @CRLF & _ "synack7 - VMs8C4txt3hNzQ" & @CRLF & _ "synack8 - LyEb8vuuRRgiXd" & @CRLF & _ "synack9 - KZkfiVXrHZ3JxX" & @CRLF & _ "synack10 - 6sphJVv3PFp8mB" & @CRLF & _ "● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team." & @CRLF & _ "*.superbet.rs" & @CRLF & _ "This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip's, so please use a VPN." & @CRLF & _ "ro.superbet.games" & @CRLF & _ "Make sure you change your google play country to Romania so you can access the app." & @CRLF & _ "https://play.google.com/store/apps/details?id=ro.superbet.games&hl=ro&gl=RO" & @CRLF & _ "ro.superbet.sport" & @CRLF & _ "Make sure you set the location to your google play account to Romania so you can access the app" & @CRLF & _ "https://play.google.com/store/apps/details?id=ro.superbet.sport&hl=ro&gl=RO" & @CRLF & _ "*.magiceden.dev" & @CRLF & _ "Cryptocurrency = Solana" & @CRLF & _ "*.magiceden.io" & @CRLF & _ "*.magiceden.workers.dev" & @CRLF & _ "Magic Eden Wallet (Chrome Extension)" & @CRLF & _ "magiceden.io" & @CRLF & _ "1431768824" & @CRLF & _ "563291345" & @CRLF & _ "Any other subdomains under this domain are not in scope and ineligible for submission" & @CRLF & _ "965180355" & @CRLF & _ "api.avtoelon.uz" & @CRLF & _ "api.kolesa.kz" & @CRLF & _ "api.krisha.kz" & @CRLF & _ "app.avtoelon.uz" & @CRLF & _ "app.kolesa.kz" & @CRLF & _ "app.krisha.kz" & @CRLF & _ "avtoelon.uz" & @CRLF & _ "id.avtoelon.uz" & @CRLF & _ "id.kolesa.kz" & @CRLF & _ "kolesa.kz" & @CRLF & _ "krisha.kz" & @CRLF & _ "kz.kolesa" & @CRLF & _ "kz.krisha" & @CRLF & _ "m.avtoelon.uz" & @CRLF & _ "m.kolesa.kz" & @CRLF & _ "m.krisha.kz" & @CRLF & _ "uz.avtoelon" & @CRLF & _ "*.boozt.com" & @CRLF & _ "*.booztlet.com" & @CRLF & _ "com.boozt" & @CRLF & _ "com.boozt.app" & @CRLF & _ "com.boozt.booztlet" & @CRLF & _ "com.booztlet" & @CRLF & _ "kronor.io" & @CRLF & _ "We are interested in reports covering the following endpoints only:" & @CRLF & _ "1. https://kronor.io/v1/graphql" & @CRLF & _ "2. https://payment-gateway.kronor.io" & @CRLF & _ "3. https://kronor.io/cde/gql" & @CRLF & _ "my.sheer.com" & @CRLF & _ "www.sheer.com" & @CRLF & _ "1589071345" & @CRLF & _ "App name: My Vodafone Oman" & @CRLF & _ "apix.vodafone.om" & @CRLF & _ "om.vodafone.mva" & @CRLF & _ "vfo01.vodafone.om" & @CRLF & _ "vfo02.vodafone.om" & @CRLF & _ "vfo03.vodafone.om" & @CRLF & _ "www.vodafone.om" & @CRLF & _ "api.au.frontegg.com" & @CRLF & _ "portal.au.frontegg.com" & @CRLF & _ "*.indrive.com" & @CRLF & _ "*.indriver.com" & @CRLF & _ "*.indriverapp.com" & @CRLF & _ "ab-platform-api.eu-east-1.indriverapp.com" & @CRLF & _ "argocd.indrive.dev" & @CRLF & _ "auth.indrive.tech" & @CRLF & _ "auth2.indrive.tech" & @CRLF & _ "aws.indrive.tech" & @CRLF & _ "cargo.indrive.com" & @CRLF & _ "ci.indrive.dev" & @CRLF & _ "debug.clairvoyance.indrive.tech" & @CRLF & _ "external.indrive.dev" & @CRLF & _ "file-storage-front.eu-east-1.indriverapp.com" & @CRLF & _ "https://*.indriver.io" & @CRLF & _ "https://*.indriverjob.com" & @CRLF & _ "ingest.clairvoyance.indrive.tech" & @CRLF & _ "injob.indriver.com" & @CRLF & _ "intercity-*.eu-east-1.indriverapp.com" & @CRLF & _ "messenger.eu-east-1.indriverapp.com" & @CRLF & _ "new-order.eu-east-1.indriverapp.com" & @CRLF & _ "priority.eu-east-1.indriverapp.com" & @CRLF & _ "profile-api.eu-east-1.indriverapp.com" & @CRLF & _ "super-services.indriverapp.com" & @CRLF & _ "terra-*.indriverapp.com" & @CRLF & _ "truck-api.eu-east-1.indriverapp.com" & @CRLF & _ "volans.tech" & @CRLF & _ "watchdocs.indriverapp.com" & @CRLF & _ "wga.volans.tech" & @CRLF & _ "1671793296" & @CRLF & _ "zerobounce.net" & @CRLF & _ "1324809509" & @CRLF & _ "https://apps.apple.com/us/app/id1324809509" & @CRLF & _ "1528364633" & @CRLF & _ "https://apps.apple.com/us/app/luna-controller/id1528364633" & @CRLF & _ "302584613" & @CRLF & _ "https://apps.apple.com/us/app/id302584613" & @CRLF & _ "621574163" & @CRLF & _ "https://apps.apple.com/us/app/amazon-photos/id621574163" & @CRLF & _ "944011620" & @CRLF & _ "https://apps.apple.com/us/app/id944011620" & @CRLF & _ "947984433" & @CRLF & _ "https://apps.apple.com/us/app/id947984433" & @CRLF & _ "Echo Family Devices" & @CRLF & _ "Echo (Gen 4)," & @CRLF & _ "Echo Dot (Gen 4)" & @CRLF & _ "Echo Dot with Clock (Gen 4)" & @CRLF & _ "Echo Show 10" & @CRLF & _ "Echo Flex" & @CRLF & _ "Echo Buds" & @CRLF & _ "Echo Frames" & @CRLF & _ "Echo Auto" & @CRLF & _ "FireTV" & @CRLF & _ "Fire TV Stick (Gen 3)" & @CRLF & _ "Amazon Fire TV Cube (Gen 2)" & @CRLF & _ "Fire TV Stick Lite" & @CRLF & _ "Fire TV Blaster" & @CRLF & _ "Kindle E-Reader" & @CRLF & _ "Kindle Oasis (Gen 10)" & @CRLF & _ "Kindle (Gen 10)" & @CRLF & _ "Luna" & @CRLF & _ "Luna Controller" & @CRLF & _ "Tablets" & @CRLF & _ "Fire HD 8 (Gen 10)" & @CRLF & _ "Fire 7" (Gen 9)" & @CRLF & _ "Fire HD 10 (Gen 9)" & @CRLF & _ "a4k.amazon.com" & @CRLF & _ "alexa.amazon.com" & @CRLF & _ "alexaanswers.amazon.com" & @CRLF & _ "amazon.com/hz/mycd/*" & @CRLF & _ "api.amazonalexa.com/*" & @CRLF & _ "blueprints.amazon.com" & @CRLF & _ "com.amazon.clouddrive.photos" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.clouddrive.photos" & @CRLF & _ "com.amazon.dee.alexaonwearos" & @CRLF & _ "com.amazon.dee.app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.dee.app" & @CRLF & _ "com.amazon.kindle" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.kindle" & @CRLF & _ "com.amazon.storm.lightning.client.aosp" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.storm.lightning.client.aosp" & @CRLF & _ "com.amazon.tahoe.freetime" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.tahoe.freetime" & @CRLF & _ "com.amazon.tails" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.tails" & @CRLF & _ "creator.amazon.com" & @CRLF & _ "developer.amazon.com/alexa/*" & @CRLF & _ "developer.amazon.com/apps-and-games/*" & @CRLF & _ "https://luna.amazon.com/*" & @CRLF & _ "https://www.amazon.com/luna/*" & @CRLF & _ "read.amazon.com" & @CRLF & _ "skills-store.amazon.com" & @CRLF & _ "www.amazon.com/photos/*" & @CRLF & _ "Android & iOS App for REI Customers" & @CRLF & _ "To download the app, please visit https://www.rei.com/mobile" & @CRLF & _ "What it does?" & @CRLF & _ "REI customers can place orders through the app on their smartphone" & @CRLF & _ "Any public cloud resource or infrastructure operated and managed by REI." & @CRLF & _ "* Public cloud storage accounts. (e.g. AWS S3 buckets)" & @CRLF & _ "* Public cloud computer server. (e.g. AWS EC2 instances)" & @CRLF & _ "http://collaboration.rei.com" & @CRLF & _ "http://rei.com/adventures" & @CRLF & _ "http://rei.com/events" & @CRLF & _ "http://rei.com/lists" & @CRLF & _ "http://www.rei.com/learn/expert-advice" & @CRLF & _ "rei.com" & @CRLF & _ "api.mergify.com" & @CRLF & _ "dashboard.mergify.com" & @CRLF & _ "https://www.zabbix.com/download_sources" & @CRLF & _ "You can download any supported versions of Zabbix distributive for testing purposes (including pre-release versions)." & @CRLF & _ "com.coinhako" & @CRLF & _ "Get the app here: https://play.google.com/store/apps/details?id=com.coinhako" & @CRLF & _ "com.coinhako.app" & @CRLF & _ "Get the app here: https://apps.apple.com/app/coinhako-bitcoin-wallet-asia/id1137855704" & @CRLF & _ "www.coinhako.com" & @CRLF & _ "cdn.arkoselabs.com" & @CRLF & _ "client-api.arkoselabs.com" & @CRLF & _ "customer-sessions.arkoselabs.com" & @CRLF & _ "demo.arkoselabs.com" & @CRLF & _ "This web app is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties." & @CRLF & _ "iframe.arkoselabs.com" & @CRLF & _ "portal.arkoselabs.com" & @CRLF & _ "verify.arkoselabs.com" & @CRLF & _ "www.arkoselabs.com" & @CRLF & _ "This website is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties." & @CRLF & _ "checksw.com" & @CRLF & _ "1- Check if you can pass the two authentications provided by Secure Gateway mobile APP, Try any possible way to login without receiving the code, or try brute force the code or pass the rate limit." & @CRLF & _ "2- Check if you can pass upload prevention system, try any file extension out of the list (jpg,jpeg,png,gif,jfif,mp4,doc,docx,pdf,xls,xlsx,ppsx,ppt,pptx,flv,rar,zip,htm,html) And the file you uploaded should function in a browser when visiting the file." & @CRLF & _ "3- Check whether you can pass the Secure Gateway upload detector system, for example upload '.jpg' file It has the word [php_uname] in the file content (not in file name)." & @CRLF & _ "Instructions" & @CRLF & _ "For 2FA, you need to install 'Secure Gateway' APP on your phone to get onetime a code. Secure Gateway APP can be downloaded by clicking on the link below." & @CRLF & _ "For Apple Devices" & @CRLF & _ "https://apps.apple.com/us/app/secure-gateway/id1633721151" & @CRLF & _ "For Android Devices" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.alscotoday.SecureGateway" & @CRLF & _ "Then contact us to provide you with a test account to login to Secure Gateway APP." & @CRLF & _ "Guidelines:" & @CRLF & _ "1-Only full hack scenario will be accepted, e.g., edit the index page, or download the database." & @CRLF & _ "2-Upload html file contain JavaScript are not considered as vulnerability, Unless you can change an index page, database or file on our system." & @CRLF & _ "3-A recorded video must be included with every report submitted." & @CRLF & _ "4- If you don't follow these guidelines we will not award a bounty for the report." & @CRLF & _ "5-Business logic errors and misconfigurations are out of scope, but you are welcome to submit reports." & @CRLF & _ "Required Reporting Format" & @CRLF & _ " Affected target, feature, or URL:" & @CRLF & _ " Description of problem:" & @CRLF & _ " Impact of the issue:" & @CRLF & _ " Steps to reproduce:" & @CRLF & _ " Proof of Concept:" & @CRLF & _ " Is knowledge of this issue currently public?" & @CRLF & _ " Only complete hacking scenarios will be accepted; otherwise, the report will be closed." & @CRLF & _ " Any report that does not follow these guidelines will be rejected and closed." & @CRLF & _ "royal.checksw.com" & @CRLF & _ " Check [Royal CMS] Against Common Injection include [XSS Injection , SQL Injection ,SQLi Injection , OS Injection ,Command Injection, URL Injection , Remote Code Execution, and privilege escalation] that could cause hack CMS and change major files in back-end server." & @CRLF & _ "app.dynamic-preprod.xyz" & @CRLF & _ "app.dynamic.xyz" & @CRLF & _ "Because we are still beta, if you provide us with a wallet public address we can whitelist your wallet." & @CRLF & _ "Open a report with your address. Additionally, we'll close as informative to avoid any negative impacts." & @CRLF & _ "Alternatively, you can email security@dynamic.xyz with your wallet address and H1 username. Anonymous emails are allowed." & @CRLF & _ "demo.dynamic.xyz" & @CRLF & _ "While demo.dynamic.xyz is set to low severity, do note that we consider reports where using demo.dynamic.xyz to expose an issue with the backend api (https://app.dynamic.xyz and https://app.dynamicauth.com) to be critical." & @CRLF & _ "For example, any issues that are specific to demo only are considered low." & @CRLF & _ "*.boredapeyachtclub.com" & @CRLF & _ "*.cryptopunks.app" & @CRLF & _ "*.mdvmm.xyz" & @CRLF & _ "*.meebits.app" & @CRLF & _ "*.otherside.xyz" & @CRLF & _ "*.yuga.com" & @CRLF & _ "*.yugalabs.io" & @CRLF & _ "329381334701178885" & @CRLF & _ "CryptoPunks Discord Server" & @CRLF & _ "Canary Channel ID: 999377510355718245" & @CRLF & _ "831287358355275877" & @CRLF & _ "Bored Ape Yacht Club Discord Server" & @CRLF & _ "Canary Channel ID: 999376248943943813" & @CRLF & _ "937011954453721119" & @CRLF & _ "Meebits Discord Server" & @CRLF & _ "Canary Channel ID: 999376585037713568" & @CRLF & _ "961114489414094898" & @CRLF & _ "Otherside Discord Server" & @CRLF & _ "Canary Channel ID: 999375944731082923" & @CRLF & _ "app.moderntreasury.com" & @CRLF & _ "cdn.moderntreasury.com" & @CRLF & _ "http://sandbox-api.fireblocks.io" & @CRLF & _ "http://sb-console-api.fireblocks.io" & @CRLF & _ "http://sb-mobile-api.fireblocks.io" & @CRLF & _ "sandbox.fireblocks.io" & @CRLF & _ "Access to the sandbox (https://sandbox.fireblocks.io/) is provided after submitting this form https://info.fireblocks.com/fireblocks-developer-account, with the proton email provided by HackerOne credential management." & @CRLF & _ "https://developers.fireblocks.com/docs/sandbox-quickstart" & @CRLF & _ "https://developers.fireblocks.com/docs/postman-guide" & @CRLF & _ "Authentication component" & @CRLF & _ "The Authentication component is used to provide MetaMask users services that require to be logged in and/or identified." & @CRLF & _ "It is comprised of an Authentication API at: https://authentication.api.cx.metamask.io/ and an ORY Hydra OAuth server at: https://oidc.api.cx.metamask.io." & @CRLF & _ "Documentation can be found in this [Doc]( https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub)" & @CRLF & _ "Message signing snap" & @CRLF & _ "This snap is pre-installed on MetaMask and can be tested via RPC calls." & @CRLF & _ "- **Github source code**: https://github.com/MetaMask/message-signing-snap" & @CRLF & _ "- **Main documentation**: https://github.com/MetaMask/message-signing-snap/blob/main/docs/testing.md" & @CRLF & _ "- **Testing video tutorial**: https://www.loom.com/share/93ce2929c2584cf89af87d76f61be978" & @CRLF & _ "MetaMask Browser Extension" & @CRLF & _ "Chrome Installation Link: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn" & @CRLF & _ "Firefox Installation Link: https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/" & @CRLF & _ "Supporting Documentation" & @CRLF & _ "- https://docs.metamask.io/guide/" & @CRLF & _ "- https://github.com/MetaMask/metamask-extension" & @CRLF & _ "MetaMask SDK" & @CRLF & _ "The MetaMask SDK allows for third party developers to remotely connect with their user's MetaMask wallets after performing an authorization flow. " & @CRLF & _ "Javascript SDK Installation Guide: " & @CRLF & _ "* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-js/" & @CRLF & _ "Mobile SDK Installation Guide: " & @CRLF & _ "* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-mobile.html" & @CRLF & _ "Unity SDK Installation Guide: " & @CRLF & _ "* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-unity.html" & @CRLF & _ "Architecture documentation: " & @CRLF & _ "* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer" & @CRLF & _ "Snaps" & @CRLF & _ "Snaps is a feature that allows third party developers to add new functionality to MetaMask. A snap is a JavaScript program that runs in an isolated environment and customizes the wallet experience. Snaps have access to a limited set of capabilities, determined by the [permissions](https://docs.metamask.io/snaps/how-to/request-permissions/) the user granted them during installation." & @CRLF & _ "Visit our [quickstart guide](https://docs.metamask.io/snaps/get-started/quickstart/) to learn how to build your own snap, or visit [snaps.metamask.io](http://snaps.metamask.io) to see the possibilities that snaps now offer." & @CRLF & _ "Please note that for the duration of the open beta, custom made snaps can only be installed on experimental [MetaMask Flask](https://metamask.io/flask/). While that asset is out of scope, vulnerabilities concerning the snaps feature are eligible for submission if they affect the main extension as well. " & @CRLF & _ "**Supporting Documentation:**" & @CRLF & _ "- https://github.com/MetaMask/snaps/tree/main" & @CRLF & _ "- https://docs.metamask.io/snaps/" & @CRLF & _ "**Architecture Documentation**" & @CRLF & _ "- https://github.com/MetaMask/snaps/tree/main/docs/internals" & @CRLF & _ "**Packages included in this scope:**" & @CRLF & _ "- [rpc-methods](https://github.com/MetaMask/snaps/tree/main/packages/rpc-methods)" & @CRLF & _ "- [snaps-controllers](https://github.com/MetaMask/snaps/tree/main/packages/snaps-controllers)" & @CRLF & _ "- [snaps-execution-environments](https://github.com/MetaMask/snaps/tree/main/packages/snaps-execution-environments)" & @CRLF & _ "- [snaps-utils](https://github.com/MetaMask/snaps/tree/main/packages/snaps-utils)" & @CRLF & _ "- [snaps-ui](https://github.com/MetaMask/snaps/tree/main/packages/snaps-ui)" & @CRLF & _ "As snaps is a first party feature integrated into MetaMask, vulnerabilities will be scored relative to the impact demonstrated against the MetaMask Extension without a change in scope." & @CRLF & _ "Snaps Development Packages" & @CRLF & _ "The Snaps development tools consist of a series of unrelated packages that can assist in the development of a snap. These tools are eligible for a bounty in cases where a victim can be impacted by exploiting one of the following tools (ex: achieving remote code execution by having a developer build your snap with snaps-cli)." & @CRLF & _ "These tools are as follows: " & @CRLF & _ "- [create-snap](https://github.com/MetaMask/snaps/tree/main/packages/create-snap)" & @CRLF & _ "- [snaps-browserify-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-browserify-plugin)" & @CRLF & _ "- [snaps-cli](https://github.com/MetaMask/snaps/tree/main/packages/snaps-cli)" & @CRLF & _ "- [snaps-rollup-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-rollup-plugin)" & @CRLF & _ "- [snaps-simulator](https://github.com/MetaMask/snaps/tree/main/packages/snaps-simulator)" & @CRLF & _ "- [snaps-webpack-plugins](https://github.com/MetaMask/snaps/tree/main/packages/snaps-webpack-plugins)" & @CRLF & _ "https://*.metamask.io" & @CRLF & _ "**Please ensure you are not reporting a subdomain that is explicitly listed as being out of scope.** " & @CRLF & _ "Bounty eligibility is determined based on the impact that can be demonstrated by exploiting the affected asset." & @CRLF & _ "https://metamask.github.io/phishing-warning/<vX.Y.Z>" & @CRLF & _ "The phishing warning page is a security control that warns users when they attempt to visit a webpage found on one of our known phishing blocklists. While many versions of this page exist, only vulnerabilities found on the latest version are eligible for a bounty. " & @CRLF & _ "Supporting Documentation:" & @CRLF & _ "* https://github.com/MetaMask/phishing-warning/releases" & @CRLF & _ "* [Code usage in MetaMask extension](https://github.com/MetaMask/metamask-extension/blob/d96c2b8530ff0fe66ad8977641bc70cc0b58cc03/app/scripts/contentscript.js#L611-L624)" & @CRLF & _ "https://user-storage.api.cx.metamask.io" & @CRLF & _ "The User Storage API helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy." & @CRLF & _ "Documentation can be found in this [Doc](https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub)" & @CRLF & _ "io.metamask" & @CRLF & _ "Installation Link: https://metamask.io/download/" & @CRLF & _ "Supporting documentation" & @CRLF & _ "- https://github.com/MetaMask/metamask-mobile" & @CRLF & _ "io.metamask.Metamask" & @CRLF & _ "metamask.io" & @CRLF & _ "The root https://metamask.io webpage and the metamask.io DNS configuration." & @CRLF & _ "portfolio.metamask.io" & @CRLF & _ "**All reports regarding this asset should be submitted to the ConsenSys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there. **" & @CRLF & _ "The Portfolio dApp allows Metamask users to see an aggregated view across multiple different Metamask accounts. It also allows users to access popular on-chain primitives like Swaps, Bridging, Staking, and more." & @CRLF & _ "snaps.metamask.io" & @CRLF & _ "This is a directory that lists featured snaps available for installation on MetaMask." & @CRLF & _ "**Supporting Documentation**" & @CRLF & _ "- https://github.com/MetaMask/snaps-directory" & @CRLF & _ "api.skinport.com" & @CRLF & _ "Public REST API - Docs: https://docs.skinport.com" & @CRLF & _ "app.skinport.com" & @CRLF & _ "Backend: [app.skinport.com](app.skinport.com)" & @CRLF & _ "**Important Note:**" & @CRLF & _ "Alias of skinport.com/api/ (to app.skinport.com/api/)" & @CRLF & _ "http://skinport.com/blog/" & @CRLF & _ "skinport.com" & @CRLF & _ "skinport.com (without subdomains, e.g. screenshot.skinport.com, float.skinport.com and so on)" & @CRLF & _ "Frontend: [skinport.com](https://skinport.com)" & @CRLF & _ "- skinport.com/api/ (redirected to app.skinport.com/api/) submissions, please use app.skinport.com scope!" & @CRLF & _ "- skinport.com/support: If you are to test anything related to typing in the support ticket, please, send following message before that." & @CRLF & _ "`Hello. I'm a pentester from HackerOne. I'm going to test something in support ticket. Your developers are aware of that.`" & @CRLF & _ "*.eu.floqast.app" & @CRLF & _ "All domains for FloQast's Core Application for European Customers" & @CRLF & _ "*.floqast.app" & @CRLF & _ "All domains for FloQast's Core Application for US Customers" & @CRLF & _ "api-eu.floqast.app" & @CRLF & _ "Public API for FloQast's Core Application for European Customers" & @CRLF & _ "https://*.floqast.engineering" & @CRLF & _ "These domains shouldn't be accessible, so if you're able to get a 200 response and get the actual page contents and not something like "You need to enable JavaScript to run this app. ", please don't hesitate to submit a report." & @CRLF & _ "Any public (Internet-facing) infrastructure owned and operated by Palantir." & @CRLF & _ "This is an expansive scope to help you identify security issues in any Internet-facing infrastructure we run. " & @CRLF & _ "All domains and subdomains owned and operated by Palantir are included within the scope. These may include, but are not limited to: " & @CRLF & _ "* palantir.com" & @CRLF & _ "* palantir.tech" & @CRLF & _ "* palantir.build" & @CRLF & _ "* palantircloud.com" & @CRLF & _ "* palantircloud.co.uk" & @CRLF & _ "* palantirfoundry.com" & @CRLF & _ "* palantirfoundry.co.uk" & @CRLF & _ "* palantirfoundry.de" & @CRLF & _ "* palantirfoundry.fr" & @CRLF & _ "* palantirfoundry.com.au " & @CRLF & _ "* palantirgov.com" & @CRLF & _ "* foundrygov.com" & @CRLF & _ "All assets and services on these, and other Palantir-owned domains (unless otherwise noted as out-of-scope) may be eligible for awards. This may include cloud resources, firewalls, network devices, servers, and other assets or applications." & @CRLF & _ "Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir." & @CRLF & _ "- Public cloud storage accounts. (e.g. AWS S3 buckets, Azure data blobs)" & @CRLF & _ "- Public cloud compute servers. (e.g. AWS EC2 instances, Azure Virtual Machines)" & @CRLF & _ "MongoDB BI Connector" & @CRLF & _ "MongoDB Cluster-To-Cluster sync" & @CRLF & _ "MongoDB Compass" & @CRLF & _ "MongoDB Driver: .NET" & @CRLF & _ "MongoDB Driver: C" & @CRLF & _ "MongoDB Driver: C#" & @CRLF & _ "MongoDB Driver: C++" & @CRLF & _ "MongoDB Driver: Go" & @CRLF & _ "MongoDB Driver: Java" & @CRLF & _ "MongoDB Driver: Node.js" & @CRLF & _ "MongoDB Driver: PHP" & @CRLF & _ "MongoDB Driver: Python" & @CRLF & _ "MongoDB Driver: Ruby" & @CRLF & _ "MongoDB Driver: Rust" & @CRLF & _ "MongoDB Kafka Connector" & @CRLF & _ "MongoDB Owned GitHub Repositories" & @CRLF & _ "MongoDB GitHub related reports are encouraged however, eligible reports may be rewarded at a percentage of the severity reward payout. " & @CRLF & _ "MongoDB Realm SDKs" & @CRLF & _ "MongoDB Relational Migrator" & @CRLF & _ "MongoDB Server Local Instance" & @CRLF & _ "MongoDB Shell" & @CRLF & _ "MongoDB Spark Connector" & @CRLF & _ "MongoDB VS Code Plugin" & @CRLF & _ "artifactory.corp.mongodb.com/" & @CRLF & _ "https://*.corp.mongodb.com*" & @CRLF & _ "https://www.*mongodb.com/*" & @CRLF & _ "The following domains fall under the \*.mongodb.com/\* domain:" & @CRLF & _ "* \*.corp.mongodb.com/\*" & @CRLF & _ "* \*.infosec.mongodb.com/\*" & @CRLF & _ "* \*.marian.mongodb.com/\*" & @CRLF & _ "* \*.transport.mongodb.com/\*" & @CRLF & _ "* \*.students.mongodb.com/\*" & @CRLF & _ "* \*.dev.mongodb.com/\*" & @CRLF & _ "* \*.support.mongodb.com/\*" & @CRLF & _ "* \*.compass.mongodb.com/\*" & @CRLF & _ "* \*.university.mongodb.com/\*" & @CRLF & _ "* \*.blog.mongodb.com/\*" & @CRLF & _ "* \*.api.mongodb.com/\*" & @CRLF & _ "There are domains that fall under the \*.mongodb.com/\* that are out of scope. Please refer to out of scope section" & @CRLF & _ "PLEASE NOTE eligible subdomain takeover reports may be rewarded at a percentage of the severity reward payout. " & @CRLF & _ "mongodb.live/*" & @CRLF & _ "*.deribit.com" & @CRLF & _ "1293674041" & @CRLF & _ "Tier 1" & @CRLF & _ "Tier 2" & @CRLF & _ "com.deribit" & @CRLF & _ "insights.deribit.com" & @CRLF & _ "metrics.deribit.com" & @CRLF & _ "pb.deribit.com" & @CRLF & _ "test.deribit.com" & @CRLF & _ "tools.deribit.com" & @CRLF & _ "api.sorare.com" & @CRLF & _ "This is Sorare's GraphQL Open API. More documentation about the API can be found on GitHub: https://github.com/sorare/api" & @CRLF & _ "sorare.com" & @CRLF & _ "This is Sorare's main application." & @CRLF & _ "ws.sorare.com" & @CRLF & _ "This is Sorare's WebSocket domain, providing GraphQL subscriptions capabilities as described in https://github.com/sorare/api#subscribing-to-graphql-events" & @CRLF & _ "*.hilton.com" & @CRLF & _ "All subdomains of hilton.com that resolve to IP addresses belonging to the Rackspace organization are considered out of scope. In addition, the application eis.hilton.com is out of scope." & @CRLF & _ "*.hilton.io" & @CRLF & _ "*.hiltonbusinessonline.com" & @CRLF & _ "*.hiltonlocalbiz.com" & @CRLF & _ "121.200.237.36/29" & @CRLF & _ "167.187.0.0/16" & @CRLF & _ "192.251.123.0/24" & @CRLF & _ "192.251.124.0/24" & @CRLF & _ "192.251.125.0/24" & @CRLF & _ "192.251.126.0/24" & @CRLF & _ "203.79.37.2/29" & @CRLF & _ "62.216.152.46/29" & @CRLF & _ "82.196.42.196/28" & @CRLF & _ "hilton.com" & @CRLF & _ "Authentication functionality when a user creates a Hilton Honors account (https://www.hilton.com/en/hilton-honors/join/). To create a Hilton Honors account, finders should complete the free sign-up process. The string “Test-Hackerone” must be prepended to the First and Last name fields for all Honors accounts created for the purposes of security testing. " & @CRLF & _ "hilton.io" & @CRLF & _ "hiltonbusinessonline.com" & @CRLF & _ "hiltonlocalbiz.com" & @CRLF & _ "com.compass.compass" & @CRLF & _ "https://apps.apple.com/us/app/compass-real-estate-homes/id692766504" & @CRLF & _ "www.compass.com" & @CRLF & _ "*.sidefx.com" & @CRLF & _ "*.wellsfargo.com" & @CRLF & _ "com.wellsfargo.ceomobile" & @CRLF & _ "com.wf.ceomobile" & @CRLF & _ "com.wf.mobilebanking" & @CRLF & _ "com.wf.wellsfargomobile" & @CRLF & _ "connect.secure.wellsfargo.com" & @CRLF & _ "This is our retail banking experience, and a priority domain. " & @CRLF & _ "http://wellsfargo.com" & @CRLF & _ "Wickr Me Android" & @CRLF & _ "Wickr Me Linux" & @CRLF & _ "Wickr Me OS X" & @CRLF & _ "Wickr Me Windows" & @CRLF & _ "Wickr Me iOS" & @CRLF & _ "Wickr Pro Android" & @CRLF & _ "Wickr Pro Linux" & @CRLF & _ "Wickr Pro OS X" & @CRLF & _ "Wickr Pro Windows" & @CRLF & _ "Wickr Pro iOS" & @CRLF & _ "Wickr Pro/Wickr Me (all related technical components) (up to)" & @CRLF & _ "admin.wickr.com" & @CRLF & _ "*.payoneer.com" & @CRLF & _ "http://greenchannel.payoneer.com.cn/gcportal" & @CRLF & _ "payoneer.com.cn" & @CRLF & _ "Payoneer China" & @CRLF & _ "*.hypermint.com" & @CRLF & _ "*.moonpay.com" & @CRLF & _ "*.moonpaycloud.com" & @CRLF & _ "api.moonpay.com" & @CRLF & _ "app.moonpay.com" & @CRLF & _ "auth.moonpay.com" & @CRLF & _ "buy.moonpay.com" & @CRLF & _ "https://apps.apple.com/app/id1635031432" & @CRLF & _ "https://github.com/moonpay" & @CRLF & _ "Archived repositories are excluded and considered out of scope." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.moonpay" & @CRLF & _ "hypermint.com" & @CRLF & _ "moonpay.com" & @CRLF & _ "sell.moonpay.com" & @CRLF & _ "web3.moonpay.com" & @CRLF & _ "1091010942" & @CRLF & _ "iOS Mobile app" & @CRLF & _ "app.koho.ca" & @CRLF & _ "Our app API gateway." & @CRLF & _ "ca.koho" & @CRLF & _ "Android Mobile app" & @CRLF & _ "http://api.koho.ca/1.0" & @CRLF & _ "Our main API gateway" & @CRLF & _ "http://api.koho.ca/partner" & @CRLF & _ "Used for API calls to/for our partners" & @CRLF & _ "usercontent.koho.ca" & @CRLF & _ "Used for our assets to be delivered to customers (i.e. logo, stylesheets, etc.)." & @CRLF & _ "web.koho.ca" & @CRLF & _ "Customer-facing Web application" & @CRLF & _ "webgateway.koho.ca" & @CRLF & _ "Our web API gateway." & @CRLF & _ "www.koho.ca" & @CRLF & _ "Marketing website" & @CRLF & _ "*.capitalone.ca" & @CRLF & _ "*.capitalone.com" & @CRLF & _ "*.capitalonegslbex.com" & @CRLF & _ "*.capitaloneshopping.com" & @CRLF & _ "1089294040" & @CRLF & _ "407558537" & @CRLF & _ "Capital One Shopping Browser Extension" & @CRLF & _ "Eno® Browser Extension" & @CRLF & _ "com.konylabs.capitalone" & @CRLF & _ "com.wikibuy.prod.main" & @CRLF & _ "knox.beta.blendlabs.com" & @CRLF & _ "api.razorpay.com" & @CRLF & _ "Reference:" & @CRLF & _ "https://razorpay.com/docs/" & @CRLF & _ "checkout.razorpay.com" & @CRLF & _ "Payment Workflow: https://razorpay.com/docs/payments/dashboard/test-live-modes/" & @CRLF & _ "https://razorpay.com/docs/payments/payments/test-card-upi-details/" & @CRLF & _ "dashboard.razorpay.com" & @CRLF & _ "Signup Workflow: https://razorpay.com/docs/payments/sign-up/" & @CRLF & _ "invoices.razorpay.com" & @CRLF & _ "payroll.razorpay.com" & @CRLF & _ "Doc - https://razorpay.com/docs/x/xpayroll/" & @CRLF & _ "x.razorpay.com" & @CRLF & _ "Docs - https://razorpay.com/docs/x" & @CRLF & _ "https://git.libssh.org/" & @CRLF & _ "Disclosure instructions: https://www.libssh.org/development/security-process/" & @CRLF & _ "https://github.com/Electron" & @CRLF & _ "Build cross platform desktop apps with JavaScript, HTML, and CSS. Disclosure instructions: https://github.com/electron/electron/security/policy" & @CRLF & _ "https://github.com/Nginx" & @CRLF & _ "Disclosure instructions: http://nginx.org/en/security_advisories.html" & @CRLF & _ "https://github.com/apache/airflow" & @CRLF & _ "Disclosure instructions: https://github.com/apache/airflow/security/policy" & @CRLF & _ "https://github.com/apache/httpd" & @CRLF & _ "Disclosure instructions: http://httpd.apache.org/security_report.html" & @CRLF & _ "https://github.com/apache/tomcat" & @CRLF & _ "Disclosure instructions: https://tomcat.apache.org/security.html " & @CRLF & _ "https://github.com/argoproj/argoproj" & @CRLF & _ "Disclosure instructions: https://github.com/argoproj/argoproj/blob/master/SECURITY.md" & @CRLF & _ "Project Modifier: bounty amounts for this project are adjusted based on the following criteria:" & @CRLF & _ "-50% : Vulnerability is not exploitable in a default configuration of Argo." & @CRLF & _ "https://github.com/curl/curl" & @CRLF & _ "Disclosure instructions: https://github.com/curl/curl/blob/master/docs/VULN-DISCLOSURE-POLICY.md" & @CRLF & _ "https://github.com/django" & @CRLF & _ "The Web framework for perfectionists with deadlines. Disclosure instructions: https://www.djangoproject.com/security/" & @CRLF & _ "https://github.com/libuv/libuv" & @CRLF & _ "Disclosure instructions: https://github.com/libuv/libuv/security" & @CRLF & _ "https://github.com/nodejs/node" & @CRLF & _ "Disclosure instructions: https://hackerone.com/nodejs " & @CRLF & _ "**Project Modifier:** bounty amounts for this project are adjusted based on the following criteria:" & @CRLF & _ "-50% : Vulnerability is not exploitable in a default configuration of Node.js." & @CRLF & _ "-25% : A proposed patch was not provided for the issue. " & @CRLF & _ "https://github.com/openssl/openssl" & @CRLF & _ "OpenSSL. Disclosure instructions: https://www.openssl.org/news/vulnerabilities.html" & @CRLF & _ "https://github.com/rack/rack" & @CRLF & _ "Disclosure instructions: https://github.com/rack/rack/security/policy" & @CRLF & _ "https://github.com/rails" & @CRLF & _ "Ruby on Rails. Disclosure Instructions: https://rubyonrails.org/security/" & @CRLF & _ "https://github.com/ruby" & @CRLF & _ "The Ruby Programming Language. Disclosure Instructions: https://www.ruby-lang.org/en/security/" & @CRLF & _ "https://github.com/rubygems/rubygems" & @CRLF & _ "Library packaging and distribution for Ruby. Disclosure instructions: https://guides.rubygems.org/security/#reporting-security-vulnerabilities" & @CRLF & _ "https://github.com/rust-lang/rust" & @CRLF & _ "Rust Programming Language. Disclosure Instructions: https://www.rust-lang.org/policies/security" & @CRLF & _ "https://github.com/spiffe/spiffe" & @CRLF & _ "Disclosure instructions: If you've found a vulnerability or a potential vulnerability in SPIFFE please report it at security@spiffe.io." & @CRLF & _ "https://github.com/spiffe/spire" & @CRLF & _ "Disclosure instructions: https://github.com/spiffe/spire/security/policy" & @CRLF & _ "https://wiki.xenproject.org/wiki/Xen_Project_Repositories" & @CRLF & _ "Disclosure instructions: https://xenproject.org/developers/security-policy/" & @CRLF & _ "Eligible scope only includes issues for which an XSA is issued." & @CRLF & _ "rubygems.org" & @CRLF & _ "Disclosure instructions: Submit any new or potential vulnerabilities for rubygems.org to https://hackerone.com/rubygems" & @CRLF & _ "*.code.gov" & @CRLF & _ "Bounty level: Initial" & @CRLF & _ "*.login.gov" & @CRLF & _ "*.search.gov" & @CRLF & _ "account.fr.cloud.gov" & @CRLF & _ "admin-catalog-bsp.data.gov" & @CRLF & _ "admin.fr.cloud.gov" & @CRLF & _ "alertmanager.fr.cloud.gov" & @CRLF & _ "api.data.gov" & @CRLF & _ "api.fr.cloud.gov" & @CRLF & _ "catalog.data.gov" & @CRLF & _ "From the data.gov Catalog, you will find many external references. These external sites and the data hosted there is **not in scope** for this program." & @CRLF & _ "ci.fr.cloud.gov" & @CRLF & _ "cloud.gov" & @CRLF & _ "dashboard-beta.fr.cloud.gov" & @CRLF & _ "dashboard.fr.cloud.gov" & @CRLF & _ "diagrams.fr.cloud.gov" & @CRLF & _ "federalist-docs.18f.gov" & @CRLF & _ "federalist-proxy.app.cloud.gov" & @CRLF & _ "federalist.18f.gov" & @CRLF & _ "federation.data.gov" & @CRLF & _ "grafana.fr.cloud.gov" & @CRLF & _ "https://github.com/18f/docker-ruby-ubuntu" & @CRLF & _ "https://github.com/18f/federalist" & @CRLF & _ "https://github.com/18f/federalist-builder" & @CRLF & _ "https://github.com/18f/federalist-docker-build" & @CRLF & _ "https://github.com/18f/federalist-proxy" & @CRLF & _ "https://github.com/18f/identity-idp" & @CRLF & _ "https://github.com/18f/identity-saml-rails" & @CRLF & _ "https://github.com/18f/identity-saml-sinatra" & @CRLF & _ "https://github.com/gsa/data.gov" & @CRLF & _ "https://github.com/gsa/datagov-deploy" & @CRLF & _ "idp.fr.cloud.gov" & @CRLF & _ "inventory.data.gov" & @CRLF & _ "labs.data.gov" & @CRLF & _ "login.fr.cloud.gov" & @CRLF & _ "logs-platform.fr.cloud.gov" & @CRLF & _ "logs.fr.cloud.gov" & @CRLF & _ "marketplace.fedramp.gov" & @CRLF & _ "nessus.fr.cloud.gov" & @CRLF & _ "opslogin.fr.cloud.gov" & @CRLF & _ "prometheus.fr.cloud.gov" & @CRLF & _ "sdg.data.gov" & @CRLF & _ "ssh.fr.cloud.gov" & @CRLF & _ "tock.18f.gov" & @CRLF & _ "www.data.gov" & @CRLF & _ "www.fedramp.gov" & @CRLF & _ "www.usa.gov" & @CRLF & _ "Bounty Level: Initial ($150 - $2,000)" & @CRLF & _ "The following subdomains are also in scope: " & @CRLF & _ "- analytics.usa.gov" & @CRLF & _ "- search.usa.gov " & @CRLF & _ "Chatbot, chat, and webform functionality on www.usa.gov is provided by SaaS providers, therefore we cannot guarantee being able to make mitigations in these areas. " & @CRLF & _ "http://*.newegg.ca" & @CRLF & _ "http://*.newegg.com" & @CRLF & _ "*.krisp.ai" & @CRLF & _ "Except for OOS domains" & @CRLF & _ "Other" & @CRLF & _ "Anything that is verified that belongs to us and doesn't match any other scope." & @CRLF & _ "account.krisp.ai" & @CRLF & _ "Krisp account frontend" & @CRLF & _ "analytics.krisp.ai" & @CRLF & _ "Krisp analytics" & @CRLF & _ "api.krisp.ai" & @CRLF & _ "Krisp API" & @CRLF & _ "app.krisp.ai" & @CRLF & _ "download.krisp.ai" & @CRLF & _ "Download endpoints" & @CRLF & _ "https://download.krisp.ai/mac" & @CRLF & _ "Krisp MacOS electron app." & @CRLF & _ "Bypassing free minutes limitation via changing frontend applications' logic is out of scope" & @CRLF & _ "https://download.krisp.ai/win" & @CRLF & _ "Krisp Windows electron app." & @CRLF & _ "krisp.ai" & @CRLF & _ "teams.krisp.ai" & @CRLF & _ "Teams API" & @CRLF & _ "upld.krisp.ai" & @CRLF & _ "Websocket API" & @CRLF & _ "Hedera Go SDK" & @CRLF & _ "https://github.com/hashgraph/hedera-sdk-go" & @CRLF & _ "The Hedera Go SDK provides services for interacting with Hedera Hashgraph." & @CRLF & _ "Hedera Java SDK" & @CRLF & _ "https://github.com/hashgraph/hedera-sdk-java" & @CRLF & _ "The Hedera Java SDK provides services for interacting with Hedera Hashgraph." & @CRLF & _ "Hedera Javascript SDK" & @CRLF & _ " https://github.com/hashgraph/hedera-sdk-js" & @CRLF & _ "The Hedera Javascript SDK provides services for interacting with Hedera Hashgraph." & @CRLF & _ "Hedera Mirror Node Codebase" & @CRLF & _ "https://github.com/hashgraph/hedera-mirror-node" & @CRLF & _ "Hedera Mirror Nodes receive information from the Hedera nodes and can provide value-added services such as APIs, auditing, analytics, visibility services, security threat modeling, data monetization services, etc. " & @CRLF & _ "Hedera Network Services Codebase" & @CRLF & _ "https://github.com/hashgraph/hedera-services" & @CRLF & _ "Services run by Hedera consensus nodes. Testing for the purposes of bug bounties is best replicated using Local Nodes." & @CRLF & _ "Hedera Testnet API Endpoints" & @CRLF & _ "nodes: https://docs.hedera.com/guides/testnet/testnet-nodes" & @CRLF & _ "Testnet nodes belong to the test network and run the same code as the Hedera Mainnet nodes." & @CRLF & _ "Testnet Mirror Node APIs" & @CRLF & _ "https://testnet.mirrornode.hedera.com" & @CRLF & _ "https://hcs.testnet.mirrornode.hedera.com" & @CRLF & _ "1180400838" & @CRLF & _ "iOS app ([App Store](https://apps.apple.com/il/app/k-health-telehealth/id1180400838" & @CRLF & _ "))." & @CRLF & _ "accounts.khealth.com" & @CRLF & _ "Please remember to include a unique string in the User-Agent of every HTTP request made by yourself or any tooling you use.==**Include the string “(h1)” in your user-agent as follows:** - `User-Agent`: `[..] (h1)`" & @CRLF & _ "This helps us separate your traffic from real user traffic. It is especially useful when we're seeing indicators of attack!!" & @CRLF & _ "ai.kanghealth" & @CRLF & _ "Android app ([Play Store](https://play.google.com/store/apps/details?id=ai.kanghealth" & @CRLF & _ "anthem.khealth.com" & @CRLF & _ "api.khealth.com" & @CRLF & _ "api.khealth.io" & @CRLF & _ "Main API (“kangpy” service)" & @CRLF & _ "app.khealth.com" & @CRLF & _ "Redirect - The production environment of the K Health app, redirects you to the kaccount.khealth.com service for login purposes." & @CRLF & _ "ask.khealth.com" & @CRLF & _ "Ask K is an open question platform where anyone can ask our engine any question without the need to identify themselves." & @CRLF & _ "eligibility.khealth.com" & @CRLF & _ "Enterprise account experience to determine eligibility" & @CRLF & _ "http://auth.khealth.com/cedars/sign-up" & @CRLF & _ "http://auth.khealth.com/khealth/sign-up" & @CRLF & _ "http://auth.khealth.com/mayo-la-crosse/sign-up" & @CRLF & _ "http://clinical-quality.khealth.com/api/v1" & @CRLF & _ "https://*.khealth.com" & @CRLF & _ "All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope." & @CRLF & _ "https://*.khealth.io/" & @CRLF & _ "https://*.khealth.us/" & @CRLF & _ "kaccount.khealth.com" & @CRLF & _ "This web page is K Health's login page. Users are logging into the K app from this web page." & @CRLF & _ "middle-force.khealth.io" & @CRLF & _ "salesforce.khealth.com" & @CRLF & _ "start.khealth.com" & @CRLF & _ "Also known as “care navigation”, is a separate web application (and set of server side APIs) that attempts to route users to the correct program inside of K. This is very old code that dates back to when we only had a mobile app." & @CRLF & _ "treatments.khealth.com" & @CRLF & _ "ED medication selection used in the current ED flow. Select meds / quantity / frequency + enter CC details" & @CRLF & _ "www.kpharmacyllc.com" & @CRLF & _ "api.smtp2go.com" & @CRLF & _ "Most of the endpoints are handled by Flask on Python3 with Postgres as a main database." & @CRLF & _ "Newer endpoints use Go on Gin framework." & @CRLF & _ "Redis is mostly used for cache and ratelimitting." & @CRLF & _ "Instructions and documentations can be found here:" & @CRLF & _ "https://apidoc.smtp2go.com/documentation/" & @CRLF & _ "app.smtp2go.com" & @CRLF & _ "Flask based app running on Python 2.7, some pages are VueJS but most are scripted with custom JQuery." & @CRLF & _ "Create a free account in order to gain login access." & @CRLF & _ "smtp2go.com" & @CRLF & _ "Standard Wordpress site hosted with WPEngine, scripting is all custom JQuery based." & @CRLF & _ "*.bingoblitz.com" & @CRLF & _ "*.boardkingsgame.com" & @CRLF & _ "*.caesarsgames.com" & @CRLF & _ "*.houseoffun.com" & @CRLF & _ "*.justfall.lol,*.justplay.lol,*.1v1.lol" & @CRLF & _ "*.monopoly-poker.com" & @CRLF & _ "This App belongs to our Tier 3 category of rewards system." & @CRLF & _ "*.playtika.com" & @CRLF & _ "Reports on any domain/app not specifically included are excluded from the scope." & @CRLF & _ "*.playwsop.com" & @CRLF & _ "*.redecor.com" & @CRLF & _ "*.serious.li" & @CRLF & _ "*.seriously.com" & @CRLF & _ "*.slotomania.com" & @CRLF & _ "*.wooga.com" & @CRLF & _ "1116488672" & @CRLF & _ "1200391796" & @CRLF & _ "1215220850" & @CRLF & _ "1223338261" & @CRLF & _ "1413287364" & @CRLF & _ "1438744533" & @CRLF & _ "1448884851" & @CRLF & _ "1474700 (Steam app id)" & @CRLF & _ "1508620125" & @CRLF & _ "1510325826" & @CRLF & _ "1v1.lol" & @CRLF & _ "447553564" & @CRLF & _ "480523695" & @CRLF & _ "529996768" & @CRLF & _ "586634331" & @CRLF & _ "594802437" & @CRLF & _ "603097018" & @CRLF & _ "645949180" & @CRLF & _ "654671575" & @CRLF & _ "719525810" & @CRLF & _ "868013618" & @CRLF & _ "975035622" & @CRLF & _ "9nqwjwnqjj5n" & @CRLF & _ "air.com.buffalo_studios.newflashbingo" & @CRLF & _ "air.com.playtika.cvs" & @CRLF & _ "air.com.playtika.slotomania" & @CRLF & _ "bestfiends.com" & @CRLF & _ "com.Seriously.BestFiends" & @CRLF & _ "com.Seriously.Phoenix" & @CRLF & _ "com.bigblueparrot.pokerfriends" & @CRLF & _ "com.jellybtn.boardkings" & @CRLF & _ "com.jellybtn.cashkingmobile" & @CRLF & _ "com.pacificinteractive.HouseOfFun" & @CRLF & _ "com.playtika.caesarscasino" & @CRLF & _ "com.playtika.wsop.gp" & @CRLF & _ "com.wooga.pearlsperil" & @CRLF & _ "com.youdagames.monopolypoker" & @CRLF & _ "fi.reworks.redecor" & @CRLF & _ "gnocchi-www.buffalo-ggn.net" & @CRLF & _ "https://apps.facebook.com/pearls-peril" & @CRLF & _ "https://apps.facebook.com/pokerheat" & @CRLF & _ "https://apps.facebook.com/vegas_downtown_slots" & @CRLF & _ "lol.onevone" & @CRLF & _ "net.supertreat.solitaire" & @CRLF & _ "net.wooga.junes_journey_hidden_object_mystery_game" & @CRLF & _ "net.wooga.switchcraft.googleplay" & @CRLF & _ "net.wooga.tropicats_tropical_cats_puzzle_paradise" & @CRLF & _ "*.tide.co" & @CRLF & _ "api.tideplatform.in" & @CRLF & _ "co.tide" & @CRLF & _ "co.tide.tideplatform.in" & @CRLF & _ "com.tideplatform.banking" & @CRLF & _ "1127881507" & @CRLF & _ "Dolap IOS Application" & @CRLF & _ "524362642" & @CRLF & _ "Trendyol IOS Application" & @CRLF & _ "6467634418" & @CRLF & _ "Trendyol Milla IOS Application" & @CRLF & _ "com.dolap.android" & @CRLF & _ "com.trendyol.milla.android" & @CRLF & _ "Trendyol Milla Android Application" & @CRLF & _ "m.trendyol.com" & @CRLF & _ "Feel free to use enm.trendyol.com as the codebase is shared across all languages" & @CRLF & _ "trendyol.com" & @CRLF & _ "www.dolap.com" & @CRLF & _ "www.trendyol-milla.com" & @CRLF & _ "www.trendyol.com" & @CRLF & _ "Feel free to use en.trendyol.com as the codebase is shared across all languages" & @CRLF & _ "api.recordedfuture.com" & @CRLF & _ "app.recordedfuture.com" & @CRLF & _ "com.recordedfuture.mobile" & @CRLF & _ "geminiadvisory.io" & @CRLF & _ "hatching.io" & @CRLF & _ "id.recordedfuture.com" & @CRLF & _ "securitytrails.com" & @CRLF & _ "therecord.media" & @CRLF & _ "tria.ge" & @CRLF & _ "www.recordedfuture.com" & @CRLF & _ "*.clubhouse.com" & @CRLF & _ "*.clubhouseapi.com" & @CRLF & _ "*.joinclubhouse.com" & @CRLF & _ "1503133294" & @CRLF & _ "iOS application" & @CRLF & _ "Clubhouse Production and Corporate Infrastructure" & @CRLF & _ "com.clubhouse.android" & @CRLF & _ "Android Application" & @CRLF & _ "*.api.cx.metamask.io" & @CRLF & _ "developer.metamask.io" & @CRLF & _ "http://portfolio.metamask.io" & @CRLF & _ "http://staking.consensys.io" & @CRLF & _ "https://consensys.io/" & @CRLF & _ "https://docs.metamask.io/developer-tools/faucet" & @CRLF & _ "https://metamask-sdk-socket.metafi.codefi.network/" & @CRLF & _ "The SDK Socket server facilitates the communication between a MetaMask SDK Client and a MetaMask wallet allowing for them to connect with each other remotely. For documentation please read https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer. " & @CRLF & _ "on-ramp.metaswap-dev.codefi.network" & @CRLF & _ "# On-Ramp Aggregator HackerOne" & @CRLF & _ "## Description" & @CRLF & _ "The goal of the On-Ramp Aggregator is to allow users to purchase cryptocurrencies from multiple providers. The aggregator takes a list of parameters (country, payment method, crypto currency, fiat, etc.) and retrieves quotations from the providers." & @CRLF & _ "## Scope" & @CRLF & _ "The scope of this HackerOne project is:" & @CRLF & _ "- The API located at https://on-ramp.metaswap-dev.codefi.network" & @CRLF & _ "- The associated SDK available at https://www.npmjs.com/package/@consensys/on-ramp-sdk" & @CRLF & _ "Vulnerabilities you may look for:" & @CRLF & _ "- Getting access to personal information that is not yours" & @CRLF & _ "- Getting access to secret API keys" & @CRLF & _ "- Server crashes" & @CRLF & _ "## Out of scope" & @CRLF & _ "The following are out of scope:" & @CRLF & _ "- SDK technical errors" & @CRLF & _ "- The Swagger UI located at https://on-ramp.metaswap-dev.codefi.network/docs (it is only available for your convenience on this test environment)" & @CRLF & _ "- Server performance: this is a test infrastructure" & @CRLF & _ "- Any SDK version < 0.0.21" & @CRLF & _ "The MetaMask mobile version uses the API and the SDK, and is associated to another HackerOne project." & @CRLF & _ "## How to test the API" & @CRLF & _ "The test environment provides a Swagger UI: https://on-ramp.metaswap-dev.codefi.network/docs. You can use it to list the available endpoints." & @CRLF & _ "### Health" & @CRLF & _ "These endpoints provide information about the status of the API: version, dependencies..." & @CRLF & _ "### Regions" & @CRLF & _ "The `/regions/countries` endpoint provides information about support of most of the world countries." & @CRLF & _ "The `/regions/{regionCode}` endpoint provides information about supported payment methods, fiat currencies, crypto currencies in a specific country. Exmaples of `{regionCode}` are provided by Swagger UI." & @CRLF & _ "### Translations" & @CRLF & _ "The `/translations/default` endpoint provides the translation template which can be used to translate the application. Only the English version ("default") is available. This endpoint shouldn't return any user-related information." & @CRLF & _ "### Order Management" & @CRLF & _ "The `/providers/{providerCode}/callback` endpoint allows to extract a purchase order ID from an URL. This URL is supposed to be provided by crypto currencies providers: Transak, Wyre, MoonPay..." & @CRLF & _ "The `/providers/{providerCode}/orders/{orderCode}` allows a user to retrieve information about their order. They need to provide the Order ID and the associated wallet (an ethereum address). Getting access to an order without both these parameters would be a vulnerability." & @CRLF & _ "The `/providers/{providerCode}/buy-widget` displays the associated provider widget allowing to purchase crypto currency with the provided parameters. It only works for Moonpay. Here is an example of parameters:" & @CRLF & _ "- providerCode: `moonpay`" & @CRLF & _ "- regionId: `/regions/fr`" & @CRLF & _ "- paymentMethodId: `/payments/debit-credit-card`" & @CRLF & _ "- cryptoCurrencyId: `/currencies/crypto/1/eth`" & @CRLF & _ "- fiatCurrencyId: `/currencies/fiat/eur`" & @CRLF & _ "- amount: `50`" & @CRLF & _ "- walletAddress: `0x58e5A5478bd302c2E8BEbCbF0342919EE4Aa0e6c`" & @CRLF & _ "- redirectUrl: `https://www.google.com/`" & @CRLF & _ "## How to test the SDK" & @CRLF & _ "The SDK is available here: https://www.npmjs.com/package/@consensys/on-ramp-sdk" & @CRLF & _ "The SDK is written in TypeScript, so you can use autocompletion to display the available methods." & @CRLF & _ "## For support" & @CRLF & _ "Please contact Kevin Le Jeune for technical questions: kevin.le-jeune@consensys.net" & @CRLF & _ "support.metamask.io" & @CRLF & _ "tickets.metamask.io" & @CRLF & _ "*.gethypr.com" & @CRLF & _ "*.hypr.com" & @CRLF & _ "HYPR Workforce Access.app" & @CRLF & _ "HyprUnlock.exe" & @CRLF & _ "com.hypr.one" & @CRLF & _ "*.lemonsqueezy.com" & @CRLF & _ "We will only be accepting reports with high and critical CVSS for the time being." & @CRLF & _ "*.link.co" & @CRLF & _ "Link is a simple and secure way to pay in one click on tens of thousands of sites. Save your payment information with Link the first time you check out. Link will autofill your saved card details and shipping addresses for all future purchases on Link-supported sites. Users can manage their saved information on the link.co website." & @CRLF & _ "Landing page: https://link.com" & @CRLF & _ "Main application: https://app.link.com" & @CRLF & _ "Support page: https://support.link.com" & @CRLF & _ "*.recko.io" & @CRLF & _ "*.reckoproduction.com" & @CRLF & _ "*.reckostaging.com" & @CRLF & _ "*.stripe.com" & @CRLF & _ "978516833" & @CRLF & _ "Stripe iOS Dashboard App" & @CRLF & _ "App Store URL: https://apps.apple.com/us/app/stripe-dashboard/id978516833" & @CRLF & _ "Stripe Apps" & @CRLF & _ "Vulnerabilities found in third party apps and their backend infrastructure should be reported to the responsible developer." & @CRLF & _ "Reporters should only report vulnerabilities in Stripe third party apps to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty." & @CRLF & _ "Stripe Atlas" & @CRLF & _ "Startup incorporation" & @CRLF & _ "Docs: https://stripe.com/docs/atlas" & @CRLF & _ "Stripe Billing" & @CRLF & _ "Subscriptions and invoicing" & @CRLF & _ "Docs: https://stripe.com/docs/billing" & @CRLF & _ "Sample Billing applications:" & @CRLF & _ "* [stripe-samples/subscription-use-cases](https://github.com/stripe-samples/subscription-use-cases): Create subscriptions with fixed prices or usage based billing." & @CRLF & _ "* [stripe-samples/checkout-single-subscription](https://github.com/stripe-samples/checkout-single-subscription): Learn how to combine Checkout and Billing for fast subscription pages" & @CRLF & _ "Stripe Capital" & @CRLF & _ "Docs: https://docs.stripe.com/capital/how-stripe-capital-works" & @CRLF & _ "Stripe Checkout" & @CRLF & _ "Prebuilt, Stripe hosted checkout page" & @CRLF & _ "URL: https://checkout.stripe.com/" & @CRLF & _ "Docs: https://stripe.com/docs/payments/checkout" & @CRLF & _ "Sample Checkout applications:" & @CRLF & _ "* [stripe-samples/checkout-subscription-and-add-on](https://github.com/stripe-samples/checkout-subscription-and-add-on): Uses Stripe Checkout to create a payment page that starts a subscription for a new customer." & @CRLF & _ "* [stripe-samples/checkout-one-time-payments](https://github.com/stripe-samples/checkout-one-time-payments): Use Checkout to quickly collect one-time payments." & @CRLF & _ "Stripe Climate" & @CRLF & _ "Docs: https://docs.stripe.com/climate" & @CRLF & _ "Stripe Connect" & @CRLF & _ "Payments for platforms and marketplaces" & @CRLF & _ "Docs: https://stripe.com/docs/connect" & @CRLF & _ "Sample Connect applications:" & @CRLF & _ "* [stripe/stripe-demo-connect-kavholm-marketplace](https://github.com/stripe/stripe-demo-connect-kavholm-marketplace): Demo app for Global Marketplace using Stripe Connect" & @CRLF & _ "* [stripe/stripe-connect-rocketrides](https://github.com/stripe/stripe-connect-rocketrides): Sample on-demand platform built on Stripe: Connect onboarding for pilots, iOS app for passengers to request rides." & @CRLF & _ "Stripe Dashboard" & @CRLF & _ "A user interface to operate and configure your Stripe account." & @CRLF & _ "URL: https://dashboard.stripe.com" & @CRLF & _ "Docs: https://stripe.com/docs/dashboard" & @CRLF & _ "Stripe Data Pipeline" & @CRLF & _ "Docs: https://docs.stripe.com/stripe-data/access-data-in-warehouse" & @CRLF & _ "Stripe Elements" & @CRLF & _ "Secure frontend UI component" & @CRLF & _ "Docs: https://stripe.com/docs/stripe-js" & @CRLF & _ "Sample Stripe Elements application: [stripe/elements-examples](https://github.com/stripe/elements-examples): Stripe Elements examples" & @CRLF & _ "Stripe Financial Connections" & @CRLF & _ "https://docs.stripe.com/financial-connections" & @CRLF & _ "Stripe Identity" & @CRLF & _ "Docs: https://docs.stripe.com/identity" & @CRLF & _ "Stripe Invoicing" & @CRLF & _ "Docs: https://docs.stripe.com/invoicing" & @CRLF & _ "Stripe Issuing" & @CRLF & _ "Card creation" & @CRLF & _ "Docs: https://stripe.com/docs/issuing" & @CRLF & _ "Stripe Open Source" & @CRLF & _ "Open source projects authored or maintained by Stripe. Only non-archived and non-demo/non-sample projects are in scope. Projects forked from upstream sources are not in scope unless the reported functionality is used by Stripe." & @CRLF & _ "URL: https://github.com/stripe" & @CRLF & _ "Stripe Payment Links" & @CRLF & _ "Docs: https://docs.stripe.com/payment-links" & @CRLF & _ "Stripe Payments" & @CRLF & _ "Online payments" & @CRLF & _ "Docs: https://stripe.com/docs/payments" & @CRLF & _ "Sample Payments application: [stripe-samples/accept-a-card-payment](https://github.com/stripe-samples/accept-a-card-payment): Learn how to accept a basic card payment on web, iOS, Android" & @CRLF & _ "Stripe Radar" & @CRLF & _ "Fraud and risk management" & @CRLF & _ "Docs: https://stripe.com/docs/radar" & @CRLF & _ "Stripe Revenue Recognition" & @CRLF & _ "Docs: https://docs.stripe.com/revenue-recognition" & @CRLF & _ "Stripe SDKs" & @CRLF & _ "Official API libraries" & @CRLF & _ "URL: https://stripe.com/docs/libraries" & @CRLF & _ "Terminal SDKs: https://stripe.com/docs/terminal/payments/setup-integration" & @CRLF & _ "Stripe Sigma" & @CRLF & _ "Custom reports" & @CRLF & _ "Docs: https://stripe.com/docs/sigma" & @CRLF & _ "Stripe Tax" & @CRLF & _ "Docs: https://docs.stripe.com/tax" & @CRLF & _ "Stripe Terminal" & @CRLF & _ "In-person and omnichannel payments" & @CRLF & _ "Docs: https://stripe.com/docs/terminal" & @CRLF & _ "Sample Terminal application: [stripe/stripe-terminal-js-demo](https://github.com/stripe/stripe-terminal-js-demo): Demo app for the Stripe Terminal JS SDK" & @CRLF & _ "Stripe Treasury" & @CRLF & _ "Docs: https://docs.stripe.com/treasury" & @CRLF & _ "Stripe for Visual Studio Code" & @CRLF & _ "api.stripe.com" & @CRLF & _ "https://stripe.com/docs/api" & @CRLF & _ "api.taxjar.com" & @CRLF & _ "app.taxjar.com" & @CRLF & _ "com.stripe.android.dashboard" & @CRLF & _ "Google Play Store URL: https://play.google.com/store/apps/details?id=com.stripe.android.dashboard&hl=en_US&pli=1" & @CRLF & _ "js.stripe.com" & @CRLF & _ "https://stripe.com/docs/js" & @CRLF & _ "Sample Stripe.js application: https://github.com/stripe-samples/accept-a-card-payment" & @CRLF & _ "Freshcaller-iOS-App" & @CRLF & _ "Freshcaller iOS app can be downloaded from https://apps.apple.com/us/app/freshcaller/id1424866045" & @CRLF & _ "Freshchat-iOS-App" & @CRLF & _ "Freshchat iOS app can be downloaded from " & @CRLF & _ "https://apps.apple.com/us/app/freshchat/id1273666080" & @CRLF & _ "Freshdesk-iOS-App" & @CRLF & _ "Freshdesk iOS app can be downloaded from https://apps.apple.com/us/app/freshdesk/id849713306" & @CRLF & _ "Freshservice Discovery Agent and Probe" & @CRLF & _ "Maximum reward of USD 7500 for RCE at agent endpoints using the Freshservice Discovery Agent and Probe." & @CRLF & _ "Freshservice-Intune-iOS-App" & @CRLF & _ "Freshservice Intune iOS app can be downloaded from https://apps.apple.com/us/app/freshservice-for-intune/id6475669802" & @CRLF & _ "Freshservice-iOS-App" & @CRLF & _ "Freshservice iOS app can be downloaded from https://apps.apple.com/us/app/freshservice/id891265220" & @CRLF & _ "com.freshchat.agent.android" & @CRLF & _ "Freshchat Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshchat.agent.android" & @CRLF & _ "com.freshdesk.helpdesk" & @CRLF & _ "Freshdesk Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk" & @CRLF & _ "com.freshservice.helpdesk" & @CRLF & _ "Freshservice Android App can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk" & @CRLF & _ "com.freshservice.helpdesk.intune" & @CRLF & _ "Freshservice Intune Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk.intune" & @CRLF & _ "com.freshworks.freshcaller" & @CRLF & _ "Freshcaller Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshworks.freshcaller" & @CRLF & _ "yourdomain.freshcaller.com" & @CRLF & _ "Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don't own will not be considered eligible for bounty." & @CRLF & _ "yourdomain.freshchat.com" & @CRLF & _ "yourdomain.freshdesk.com" & @CRLF & _ "yourdomain.freshservice.com" & @CRLF & _ "yourdomain.myfreshworks.com" & @CRLF & _ "We encourage you to create an account and commence testing. We kindly request that you review the "In scope" items detailed in the program description. Due to a product revamp, we have decided to remove Freshsales and Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team." & @CRLF & _ "Out of scope:" & @CRLF & _ "Freshsales - https://yourdomain.myfreshworks.com/crm/sales/*" & @CRLF & _ "Freshmarketer - https://yourdomain.myfreshworks.com/crm/crm/marketer/*" & @CRLF & _ "bigcommerce-adapter.judge.me" & @CRLF & _ "This is a simple, lightweight server, basically just to connect BigCommerce websites to our main asset ​https://judge.me/." & @CRLF & _ "Its entry point is from installing our BigCommerce app: https://www.bigcommerce.com/apps/product-reviews-by-judge-me/" & @CRLF & _ "cache.judge.me" & @CRLF & _ "This is a simple NodeJS server, using Hapi framework. It's basically to store and cache our public widgets' HTML content, so that when end users want to fetch our widget content, they can fetch from this server directly, which is faster and more resilient to spikes in number of requests." & @CRLF & _ "Please see our [help desk article](https://support.judge.me/support/solutions/articles/44001816387-how-to-make-requests-to-the-judge-me-cache-server) on how to enable and use this server." & @CRLF & _ "https://judge.me/reviews" & @CRLF & _ "This is our new product. It is user (reviewer) facing, unlike the other assets, which are merchant facing. Its entry point is https://judge.me/reviews, and its pages are prefixed with https://judge.me/reviews." & @CRLF & _ "judge.me" & @CRLF & _ "This is the core part of our system. It hosts our main app [Judge.me Product Reviews](https://apps.shopify.com/judgeme) and is also the central point of communication for other assets." & @CRLF & _ "shop.judge.me" & @CRLF & _ "This is lightweight, basically just to connect our other Shopify apps to our main asset ​https://judge.me/." & @CRLF & _ "Its entry point is https://shop.judge.me/login?app_key=ali_reviews or https://apps.shopify.com/aliexpress-review-importer" & @CRLF & _ "woocommerce-adapter.judge.me" & @CRLF & _ "This is a simple, lightweight server, basically just to connect Wordpress websites (specifically WooCommerce websites) to our main asset ​https://judge.me/." & @CRLF & _ "Its entry point is from installing our Wordpress plugin: https://wordpress.org/plugins/judgeme-product-reviews-woocommerce/" & @CRLF & _ "api.doppler.com" & @CRLF & _ "This domain hosts our public API. It's used by the Doppler CLI as well as by customers directly. All APIs and supported auth schemes are [documented](https://docs.doppler.com/reference) in our Docs hub." & @CRLF & _ "dashboard.doppler.com" & @CRLF & _ "This web app provides the ability to view and manage your secrets, team members, and account. You can read about additional functionality in our [docs](https://docs.doppler.com/)." & @CRLF & _ "Supported auth methods:" & @CRLF & _ "- Email/password. Optional: Authy/OTP MFA and/or WebAuthn" & @CRLF & _ "- Google Auth" & @CRLF & _ "- SAML SSO" & @CRLF & _ "doppler" & @CRLF & _ "This is the pre-built binary based on the Doppler CLI [source code](https://github.com/DopplerHQ/cli) (also in scope). You can find all builds on [cli.doppler.com](https://cli.doppler.com/download) or on [GitHub](https://github.com/DopplerHQ/cli/releases)." & @CRLF & _ "The CLI can be installed via brew, scoop, apt, yum, sh + curl/wget, and [more](https://github.com/DopplerHQ/cli/blob/master/INSTALL.md)." & @CRLF & _ "doppler.team" & @CRLF & _ "This domain hosts our internal tools for managing Workplace plans and features. It does not provide access to user secrets." & @CRLF & _ "Access is protected via Cloudflare Access. Users must authenticate with a valid GSuite account, and must additionally be on the Admin allowlist. For this asset, we're especially interested in any bypass of our access controls." & @CRLF & _ "https://github.com/DopplerHQ/cli" & @CRLF & _ "The Doppler CLI is the primary agent for retrieving secrets and executing your applications. It communicates with the Doppler API, which is also in scope. You can read more about the CLI on our [Docs hub](https://docs.doppler.com/docs/cli), or [Install](https://cli.doppler.com/download) it and give it a spin." & @CRLF & _ "Notable commands we're especially interested in:" & @CRLF & _ "- `doppler login`: orchestrates the auth flow" & @CRLF & _ "- `doppler run`: executes the specified process with secrets injected as environment variables" & @CRLF & _ "- `doppler update`: installs the latest CLI" & @CRLF & _ "Build instructions can be found on [GitHub](https://github.com/DopplerHQ/cli/blob/master/BUILD.md) and only require installing `go`." & @CRLF & _ "share.doppler.com" & @CRLF & _ "Only submissions for vulnerabilities that permit access to shared secrets or otherwise bypass secret access controls are eligible for bounty on share.doppler.com." & @CRLF & _ "Please do not send submissions such as lack of CAPTCHA or rate limiting." & @CRLF & _ "*.grindr.com" & @CRLF & _ "This domain includes the following subdomains:" & @CRLF & _ "* Website (grindr.com). Note the Grindr website does not provide services found in the mobile application or any sort of user login." & @CRLF & _ "* Chat server (chat.grindr.com, chat-internal.grindr.com). " & @CRLF & _ "* ‘Presence’ server (presence.grindr.com). This service manages the availability notification of clients. " & @CRLF & _ "* CDN/media files (cdns.grindr.com). " & @CRLF & _ "* Gaymoji image index (gaymoji.grindr.com)" & @CRLF & _ "* Captcha snippets (captcha-prod.grindr.com)" & @CRLF & _ "* Admin webapp (admin.grindr.com)" & @CRLF & _ "* Law Enforcement reporting webapp (reporting-portal.grindr.com)" & @CRLF & _ "*.grindr.io" & @CRLF & _ "This domain is used for development purposes. " & @CRLF & _ "*.grindr.mobi" & @CRLF & _ "This domain is used for backend API's. " & @CRLF & _ "The following endpoints are examples of the backend API endpoints to focus security research attention:" & @CRLF & _ "General" & @CRLF & _ "/v6/nonces" & @CRLF & _ "/v4/domains/validation" & @CRLF & _ "/v4/feature-configs" & @CRLF & _ "/v4/links/ABC123" & @CRLF & _ "/v3/bootstrap" & @CRLF & _ "/v3/experiments" & @CRLF & _ "/v3/health" & @CRLF & _ "/v3/logging/mobile/logs" & @CRLF & _ "/v3/status" & @CRLF & _ "/v3/version" & @CRLF & _ "Account Creation, Logins and Passwords:" & @CRLF & _ "/v3/sessions" & @CRLF & _ "/v3/sessions/thirdparty" & @CRLF & _ "/v6/users" & @CRLF & _ "/v3/users/email" & @CRLF & _ "/v3/users/forgot-password" & @CRLF & _ "/v3/users/reset-password" & @CRLF & _ "/v3/users/reset-password?request=true" & @CRLF & _ "/v3/users/thirdparty" & @CRLF & _ "/v3/users/thirdparty/exchange" & @CRLF & _ "/v3/users/update-password" & @CRLF & _ "/v4/sms/sessions" & @CRLF & _ "/v4/sms/verifycode" & @CRLF & _ "/v4/sms/users/update-password/sendcode" & @CRLF & _ "/v4/sms/users/update-password" & @CRLF & _ "/v4/sms/verification/500/sendcode" & @CRLF & _ "/v4/sms/verification/{{profileId}}/verifycode" & @CRLF & _ "Profiles" & @CRLF & _ "/v5/favorites" & @CRLF & _ "/v4/hashtags/valid" & @CRLF & _ "/v4/hashtags/recommend" & @CRLF & _ "/v4/me/blocks?page=1" & @CRLF & _ "/v4/me/muted-profiles" & @CRLF & _ "/v4/me/profile/" & @CRLF & _ "/v4/profiles/{{myProfileId}}" & @CRLF & _ "/v4/profiles/reachable" & @CRLF & _ "/v4/profiles/status" & @CRLF & _ "/v4/profiles/supportedFeatures/{{myProfileId}}" & @CRLF & _ "/v4/profile-tags/categories" & @CRLF & _ "/v3.1/blockby" & @CRLF & _ "/v3.1/blockby/1001210" & @CRLF & _ "/v3.1/me/blocks" & @CRLF & _ "/v3.1/me/profile" & @CRLF & _ "/v3/me/blocks/1001210" & @CRLF & _ "/v3/me/favorites/3" & @CRLF & _ "/v3/me/legal-agreements" & @CRLF & _ "/v3/me/profile" & @CRLF & _ "/v3/me/prefs" & @CRLF & _ "/v3/me/prefs/phrases" & @CRLF & _ "/v3/me/prefs/phrases/bfc44381-c215-35f7-874a-ae512360836a" & @CRLF & _ "/v3/me/prefs/settings" & @CRLF & _ "/v3/me/subscriptions" & @CRLF & _ "/v3/me/subscriptions?platform=android" & @CRLF & _ "/v3/me/subscriptions?status=nonexpired" & @CRLF & _ "/v3/profiles" & @CRLF & _ "Location" & @CRLF & _ "/v3/me/location/" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&favorite=true" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&bodyTypeIds=2,1" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&previouslyOnline=true" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=moreguysoffer" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=newfreeuser" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&cascadeType=REMOTE" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance=0" & @CRLF & _ "{{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance={{searchAfterDistance}}&searchAfterProfileId={{searchAfterProfileId}}" & @CRLF & _ "{{host_nearby_profiles}}/v5/profiles/nearby?pageNumber=1" & @CRLF & _ "{{host_nearby_profiles}}/v5/profiles/unlimited?searchAfterDistance=0" & @CRLF & _ "{{host_nearby_profiles}}/v6/profiles/fresh?pageNumber=1" & @CRLF & _ "/v3/places/search?placeName=newyork&limit=3" & @CRLF & _ "Chat" & @CRLF & _ "/v5/me/vendor-token" & @CRLF & _ "/v5/rewarded-chats" & @CRLF & _ "/v4/audio-call" & @CRLF & _ "/v4/audio-call/join" & @CRLF & _ "/v4/audio-call/renew" & @CRLF & _ "/v4/audio-call/leave" & @CRLF & _ "/v4/pics/expiring/status" & @CRLF & _ "/v4/pics/expiring" & @CRLF & _ "/v4/phrases/frequency/phraseId=63db06c8-9915-3279-b07c-1fd925013acc" & @CRLF & _ "/v4/recognition/face" & @CRLF & _ "/v4/recognition/chat" & @CRLF & _ "/v4/views" & @CRLF & _ "/v4/views/54986486" & @CRLF & _ "/v3.1/chat/backup" & @CRLF & _ "/v3.1/flags/112788" & @CRLF & _ "/v3.1/groupchat/canbeinvited" & @CRLF & _ "/v3.1/groupchat/caninvite/44906526" & @CRLF & _ "/v3.1/groupchat/invitation-link-code/22345" & @CRLF & _ "/v3.1/me/push-conversations/908f72c2d4aea3998a3400c9ad539768" & @CRLF & _ "/v3/ad-colony/transactions?amount=4&uid=2&zone=3&id=1&verifier=10&udid=7&odin1=8&open_udid=6&mac_sha1=9&custom_id=49645&currency=5" & @CRLF & _ "/v3/mopub/transactions?ad_revenue=4.0&ad_unit_id=2&advertising_id=3&id=1&currency_type=10&currency_value=7&customer_id=8&id=6&placement_id=9&timestamp=49645&verifier=5" & @CRLF & _ "/v3/video-call" & @CRLF & _ "/v3/video-call/12345" & @CRLF & _ "{{host_chat_http}}/v3/me/chat/messages?undelivered=true" & @CRLF & _ "{{host_chat_http}}/v3/me/chat/messages?undelivered=true&receipts=true" & @CRLF & _ "{{host_chat_http}}/v3/me/chat/messages?confirmed=true" & @CRLF & _ "{{host_chat_http}}/v3/msgstore?limit=10&from=0" & @CRLF & _ "{{host_chat_http}}/v3/msgstore?msgid=messageId" & @CRLF & _ "{{host_chat_http}}/v3/msgstore/delete" & @CRLF & _ "{{host_chat_http}}/v3/messages/83a833be210bfe8de60e8e4a7bfe1339?limit=10&from=0" & @CRLF & _ "{{host_chat_http}}/v3/groupchats" & @CRLF & _ "{{host_chat_http}}/v3/groupchats/0835caae4ce92ef1220043a27b0a1b03" & @CRLF & _ "{{host_chat_http}}/v3/groupchats/12335" & @CRLF & _ "{{host_chat_http}}/v3/groupchats/12335/112233" & @CRLF & _ "{{host_chat_http}}/v3/groupchats/all" & @CRLF & _ "{{host_chat_http}}/v3/groupchats/all/12335678/2222" & @CRLF & _ "{{host_gaymoji}}/grindr/chat/gaymoji" & @CRLF & _ "CDN/Media" & @CRLF & _ "/v4/videos/expiring" & @CRLF & _ "/v4/videos/expiring/status" & @CRLF & _ "{{host_cdn}}/grindr/chat/{{chatImageHash}}" & @CRLF & _ "{{host_cdn}}/grindr/chat-audio/{{audioHash}}" & @CRLF & _ "{{host_cdn}}/images/profile/1024x1024/{{profileImageHash}}" & @CRLF & _ "{{host_media}}/v4/videos" & @CRLF & _ "{{host_media}}/v3.1/me/profile/images" & @CRLF & _ "{{host_media}}/v3/me/audio" & @CRLF & _ "{{host_media}}/v3/me/audio/{{audioHash}}" & @CRLF & _ "{{host_media}}/v3/me/pics?type=chat" & @CRLF & _ "{{host_media}}/v3/me/profile/images" & @CRLF & _ "{{host_media}}/v3/me/profile/images?thumbCoords=300,20,260,20" & @CRLF & _ "Store" & @CRLF & _ "/v4/consumables" & @CRLF & _ "/v4/consumables/BOOST" & @CRLF & _ "/v4/consumables/boost/report" & @CRLF & _ "/v4/store/products" & @CRLF & _ "/v4/store/products/consumables" & @CRLF & _ "/v4/store/products/com.grindr.productId" & @CRLF & _ "/v4/store/status" & @CRLF & _ "/v3.1/store/grindrstore/coupons" & @CRLF & _ "/v3.1/store/itunes/purchases" & @CRLF & _ "/v3.1/store/itunes/purchases/restorations" & @CRLF & _ "/v3.1/store/googleplay/purchases" & @CRLF & _ "/v3.1/store/googleplay/purchases/restorations" & @CRLF & _ "/v3.1/store/itunes/events" & @CRLF & _ "/v3.1/store/products/com.grindr.product" & @CRLF & _ "/v3/stripe/events" & @CRLF & _ "Push/Data" & @CRLF & _ "/v4/push-settings" & @CRLF & _ "{{host_client_event}}/v3/logging/mobile/logs" & @CRLF & _ "{{host_data_requests}}/v1/access-requests" & @CRLF & _ "{{host_data_requests}}/v1/access-requests/codes" & @CRLF & _ "{{host_data_requests}}/v1/access-requests/confirmations" & @CRLF & _ "{{host_push}}/v3/ios-push-tokens" & @CRLF & _ "{{host_push}}/v3/gcm-push-tokens" & @CRLF & _ "{{host_push}}/v3/push-tokens/000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1aaa" & @CRLF & _ "319881193" & @CRLF & _ "Vulnerabilities that require physical, jailbroken, or device root OS access of another user's device will typically be considered out-of-scope." & @CRLF & _ "com.grindrapp.android" & @CRLF & _ "web.grindr.com" & @CRLF & _ "This is the Web version of the Grindr app. Only paid subscriptions have access to Grindr Web." & @CRLF & _ "(youriwssubdomain).cloud.com" & @CRLF & _ "Please visit the following URL and chose the "Get your test instance" option to get a test environment: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform/build/docs/developer-test-instance." & @CRLF & _ "**Note:** You would need to link your existing Citrix Cloud account or create a new one to get a test environment." & @CRLF & _ "Learn more about the product through guides and videos available here: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform." & @CRLF & _ "The documentation regarding Citrix IWS is available here: https://docs.citrix.com/en-us/citrix-microapps.html" & @CRLF & _ "We have created a small video walkthrough of the product using a sample microapp to ensure that you can get to hacking the application as soon as possible. You can view the video and download the sample microapp using the following links:" & @CRLF & _ " - Link to video walkthrough: https://citrix.sharefile.com/d-scee2fe1523bf40f68188d984abf871a2" & @CRLF & _ " - Link to the sample microapp: https://citrix.sharefile.com/d-s221da461659f42c697e0d327ff88e54e" & @CRLF & _ "(yoursubdomain).ap.iws.cloud.com" & @CRLF & _ "(yoursubdomain).eu.iws.cloud.com" & @CRLF & _ "(yoursubdomain).us.iws.cloud.com" & @CRLF & _ "*.citrixworkspacesapi.net" & @CRLF & _ "accounts.cloud.com" & @CRLF & _ "adm.cloud.com" & @CRLF & _ "Please note that some UI elements and features of ADM may only become available when an organization has an ADC, MPX, SDX or VPX appliance to onboard into ADM. The most efficient and cost-effective way to do this would be setting up a "Citrix ADC VPX Express – 20 Mbps" from the AWS or Microsoft Azure marketplace which typically has an hourly running cost of 2-3 cents." & @CRLF & _ " - https://aws.amazon.com/marketplace/pp/B0796LD46X" & @CRLF & _ " - https://azuremarketplace.microsoft.com/en-us/marketplace/apps/citrix.netscalervpx-130" & @CRLF & _ "Overview - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/overview.html. " & @CRLF & _ "Onboarding instructions - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started.html" & @CRLF & _ "ap-s.cloud.com" & @CRLF & _ "api.adm.cloud.com" & @CRLF & _ "This is the API Gateway for Citrix Application Delivery Management. All traffic between an Agent and Application Delivery Management service is proxied via API Gateway. " & @CRLF & _ "API Gateway is also responsible for API authorization checks for traffic from the Agent to Application Delivery Management. " & @CRLF & _ "eu.cloud.com" & @CRLF & _ "onboarding-*.cloud.com" & @CRLF & _ "onboarding.cloud.com" & @CRLF & _ "us.cloud.com" & @CRLF & _ "gold.xnxx.com" & @CRLF & _ "https://www.xvideos.net/app/" & @CRLF & _ "www.xnxx.com" & @CRLF & _ "www.xvideos.com" & @CRLF & _ "www.xvideos.red" & @CRLF & _ "*.8x8.vc" & @CRLF & _ "Professional Meetings and Jitsi as a Service. At this time 8x8 does not provide credentials and researchers are responsible for any fees occurred if signing up for the service." & @CRLF & _ "*.8x8cloud.net" & @CRLF & _ "*.8x8staging.com" & @CRLF & _ "*.chalet.8x8.com" & @CRLF & _ "*.jit.si" & @CRLF & _ "*.jitsi.net" & @CRLF & _ "*.p8t.us" & @CRLF & _ "*.wavecell.com" & @CRLF & _ "8x8 Communication APIs" & @CRLF & _ "Transform customer interactions with our seamless SMS, messaging, video, and voice solutions." & @CRLF & _ "⚠️ All APIs listed under "8x8 Connect" are in-scope." & @CRLF & _ "⚠️ Self Sign-up is available: https://connect.8x8.com/" & @CRLF & _ "⚠️ [8x8 CPaaS developer portal](https://developer.8x8.com/connect)" & @CRLF & _ "⚠️ E.g. sms.8x8.com, sms.8x8.uk, sms.8x8.id, chatapps.8x8.com, …" & @CRLF & _ "8x8-work" & @CRLF & _ "https://apps.apple.com/us/app/8x8-work/id348177448" & @CRLF & _ "Intellectual Property on Public Domains" & @CRLF & _ "Leaks identified in public domains are in scope, provided they contain sensitive or proprietary information that could impact our organization’s confidentiality, integrity, or availability." & @CRLF & _ "Virtual Office Desktop" & @CRLF & _ "Download 8x8 Work for Desktop: https://support-portal.8x8.com/helpcenter/viewArticle.html?d=8bff4970-6fbf-4daf-842d-8ae9b533153d" & @CRLF & _ "admin.8x8.com" & @CRLF & _ "Administration portal for managing your 8x8 service including users and telephony features" & @CRLF & _ "cloud8.8x8.com" & @CRLF & _ "connect.8x8.com" & @CRLF & _ "⚠️ out of scope: IDORs in form of unguessable/non-enumerable identifier (UUID)" & @CRLF & _ "⚠️ out of scope: IDORs based on `AccountId` and `subAccountId`" & @CRLF & _ "⚠️ when testing support functionality please add "HackerOne" in your subject line and limit the number of requests to an absolute minimum" & @CRLF & _ "http://*.packet8.net" & @CRLF & _ "https://*.chalet.8x8.com/ws/v1" & @CRLF & _ "https://8x8.vc/xmpp-websocket" & @CRLF & _ "https://github.com/jitsi" & @CRLF & _ "Open source repositories that support Jitsi. Good faith review of source that a reporter must have no association with the existence of the vulnerability in question." & @CRLF & _ "Exclusions:" & @CRLF & _ "https://github.com/jitsi/jitsi/" & @CRLF & _ "Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions." & @CRLF & _ "https://webrtc.8x8.com/" & @CRLF & _ "org.vom8x8.sipua" & @CRLF & _ "8x8 Work - https://play.google.com/store/apps/details?id=org.vom8x8.sipua" & @CRLF & _ "pay.8x8.com" & @CRLF & _ "platform.8x8.com" & @CRLF & _ "platform.8x8pilot.com" & @CRLF & _ "sso.8x8.com" & @CRLF & _ "8x8 Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials, such as name and password, to access multiple 8x8 applications." & @CRLF & _ "⚠️ MFA-bypasses requiring prior knowledge of credentials will be treated with `MEDIUM` severity." & @CRLF & _ "sso.8x8pilot.com" & @CRLF & _ "uc.8x8pilot.com" & @CRLF & _ "user-profile-staging.8x8.com" & @CRLF & _ "user-profile.8x8.com" & @CRLF & _ "vcc-*.8x8.com" & @CRLF & _ "► Contact Center Agent Workspace:" & @CRLF & _ "`./AGUI/login.php`" & @CRLF & _ "► Configuration Manager:" & @CRLF & _ "`./CM/login.php`" & @CRLF & _ "⚠️ Latest version of software usually available on https://vcc-na30.8x8.com/" & @CRLF & _ "⚠️ shareable Wallboard links are out of scope" & @CRLF & _ "voapi.8x8.com" & @CRLF & _ "VOAPI is a backend application responsible to process phone calls (like InboundCall, OutboundCall, Click2Dial, CallTransfer, CallMerge, Start/Stop CallRecording)." & @CRLF & _ "▶︎ AU Region: voapi-au.8x8.com" & @CRLF & _ "▶︎ UK Region: voapi-uk.8x8.com" & @CRLF & _ "work-staging.8x8.com" & @CRLF & _ "work.8x8.com" & @CRLF & _ "At this time 8x8 does not provide test credentials." & @CRLF & _ " Fortress.HongKong.IOS" & @CRLF & _ "This is our MoneyBack Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "App Link" & @CRLF & _ "https://apps.apple.com/hk/app/fortress/id1133110850" & @CRLF & _ " Watsons.TaiWan.Android" & @CRLF & _ "This is our Watsons TaiWan Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=tw.com.watsons.app" & @CRLF & _ "Drogas (subdomains)" & @CRLF & _ "This asset is specifically for Drogas' subdomain assets." & @CRLF & _ "Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity." & @CRLF & _ "In scope" & @CRLF & _ "=====================" & @CRLF & _ ">\*.drogas.lv" & @CRLF & _ ">\*.drogas.lt" & @CRLF & _ "Drogas.Latvia.Android" & @CRLF & _ "This is our Drogas (Android) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=lv.drogas.consumer" & @CRLF & _ "Drogas.Latvia.iOS" & @CRLF & _ "This is our Drogas (iOS) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/lv/app/drogas/id1564705644" & @CRLF & _ "Drogas.Lietuva.Android" & @CRLF & _ "This is our Drogas (Android) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=lt.drogas.consumer" & @CRLF & _ "Drogas.Lietuva.iOS" & @CRLF & _ "This is our Drogas (iOS) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "Fortress (subdomains)" & @CRLF & _ "This asset is specifically for Fortress's subdomain assets." & @CRLF & _ "In Scope" & @CRLF & _ "=========" & @CRLF & _ "> *.fortress.com.hk/" & @CRLF & _ "Fortress.HongKong.Android" & @CRLF & _ "This is our Fortress Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=fortress.fortressapp" & @CRLF & _ "ICI Paris XL (subdomains)" & @CRLF & _ "This asset is specifically for ICI Paris XL's subdomain assets." & @CRLF & _ ">\*.iciparisxl.nl/" & @CRLF & _ ">\*.iciparisxl.be/" & @CRLF & _ ">\*.iciparisxl.lu/" & @CRLF & _ "ICIParisXL.App.Android" & @CRLF & _ "This is our ICI Paris XL (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "App link:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.iciparisxl.app" & @CRLF & _ "ICIParisXL.App.IOS" & @CRLF & _ "This is our ICI Paris XL (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/nl/app/ici-paris-xl-beauty/id1061895392" & @CRLF & _ "Kruidvat (subdomains)" & @CRLF & _ "This asset is specifically for Kruidvat's subdomain assets." & @CRLF & _ ">\*.kruidvat.nl/" & @CRLF & _ ">\*.kruidvat.be/" & @CRLF & _ "Kruidvat.Belgium.Android" & @CRLF & _ "This is our Dutch online retail mobile app for Belgium customers. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "This app is similar to other apps (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already." & @CRLF & _ "https://play.google.com/store/apps/details?id=be.kruidvat.voordeelkaart" & @CRLF & _ "Kruidvat.Belgium.iOS" & @CRLF & _ "https://apps.apple.com/be/app/kruidvat/id1151434781" & @CRLF & _ "Kruidvat.Netherlands.Android" & @CRLF & _ "This is our Dutch online retail mobile app. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "https://play.google.com/store/apps/details?id=nl.kruidvat.voordeelkaart" & @CRLF & _ "Kruidvat.Netherlands.iOS" & @CRLF & _ "https://itunes.apple.com/nl/app/kruidvat-mobiele-app/id531631058" & @CRLF & _ "Marionnaud (subdomains)" & @CRLF & _ "This asset is specifically for Marionnauds' subdomain assets." & @CRLF & _ ">\*.marionnaud.it" & @CRLF & _ ">\*.marionnaud.fr" & @CRLF & _ ">\*.marionnaud.ch" & @CRLF & _ ">\*.marionnaud.ro" & @CRLF & _ ">\*.marionnaud.hu" & @CRLF & _ ">\*.marionnaud.sk" & @CRLF & _ ">\*.marionnaud.cz" & @CRLF & _ "Marionnaud.Austria.Android" & @CRLF & _ "This is our Marionnaud (Android) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=at.marionnaud.customer" & @CRLF & _ "Marionnaud.Austria.iOS" & @CRLF & _ "This is our Marionnaud (iOS) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/gb/app/marionnaud-%C3%B6sterreich/id1114541888" & @CRLF & _ "Marionnaud.France.Android" & @CRLF & _ "This is our Marionnaud (Android) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.marionnaud.marionnaudfrance" & @CRLF & _ "Marionnaud.France.iOS" & @CRLF & _ "This is our Marionnaud (iOS) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/fr/app/marionnaud-beaut%C3%A9-soins/id1127368763" & @CRLF & _ "Marionnaud.Italy.Android" & @CRLF & _ "This is our Marionnaud (Android) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=it.marionnaud.customer" & @CRLF & _ "Marionnaud.Italy.iOS" & @CRLF & _ "This is our Marionnaud (iOS) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/it/app/marionnaud/id883671274" & @CRLF & _ "Marionnaud.Romania.Android" & @CRLF & _ "This is our Marionnaud (Android) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=ro.marionnaud.customer" & @CRLF & _ "Marionnaud.Romania.iOS" & @CRLF & _ "This is our Marionnaud (iOS) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/ro/app/marionnaud-romania/id1021924260" & @CRLF & _ "Marionnaud.Switzerland.Android" & @CRLF & _ "This is our Marionnaud (Android) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=ch.marionnaud.customer" & @CRLF & _ "Marionnaud.Switzerland.iOS" & @CRLF & _ "This is our Marionnaud (iOS) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/ch/app/id1486316902" & @CRLF & _ "MoneyBack.HongKong.Android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.asw.moneyback" & @CRLF & _ "MoneyBack.HongKong.iOS" & @CRLF & _ "This is our MoneyBack Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/moneyback/id1230818544" & @CRLF & _ "Moneyback (subdomains)" & @CRLF & _ "This asset is specifically for Moneyback's subdomain assets." & @CRLF & _ "> *.moneyback.com.hk/" & @CRLF & _ "PNS (subdomains)" & @CRLF & _ "This asset is specifically for PNS's subdomain assets." & @CRLF & _ "> \*.pns.hk/" & @CRLF & _ "> \*.parknshop.com/" & @CRLF & _ "PNS.HongKong.Android" & @CRLF & _ "This is our PNS Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.parknshop.parknshopapp" & @CRLF & _ "PNS.HongKong.iOS" & @CRLF & _ "This is our PNS Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/parknshop/id840837558" & @CRLF & _ "Superdrug (subdomains)" & @CRLF & _ "This asset is specifically for Superdrug's subdomain assets." & @CRLF & _ ">*.superdrug.com/" & @CRLF & _ "Out of scope" & @CRLF & _ ">https://appt.healthclinics.superdrug.com/" & @CRLF & _ ">https://healthclinics.superdrug.com/" & @CRLF & _ "Superdrug.App.Android" & @CRLF & _ "This is our Superdrug Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "App link: https://play.google.com/store/apps/details?id=superdrug.com.beautycard&hl=en" & @CRLF & _ "Superdrug.App.IOS" & @CRLF & _ "This is our Superdrug Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "App link: https://apps.apple.com/gb/app/superdrug/id1267896687" & @CRLF & _ "The Perfume Shop (subdomains)" & @CRLF & _ "This asset is specifically for The Perfume Shop's subdomain assets." & @CRLF & _ ">\*.theperfumeshop.com/" & @CRLF & _ "ThePerfumeShop.App.Android" & @CRLF & _ "This is our The Perfume Shop (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.theperfumeshop.customer" & @CRLF & _ "ThePerfumeShop.App.iOS" & @CRLF & _ "This is our The Perfume Shop (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "Appstore Link" & @CRLF & _ "https://apps.apple.com/gb/app/the-perfume-shop/id1202206665" & @CRLF & _ "Trekpleister (subdomains)" & @CRLF & _ "This asset is specifically for Trekpleister's subdomain assets." & @CRLF & _ ">\*.trekpleister.nl" & @CRLF & _ "Watsons HK (subdomains)" & @CRLF & _ "This asset is specifically for Watsons HK's subdomain assets." & @CRLF & _ ">*.watsons.com.hk/" & @CRLF & _ "Watsons ID (subdomains)" & @CRLF & _ "This asset is specifically for Watsons Indonesia subdomain assets." & @CRLF & _ ">*.watsons.co.id" & @CRLF & _ "Watsons MY (subdomains)" & @CRLF & _ "This asset is specifically for Watsons Malaysia subdomain assets." & @CRLF & _ ">*.watsons.com.my/" & @CRLF & _ "Watsons PH (subdomains)" & @CRLF & _ "This asset is specifically for Watsons Philippines subdomain assets." & @CRLF & _ ">*.watsons.com.ph/" & @CRLF & _ "Watsons SG (subdomains)" & @CRLF & _ "This asset is specifically for Watsons Singapore subdomain assets." & @CRLF & _ ">*.watsons.com.sg" & @CRLF & _ "Watsons TH (subdomains)" & @CRLF & _ "This asset is specifically for Watsons TH's subdomain assets." & @CRLF & _ ">*.watsons.co.th" & @CRLF & _ "Watsons TR (subdomains)" & @CRLF & _ "This asset is specifically for Watsons TR' subdomain assets." & @CRLF & _ ">\*.watsons.com.tr" & @CRLF & _ "Watsons TW (subdomains)" & @CRLF & _ "This asset is specifically for Watsons TW's subdomain assets." & @CRLF & _ ">*.watsons.com.tw/" & @CRLF & _ "Watsons VN (subdomains)" & @CRLF & _ "This asset is specifically for Watsons VN subdomain assets." & @CRLF & _ ">*.watsons.vn/" & @CRLF & _ "Watsons.HongKong.Android" & @CRLF & _ "This is our Watsons HongKong Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.ndn.android.watsons" & @CRLF & _ "Watsons.HongKong.IOS" & @CRLF & _ "This is our Watsons HongKong Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E9%A6%99%E6%B8%AF/id479512803" & @CRLF & _ "Watsons.Indonesia.Android" & @CRLF & _ "This is our Watsons Indonesia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.watsons.id.android" & @CRLF & _ "Watsons.Indonesia.IOS" & @CRLF & _ "This is our Watsons Indonesia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/watsons-id/id1184851346" & @CRLF & _ "Watsons.Malaysia.Android" & @CRLF & _ "This is our Watsons Malaysia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.watsons.mcommerce" & @CRLF & _ "Watsons.Malaysia.IOS" & @CRLF & _ "This is our Watsons Malaysia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/watsons-my/id1112796292" & @CRLF & _ "Watsons.Philippines.Android" & @CRLF & _ "This is our Watsons Philippines Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.mtelnet.watson.ph" & @CRLF & _ "Watsons.Philippines.IOS" & @CRLF & _ "This is our Watsons Philippines Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/watsons-philippines/id1438203234" & @CRLF & _ "Watsons.Singapore.Android" & @CRLF & _ "This is our Watsons Singapore Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.watsons.sg.android" & @CRLF & _ "Watsons.Singapore.IOS" & @CRLF & _ "This is our Watsons Singapore Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/watsons-sg-the-official-app/id449412168" & @CRLF & _ "Watsons.TaiWan.IOS" & @CRLF & _ "This is our Watsons TaiWan Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E5%8F%B0%E7%81%A3/id477968775" & @CRLF & _ "Watsons.Thailand.Android" & @CRLF & _ "This is our Watsons Thailand Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.mtelnet.watson.thailand" & @CRLF & _ "Watsons.Thailand.IOS" & @CRLF & _ "This is our Watsons Thailand Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/hk/app/watsons-th/id619935224" & @CRLF & _ "Watsons.Turkey.Android" & @CRLF & _ "This is our Watsons (Android) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.mobular.watsons" & @CRLF & _ "Watsons.Turkey.iOS" & @CRLF & _ "This is our Watsons (iOS) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps." & @CRLF & _ "https://apps.apple.com/app/watsons-t%C3%BCrkiye/id1507132907" & @CRLF & _ "api.drogas.lt" & @CRLF & _ "This is the API server of the Drogas mobile app in Lithuania" & @CRLF & _ "api.drogas.lv" & @CRLF & _ "This is the API server of the Drogas mobile app in Latvia" & @CRLF & _ "api.fortress.com.hk" & @CRLF & _ "This is our API Server for our Fortress website (www.fortress.com.hk)" & @CRLF & _ "api.iciparisxl.be" & @CRLF & _ "This is the API server for the www.iciparisxl.be website" & @CRLF & _ "api.iciparisxl.lu" & @CRLF & _ "This is the API server for the www.iciparisxl.lu website" & @CRLF & _ "api.iciparisxl.nl" & @CRLF & _ "api.marionnaud.at" & @CRLF & _ "This is the API server for the www.marionnaud.at e-commerce website." & @CRLF & _ "api.marionnaud.ch" & @CRLF & _ "This is the API server for the www.marionnaud.ch e-commerce website." & @CRLF & _ "api.marionnaud.fr" & @CRLF & _ "This is the API server for the www.marionnaud.fr website" & @CRLF & _ "api.marionnaud.it" & @CRLF & _ "This is the API server for the www.marionnaud.it e-commerce website." & @CRLF & _ "api.pns.hk" & @CRLF & _ "This is our API Server for our PNS website (www.pns.hk)" & @CRLF & _ "api.superdrug.com" & @CRLF & _ "This is the API server for the superdrug.com website" & @CRLF & _ "api.theperfumeshop.com" & @CRLF & _ "This is the API server for the www.theperfumeshop.com website" & @CRLF & _ "api.watsons.co.id" & @CRLF & _ "This is the API server for the www.watsons.co.id website" & @CRLF & _ "api.watsons.co.th" & @CRLF & _ "This is the API server for the www.watsons.co.th website" & @CRLF & _ "api.watsons.com.hk" & @CRLF & _ "This is the API server for the www.watsons.com.hk website" & @CRLF & _ "api.watsons.com.my" & @CRLF & _ "This is the API server for the www.watsons.com.my website" & @CRLF & _ "api.watsons.com.ph" & @CRLF & _ "This is the API server for the www.watsons.com.ph website" & @CRLF & _ "api.watsons.com.sg" & @CRLF & _ "This is the API server for the www.watsons.com.sg website" & @CRLF & _ "api.watsons.com.tw" & @CRLF & _ "This is the API server for the www.watsons.com.tw website" & @CRLF & _ "api.watsons.vn" & @CRLF & _ "This is the API server for the www.watsons.vn website" & @CRLF & _ "app.drogas.lt" & @CRLF & _ "This is the API server of the Drogas Lithuania mobile app" & @CRLF & _ "app.drogas.lv" & @CRLF & _ "This is the API server of the Drogas Latvia mobile app" & @CRLF & _ "app.iciparisxl.be" & @CRLF & _ "This is the API server of the ICI Paris XL mobile app in Belgium" & @CRLF & _ "app.iciparisxl.lu" & @CRLF & _ "This is the API server of the ICI Paris XL mobile app in Luxembourg" & @CRLF & _ "app.iciparisxl.nl" & @CRLF & _ "This is the API server of the ICI Paris XL mobile app in the Netherlands" & @CRLF & _ "app.kruidvat.be" & @CRLF & _ "This is the API server of the Kruidvat Mobile App in Belgium" & @CRLF & _ "app.kruidvat.nl" & @CRLF & _ "This is the API server of the Kruidvat Mobile App in the Netherlands" & @CRLF & _ "app.marionnaud.at" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Austria" & @CRLF & _ "app.marionnaud.ch" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Switzerland" & @CRLF & _ "app.marionnaud.cz" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Czech Republic" & @CRLF & _ "app.marionnaud.fr" & @CRLF & _ "This is the API server of the Marionnaud mobile app in France " & @CRLF & _ "app.marionnaud.hu" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Hungary" & @CRLF & _ "app.marionnaud.it" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Italy" & @CRLF & _ "app.marionnaud.ro" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Romania" & @CRLF & _ "app.marionnaud.sk" & @CRLF & _ "This is the API server of the Marionnaud mobile app in Slovakia" & @CRLF & _ "app.superdrug.com" & @CRLF & _ "This is the API server for the Superdrug mobile app" & @CRLF & _ "app.theperfumeshop.com" & @CRLF & _ "This is the new API server of The Perfume Shop mobile app" & @CRLF & _ "app.watsons.com.tr" & @CRLF & _ "This hostname is used for the Watsons Turkey mobile app" & @CRLF & _ "blog.watsons.com.tr" & @CRLF & _ "This is the wordpress blog for Watsons Turkey. This asset is regarded as (Tier 3) subdomain." & @CRLF & _ "https://www.drogas.lt/blog" & @CRLF & _ "This is our Wordpress blog for Drogas Lithuania" & @CRLF & _ "https://www.drogas.lv/blog/" & @CRLF & _ "This is our Wordpress blog for Drogas Latvia" & @CRLF & _ "https://www.drogas.lv/lv/blog" & @CRLF & _ "This is our wordpress blog for Drogas Latvia" & @CRLF & _ "https://www.drogas.lv/ru/blog" & @CRLF & _ "https://www.kruidvat.nl/fotoservice" & @CRLF & _ "https://www.kruidvat.nl/persoonlijk" & @CRLF & _ "mapi.moneyback.com.hk" & @CRLF & _ "This is the API Server for our MoneyBack Mobile App" & @CRLF & _ "media.drogas.lt" & @CRLF & _ "This subdomain is used to store static content for the www.drogas.lt e-commerce website" & @CRLF & _ "media.drogas.lv" & @CRLF & _ "This subdomain is used to store static content for the www.drogas.lv e-commerce website" & @CRLF & _ "media.iciparisxl.be" & @CRLF & _ "This subdomain is used to store static content for the www.iciparisxl.be e-commerce website" & @CRLF & _ "media.iciparisxl.lu" & @CRLF & _ "This subdomain is used to store static content for the www.iciparisxl.lu e-commerce website" & @CRLF & _ "media.iciparisxl.nl" & @CRLF & _ "This subdomain is used to store static content for the www.iciparisxl.nl e-commerce website" & @CRLF & _ "media.marionnaud.at" & @CRLF & _ "This subdomain is used to store static content for the www.marionnaud.at e-commerce website." & @CRLF & _ "media.marionnaud.ch" & @CRLF & _ "This subdomain is used to store static content for the www.marionnaud.ch e-commerce website." & @CRLF & _ "media.marionnaud.fr" & @CRLF & _ "This subdomain is used to store static content for the www.marionnaud.fr e-commerce website." & @CRLF & _ "media.marionnaud.it" & @CRLF & _ "This subdomain is used to store static content for the www.marionnaud.it e-commerce website." & @CRLF & _ "media.superdrug.com" & @CRLF & _ "This subdomain is used to store static content for the www.superdrug.com e-commerce website" & @CRLF & _ "media.theperfumeshop.com" & @CRLF & _ "This subdomain is used to store static content for the www.theperfumeshop.com e-commerce website" & @CRLF & _ "medias.fortress.com.hk" & @CRLF & _ "This subdomain is used to store static content for the www.fortress.com.hk e-commerce website." & @CRLF & _ "medias.pns.hk" & @CRLF & _ "This subdomain is used to store static content for the www.pns.hk e-commerce website." & @CRLF & _ "medias.watsons.co.id" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.co.id e-commerce website." & @CRLF & _ "medias.watsons.co.th" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.co.th e-commerce website." & @CRLF & _ "medias.watsons.com.hk" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.com.hk e-commerce website." & @CRLF & _ "medias.watsons.com.my" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.com.my e-commerce website." & @CRLF & _ "medias.watsons.com.ph" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.com.ph e-commerce website." & @CRLF & _ "medias.watsons.com.sg" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.com.sg e-commerce website." & @CRLF & _ "medias.watsons.com.tw" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.com.tw e-commerce website." & @CRLF & _ "medias.watsons.vn" & @CRLF & _ "This subdomain is used to store static content for the www.watsons.vn e-commerce website." & @CRLF & _ "www.drogas.lt" & @CRLF & _ "This is our Lithuanian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.drogas.lv" & @CRLF & _ "This is our Latvian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.fortress.com.hk" & @CRLF & _ "Fortress is one of our leading e-commerce websites in Hong Kong and Macau." & @CRLF & _ "Customers could shop for electrical appliances after paying their electricity bills. If you are testing functionalities that require you to be authenticated," & @CRLF & _ "please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.iciparisxl.be" & @CRLF & _ "This is our Belgium online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "This website is similar to other websites (Such as Superdrug and Kruidvat). Please keep in mind that issues might be considered duplicates if it is reported on another website already." & @CRLF & _ "www.iciparisxl.lu" & @CRLF & _ "www.iciparisxl.nl" & @CRLF & _ "This is our Dutch online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.kruidvat.be" & @CRLF & _ "This is our Dutch online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "This website is similar to other websites (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already." & @CRLF & _ "www.kruidvat.nl" & @CRLF & _ "www.marionnaud.at" & @CRLF & _ "This is our online Austrian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.ch" & @CRLF & _ "This is our online Swiss perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.cz" & @CRLF & _ "This is our online Czech perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.fr" & @CRLF & _ "This is our online France perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.hu" & @CRLF & _ "This is our online Hungarian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.it" & @CRLF & _ "This is our online Italian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.ro" & @CRLF & _ "This is our online Romanian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.marionnaud.sk" & @CRLF & _ "This is our online Slovakian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.moneyback.com.hk" & @CRLF & _ "MoneyBack has turned shopping into fantastic rewards for families across Hong Kong. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.pns.hk" & @CRLF & _ "PNS is our leading e-commerce website for every day items in Hong Kong. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.superdrug.com" & @CRLF & _ "This is our online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.theperfumeshop.com" & @CRLF & _ "The Perfume Shop is one of our leading e-commerce perfumery websites. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.trekpleister.nl" & @CRLF & _ "www.watsons.co.id" & @CRLF & _ "This is our online retail platform for health and beauty products in Indonesia. " & @CRLF & _ "If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www.watsons.co.th" & @CRLF & _ "This is our online retail platform for health and beauty products in Thailand. " & @CRLF & _ "www.watsons.com.hk" & @CRLF & _ "This is our online retail platform for health and beauty products in Hong Kong. " & @CRLF & _ "www.watsons.com.my" & @CRLF & _ "This is our online retail platform for health and beauty products in Malaysia. " & @CRLF & _ "www.watsons.com.ph" & @CRLF & _ "This is our online retail platform for health and beauty products in the Philippines. " & @CRLF & _ "www.watsons.com.sg" & @CRLF & _ "This is our online retail platform for health and beauty products in Singapore. " & @CRLF & _ "www.watsons.com.tr" & @CRLF & _ "This is our Turkish online retail platform for health and beauty products. " & @CRLF & _ "www.watsons.com.tw" & @CRLF & _ "This is our online retail platform for health and beauty products in Taiwan. " & @CRLF & _ "www.watsons.vn" & @CRLF & _ "This is our online retail platform for health and beauty products in Vietnam. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address." & @CRLF & _ "www10.fortress.com.hk" & @CRLF & _ "This is the API server for the Fortress Mobile App" & @CRLF & _ "www10.pns.hk" & @CRLF & _ "This is the API server for the PNS Mobile App" & @CRLF & _ "www10.watsons.co.id" & @CRLF & _ "This is the API server for the Watsons Indonesia Mobile App" & @CRLF & _ "www10.watsons.co.th" & @CRLF & _ "This is the API server for the Watsons Thailand Mobile App" & @CRLF & _ "www10.watsons.com.hk" & @CRLF & _ "This is the API server for the Watsons Hong Kong Mobile App" & @CRLF & _ "www10.watsons.com.my" & @CRLF & _ "This is the API server for the Watsons Malaysia Mobile App" & @CRLF & _ "www10.watsons.com.ph" & @CRLF & _ "This is the API server for the Watsons Philippines Mobile App" & @CRLF & _ "www10.watsons.com.sg" & @CRLF & _ "This is the API server for the Watsons Singapore Mobile App" & @CRLF & _ "www10.watsons.com.tw" & @CRLF & _ "This is the API server for the Watsons Taiwan Mobile App" & @CRLF & _ "www10.watsons.vn" & @CRLF & _ "This is the API server of the Watsons Vietnam Mobile App" & @CRLF & _ "www20.watsons.co.th" & @CRLF & _ "*.tiktok.com" & @CRLF & _ "*.tiktokv.com" & @CRLF & _ "1235601864" & @CRLF & _ "[iOS Store Download](https://apps.apple.com/sg/app/tiktok-%E6%9C%89%E8%B6%A3%E7%9A%84%E4%BA%BA%E9%83%BD%E5%9C%A8%E9%80%99%E8%A3%A1/id1235601864)" & @CRLF & _ "1591003012" & @CRLF & _ "TikTok Shop Seller Center" & @CRLF & _ "[iOS Store Download][link]." & @CRLF & _ "[link]: https://apps.apple.com/my/app/tiktok-shop-seller-center/id1591003012" & @CRLF & _ "641062073" & @CRLF & _ "[link]: https://apps.apple.com/be/app/tiktok-now/id1641062073" & @CRLF & _ "835599320" & @CRLF & _ "[iOS Store Download](https://apps.apple.com/us/app/tiktok-make-your-day/id835599320)" & @CRLF & _ "academy-outbound-ads.tiktok.com" & @CRLF & _ "ads.tiktok.com" & @CRLF & _ "affiliate-id.tokopedia.com" & @CRLF & _ "business.tiktok.com" & @CRLF & _ "careers.tiktok.com" & @CRLF & _ "com.ss.android.ugc.now" & @CRLF & _ "[Play Store Download][link]." & @CRLF & _ "[link]: https://play.google.com/store/apps/details?id=com.ss.android.ugc.now" & @CRLF & _ "com.ss.android.ugc.trill" & @CRLF & _ "[Play Store Download](https://play.google.com/store/apps/details?id=com.ss.android.ugc.trill&hl=en_US)" & @CRLF & _ "com.tiktok.tv" & @CRLF & _ "TikTok TV app" & @CRLF & _ "com.tiktokshop.seller" & @CRLF & _ "[link]: https://play.google.com/store/apps/details?id=com.tiktokshop.seller&hl=en_US&gl=US" & @CRLF & _ "com.zhiliao.musically.livewallpaper" & @CRLF & _ "com.zhiliaoapp.musically" & @CRLF & _ "[Play Store Download](https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US)" & @CRLF & _ "creatormarketplace.tiktok.com" & @CRLF & _ "developers.tiktok.com" & @CRLF & _ "effecthouse.tiktok.com" & @CRLF & _ "fp-sg.tiktokv.com" & @CRLF & _ "live-backstage.tiktok.com" & @CRLF & _ "partner.tiktokshop.com" & @CRLF & _ "pay.tokopediax.com" & @CRLF & _ "seller-id.tokopedia.com" & @CRLF & _ "shop-id.tokopedia.com" & @CRLF & _ "shop.tiktok.com" & @CRLF & _ "TikTok Shop" & @CRLF & _ "tiktok.com" & @CRLF & _ "www.pangleglobal.com" & @CRLF & _ "1180074773" & @CRLF & _ "https://apps.apple.com/us/app/miro-collaborative-whiteboard/id1180074773" & @CRLF & _ "9n236hqqtvnh" & @CRLF & _ "https://www.microsoft.com/en-us/p/miro-online-collaborative-whiteboard-platform/9n236hqqtvnh" & @CRLF & _ "Innovation Workspace" & @CRLF & _ "Intelligent Canvas" & @CRLF & _ "MacOS Desktop Application" & @CRLF & _ "https://desktop.miro.com/platforms/darwin/Miro.dmg" & @CRLF & _ "Miro SDK" & @CRLF & _ "Miro SDK methods are listed in the documentation: https://developers.miro.com/docs/the-windowmiro-object" & @CRLF & _ "Tier1" & @CRLF & _ "Tier2" & @CRLF & _ "Windows Desktop Application" & @CRLF & _ "x32 - https://desktop.miro.com/platforms/win32-x86/Miro.exe" & @CRLF & _ "x64 - https://desktop.miro.com/platforms/win32/Miro.exe" & @CRLF & _ "api.miro.com" & @CRLF & _ "Miro REST API methods are listed in the documentation: https://developers.miro.com/reference" & @CRLF & _ "com.realtimeboard" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.realtimeboard" & @CRLF & _ "http://miro.com/app" & @CRLF & _ "Miro application." & @CRLF & _ "http://miro.com/blog" & @CRLF & _ "Miro blog." & @CRLF & _ "https://marketplace.atlassian.com/apps/1215456/miro-for-jira-cloud?hosting=cloud" & @CRLF & _ "Miro for Jira Cloud." & @CRLF & _ "Plugin for attaching Miro boards to Jira issues. Documentation: https://help.miro.com/hc/en-us/articles/360017572414-Jira-Add-on" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217530/miro-for-confluence?hosting=cloud" & @CRLF & _ "Miro for Confluence." & @CRLF & _ "Plugin for embedding Miro boards into Confluence pages. Documentation: https://help.miro.com/hc/en-us/articles/360020712594-Confluence-Cloud-Plugin" & @CRLF & _ "https://marketplace.atlassian.com/apps/1219583/jira-cards-by-miro?hosting=cloud" & @CRLF & _ "Jira Cards by Miro." & @CRLF & _ "Plugin for embedding Jira issues to Miro boards. Documentation: https://help.miro.com/hc/en-us/articles/360017572434-Jira-Cards" & @CRLF & _ "miro.com" & @CRLF & _ "Miro website." & @CRLF & _ "Does not include paths like https://miro.com/app (application), https://miro.com/blog (blog) and so on." & @CRLF & _ "*.1debit.com" & @CRLF & _ "*.chime.com" & @CRLF & _ "*.chimebank.com" & @CRLF & _ "*.chimecard.com" & @CRLF & _ "*.chimepayments.com" & @CRLF & _ "*.chmfin.com" & @CRLF & _ "*.saltlabs.com" & @CRLF & _ "Chime Android App (Beta)" & @CRLF & _ "https://app.bitrise.io/app/5bec038cb1e318cd/build/e071d2ed-1b34-41d7-88ac-78d683fce9c7/artifact/4edf32abe1b497ea/p/2f6cacc3a3ca02df5fc194248bfb15b7" & @CRLF & _ "Chime IOS App (Beta)" & @CRLF & _ "https://app.bitrise.io/app/5bec038cb1e318cd/build/0e56ea84-4683-4ef6-8d3e-60eb0a012c25/artifact/cf0e6abc6528df88/p/85802412acd014f154decf14e4bb8c57" & @CRLF & _ "PayFriends/PayAnyone Features" & @CRLF & _ "Pay Friends is a fast and safe way to send money to any of your friends and family through the existing Chime app at the bottom of the app screen." & @CRLF & _ "We are open to all findings that show impact but encourage researchers to test for any transactions inconsistencies such as: " & @CRLF & _ "- A person sent the money but the money stayed in their account" & @CRLF & _ "- A person sent the money but the recipient didn't receive it and they money was actually moved from the initial account" & @CRLF & _ "- Receive or less money more than is sent" & @CRLF & _ "For more details on this feature please refer to the documents below:" & @CRLF & _ "Testing instructions: " & @CRLF & _ "https://docs.google.com/document/d/1ZU-Hhde5YGBM_72SPqviQHyHid5sNtvDg41Vhkwr-dw/" & @CRLF & _ "Example API Endpoints and Queries: " & @CRLF & _ "https://docs.google.com/document/d/1G6ef-lc17jLS0Fsa03ptC9Kp__gUmzqd1CALEgiVUHg/edit?usp=sharing " & @CRLF & _ "app.chime.com" & @CRLF & _ "app.saltlabs.com" & @CRLF & _ "app.staging.saltlabs.com" & @CRLF & _ "com.1debit.ChimeProdApp" & @CRLF & _ "Production Environment iOS Chime App:" & @CRLF & _ "https://apps.apple.com/us/app/chime-mobile-banking/id836215269" & @CRLF & _ "com.onedebit.chime" & @CRLF & _ "Production Environment Android Chime App:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.onedebit.chime" & @CRLF & _ "com.saltlabs.app" & @CRLF & _ "http://member-qa.chime.com/enroll/#/account" & @CRLF & _ "http://member-qa.chime.com/users/sign_in" & @CRLF & _ "https://app.chime.com/" & @CRLF & _ "id1668462142" & @CRLF & _ "saltlabs.com" & @CRLF & _ "wp-ci.chime.com" & @CRLF & _ "wp-dev1.chime.com" & @CRLF & _ "wp-dev2.chime.com" & @CRLF & _ "wp-dev3.chime.com" & @CRLF & _ "wp-dev4.chime.com" & @CRLF & _ "wp-dev5.chime.com" & @CRLF & _ "wp-integ.chime.com" & @CRLF & _ "wp-qa.chime.com" & @CRLF & _ "www.chime.com" & @CRLF & _ "LaunchDarkly Open Source SDKs" & @CRLF & _ "Our SDKs are open source and are available on Github (e.g. [React client SDK](https://github.com/launchdarkly/react-client-sdk)). We encourage researchers to dig into the open source code if interested. However, we will **not** be accepting the following types of findings: " & @CRLF & _ "- Findings related to non-SDK repositories (i.e., repos not ending in `-sdk`)" & @CRLF & _ "- Vulnerability/dependency scan results of our source code. Please try and dig into our source code more deeply than just reporting a scan result that we may already be aware of." & @CRLF & _ "app.launchdarkly.com" & @CRLF & _ "docs.launchdarkly.com" & @CRLF & _ "events.launchdarkly.com" & @CRLF & _ "stream.launchdarkly.com" & @CRLF & _ " https://github.com/0xPolygon/proof-generation-api" & @CRLF & _ "api-gateway.polygon.technology" & @CRLF & _ "api-polygon-tokens.polygon.technology/" & @CRLF & _ "balance-api.polygon.technology/" & @CRLF & _ "ecosystem-api.polygon.technology" & @CRLF & _ "ecosystem.polygon.technology" & @CRLF & _ "faucet-api.polygon.technology/" & @CRLF & _ "faucet.polygon.technology" & @CRLF & _ "gasstation.polygon.technology/" & @CRLF & _ "https://github.com/0xPolygon/auto-claim-service" & @CRLF & _ "https://github.com/0xPolygon/chain-indexer-framework " & @CRLF & _ "https://github.com/0xPolygon/lxly.js" & @CRLF & _ "https://github.com/0xPolygon/static" & @CRLF & _ "https://github.com/maticnetwork/bor" & @CRLF & _ "#Bor" & @CRLF & _ "The Bor node or the Block Producer implementation is basically the sidechain operator. The sidechain VM is EVM-compatible. " & @CRLF & _ "https://github.com/maticnetwork/heimdall" & @CRLF & _ "#Heimdall " & @CRLF & _ "This github repository contains the source code for one of the core components of Matic. Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic and other essential aspects of the system." & @CRLF & _ "https://github.com/maticnetwork/matic-cli " & @CRLF & _ "portal.polygon.technology" & @CRLF & _ "Here are just some of things you will be able to to do with Polygon Portal: " & @CRLF & _ "Bridge your assets via Socket bridge and a range of third-party bridges; " & @CRLF & _ "Manage your assets and token lists; " & @CRLF & _ "Use the Refuel Gas feature to purchase MATIC or ETH for gas on the destination chain;" & @CRLF & _ "Leverage developer tools to help you build your dream dApp;" & @CRLF & _ "Swap assets easily with third-party DEXs." & @CRLF & _ "staking-api.polygon.technology" & @CRLF & _ "staking.polygon.technology" & @CRLF & _ "https://github.com/skalenetwork/libBLS" & @CRLF & _ "https://github.com/skalenetwork/sgxwallet" & @CRLF & _ "https://github.com/skalenetwork/skale-consensus" & @CRLF & _ "https://github.com/skalenetwork/skale-manager/tree/develop/contracts" & @CRLF & _ "Figma Atlassian App" & @CRLF & _ "https://marketplace.atlassian.com/apps/1217865/figma-for-jira " & @CRLF & _ "Unauthorized access via this app or the APIs that this app uses is also in scope. " & @CRLF & _ "Figma Desktop App" & @CRLF & _ "Figma Slack App" & @CRLF & _ "https://figma.slack.com/apps/A01N2QYSA81-figma-and-figjam?tab=more_info" & @CRLF & _ "Figma for Microsoft Teams" & @CRLF & _ "https://appsource.microsoft.com/en-us/product/office/wa200004521?tab=overview" & @CRLF & _ "Figma iOS and Android apps" & @CRLF & _ "api.figma.com" & @CRLF & _ "www.figma.com" & @CRLF & _ "We are primarily looking for high/critical vulnerabilities in the system." & @CRLF & _ "*.amazon.ae" & @CRLF & _ "*.amazon.ca" & @CRLF & _ "*.amazon.cl" & @CRLF & _ "*.amazon.cn" & @CRLF & _ "*.amazon.co.jp" & @CRLF & _ "*.amazon.co.uk" & @CRLF & _ "*.amazon.co.za" & @CRLF & _ "*.amazon.com" & @CRLF & _ "*.amazon.com.au" & @CRLF & _ "*.amazon.com.be" & @CRLF & _ "*.amazon.com.br" & @CRLF & _ "*.amazon.com.co" & @CRLF & _ "*.amazon.com.mx" & @CRLF & _ "*.amazon.com.ng" & @CRLF & _ "*.amazon.com.tr" & @CRLF & _ "*.amazon.de" & @CRLF & _ "*.amazon.eg" & @CRLF & _ "*.amazon.es" & @CRLF & _ "*.amazon.fr" & @CRLF & _ "*.amazon.in" & @CRLF & _ "*.amazon.it" & @CRLF & _ "*.amazon.nl" & @CRLF & _ "*.amazon.pl" & @CRLF & _ "*.amazon.sa" & @CRLF & _ "*.amazon.se" & @CRLF & _ "*.amazon.sg" & @CRLF & _ "1057338687" & @CRLF & _ "PN Seller https://apps.apple.com/us/app/pn-seller/id1057338687" & @CRLF & _ "1265170914" & @CRLF & _ "Amazon Live Creator https://apps.apple.com/us/app/amazon-live-creator/id1265170914" & @CRLF & _ "1276296103" & @CRLF & _ "Amazon Relay" & @CRLF & _ "https://apps.apple.com/us/app/itunes-store/1276296103" & @CRLF & _ "1454725763" & @CRLF & _ "Amazon Flex" & @CRLF & _ "https://apps.apple.com/us/app/itunes-store/1454725763" & @CRLF & _ "1475021574" & @CRLF & _ "Amazon Music for Artists" & @CRLF & _ "https://apps.apple.com/us/app/amazon-music-for-artists/id1475021574" & @CRLF & _ "1478350915" & @CRLF & _ "Amazon Shopping (IN)" & @CRLF & _ "https://apps.apple.com/in/app/amazon-india-shop-pay-minitv/id1478350915" & @CRLF & _ "1494755014" & @CRLF & _ "Amazon Shopper Panel https://apps.apple.com/us/app/amazon-shopper-panel/id1494755014" & @CRLF & _ "1498197033" & @CRLF & _ "Amazon Business https://apps.apple.com/us/app/amazon-business-b2b-shopping/id1498197033" & @CRLF & _ "1532153219" & @CRLF & _ "Amazon Freevee" & @CRLF & _ "https://apps.apple.com/us/app/amazon-freevee-movies-live-tv/id1532153219" & @CRLF & _ "1552455423" & @CRLF & _ "Amazon Astro" & @CRLF & _ "https://apps.apple.com/us/app/amazon-astro/id1552455423" & @CRLF & _ "1579372261" & @CRLF & _ "Amazon Business (IN)" & @CRLF & _ "https://apps.apple.com/in/app/amazon-business-india-b2b/id1579372261" & @CRLF & _ "1592204907" & @CRLF & _ "Amazon Sidewalk Bridge Pro https://apps.apple.com/us/app/amazon-sidewalk-bridge-pro/id1592204907" & @CRLF & _ "1659883691" & @CRLF & _ "Vendor Central (IN) https://apps.apple.com/in/app/vendor-central-india/id1659883691" & @CRLF & _ "297606951" & @CRLF & _ "https://apps.apple.com/us/app/amazon-shopping/id297606951" & @CRLF & _ "335187483" & @CRLF & _ "Amazon Shopping (UK) https://apps.apple.com/gb/app/amazon/id335187483" & @CRLF & _ "342576766" & @CRLF & _ "Amazon Shopping (CN) https://apps.apple.com/cn/app/%E4%BA%9A%E9%A9%AC%E9%80%8A%E8%B4%AD%E7%89%A9/id342576766" & @CRLF & _ "348712880" & @CRLF & _ "Amazon Shopping (DE) https://apps.apple.com/de/app/amazon/id348712880" & @CRLF & _ "358861688" & @CRLF & _ "Amazon Shopping (FR) https://apps.apple.com/fr/app/amazon-fr/id358861688" & @CRLF & _ "374254473" & @CRLF & _ "Amazon Shopping (JP) https://apps.apple.com/jp/app/amazon-%E3%82%B7%E3%83%A7%E3%83%83%E3%83%94%E3%83%B3%E3%82%B0%E3%82%A2%E3%83%97%E3%83%AA/id374254473" & @CRLF & _ "510855668" & @CRLF & _ "Amazon Music https://apps.apple.com/us/app/amazon-music-songs-podcasts/id510855668" & @CRLF & _ "545519333" & @CRLF & _ "Amazon Prime Video https://apps.apple.com/us/app/amazon-prime-video/id545519333" & @CRLF & _ "6444868926" & @CRLF & _ "Amazon Vendor https://apps.apple.com/us/app/amazon-vendor/id6444868926" & @CRLF & _ "6452192521" & @CRLF & _ "Amazon One https://apps.apple.com/us/app/amazon-one/id6452192521" & @CRLF & _ "6471528064" & @CRLF & _ "Amazon Kids + Parents Dashbaord" & @CRLF & _ "https://apps.apple.com/us/app/amazon-kids-parent-dashboard/id6471528064" & @CRLF & _ "794141485" & @CRLF & _ "Amazon Seller" & @CRLF & _ "https://apps.apple.com/us/app/itunes-store/794141485" & @CRLF & _ "988788863" & @CRLF & _ "Selling Services on Amazon https://apps.apple.com/us/app/selling-services-on-amazon/id988788863" & @CRLF & _ "GenAI Apps under *.amazon.*" & @CRLF & _ "This is a catchall for any GenAI applications found under \*.amazon.\*. Rufus is an example of this." & @CRLF & _ "amazon.speech.sim" & @CRLF & _ "Amazon Alexa - Show Mode for L" & @CRLF & _ "https://play.google.com/store/apps/details?id=amazon.speech.sim" & @CRLF & _ "amazonpayinsurance.in" & @CRLF & _ "com.amazon.amazonone.androidapp" & @CRLF & _ "Amazon One" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.amazonone.androidapp" & @CRLF & _ "com.amazon.amazonvideo.livingroom" & @CRLF & _ "Amazon Prime Video (TV) - Android TV https://play.google.com/store/apps/details?id=com.amazon.amazonvideo.livingroom" & @CRLF & _ "**Android TV**: follow the documentation [here](https://developer.android.com/training/tv/get-started/create#run-on-a-virtual-device) to create an Android TV virtual device. The “Android 14.0 (Google TV)” image includes the Play Store and can be used to install and run the in-scope apps." & @CRLF & _ "com.amazon.astro" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.astro" & @CRLF & _ "com.amazon.avod.thirdpartyclient" & @CRLF & _ "Amazon Prime Video" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.avod.thirdpartyclient" & @CRLF & _ "com.amazon.flex.rabbit" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.flex.rabbit" & @CRLF & _ "com.amazon.helix.prod" & @CRLF & _ "Amazon Hub Counter" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.helix.prod" & @CRLF & _ "com.amazon.imdb.tv.mobile.app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.imdb.tv.mobile.app" & @CRLF & _ "com.amazon.kisan.app" & @CRLF & _ "Amazon Kisan" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.kisan.app" & @CRLF & _ "com.amazon.mShop.android.business.shopping" & @CRLF & _ "Amazon Business" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.mShop.android.business.shopping" & @CRLF & _ "com.amazon.mShop.android.shopping" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.mShop.android.shopping" & @CRLF & _ "com.amazon.minitv.android.app" & @CRLF & _ "Amazon miniTV" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.minitv.android.app" & @CRLF & _ "com.amazon.mp3" & @CRLF & _ "Amazon Music" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.mp3" & @CRLF & _ "Amazon Music (Watch) is also in scope" & @CRLF & _ "**wearOS**: follow the documentation [here](https://developer.android.com/training/wearables/get-started/creating#run-emulator) to create a wearOS virtual device. The “Android 14.0 (Wear OS 5)” image includes the Play Store and can be used to install and run the in-scope apps. The documentation [here](https://developer.android.com/training/wearables/get-started/connect-phone) explains how to pair a physical/virtual phone to the virtual wearOS device to complete setup." & @CRLF & _ "com.amazon.mp3.automotiveOS" & @CRLF & _ "Amazon Music - Automotive" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.mp3.automotiveOS" & @CRLF & _ "**Android Automotive (AAOS)**: follow the documentation [here](https://developer.android.com/training/cars/testing/emulator) to create an AAOS virtual device. The “Android 14.0 (Automotive)” image includes the Play Store and can be used to install and run the in-scope apps." & @CRLF & _ "com.amazon.music.tv" & @CRLF & _ "Amazon Music TV" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.music.tv" & @CRLF & _ "com.amazon.primenow.seller.android" & @CRLF & _ "PN Seller https://play.google.com/store/apps/details?id=com.amazon.primenow.seller.android" & @CRLF & _ "com.amazon.relay" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.relay" & @CRLF & _ "com.amazon.sellerflexmobile" & @CRLF & _ "Amazon Seller Flex App https://play.google.com/store/apps/details?id=com.amazon.sellerflexmobile" & @CRLF & _ "com.amazon.sellermobile.android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.sellermobile.android" & @CRLF & _ "com.amazon.sft.rangoli.seller.app" & @CRLF & _ "SmartBiz by Amazon Web Builder" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.sft.rangoli.seller.app" & @CRLF & _ "com.amazon.shopperpanel.android.mobile.app" & @CRLF & _ "Amazon Shopper Panel https://play.google.com/store/apps/details?id=com.amazon.shopperpanel.android.mobile.app" & @CRLF & _ "com.amazon.tahoe.grownups" & @CRLF & _ "Amazon Kids + Parent Dashboard" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.tahoe.grownups" & @CRLF & _ "com.amazon.technician.android" & @CRLF & _ "Selling Services on Amazon https://play.google.com/store/apps/details?id=com.amazon.technician.android" & @CRLF & _ "com.amazon.vendormobile.android" & @CRLF & _ "Amazon Vendor https://play.google.com/store/apps/details?id=com.amazon.vendormobile.android" & @CRLF & _ "com.amazon.vendormobile.india.android" & @CRLF & _ "Vendor Central (IN) https://play.google.com/store/apps/details?id=com.amazon.vendormobile.india.android" & @CRLF & _ "com.amazon.warhol.android" & @CRLF & _ "Amazon Live Creator" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.warhol.android" & @CRLF & _ "com.amazon.ziggy.android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.amazon.ziggy.android" & @CRLF & _ "com.imdbtv.livingroom" & @CRLF & _ "Amazon Freevee (TV) https://play.google.com/store/apps/details?id=com.imdbtv.livingroom" & @CRLF & _ "com.localqueen" & @CRLF & _ "GlowRoad: Resell & Earn Online" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.localqueen" & @CRLF & _ "https://www.amazonpay.in/*" & @CRLF & _ "in.amazon.mShop.android.business.shopping" & @CRLF & _ "https://play.google.com/store/apps/details?id=in.amazon.mShop.android.business.shopping" & @CRLF & _ "in.amazon.mShop.android.shopping" & @CRLF & _ "https://play.google.com/store/apps/details?id=in.amazon.mShop.android.shopping&hl=en_US" & @CRLF & _ "primevideo.com/*" & @CRLF & _ "www.amazon.*" & @CRLF & _ "All international retail marketplaces" & @CRLF & _ "* Brazil: www.amazon.com.br" & @CRLF & _ "* Canada: www.amazon.ca" & @CRLF & _ "* Mexico: www.amazon.com.mx" & @CRLF & _ "* United States: www.amazon.com" & @CRLF & _ "* China: www.amazon.cn" & @CRLF & _ "* India: www.amazon.in" & @CRLF & _ "* Japan: www.amazon.co.jp" & @CRLF & _ "* Singapore: www.amazon.sg" & @CRLF & _ "* Turkey: www.amazon.com.tr" & @CRLF & _ "* United Arab Emirates: www.amazon.ae" & @CRLF & _ "* France: www.amazon.fr" & @CRLF & _ "* Germany: www.amazon.de" & @CRLF & _ "* Italy: www.amazon.it" & @CRLF & _ "* Netherlands: www.amazon.nl" & @CRLF & _ "* Spain: www.amazon.es" & @CRLF & _ "* Sweden: www.amazon.se" & @CRLF & _ "* United Kingdom: www.amazon.co.uk" & @CRLF & _ "* Australia: www.amazon.com.au" & @CRLF & _ "3d.cs.money" & @CRLF & _ "[3d.cs.money](https://3d.cs.money/) is a skin model generator." & @CRLF & _ "## What to look for:" & @CRLF & _ "* Vulnerabilities related to user privacy violations" & @CRLF & _ "* Vulnerabilities directly affecting `cs.money`" & @CRLF & _ "blog.cs.money" & @CRLF & _ "By visiting this domain you will be redirected to our blog at [cs.money/blog/](https://cs.money/blog/). This is a web application built on Wordpress. " & @CRLF & _ "Mainly, we're looking for vulnerabilities that can affect `cs.money`, our primary web application." & @CRLF & _ "cs.money" & @CRLF & _ "[cs.money](https://cs.money/) is our primary web application where users can trade, sell and buy in-game items." & @CRLF & _ "* Besides the described scope on our policy tab, please pay attention to anything else that can affect user experience, security and privacy." & @CRLF & _ "support.cs.money" & @CRLF & _ "This is our [web client](https://support.cs.money/) for providing technical support." & @CRLF & _ "* Direct access to the client, authentication bypass" & @CRLF & _ "* Vulnerabilities, directly affecting `cs.money`" & @CRLF & _ "#Important information" & @CRLF & _ "If you are to test anything related to typing in the support chat, please send the following message before that." & @CRLF & _ "```" & @CRLF & _ "Hello. I'm a pentester from HackerOne. I'm going to test something in support chat. Your developers are aware of that." & @CRLF & _ "wiki.cs.money" & @CRLF & _ "[wiki.cs.money](https://wiki.cs.money/) contains detailed description and characteristics of all CS2 skins as well as a unique 3D viewing system." & @CRLF & _ "H5G" & @CRLF & _ "We are introducing a new testing scope for our Hosting Infrastructure tailored for WordPress websites." & @CRLF & _ "builder.hostinger.com" & @CRLF & _ "cpanel.hostinger.com" & @CRLF & _ "This is Hostinger's customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, windows_vps, logibox email, gsuite, cloudflare, marketgoo, flockmail. Servers and databases under this domain contain confidential and client data." & @CRLF & _ "hpanel.hostinger.com" & @CRLF & _ "payments.hostinger.com" & @CRLF & _ "This is Hostinger's payment microservice gateway. Assets under this domain stores only depersonalized data, however, it is important to us that unverified operations wouldn't occur and integrity of the records wouldn't be affected by an unauthorized individuals." & @CRLF & _ "www.hostinger.com" & @CRLF & _ "This is Hostinger's main web application meant for service presentation and client account registration. No confidential information or client data is stored on these systems. However, gaining access to these assets might help attacker to access confidential information on other servers." & @CRLF & _ "*.romwe.com" & @CRLF & _ "*.romwe. [com | co.in ]" & @CRLF & _ ".romwe.org" & @CRLF & _ "1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (ie: .com, .co.in and .org), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.**" & @CRLF & _ "2. Please read the "Important guidelines regarding cross-host vulnerabilities" section of the policy page as the guidelines apply for this asset." & @CRLF & _ "*.shein.com" & @CRLF & _ "*.shein.[com | in | tw | se | com.hk | com.vn | com.mx | co.uk ]" & @CRLF & _ "1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (example: .com, .in, .tw etc), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.**" & @CRLF & _ "*.sheingsp.com" & @CRLF & _ "1080248000" & @CRLF & _ "[ROMWE - Fashion Store](https://apps.apple.com/app/romwe-fashion-store/id1080248000) on the Apple App Store " & @CRLF & _ "878577184" & @CRLF & _ "[SHEIN-Fashion Shopping Online](https://apps.apple.com/app/shein-fashion-shopping-online/id878577184) on the Apple App Store " & @CRLF & _ "com.romwe" & @CRLF & _ "[ROMWE](https://play.google.com/store/apps/details?id=com.romwe) on the Google Play Store" & @CRLF & _ "com.zzkko" & @CRLF & _ "[SHEIN-Fashion Shopping Online](https://play.google.com/store/apps/details?id=com.zzkko) on the Google Play Store" & @CRLF & _ "api.faraday.ai" & @CRLF & _ "app.faraday.ai" & @CRLF & _ "s3://faraday-secret" & @CRLF & _ "s3://faraday-uploads" & @CRLF & _ "*.api.playstation.com" & @CRLF & _ "*.playstation.net" & @CRLF & _ "*.sonyentertainmentnetwork.com" & @CRLF & _ "410896080" & @CRLF & _ "iOS PlayStation App" & @CRLF & _ "https://apps.apple.com/app/apple-store/id410896080?pt=104940801&ct=pdcexploreapp&mt=8" & @CRLF & _ "PlayStation 4" & @CRLF & _ "Console system and operating system" & @CRLF & _ "PlayStation 5" & @CRLF & _ "PlayStation Network" & @CRLF & _ "See in scope assets above - domains/subdomains not listed are out of scope" & @CRLF & _ "api.direct.playstation.com" & @CRLF & _ "ca.account.sony.com" & @CRLF & _ "com.scee.psxandroid" & @CRLF & _ "Android PlayStation App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.scee.psxandroid&utm_source=pdcexploreapp" & @CRLF & _ "direct.playstation.com" & @CRLF & _ "my.account.sony.com" & @CRLF & _ "my.playstation.com" & @CRLF & _ "social.playstation.com" & @CRLF & _ "store.playstation.com" & @CRLF & _ "transact.playstation.com" & @CRLF & _ "wallets.api.playstation.com" & @CRLF & _ "*-asia-south1.truecaller.com" & @CRLF & _ "*-eu.truecaller.com" & @CRLF & _ "*-noneu.truecaller.com" & @CRLF & _ "448142450" & @CRLF & _ "iOS Application ID" & @CRLF & _ "business-resources.truecaller.com" & @CRLF & _ "business.truecaller.com" & @CRLF & _ "com.truecaller" & @CRLF & _ "web.truecaller.com" & @CRLF & _ "www.truecaller.com" & @CRLF & _ "281796108" & @CRLF & _ "406056744" & @CRLF & _ "MacOS" & @CRLF & _ "9wzdncrfj3mb" & @CRLF & _ "accounts.evernote.com" & @CRLF & _ "api.evernote.com" & @CRLF & _ "api.evernote.com is the API gateway into Evernote's microservice infrastructure. The microservice infrastructure is managed by Istio and is provisioned by Google Kubernetes Engine (GKE). Traffic is HTTP or gRPC, depending on the service being interacted with." & @CRLF & _ "com.evernote" & @CRLF & _ "www.evernote.com" & @CRLF & _ "www.evernote.com serves the main Evernote web app. It also exposes several HTTP and Thrift endpoints that the Evernote mobile/desktop apps use to communicate with the service. Almost all endpoints on the www. domain are routed by HAProxy to an array of Java based Tomcat/Struts shards." & @CRLF & _ "https://filezilla-project.org/download.php?type=server&show_all=1" & @CRLF & _ "https://svn.filezilla-project.org/svn/FileZilla3/trunk/" & @CRLF & _ "https://svn.filezilla-project.org/svn/filezilla3/trunk/src/putty" & @CRLF & _ "The code in this directory is based on PuTTY. Only vulnerabilities specific to changes made in FileZilla compared to upstream are eligible for a bounty." & @CRLF & _ "https://svn.filezilla-project.org/svn/libfilezilla/trunk" & @CRLF & _ "https://svn.filezilla-project.org/svn/libfilezilla/trunk/" & @CRLF & _ "Mackeeper app" & @CRLF & _ "Please use the last updated version available on our site https://mackeeper.com" & @CRLF & _ "Currently we accept only the reports on version 6.1.1 or higher." & @CRLF & _ "For short period of time, we will still accept High and Critical vulnerability reports for older versions of Mackeeper (5.12 and higher)" & @CRLF & _ "account.mackeeper.com" & @CRLF & _ "adblocking.clario.co" & @CRLF & _ "api-ne.mackeeper.com" & @CRLF & _ "api.account.clario.co" & @CRLF & _ "chat-crm.clario.co" & @CRLF & _ "chat.clario.co" & @CRLF & _ "clario.co" & @CRLF & _ "crm.clario.co" & @CRLF & _ "dcs.clario.co" & @CRLF & _ "dl.clario.co" & @CRLF & _ "event.clario.co" & @CRLF & _ "inapp.clario.co" & @CRLF & _ "kbill.mackeeper.com" & @CRLF & _ "mackeeper.com" & @CRLF & _ "mkapi.mackeeper.com" & @CRLF & _ "static-cdn.clario.co" & @CRLF & _ "updater.clario.co" & @CRLF & _ "updatetracker.clario.co" & @CRLF & _ "webapi.clario.co" & @CRLF & _ "yapi.clario.co" & @CRLF & _ "*.a.exodus.io" & @CRLF & _ "Everything underneath the `*-s.a.exodus.io` is generally considered our staging environment and is okay/safe for performing simple/basic attack vectors against our wallet and our backends. Add `-s` to any asset/service name to hit our staging environment, for example bitcoin-s.a.exodus.io." & @CRLF & _ "**KNOWN ISSUES**" & @CRLF & _ "1. Please do not re-submit reports disclosing XSS attacks on outdated openapi/swaggerhub version embedded in the various open source blockchain APIs that we host. This is a known issue, posting here for clarity to prevent wasted cycles on your end and ours." & @CRLF & _ "1. API keys that are hardcoded in our wallet involving 3rd party blockchain APIs (ex. bitcoin, tezos, waves etc) are similarly a known/non issue. These are effectively public APIs and no changes will be made to these endpoints." & @CRLF & _ "*.exodus.com" & @CRLF & _ "This is basically a marketing site while our product API is still pointing to `*.exodus.io`, Some of `exodus.io` subdomains should be redirected to `exodus.com` such as `www.exodus.io` --> `www.exodus.com` " & @CRLF & _ "*.exodus.io" & @CRLF & _ "Any domains or subdomains underneath exodus.io are considered our public "face" of our company, including our website, subdomains, download links, etc. Please review our policy for things that are considered in-scope and will result in bounties." & @CRLF & _ "Exodus Browser Extension" & @CRLF & _ "Install using: https://www.exodus.com/browser-extension/" & @CRLF & _ "Exodus Desktop Wallet" & @CRLF & _ "Desktop Download Link: [Exodus Crypto Wallet](https://exodus.io/download)" & @CRLF & _ "This is the official Exodus Crypto Wallet for the Desktop (Mac/Win/Linux) which itself stores and manages a user's cryptocurrency. This has much higher Environmental Score and potential attack vectors especially due to its desktop-computer nature." & @CRLF & _ "**NOTE:** Please make sure to read our Program Policy, as certain attack vectors are considered out of scope (eg: OS-related attacks)." & @CRLF & _ "Passkey Wallet" & @CRLF & _ "1. https://passkeys.foundation/playground" & @CRLF & _ "2. https://wallet.passkeys.foundation/" & @CRLF & _ "3. https://my.passkeys.network/" & @CRLF & _ "exodus-movement.exodus" & @CRLF & _ "App Store: [Exodus Crypto Wallet](https://apps.apple.com/us/app/exodus-crypto-wallet/id1414384820)" & @CRLF & _ "This is the official Exodus Crypto Wallet, which itself stores and manages a user's cryptocurrency. This has much higher Environmental Score and potential attack vectors." & @CRLF & _ "The most critical thing we want to help ensure is that our users are never vulnerable to getting their money/wallet stolen, and that users can always use their wallet to view/manage/exchange crypto." & @CRLF & _ "exodusmovement.exodus" & @CRLF & _ "Google Play Store: [Exodus Crypto Wallet](https://play.google.com/store/apps/details?id=exodusmovement.exodus&hl=en)" & @CRLF & _ "Tier 3" & @CRLF & _ "github.com/kubernetes-csi" & @CRLF & _ "Kubernetes CSI drivers & infrastructure. Not all repos are eligible for bounty." & @CRLF & _ "Eligible for bounty:" & @CRLF & _ "- github.com/kubernetes-csi/external-provisioner" & @CRLF & _ "- github.com/kubernetes-csi/external-snapshotter" & @CRLF & _ "- github.com/kubernetes-csi/node-driver-registrar" & @CRLF & _ "- github.com/kubernetes-csi/livenessprobe" & @CRLF & _ "- github.com/kubernetes-csi/csi-release-tools" & @CRLF & _ "- github.com/kubernetes-csi/csi-lib-utils" & @CRLF & _ "- github.com/kubernetes-csi/kubernetes-csi.github.io" & @CRLF & _ "- github.com/kubernetes-csi/docs" & @CRLF & _ "Ineligible:" & @CRLF & _ "- github.com/kubernetes-csi/driver-registrar (deprecated)" & @CRLF & _ "- github.com/kubernetes-csi/csi-test" & @CRLF & _ "- github.com/kubernetes-csi/drivers (example code)" & @CRLF & _ "- github.com/kubernetes-csi/cluster-driver-registrar (deprecated)" & @CRLF & _ "- github.com/kubernetes-csi/external-attacher (alpha)" & @CRLF & _ "- github.com/kubernetes-csi/external-resizer (alpha)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-host-path (not recommended for production)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-iscsi (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-nfs (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-image-populator (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-flex (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-driver-fibre-channel (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-lib-fc (not stable)" & @CRLF & _ "- github.com/kubernetes-csi/csi-lib-iscsi (not stable)" & @CRLF & _ "https://github.com/kubernetes-client" & @CRLF & _ "Kubernetes client libraries. The stable libraries are eligible for bounty, including:" & @CRLF & _ "- https://github.com/kubernetes-client/python" & @CRLF & _ "- https://github.com/kubernetes-client/java" & @CRLF & _ "Supporting libraries are also eligible:" & @CRLF & _ "- https://github.com/kubernetes-client/gen" & @CRLF & _ "- https://github.com/kubernetes-client/python-base" & @CRLF & _ "All other libraries are ineligible for bounty due to the alpha status or work in progress status." & @CRLF & _ "https://github.com/kubernetes-security" & @CRLF & _ "Unauthorized access (read or write) to any repositories under the kubernetes-security github organization is eligible." & @CRLF & _ "https://github.com/kubernetes/api" & @CRLF & _ "The canonical location of the Kubernetes API definition." & @CRLF & _ "https://github.com/kubernetes/apiextensions-apiserver" & @CRLF & _ "API server for API extensions like CustomResourceDefinitions" & @CRLF & _ "https://github.com/kubernetes/apimachinery" & @CRLF & _ "https://github.com/kubernetes/apiserver" & @CRLF & _ "Library for writing a Kubernetes-style API server." & @CRLF & _ "https://github.com/kubernetes/autoscaler" & @CRLF & _ "Autoscaling components for Kubernetes" & @CRLF & _ "https://github.com/kubernetes/cli-runtime" & @CRLF & _ "Set of helpers for creating kubectl commands and plugins." & @CRLF & _ "https://github.com/kubernetes/client-go" & @CRLF & _ "Go client for Kubernetes." & @CRLF & _ "https://github.com/kubernetes/cloud-provider" & @CRLF & _ "cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider." & @CRLF & _ "https://github.com/kubernetes/cluster-bootstrap" & @CRLF & _ "https://github.com/kubernetes/cluster-registry" & @CRLF & _ "Cluster Registry API" & @CRLF & _ "https://github.com/kubernetes/code-generator" & @CRLF & _ "Generators for kube-like API types" & @CRLF & _ "https://github.com/kubernetes/component-base" & @CRLF & _ "Shared code for kubernetes core components" & @CRLF & _ "https://github.com/kubernetes/cri-api" & @CRLF & _ "Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes." & @CRLF & _ "https://github.com/kubernetes/csi-api" & @CRLF & _ "https://github.com/kubernetes/csi-translation-lib" & @CRLF & _ "Staging repo for CSI Migration/Translation libraries" & @CRLF & _ "https://github.com/kubernetes/dashboard" & @CRLF & _ "General-purpose web UI for Kubernetes clusters" & @CRLF & _ "https://github.com/kubernetes/dns" & @CRLF & _ "Kubernetes DNS service" & @CRLF & _ "https://github.com/kubernetes/gengo" & @CRLF & _ "Gengo library for code generation." & @CRLF & _ "https://github.com/kubernetes/git-sync" & @CRLF & _ "A sidecar app which clones a git repo and keeps it in sync with the upstream." & @CRLF & _ "https://github.com/kubernetes/k8s.io" & @CRLF & _ "Kubernetes files for various *.k8s.io sites" & @CRLF & _ "https://github.com/kubernetes/klog" & @CRLF & _ "Forked from golang/glog" & @CRLF & _ "Leveled execution logs for Go (fork of https://github.com/golang/glog)" & @CRLF & _ "https://github.com/kubernetes/kompose" & @CRLF & _ "Go from Docker Compose to Kubernetes" & @CRLF & _ "https://github.com/kubernetes/kops" & @CRLF & _ "Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management" & @CRLF & _ "https://github.com/kubernetes/kube-aggregator" & @CRLF & _ "Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy" & @CRLF & _ "https://github.com/kubernetes/kube-controller-manager" & @CRLF & _ "kube-controller-manager component configs" & @CRLF & _ "https://github.com/kubernetes/kube-deploy" & @CRLF & _ "A place for cluster deployment automation" & @CRLF & _ "https://github.com/kubernetes/kube-openapi" & @CRLF & _ "Kubernetes OpenAPI spec generation & serving" & @CRLF & _ "https://github.com/kubernetes/kube-proxy" & @CRLF & _ "kube-proxy component configs" & @CRLF & _ "https://github.com/kubernetes/kube-scheduler" & @CRLF & _ "kube-scheduler component configs" & @CRLF & _ "https://github.com/kubernetes/kube-state-metrics" & @CRLF & _ "Add-on agent to generate and expose cluster-level metrics." & @CRLF & _ "https://github.com/kubernetes/kubeadm" & @CRLF & _ "Aggregator for issues filed against kubeadm" & @CRLF & _ "https://github.com/kubernetes/kubectl" & @CRLF & _ "Issue tracker and mirror of kubectl code" & @CRLF & _ "https://github.com/kubernetes/kubelet" & @CRLF & _ "kubelet component configs" & @CRLF & _ "https://github.com/kubernetes/kubernetes" & @CRLF & _ "Production-Grade Container Scheduling and Management" & @CRLF & _ "https://github.com/kubernetes/metrics" & @CRLF & _ "Kubernetes metrics-related API types and clients" & @CRLF & _ "https://github.com/kubernetes/minikube" & @CRLF & _ "Run Kubernetes locally" & @CRLF & _ "https://github.com/kubernetes/node-api" & @CRLF & _ "https://github.com/kubernetes/node-problem-detector" & @CRLF & _ "This is a place for various problem detectors running on the Kubernetes nodes." & @CRLF & _ "https://github.com/kubernetes/org" & @CRLF & _ "Meta configuration for Kubernetes Github Org" & @CRLF & _ "https://github.com/kubernetes/publishing-bot" & @CRLF & _ "Code behind the robot to publish from staging to real repositories." & @CRLF & _ "https://github.com/kubernetes/release" & @CRLF & _ "Release infrastructure for Kubernetes and related components" & @CRLF & _ "https://github.com/kubernetes/repo-infra" & @CRLF & _ "Kubernetes repository infrastucture tools" & @CRLF & _ "https://github.com/kubernetes/sig-release" & @CRLF & _ "Repo for SIG release" & @CRLF & _ "https://github.com/kubernetes/test-infra" & @CRLF & _ "Test infrastructure for the Kubernetes project." & @CRLF & _ "https://github.com/kubernetes/utils" & @CRLF & _ "Non-Kubernetes-specific utility libraries which are consumed by multiple projects." & @CRLF & _ "https://github.com/kubernetes/website" & @CRLF & _ "Kubernetes website and documentation repo:" & @CRLF & _ "https://storage.googleapis.com/kubernetes-release/" & @CRLF & _ "Kubernetes release artifacts download server." & @CRLF & _ "Write access or modification of assets are eligible for bounty. Please DO NOT modify production artifacts. If you need a test target, you can use a test artifact such as `addons/test/crinit/2017-11-17/crinit`" & @CRLF & _ "k8s.gcr.io" & @CRLF & _ "Our official container repository (an alias to gcr.io/google-containers)." & @CRLF & _ "The ability to write to or modify containers in the repository are in scope. Please DO NOT modify production containers. If you need a test target, please use a test image such as fakegitserver." & @CRLF & _ "k8s.io" & @CRLF & _ "Kubernetes nginx server." & @CRLF & _ "kubernetes-csi.github.io" & @CRLF & _ "Kubernetes CSI documentation site." & @CRLF & _ "kubernetes.io" & @CRLF & _ "Main kubernetes website, hosted by netlify." & @CRLF & _ "prow.k8s.io" & @CRLF & _ "Kubernetes build & test infrastructure." & @CRLF & _ "Please limit automated scanning to 1qps." & @CRLF & _ "1541949985" & @CRLF & _ "com.coinspot.app" & @CRLF & _ "www.coinspot.com.au" & @CRLF & _ "*.gocardless-cicd.io" & @CRLF & _ "Non-production environment for infrastructure services." & @CRLF & _ "*.gocardless-lab.io" & @CRLF & _ "Testing and experimentation environment for internal tools with no live data." & @CRLF & _ "*.gocardless-staging.io" & @CRLF & _ "Staging environment for GoCardless applications, APIs, and internal tools being developed or supported, may contain live data." & @CRLF & _ "*.gocardless.io,*.gocardless-banking.io" & @CRLF & _ "Internal infrastructure and tools (e.g., performance dashboards)." & @CRLF & _ "api-sandbox.gocardless.com" & @CRLF & _ "Sandbox version of the Merchant Dashboard API component - used to power the Merchant Dashboard (manage.gocardless) and to provide functionality for customers who wish to integrate their services with ours." & @CRLF & _ "auth0.gocardless.com" & @CRLF & _ "bankaccountdata.gocardless.com, ob.gocardless.com" & @CRLF & _ "!Note that this is a production instance, so you must avoid denial of service, data corruption, and any other destructive or disruptive actions. No automated scanning allowed - manual testing only!" & @CRLF & _ "This is our Bank Account Data dashboard application and Open Banking API endpoint meant for partners and developers who wish to integrate with our Open Banking APIs." & @CRLF & _ "connect-sandbox.gocardless.com" & @CRLF & _ "Sandbox version of the Merchant Dashboard OpenID authentication component." & @CRLF & _ "manage-sandbox.gocardless.com" & @CRLF & _ "Sandbox version of the Merchant Dashboard application. Includes user management for the GC4X application (xero.gocardless)." & @CRLF & _ "oauth-sandbox.gocardless.com" & @CRLF & _ "The authentication component for GoCardless for Xero (GC4X)." & @CRLF & _ "pay-sandbox.gocardless.com" & @CRLF & _ "Sandbox for the API used to process billing requests, related to the Merchant Dashboard application." & @CRLF & _ "www.gocardless.com" & @CRLF & _ "Our public-facing content, without authenticated access to sensitive information related to merchants or payers." & @CRLF & _ "194.90.151.192/28" & @CRLF & _ "Please do not bombard these sites while testing. Be gentle." & @CRLF & _ "194.90.25.80/29" & @CRLF & _ "Please be careful when testing these sites to not bombard them. Be gentle." & @CRLF & _ "194.90.89.165/32" & @CRLF & _ "212.143.112.81/29" & @CRLF & _ "Please be gentle when testing these sites. Do not bombard them." & @CRLF & _ "38.140.238.56/29" & @CRLF & _ "64.47.18.80/29" & @CRLF & _ "64.84.60.0/24" & @CRLF & _ "97.105.243.96/28" & @CRLF & _ "CounterAct 8.4" & @CRLF & _ "This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings!" & @CRLF & _ "a360f0bcc63ca11ea92550aeac091f3d-1101372245.us-east-1.elb.amazonaws.com" & @CRLF & _ "Please prioritize your testing for this device. Thank You." & @CRLF & _ "ab2b0c50cdc7b445391f99d4957850c5-cd4ccfdb37dfafad.elb.us-east-1.amazonaws.com" & @CRLF & _ "aebddc74953f248bc8455665b0f7d47b-78af959a11e5d0c1.elb.us-east-1.amazonaws.com" & @CRLF & _ "app.command.cysiv.com" & @CRLF & _ "app.iris.acceptance.forescoutcloud.net" & @CRLF & _ "app.iris.production.forescoutcloud.net" & @CRLF & _ "community.forescout.com" & @CRLF & _ "Community Support Login" & @CRLF & _ "cysiv.com" & @CRLF & _ "datapod-1-100-druid-ingest.development.forescoutcloud.net" & @CRLF & _ "*New Host Added on 3/12/2010" & @CRLF & _ "** Naming convention is datapod-[1-100]-druid-ingest.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-druid-ingest.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-druid-ingest.development.forescoutcloud.net" & @CRLF & _ "and so on." & @CRLF & _ "datapod-1-100-druid-ingest.testing.forescoutcloud.net" & @CRLF & _ "* Expanded Datapod Host Range to 100 nodes" & @CRLF & _ "datapod-1-100-druid-query.development.forescoutcloud.net" & @CRLF & _ "** Naming convention is datapod-[1-100]-druid-query.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-druid-query.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-druid-query.development.forescoutcloud.net" & @CRLF & _ "datapod-1-100-druid-query.production.forescoutcloud.net" & @CRLF & _ "datapod-1-100-druid-query.production.forescoutcloud.net is the range" & @CRLF & _ "ex. datapod-1-druid-query.production.forescoutcloud.net" & @CRLF & _ " datapod-2-druid-query.production.forescoutcloud.net" & @CRLF & _ " datapod-10-druid-query.production.forescoutcloud.net" & @CRLF & _ "and so on...." & @CRLF & _ "datapod-1-druid-ingest.production.forescoutcloud.net" & @CRLF & _ "datapod-1-ingest.production.forescoutcloud.net" & @CRLF & _ "datapod-1-query.production.forescoutcloud.net" & @CRLF & _ "datapod-2-druid-ingest.production.forescoutcloud.net" & @CRLF & _ "datapod-2-ingest.acceptance.forescoutcloud.net" & @CRLF & _ "datapod-2-query.acceptance.forescoutcloud.net" & @CRLF & _ "de.forescout.cloud" & @CRLF & _ "http://backend-api.devicecloud.production.forescoutcloud.net/api/v1/settings" & @CRLF & _ "http://datapod-1-druid-ingest.production.forescoutcloud.net/v1/upload" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v1/polling" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v1/query/agg" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/deletestatus" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/matrixoverview" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/firstreporttimeentry" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/grouptogroup" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/iplist" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bydst/details" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bysrc" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/overlappinggroups" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/service-list" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v2/services" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v3/matrixoverview" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/overlappingzones" & @CRLF & _ "http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/zonetozone" & @CRLF & _ "http://logstash-props.devicecloud.production.forescoutcloud.net/api/v1/properties" & @CRLF & _ "http://mgmtpod-1.production.forescoutcloud.net/oauth/token" & @CRLF & _ "https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/package" & @CRLF & _ "This asset is currently in Acceptance testing." & @CRLF & _ "https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/polling" & @CRLF & _ "https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/upload" & @CRLF & _ "This asset is currently in Acceptance Testing." & @CRLF & _ "iris-testing-us-east-1-nlb-4df4bbde6f6e2bbb.elb.us-east-1.amazonaws.com" & @CRLF & _ "logstash-props.devicecloud.acceptance.forescoutcloud.net" & @CRLF & _ "Please begin testing against this host as soon as possible. We are working through a release cycle and this testing is part of that cycle." & @CRLF & _ "mgmt-sensors.iris.acceptance.forescoutcloud.net" & @CRLF & _ "mgmt-sensors.iris.production.forescoutcloud.net" & @CRLF & _ "mgmtpod-1-dashboard.production.forescoutcloud.net" & @CRLF & _ "mgmtpod-1.production.forescoutcloud.net" & @CRLF & _ "obs-sensors.iris.acceptance.forescoutcloud.net" & @CRLF & _ "obs-sensors.iris.production.forescoutcloud.net" & @CRLF & _ "streaming-api.iris.acceptance.forescoutcloud.net" & @CRLF & _ "streaming-api.iris.production.forescoutcloud.net" & @CRLF & _ "streaming-gw.iris.production.forescoutcloud.net" & @CRLF & _ "streaming.iris.acceptance.forescoutcloud.net" & @CRLF & _ "streaming.iris.production.forescoutcloud.net" & @CRLF & _ "uk.forescout.cloud" & @CRLF & _ "updates.forescout.com" & @CRLF & _ "us.forescout.cloud" & @CRLF & _ "www.forescout.com" & @CRLF & _ "This is the primary www.forescout.com website." & @CRLF & _ "*.line-apps.com" & @CRLF & _ "**_Tier B_ Asset** " & @CRLF & _ "*.line.biz" & @CRLF & _ "*.line.me" & @CRLF & _ "Previous standalone web domains such as live.line.me, music.line.me, news.line.me, store.line.me are now included in this wildcard. " & @CRLF & _ "URLs that contain `nvapis.line.me` will be out of scope." & @CRLF & _ "*.line.naver.jp" & @CRLF & _ "*.linecorp.com" & @CRLF & _ "443904275" & @CRLF & _ "**_Tier A_ Asset** " & @CRLF & _ "[Apple App Store](https://apps.apple.com/jp/app/line/id443904275)" & @CRLF & _ "Please make sure you are testing the latest version. Only the latest version is considered in scope." & @CRLF & _ "539883307" & @CRLF & _ "macOS: [Apple Mac App Store](https://apps.apple.com/id/app/line/id539883307)" & @CRLF & _ "9wzdncrfj2g6" & @CRLF & _ "[Microsoft Windows Store](https://www.microsoft.com/ja-jp/p/line/9wzdncrfj2g6)" & @CRLF & _ "Chrome Extension" & @CRLF & _ "https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc" & @CRLF & _ "LINE Messenger - Chat" & @CRLF & _ "Chat and Group Chat feature that can send texts, images, stickers and so on in LINE Messengers > Chats Tab and related servers. Supplementary services such as Album, Notes are also included." & @CRLF & _ "LINE Messenger - Keep" & @CRLF & _ "A storage service that lets you save photos, videos, text and files in LINE Messengers > Keep feature and related servers." & @CRLF & _ "LINE Messenger - News" & @CRLF & _ "News service in LINE Messengers > News Tab and related servers." & @CRLF & _ "Please note that this is available in Japan Only." & @CRLF & _ "LINE Messenger - OpenChat" & @CRLF & _ "Anonymous chat service in LINE Messengers > OpenChat and related servers." & @CRLF & _ "LINE Messenger - VOOM" & @CRLF & _ "Social media feature that can share contents in LINE Messengers > Voom Tab and related servers. " & @CRLF & _ "The website (https://linevoom.line.me) is also included." & @CRLF & _ "LINE Messenger - VoIP" & @CRLF & _ "Voice and Video call service in LINE Messengers > Calls tab or call menu in a chat room and related servers." & @CRLF & _ "Windows Executable" & @CRLF & _ "https://desktop.line-scdn.net/win/new/LineInst.exe" & @CRLF & _ "com.linecorp.linelite" & @CRLF & _ "LINE Lite on the [Google Play Store](https://play.google.com/store/apps/details?id=com.linecorp.linelite)" & @CRLF & _ "http://recruit.linepluscorp.com" & @CRLF & _ "jp.naver.line.android" & @CRLF & _ "[Google Play Store](https://play.google.com/store/apps/details?id=jp.naver.line.android)" & @CRLF & _ "Other Assets" & @CRLF & _ "1452166623" & @CRLF & _ "**Tier 1** Asset" & @CRLF & _ "Only the latest version of the application will be in scope. " & @CRLF & _ "[Download from the Apple App Store here](https://apps.apple.com/app/lark-collaboration-tool/id1452166623)" & @CRLF & _ "Mac OS Executable: Download here https://www.larksuite.com/download" & @CRLF & _ "This is the Lark Suite application for Mac OS. Only the latest version of the application will be in scope." & @CRLF & _ "Please download the latest version of the application here: https://www.larksuite.com/download" & @CRLF & _ "Windows OS Executable: Download here https://www.larksuite.com/download" & @CRLF & _ "This is the Lark Suite application for Windows. Only the latest version of the application will be in scope. " & @CRLF & _ "api.larksuite.com" & @CRLF & _ "app.larksuite.com" & @CRLF & _ "**Tier 2** Asset" & @CRLF & _ "caldav.larksuite.com" & @CRLF & _ "com.larksuite.suite" & @CRLF & _ "[Download from the Google Play Store here](https://play.google.com/store/apps/details?id=com.larksuite.suite)" & @CRLF & _ "file.larksuite.com" & @CRLF & _ "hackers_chosendomain.larksuite.com" & @CRLF & _ "<hacker’s_chosendomain>.larksuite.com" & @CRLF & _ "If you find a vulnerability against your own test account domain, please feel free to use this asset for submission." & @CRLF & _ "internal-api-drive-stream.larksuite.com" & @CRLF & _ "internal-api-lark-api.larksuite.com" & @CRLF & _ "internal-api.larksuite.com" & @CRLF & _ "lark-frontier.byteoversea.com" & @CRLF & _ "larksuite.com" & @CRLF & _ "open.larksuite.com" & @CRLF & _ "passport.larksuite.com" & @CRLF & _ "status.larksuite.com" & @CRLF & _ "DSE, Opscenter" & @CRLF & _ "Applications packaged and in scope are:" & @CRLF & _ "* DataStax Enterprise (DSE) [Server, Analytics, Graph, Search]" & @CRLF & _ "Vulnerabilities in scope:" & @CRLF & _ "* Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports)" & @CRLF & _ "* Privilege escalation, or loss of tenancy within CQL " & @CRLF & _ "Vulnerabilities out of scope:" & @CRLF & _ "* JMX related vulnerabilities" & @CRLF & _ "* DDOS attacks using large or high throughput payloads " & @CRLF & _ "astra.datastax.com" & @CRLF & _ "docs.datastax.com" & @CRLF & _ "*Automated Scanning Prohibited*" & @CRLF & _ "downloads.datastax.com" & @CRLF & _ "Our downloads site available for the general public." & @CRLF & _ "Open directory listings with read only access is not in scope." & @CRLF & _ "langflow.datastax.com" & @CRLF & _ "https://docs.datastax.com/en/langflow/quickstart.html" & @CRLF & _ "langflow.org" & @CRLF & _ "Please check https://github.com/langflow-ai/langflow/issues before filing here." & @CRLF & _ "www.datastax.com" & @CRLF & _ "*.sprint.apps.dynatracelabs.com" & @CRLF & _ "Wildcard domain for your Dynatrace Platform environment, sometimes also called 3rd gen. " & @CRLF & _ "This is your default testing environment. Once you request your testing environment you will be redirected to this environment. " & @CRLF & _ "API endpoints:" & @CRLF & _ "- <environment-id>.sprint.apps.dynatracelabs.com/platform/swagger-ui/index.html" & @CRLF & _ "How to Switch Between APIs:" & @CRLF & _ "1. Navigate to the top right corner of the page." & @CRLF & _ "2. Locate the drop-down box next to "Select a Definition."" & @CRLF & _ "3. Click on the drop-down box." & @CRLF & _ "4. Choose the desired API from the available options." & @CRLF & _ "*.sprint.dynatracelabs.com" & @CRLF & _ "Wildcard domain for your 2nd gen testing environments - an older but fully supported and regularly updated version of our product." & @CRLF & _ "To get there, follow the steps described in our Policy page under "how to access your 2nd gen environment"" & @CRLF & _ "* <environment-id>.sprint.dynatracelabs.com/rest-api-doc/index.jsp" & @CRLF & _ "All other Assets" & @CRLF & _ "Used for asset classification only, please have a look at the policy page or the rewards section. " & @CRLF & _ "Core Assets" & @CRLF & _ "Dynatrace ActiveGate" & @CRLF & _ "ActiveGate is a secure proxy that connects Dynatrace OneAgents to Dynatrace Clusters or other ActiveGates. For more details please have a look at the Useful tips section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate)." & @CRLF & _ "Dynatrace MobileAgent" & @CRLF & _ "The MobileAgent can be used to monitor Android or IOs apps. " & @CRLF & _ "For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/platform-modules/digital-experience/mobile-applications)." & @CRLF & _ "Dynatrace OneAgent" & @CRLF & _ "OneAgent is responsible for collecting all monitoring data within your environment. " & @CRLF & _ "For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation). " & @CRLF & _ "account-sprint.dynatracelabs.com" & @CRLF & _ "This is the old domain for our account management, the new domain is myaccount-hardening.dynatracelabs.com. Since the domain is still used in some parts of our software, it is still in scope. " & @CRLF & _ "https://github.com/Dynatrace" & @CRLF & _ "Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/)." & @CRLF & _ "https://github.com/Dynatrace-innovationlab" & @CRLF & _ "myaccount-hardening.dynatracelabs.com" & @CRLF & _ "Myaccount is the place where you can manage your license, subscriptions, users, groups, policies and more. " & @CRLF & _ "For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/manage/account-management). " & @CRLF & _ "- https://api-hardening.internal.dynatracelabs.com/spec/" & @CRLF & _ "sso-sprint.dynatracelabs.com" & @CRLF & _ "This domain is used in our single sign on solution, you will see the domain for example during the login process. " & @CRLF & _ "university-staging.dynatracelabs.com" & @CRLF & _ "University is a learning platform which offers courses that help improve your knowledge about Dynatrace. Use the "**University Login**" button and your already claimed credentials. " & @CRLF & _ " com.citymapper.app.release" & @CRLF & _ "469463298" & @CRLF & _ "6449737830" & @CRLF & _ "6464473474" & @CRLF & _ "657777015" & @CRLF & _ "eu.remix.com" & @CRLF & _ "global-api.citymapper.com" & @CRLF & _ "https://metroconnect.app.ridewithvia.com" & @CRLF & _ "https://pt-runner.app.ridewithvia.com" & @CRLF & _ "platform.remix.com" & @CRLF & _ "ridewithvia.neoridelittlerock" & @CRLF & _ "ridewithvia.par.piercetransit" & @CRLF & _ "via.rider" & @CRLF & _ "*.mi.com" & @CRLF & _ "*.miui.com" & @CRLF & _ "*.miwifi.com" & @CRLF & _ "*.xiaomi.com" & @CRLF & _ "*.xiaomiyoupin.com" & @CRLF & _ "MIUI OS for Xiaomi Phone" & @CRLF & _ "MIUI is Xiaomi phone operation system (OS), custimized on stock android." & @CRLF & _ "the scope inculdes the pre-installed apps with Xiaomi certification signed." & @CRLF & _ "Mi Band" & @CRLF & _ "mi-band-3/4/5" & @CRLF & _ "Mi Electric Scooter " & @CRLF & _ "https://www.mi.com/us/mi-electric-scooter/" & @CRLF & _ "Mi Home Webcam " & @CRLF & _ "https://www.mi.com/us/mi-home-security-camera/ , https://www.mi.com/in/camera-360/" & @CRLF & _ "Mi Laser Projector" & @CRLF & _ "https://www.mi.com/us/mi-laser-projector-150/" & @CRLF & _ "Mi Robot Vacuum" & @CRLF & _ " https://www.mi.com/hk/mi-robot-vacuum/ " & @CRLF & _ "Mi TV " & @CRLF & _ "https://store.mi.com/in/accessories/213" & @CRLF & _ "Mi TV Box" & @CRLF & _ "https://www.mi.com/us/mi-box-s/" & @CRLF & _ "Mi/Redmi Phone" & @CRLF & _ "https://www.mi.com/hk/mi-note-10/,https://www.mi.com/hk/mi-a3/,https://www.mi.com/hk/max3/,https://www.mi.com/hk/mi-8-pro/,https://www.mi.com/hk/redmi-note-8-t/,https://www.mi.com/hk/redmi-note-8-pro/" & @CRLF & _ "Other APK Assets" & @CRLF & _ "com.miui.screenrecorder" & @CRLF & _ "com.android.providers.telephony" & @CRLF & _ "com.android.dynsystem" & @CRLF & _ "com.miui.powerkeeper" & @CRLF & _ "com.xiaomi.miplay_client" & @CRLF & _ "com.milink.service" & @CRLF & _ "com.xiaomi.mi_connect_service" & @CRLF & _ "com.android.updater" & @CRLF & _ "com.miui.securityadd/com.miui.gallery/com.android.mms.service/com.miui.msa.global/com.android.browser/com.miui.videoplayer/com.android.soundrecorder/com.miui.backup/com.miui.notification/com.android.certinstaller/com.miui.huanji/com.miui.hybrid/com.miui.vsimcore/com.miui.securitycore/com.mi.health/com.xiaomi.simactivate.service/com.miui.phrase/com.miui.player/com.miui.miservice/com.android.provision/com.miui.system/com.miui.global.packageinstaller/com.miui.compass/com.miui.cit/com.miui.android.fashiongallery/com.miui.bugreport/com.android.fileexplorer/com.android.camera/com.xiaomi.glgm/com.xiaomi.xmsf/com.miui.mishare.connectivity/com.miui.freeform/com.xiaomi.finddevice/com.mi.global.bbs/com.xiaomi.joyose/com.mi.android.globalFileexplorer/com.miui.notes/com.miui.wmsvc/com.xiaomi.midrop/com.miui.touchassistant/com.miui.miwallpaper/com.xiaomi.bluetooth/com.miui.cleanmaster/com.miui.analytics/com.android.settings/com.xiaomi.scanner/com.android.phone/com.android.deskclock/com.android.systemui/com.xiaomi.discover/com.android.thememanager/com.android.bluetooth/com.miui.face/com.miui.home" & @CRLF & _ "Other Hardware Assets" & @CRLF & _ "Accepted ranges of hardware in Xiaomi’s Program include Xiaomi and Mijia products ( these are for assets that are not specified in the Hardware/IoT scope list )" & @CRLF & _ "com.android.browser" & @CRLF & _ "com.mi.global.shop" & @CRLF & _ "com.miui.cloudbackup" & @CRLF & _ "com.miui.cloudservice" & @CRLF & _ "com.miui.micloudsync" & @CRLF & _ "com.xiaomi.account" & @CRLF & _ "com.xiaomi.market" & @CRLF & _ "com.xiaomi.mibrain.speech" & @CRLF & _ "com.xiaomi.micloud.sdk" & @CRLF & _ "com.xiaomi.mipicks" & @CRLF & _ "com.xiaomi.payment" & @CRLF & _ "com.xiaomi.smarthome" & @CRLF & _ "Coda Chrome Extension" & @CRLF & _ "Link: https://chrome.google.com/webstore/detail/coda-browser-extension/cdgkmagmdldlpiglliebaajdpdkigcbi?hl=en" & @CRLF & _ "codacontent.io" & @CRLF & _ "codahosted.io" & @CRLF & _ "https://*.coda.io/*" & @CRLF & _ "https://airflow-prod.coda.io/*" & @CRLF & _ "https://airflow-prod.ops.coda.io/*" & @CRLF & _ "https://coda.io/*" & @CRLF & _ "https://coda.io/signup/email" & @CRLF & _ "Please use your HackerOne designated email when signing up (**`@wearehackerone.com`**), and furthermore please avoid any automated testing or brute-forcing as that may lead to your accounts or IP getting locked out and also create issues on our end." & @CRLF & _ "https://data.coda.io/*" & @CRLF & _ "https://head.coda.io/*" & @CRLF & _ "https://infra.coda.io/*" & @CRLF & _ "https://shiny.ops.coda.io/*" & @CRLF & _ "https://staging.coda.io/*" & @CRLF & _ "https://user-profile-prod.coda.io/*" & @CRLF & _ "io.coda" & @CRLF & _ "Link: https://apps.apple.com/us/app/coda/id1397968110" & @CRLF & _ "Coda's native apps make heavy use of the same endpoints and UX that's used by the mobile website. That being said, there are some differences and we invite security reports pertaining to our iOS and Android apps. Please be sure to follow the same guidelines for setting up an account in our mobile apps as on https://coda.io." & @CRLF & _ "io.coda.codaapp" & @CRLF & _ "Link: https://play.google.com/store/apps/details?id=io.coda.codaapp" & @CRLF & _ "*.memorable.io" & @CRLF & _ "[Non-Core asset]" & @CRLF & _ "*.reddit.com" & @CRLF & _ "[Core asset]" & @CRLF & _ "*.redditblog.com" & @CRLF & _ "[Non-core asset]" & @CRLF & _ "*.reddithelp.com" & @CRLF & _ "*.redditinc.com" & @CRLF & _ "Vendor hosted and managed CMS for corporate / marketing site. It is domain whitelisted for reddit.com functionality so if you can string an attack together with reddit.com then this becomes super interesting." & @CRLF & _ "*.redditmedia.com" & @CRLF & _ "*.snooguts.net" & @CRLF & _ "This is our internal domain for "intranet" related services. Accessible to the internet should be either 1) an OAuth proxy that gates access to backend services (SCM, admin tooling, CI/CD, etc.) or 2) k8s public ingresses. " & @CRLF & _ "This domain isn't necessarily "private" so leaking the domain isn't interesting, but certainly bypassing proxy auth wall or finding juicy targets on that domain is of interest." & @CRLF & _ "*.spiketrap.io" & @CRLF & _ "Android App" & @CRLF & _ "Non-Core Assets" & @CRLF & _ "accounts.reddit.com" & @CRLF & _ "Authentication / authorization service for reddit.com" & @CRLF & _ "ads.reddit.com" & @CRLF & _ "amp.reddit.com" & @CRLF & _ "This service houses our AMP generated pages for search engine optimization. " & @CRLF & _ "api.reddit.com" & @CRLF & _ "The Reddit API is used for programmatic access. Please use your own test accounts and do not try to access the private data of other users/mods/admins or Reddit employees. Authentication ([OAUTH](https://github.com/reddit-archive/reddit/wiki/OAuth2)) and authorization are especially important." & @CRLF & _ "Docs are available at: https://www.reddit.com/dev/api" & @CRLF & _ "Please follow Reddit's [rules for API access](https://github.com/reddit-archive/reddit/wiki/API)." & @CRLF & _ "business.reddithelp.com" & @CRLF & _ "Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren't eligible for payout, but misconfigurations that are Reddit's responsibility are." & @CRLF & _ "developers.reddit.com" & @CRLF & _ "gateway.reddit.com" & @CRLF & _ "Frontdoor service that handles dispensation to backend microservices. Relies on oauth authentication" & @CRLF & _ "gql.reddit.com" & @CRLF & _ "GraphQL implementation for Reddit accessing all our internal things requiring OAuth." & @CRLF & _ "iOS App" & @CRLF & _ "m.reddit.com" & @CRLF & _ "Mobile webapp (we call mweb) for Reddit. Use a mobile UA to access. " & @CRLF & _ "matrix.redditspace.com" & @CRLF & _ "meta-api.reddit.com" & @CRLF & _ "Houses Reddit's smart contracts based on Ethereum, which is called Community Points and ties in with the Vault functionality within Reddit's official mobile apps." & @CRLF & _ "mod.reddit.com" & @CRLF & _ "The Reddit modmail interface is used by moderators to take moderator actions and view reports. Please test against your own subreddits and not those belonging to other users/mods/admins." & @CRLF & _ "new.reddit.com" & @CRLF & _ "The Reddit redesign. Follow the same rules as `www.reddit.com`." & @CRLF & _ "redditforbusiness.com" & @CRLF & _ "Third party hosted CMS platform on WebFlow" & @CRLF & _ "sh.reddit.com" & @CRLF & _ "strapi.reddit.com" & @CRLF & _ "Our streaming api." & @CRLF & _ "*.clearxchange.com" & @CRLF & _ "*.earlywarning.com" & @CRLF & _ "*.zelle.com" & @CRLF & _ "*.zellepay.com" & @CRLF & _ "api.zellepay.com" & @CRLF & _ "api.zmsp.*.earlywarning.io" & @CRLF & _ "api.zmsp.earlywarning.com" & @CRLF & _ "com.zellepay.zelle" & @CRLF & _ "developer*.earlywarning.com" & @CRLF & _ "earlywarningapi.force.com" & @CRLF & _ "ews-fusion.my.site.com" & @CRLF & _ "https://mywallet-management-east.wallet.cat.earlywarning.io/" & @CRLF & _ "https://mywallet-management-west.wallet.cat.earlywarning.io/" & @CRLF & _ "https://sandbox.digitalwallet.earlywarning.com" & @CRLF & _ "platform.cat.earlywarning.io" & @CRLF & _ "platformtest.cat.earlywarning.io" & @CRLF & _ "support*.earlywarning.com" & @CRLF & _ "zellepay.force.com" & @CRLF & _ "zelleservice.my.site.com" & @CRLF & _ "*.instacart.com" & @CRLF & _ "*.instacart.tools" & @CRLF & _ "545599256" & @CRLF & _ "Instacart’s iOS application for online grocery delivery." & @CRLF & _ "package name: com.instacart" & @CRLF & _ "Android & iOS App for Instacart Shoppers" & @CRLF & _ "To download the shoppers app please visit https://shoppers.instacart.com/apps and enter your phone number to get the download link" & @CRLF & _ "Shoppers receive orders through the app on their smartphone and then they shop and deliver groceries to the customers" & @CRLF & _ "admin.instacart.com" & @CRLF & _ "An admin page that lets our internal users access tools, reports. It is used by customer support for order refunds, redelivery. Internal corporate employees can use it for editing store configuration and warehouse availability." & @CRLF & _ "api.instacart.com" & @CRLF & _ "A service that allows Instacart's retailers to connect to Instacart's API to do fulfillment through their apps/websites." & @CRLF & _ "com.instacart.client" & @CRLF & _ "Instacart’s Android application for online grocery delivery." & @CRLF & _ "shoppers.instacart.com" & @CRLF & _ "A service that allows people to apply for the shoppers position at Instacart" & @CRLF & _ "www.instacart.com" & @CRLF & _ "Web application to provide online ordering of groceries for either delivery or in store pick up." & @CRLF & _ "Account Settings" & @CRLF & _ "**Note that if you do not see the 'Account' link on the top right please perform a hard-reload in your browser**" & @CRLF & _ "**Type:** Fortmatic Modal" & @CRLF & _ "**What it runs on:**" & @CRLF & _ "- Redux, HTML, LESS" & @CRLF & _ "**What it does:**" & @CRLF & _ "- This provides users access to their personal settings, and offers critical features such as managing their PIN, recovery email, and exporting their private key. " & @CRLF & _ "**What to look for:**" & @CRLF & _ "- There is a host of private information being disclosed through this modal. Any web or access control vulnerabilities are of high risk here. Any attacks that can bypass, or skip layers of authentication allowing modification of a user's account is of high interest." & @CRLF & _ "**Test plan:**" & @CRLF & _ "- You can gain access to the account settings on our [landing page](www.fortmatic.com?ref=h1) and hitting the `Account` link in the nav bar on the top right. Accessing and interacting with the modal will not require any cryptocurrencies or setup beyond a Fortmatic account." & @CRLF & _ "Any .magic.link demo sites" & @CRLF & _ "Login with SMS - Feature" & @CRLF & _ "Demo and Overview:" & @CRLF & _ "https://magic.link/docs/login-methods/sms/build-a-demo/browser" & @CRLF & _ "Getting started on React:" & @CRLF & _ "https://magic.link/docs/login-methods/sms/integration/web" & @CRLF & _ "Getting started on React Native:" & @CRLF & _ "https://magic.link/docs/login-methods/sms/integration/react-native" & @CRLF & _ "swagger.json: https://drive.google.com/file/d/1Uu_j7feFo4qot74f0zIj6xCfYyokOnUc/view" & @CRLF & _ "swagger.yaml: https://drive.google.com/file/d/1NdZPQVBhrkZnEGoZmUcYqLi_3Yv5Ks5c/view" & @CRLF & _ "Multi-factor Auth - Feature" & @CRLF & _ "api.fortmatic.com" & @CRLF & _ "**Any activity that could lead to the disruption of our service (DDOS) is explicitly out of scope.**" & @CRLF & _ "- This is our main API that serves the rest of the Fortmatic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to interacting with the blockchain can be found." & @CRLF & _ "- We are interested in vulnerabilities which are caused by improper access control and can cause leakage/modification of user information. Please keep in mind to only ever test against your own accounts." & @CRLF & _ "- Access our API by providing your API key to the `X-Fortmatic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `x2.fortmatic.com`’s interactions with the API will provide a good idea of how the API can be invoked." & @CRLF & _ "**Known Issues**" & @CRLF & _ "- Bugs involving bypass of SMS/2FA verification are known issues and will be considered duplicates" & @CRLF & _ "api.magic.link" & @CRLF & _ "- This is our main API that serves the rest of the Magic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to supporting our [dashboard](https://dashboard.magic.link/login?ref=h1) functionalities can be found here." & @CRLF & _ "- Grab a set of API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1) " & @CRLF & _ "- Access our API by providing your API key to the `X-Magic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `auth.magic.link`’s or `dashboard.magic.link`'s interactions with the API will provide a good idea of how the API can be invoked." & @CRLF & _ "auth.magic.link" & @CRLF & _ "This is our main product, orchestrating the one-click passwordless login experience. " & @CRLF & _ "Follow the instructions on our [documentation page](https://docs.magic.link/?ref=h1), and please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing." & @CRLF & _ "**What it is:**" & @CRLF & _ "- User interface and authentication relayer to enable passwordless authentication using magic links. The main way to interact with this interface will be through our [client SDK](https://www.npmjs.com/package/magic-sdk), our [docs](https://docs.magic.link/get-started?ref=h1) will help you to quickly get up and running!" & @CRLF & _ "- We are highly interested in any access control, token enumerations, or privilege escalation vulnerabilities and consider them as very high risk issues. Also keep an eye on other standard web vulnerabilities such as XSS/CSRF for extracting held secrets in local storage/cookies. Please note to only ever test against your own account." & @CRLF & _ "- Javascript ES6, TypeScript, React, Redux, HTML, CSS, LESS, " & @CRLF & _ "- Get your API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1)." & @CRLF & _ "- Fork our [demo app](https://go.magic.link/hello-world-code), and run with your test publishable API keys from our dashboard. " & @CRLF & _ "- Inputting an email will start the login process, and you'll be off to the races!" & @CRLF & _ "dashboard.fortmatic.com" & @CRLF & _ "Navigate to our [dashboard](https://dashboard.fortmatic.com/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our hackers, apologies for the inconvenience." & @CRLF & _ "**Similar to our other scopes any DDoS based exploits are explicitly out of scope**" & @CRLF & _ "- HTML, LESS" & @CRLF & _ "- Developers come in here to manage their access to the Fortmatic API. It contains features that are vital to the operation of the developers’ app -- domain verification, and obtaining/rolling their API keys. " & @CRLF & _ "- Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Also interested in vulnerabilities in the OAuth flow that occur for user sign-up/sign-in." & @CRLF & _ "- This is a fairly standard web application, with no particular gotchas. Your standard tool kit should be all that you’d need here." & @CRLF & _ "dashboard.magic.link" & @CRLF & _ "Navigate to our [dashboard](https://dashboard.magic.link/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our testers, apologies for the inconvenience. Please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing." & @CRLF & _ "- React, Redux, Javascript, Typescript, HTML, CSS, LESS" & @CRLF & _ "- Developers come in here to manage their access to the Magic API. It contains features that are vital to the operation of the developers’ app -- billing setup, branding customizations*, and obtaining/rolling their API keys, to name a few. " & @CRLF & _ "- Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Access control bypasses are also of interest to us, can you maybe bypass payments to get access to branding, or access to other higher paid tier features?" & @CRLF & _ "*Branding is available to developer tier and up. However a free trial can be used to access any paid tier features." & @CRLF & _ "fortmatic.com" & @CRLF & _ "If you've previously visited this [page](https://www.fortmatic.com?ref=h1), we highly recommend performing one hard reload when visiting this asset as an older version of the page may still be cached by your browser. " & @CRLF & _ "*.carrentals.com" & @CRLF & _ "Some subdomains are owned by third parties and are therefore out of scope and ineligible for bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. " & @CRLF & _ " **Out of scope subdomains**: - dbmanalytics.carrentals.com" & @CRLF & _ "*.cheaptickets.com" & @CRLF & _ "Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below." & @CRLF & _ " **Out of scope subdomains:** - faq-lab.cheaptickets.com, faq.cheaptickets.com, groups.cheaptickets.com, link.mailer.cheaptickets.com, login.cheaptickets.com, mi.cheaptickets.com, refer.cheaptickets.com, secure.cheaptickets.com, track.cheaptickets.com" & @CRLF & _ "*.expediacruises.com" & @CRLF & _ " Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below." & @CRLF & _ " " & @CRLF & _ " **Out of scope subdomains:** - socialhub.expediacruises.com" & @CRLF & _ "*.expediapartnercentral.com" & @CRLF & _ "**Out of scope subdomains:** " & @CRLF & _ "discoveryhub.expediapartnersolutions.com" & @CRLF & _ "gco-get.expediapartnersolutions.com" & @CRLF & _ "gco.expediapartnersolutions.com" & @CRLF & _ "info.expediapartnersolutions.com" & @CRLF & _ "status.expediapartnersolutions.com" & @CRLF & _ "support.expediapartnersolutions.com" & @CRLF & _ "sure.expediapartnersolutions.com" & @CRLF & _ "taap-ui-bundles-test.expediapartnersolutions.com" & @CRLF & _ "taap-ui-bundles.expediapartnersolutions.com" & @CRLF & _ "taapacademy.expediapartnersolutions.com" & @CRLF & _ "*.hotwire.com" & @CRLF & _ "Some subdomains are owned by third parties and are therefore *out of scope* and *ineligible for bounty*. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below. " & @CRLF & _ " **Out of scope subdomains**:partners.hotwire.com, press.hotwire.com, movableink.hotwire.com, affiliates.hotwire.com" & @CRLF & _ "*.lastminute.co.nz" & @CRLF & _ " **Out of scope subdomains:** - res.ac.lastminute.co.nz" & @CRLF & _ "Please note *.lastminute.com is NOT owned by Expedia Group and is out of scope." & @CRLF & _ "*.lastminute.com.au" & @CRLF & _ " *Out of scope subdomains:* - mi.lastminute.com.au, mtx.lastminute.com.au, smtx.lastminute.com.au" & @CRLF & _ "*.travelocity.ca" & @CRLF & _ " " & @CRLF & _ " *Out of scope subdomains:* - click.e.travelocity.ca, fr.groups.travelocity.ca, groups.travelocity.ca, om.travelocity.ca, oms.travelocity.ca" & @CRLF & _ "*.travelocity.com" & @CRLF & _ " **Out of scope subdomains:** - br.ac.travelocity.com, groups.travelocity.com, mi.travelocity.com, om.travelocity.com, oms.travelocity.com, thingstodo.travelocity.com, track.travelocity.com, view.e.travelocity.com" & @CRLF & _ "*.vrbo.com" & @CRLF & _ " **Out of scope subdomains**: li.vrbo.com, media.vrbo.com, om.vrbo.com, community.vrbo.com, trk.vrbo.com" & @CRLF & _ "*.wotif.com" & @CRLF & _ " **Out of scope subdomains:** - groups.wotif.com, link.wotif.com, res.ac.wotif.com, smobile.wotif.com, w.smobile.wotif.com" & @CRLF & _ "1245772818" & @CRLF & _ "https://apps.apple.com/us/app/vrbo-vacation-rentals/id1245772818" & @CRLF & _ "284803487" & @CRLF & _ "This is the travelocity iOS app" & @CRLF & _ "https://apps.apple.com/us/app/travelocity-hotels-flights/id284803487" & @CRLF & _ "284971959" & @CRLF & _ "https://apps.apple.com/us/app/hotels-com-book-your-hotel/id284971959" & @CRLF & _ "403546234" & @CRLF & _ "This is the Orbitz iOS app " & @CRLF & _ "https://apps.apple.com/us/app/orbitz-hotels-flights/id403546234" & @CRLF & _ "427916203" & @CRLF & _ "Expedia iOS App" & @CRLF & _ "https://apps.apple.com/us/app/expedia-hotels-flights-car/id427916203" & @CRLF & _ "483394780" & @CRLF & _ "This is the ebookers iOS app " & @CRLF & _ "https://apps.apple.com/us/app/ebookers-hotels-flights/id483394780" & @CRLF & _ "531549799" & @CRLF & _ "This is the wotif iOS app" & @CRLF & _ "https://apps.apple.com/au/app/wotif-hotels-flights/id531549799" & @CRLF & _ "566635048" & @CRLF & _ "[Hotwire iOS App](https://apps.apple.com/us/app/hotwire-last-minute-hotels/id566635048)" & @CRLF & _ "880759727" & @CRLF & _ "This is the cheaptickets iOS app" & @CRLF & _ "https://apps.apple.com/us/app/cheaptickets-hotels-flights/id880759727" & @CRLF & _ "bookus.expediacruises.com" & @CRLF & _ "com.cheaptickets" & @CRLF & _ "This is the cheaptickets Android app " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.cheaptickets" & @CRLF & _ "com.ebookers" & @CRLF & _ "This is the ebookers Android app " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.ebookers" & @CRLF & _ "com.expedia.bookings" & @CRLF & _ "Expedia Android App" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.expedia.bookings" & @CRLF & _ "com.hcom.android" & @CRLF & _ "[Hotels Android App](https://play.google.com/store/apps/details?id=com.hcom.android) " & @CRLF & _ "com.hotwire.hotels" & @CRLF & _ "[Hotwire Android App](https://play.google.com/store/apps/details?id=com.hotwire.hotels) " & @CRLF & _ "com.orbitz" & @CRLF & _ "This is the Orbitz Android app " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.orbitz" & @CRLF & _ "com.travelocity.android" & @CRLF & _ "This is the travelocity Android app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.travelocity.android" & @CRLF & _ "com.vrbo.android" & @CRLF & _ "[VRBO Android App](https://play.google.com/store/apps/details?id=com.vrbo.android) " & @CRLF & _ "com.wotif.android" & @CRLF & _ "This is the wotif Android app " & @CRLF & _ "https://play.google.com/store/apps/details?id=com.wotif.android" & @CRLF & _ "www.abritel.fr" & @CRLF & _ "Out of scope subdomains: - https://www.abritel.fr/api/track" & @CRLF & _ "Note: We are requesting not to test this URL: https://www.abritel.fr/api/track." & @CRLF & _ "www.bookabach.co.nz" & @CRLF & _ "www.carrentals.com" & @CRLF & _ "www.cheaptickets.com" & @CRLF & _ "www.ebookers.com" & @CRLF & _ "www.ebookers.fi" & @CRLF & _ "www.expedia.com" & @CRLF & _ "Please note the only point-of-sale assets of www.expedia.com are in scope. This includes regional versions of www.expedia.com such as www.expedia.co.in and www.expedia.co.uk. " & @CRLF & _ "Other sub-domains are out of scope and ineligible for a bounty. " & @CRLF & _ "www.expediaagents.com" & @CRLF & _ "www.expediagroup.com" & @CRLF & _ "www.expediataap.com" & @CRLF & _ "www.fewo-direkt.de" & @CRLF & _ "www.flights.com" & @CRLF & _ "www.hotels.com" & @CRLF & _ "Please note only point of sale assets of www.hotels.com are in scope. This includes regional versions of www.hotels.com such as www.in.hotels.com, www.uk.hotels.com, and www.fr.hotels.com. " & @CRLF & _ "Other sub-domains are out of scope and ineligible for bounty. " & @CRLF & _ "www.hotwirepartnercentral.com" & @CRLF & _ "www.lastminute.co.nz" & @CRLF & _ "www.lastminute.com.au" & @CRLF & _ "www.mrjet.se" & @CRLF & _ "www.orbitz.com" & @CRLF & _ "www.stayz.com.au" & @CRLF & _ "www.travelocity.ca" & @CRLF & _ "www.travelocity.com" & @CRLF & _ "www.vrbo.com" & @CRLF & _ "www.wotif.com" & @CRLF & _ "Front for Mac" & @CRLF & _ "Download here: https://front.com/download" & @CRLF & _ "Front for Windows" & @CRLF & _ "api2.frontapp.com" & @CRLF & _ "This scope is our public API documented at https://dev.frontapp.com/" & @CRLF & _ "app.frontapp.com" & @CRLF & _ "com.frontapp.mobile" & @CRLF & _ "https://apps.apple.com/us/app/frontapp/id983808769" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.frontapp.mobile" & @CRLF & _ "aggregator.etoro.com" & @CRLF & _ "api.etoro.com" & @CRLF & _ "billing-pci.etoro.com" & @CRLF & _ "billing.etoro.com" & @CRLF & _ "bullsheet.me" & @CRLF & _ "We do not consider any data that is not username ,email or password, payment methods to be confidential." & @CRLF & _ "All positions data taken from eToro are public by design." & @CRLF & _ "candle-src.etoro.com" & @CRLF & _ "candle.etoro.com" & @CRLF & _ "cashier-src.etoro.com" & @CRLF & _ "cashier.etoro.com" & @CRLF & _ "charts.etoro.com" & @CRLF & _ "com.etoro.openbook" & @CRLF & _ "com.etoro.wallet" & @CRLF & _ "delta.app" & @CRLF & _ "etorologsapi.etoro.com" & @CRLF & _ "etoropartners.com" & @CRLF & _ "io.getdelta.android" & @CRLF & _ "io.getdelta.ios" & @CRLF & _ "kyc-src.etoro.com" & @CRLF & _ "kyc.etoro.com" & @CRLF & _ "partners.etoro.com" & @CRLF & _ "push-d-gw.cloud.etoro.com" & @CRLF & _ "push-d-hap.cloud.etoro.com" & @CRLF & _ "push-demo-hk-lightstreamer.cloud.etoro.com" & @CRLF & _ "push-demo-lightstreamer.cloud.etoro.com" & @CRLF & _ "push-dn-hap.cloud.etoro.com" & @CRLF & _ "push-hap.cloud.etoro.com" & @CRLF & _ "push-lightstreamer.cloud.etoro.com" & @CRLF & _ "push-n-hap.cloud.etoro.com" & @CRLF & _ "push-real-hk-lightstreamer.cloud.etoro.com" & @CRLF & _ "r.etoro.com" & @CRLF & _ "rankings.etoro.com" & @CRLF & _ "streams.etoro.com" & @CRLF & _ "sts.etoro.com" & @CRLF & _ "tapi-demo.etoro.com" & @CRLF & _ "tapi-real.etoro.com" & @CRLF & _ "uapi-front.etoro.com" & @CRLF & _ "wallet.etoro.com" & @CRLF & _ "watchlistapi.etoro.com" & @CRLF & _ "www.etoro.com" & @CRLF & _ "*.infra-prod.nsvcs.net" & @CRLF & _ "*.onegraph.com" & @CRLF & _ "As of December 28, 2022 this feature is no longer available for Netlify users who have not yet enabled it. See https://docs.netlify.com/netlify-labs/experimental-features/netlify-graph/get-started/." & @CRLF & _ "*.ops.netlify.com" & @CRLF & _ "*.services-prod.nsvcs.net" & @CRLF & _ "*.services.netlify.com" & @CRLF & _ "api.netlify.com" & @CRLF & _ "`netlify api --list` after installing the CLI: https://docs.netlify.com/cli/get-started/. See also https://open-api.netlify.com/." & @CRLF & _ "app.netlify.com" & @CRLF & _ "See https://docs.netlify.com/get-started/. Also `netlify init` after installing the CLI: https://docs.netlify.com/cli/get-started/." & @CRLF & _ "internal-docs.netlify.com" & @CRLF & _ "internal.netlify.com" & @CRLF & _ "list-v2--netlify-plugins.netlify.app" & @CRLF & _ "Powers templates offered by app.netlify.com. See: https://www.netlify.com/integrations/templates/." & @CRLF & _ "netlify-cdp-loader.netlify.app" & @CRLF & _ "Powers this feature: https://docs.netlify.com/site-deploys/deploy-previews/#collaborative-deploy-previews." & @CRLF & _ "netlify-rum.netlify.app" & @CRLF & _ "screenshot-proxy.netlify.app" & @CRLF & _ "supportal.netlify.app" & @CRLF & _ "*.east.fdbox.net" & @CRLF & _ "*.mgmt.fndlsb.net" & @CRLF & _ "*.prd.fndlsb.net" & @CRLF & _ "*.prod.fdbox.net" & @CRLF & _ "*inf.fndlsb.net" & @CRLF & _ "*racing.fanduel.com" & @CRLF & _ "4njbets.com" & @CRLF & _ "4njbets.tvg.com" & @CRLF & _ "4njbets.tvgnetwork.com" & @CRLF & _ "4njbets.us.betfair.com" & @CRLF & _ "599664106" & @CRLF & _ "b2b.tvgnetwork.com" & @CRLF & _ "com.fanduel.android.self" & @CRLF & _ "com.fanduel.sportsbook" & @CRLF & _ "fanduel.com" & @CRLF & _ "fdbox.net" & @CRLF & _ "Development or testing instances are not in scope for this asset. Submissions affecting such environments will be closed." & @CRLF & _ "ia.tvg.com" & @CRLF & _ "login-4ngbets.us.betfair.com" & @CRLF & _ "login-4njbets.us.betfair.com" & @CRLF & _ "login-ia.tvg.com" & @CRLF & _ "login-pabets.tvg.com" & @CRLF & _ "login.pabets.tvg.com" & @CRLF & _ "login.tvg.com" & @CRLF & _ "m.4njbets.tvg.com" & @CRLF & _ "mobile-prod.tvg.com" & @CRLF & _ "pabets.tvg.com" & @CRLF & _ "promos.tvg.com" & @CRLF & _ "service.racing.fanduel.com" & @CRLF & _ "service.tvg.com" & @CRLF & _ "sportsbook.fanduel.com" & @CRLF & _ "tvg.com" & @CRLF & _ "us.tvg.com" & @CRLF & _ "www.4njbets.com" & @CRLF & _ "www.tvg.com" & @CRLF & _ "accounts.creditkarma.com" & @CRLF & _ "api.creditkarma.com" & @CRLF & _ "Our Native apps make use of our API to talk to our servers. " & @CRLF & _ "blog.creditkarma.com" & @CRLF & _ "com.creditkarma.mobile" & @CRLF & _ "com.creditkarma.mobile.international" & @CRLF & _ "http://*.creditkarma.co.uk" & @CRLF & _ "https://*.creditkarma.ca" & @CRLF & _ "https://*.creditkarma.com" & @CRLF & _ "https://www.creditkarma.com/reviews/" & @CRLF & _ "https://www.creditkarma.com/savings" & @CRLF & _ "support.creditkarma.ca" & @CRLF & _ "SalesForce owned Endpoint. Manual review only - No Automated Scans." & @CRLF & _ "• No automated scanning on this endpoint." & @CRLF & _ "• Overnight hours only (10PM - 2AM PT)" & @CRLF & _ "• Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from Hacker One and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga." & @CRLF & _ "www.creditkarma.ca" & @CRLF & _ "*.adminml.com" & @CRLF & _ "*.gokangu.cl" & @CRLF & _ "*.gokangu.co" & @CRLF & _ "*.gokangu.mx" & @CRLF & _ "*.gokangu.uy" & @CRLF & _ "*.kangu.com.br" & @CRLF & _ "*.kangu.tech" & @CRLF & _ "*.mercadolibre.cl" & @CRLF & _ "*.mercadolibre.com" & @CRLF & _ "*.mercadolibre.com.ar" & @CRLF & _ "*.mercadolibre.com.co" & @CRLF & _ "*.mercadolibre.com.mx" & @CRLF & _ "*.mercadolibre.com.pe" & @CRLF & _ "*.mercadolibre.com.uy" & @CRLF & _ "*.mercadolivre.com.br" & @CRLF & _ "*.mercadopago.cl" & @CRLF & _ "*.mercadopago.com" & @CRLF & _ "*.mercadopago.com.ar" & @CRLF & _ "*.mercadopago.com.br" & @CRLF & _ "*.mercadopago.com.co" & @CRLF & _ "*.mercadopago.com.mx" & @CRLF & _ "*.mercadopago.com.pe" & @CRLF & _ "*.mercadopago.com.uy" & @CRLF & _ "*.mercadoshops.cl" & @CRLF & _ "*.mercadoshops.co.cr" & @CRLF & _ "*.mercadoshops.com" & @CRLF & _ "*.mercadoshops.com.ar" & @CRLF & _ "*.mercadoshops.com.br" & @CRLF & _ "*.mercadoshops.com.co" & @CRLF & _ "*.mercadoshops.com.do" & @CRLF & _ "*.mercadoshops.com.ec" & @CRLF & _ "*.mercadoshops.com.mx" & @CRLF & _ "*.mercadoshops.com.pa" & @CRLF & _ "*.mercadoshops.com.pe" & @CRLF & _ "*.mercadoshops.com.py" & @CRLF & _ "*.mercadoshops.com.uy" & @CRLF & _ "*.mlstatic.com" & @CRLF & _ "Crypto" & @CRLF & _ "- www.mercadopago.com.mx/crypto/*" & @CRLF & _ "- www.mercadopago.cl/crypto/*" & @CRLF & _ "- www.mercadopago.com.br/crypto/*" & @CRLF & _ "Point Smart" & @CRLF & _ "Tier 1 - MLA - https://www.mercadopago.com.ar/point-smart" & @CRLF & _ "Tier 1 - MLB - https://www.mercadopago.com.br/point-smart" & @CRLF & _ "api.mercadolibre.com" & @CRLF & _ "Tier 1 - See documentation: https://developers.mercadolibre.com.ar/en_us/api-docs" & @CRLF & _ "api.mercadopago.com" & @CRLF & _ "Tier 1 - See documentation: https://www.mercadopago.com.ar/developers/en/reference" & @CRLF & _ "com.3mosquitos.MercadoLibre" & @CRLF & _ "Tier 1 - Mercado Libres iOS: https://apps.apple.com/ar/app/mercado-libre/id463624852" & @CRLF & _ "com.mercadoenvios.crowdsourcing" & @CRLF & _ "Tier 1 - Mercado Envíos Extra: https://play.google.com/store/apps/details?id=com.mercadoenvios.crowdsourcing" & @CRLF & _ "com.mercadoenvios.driver" & @CRLF & _ "Tier 1 - Mercado Envíos Flex: https://play.google.com/store/apps/details?id=com.mercadoenvios.driver" & @CRLF & _ "com.mercadolibre" & @CRLF & _ "Tier 1 - Mercado Libre Android: https://play.google.com/store/apps/details?id=com.mercadolibre" & @CRLF & _ "com.mercadopago.MercadoPago" & @CRLF & _ "Tier 1 - Mercado Pago iOS:" & @CRLF & _ "https://itunes.apple.com/ar/app/mercado-pago-recargar-celular/id925436649" & @CRLF & _ "com.mercadopago.wallet" & @CRLF & _ "Tier 1 - Mercado Pago Android:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.mercadopago.wallet" & @CRLF & _ "logistica.redelcom.cl" & @CRLF & _ "www.mercadolibre.co.cr" & @CRLF & _ "www.mercadolibre.com.bo" & @CRLF & _ "www.mercadolibre.com.do" & @CRLF & _ "www.mercadolibre.com.ec" & @CRLF & _ "www.mercadolibre.com.gt" & @CRLF & _ "www.mercadolibre.com.hn" & @CRLF & _ "www.mercadolibre.com.ni" & @CRLF & _ "www.mercadolibre.com.pa" & @CRLF & _ "www.mercadolibre.com.py" & @CRLF & _ "www.mercadolibre.com.sv" & @CRLF & _ "www.mercadolivre.com" & @CRLF & _ "www.mercadopago.com.ec" & @CRLF & _ "1032480595" & @CRLF & _ "This is our customer iOS apps" & @CRLF & _ "982922982" & @CRLF & _ "This is our professional ios app." & @CRLF & _ "com.urbanclap.provider" & @CRLF & _ "This is our partner android app." & @CRLF & _ "com.urbanclap.urbanclap" & @CRLF & _ "This is our customer app." & @CRLF & _ "www.urbanclap.com" & @CRLF & _ "www.urbanclap.com is also our root and critical domain. Most of our traffic routes through it." & @CRLF & _ "www.urbancompany.com" & @CRLF & _ "www.urbancompany.com is our main and critical domain. Most of our traffic routes through urbanclap.com. Other subdomains mentioned in scope are for internal purpose and either are password protected or Google auth protected. We do not wish anyone to login to mentioned domains and hence they are critical for us to find vulnerabilities in." & @CRLF & _ "**partner.urbancompany.com is one of the critical subdomains within this asset.**" & @CRLF & _ "Testing Directions:" & @CRLF & _ "* A user can Sign Up using his phone number and email ID from the website home page or app. Do ensure that you are reachable on the mobile number that you shall use to register with us. While creating account reporters should use their own HackerOne email address like [handle]@wearehackerone.com" & @CRLF & _ "*.dev.remitly.com" & @CRLF & _ "*.int.remitly.com" & @CRLF & _ "674258465" & @CRLF & _ "ablink.info.remitly.com" & @CRLF & _ "access-sandbox.remitly.com" & @CRLF & _ "access.remitly.com" & @CRLF & _ "api.remitly.io" & @CRLF & _ "app.rewire.to" & @CRLF & _ "app3.rewire.to" & @CRLF & _ "auth.remitly.com" & @CRLF & _ "blog.remitly.com" & @CRLF & _ "cardpayments.remitly.io" & @CRLF & _ "cards.remitly.io" & @CRLF & _ "careers.remitly.com" & @CRLF & _ "com.remitly.androidapp" & @CRLF & _ "funding-webhooks.remitly.io" & @CRLF & _ "hub-api-sandbox.remitly.io" & @CRLF & _ "ir.remitly.com" & @CRLF & _ "media.remitly.io" & @CRLF & _ "metrics.int.remitly.com" & @CRLF & _ "news.remitly.com" & @CRLF & _ "partner-webhook.remitly.io" & @CRLF & _ "rates.rewire.com" & @CRLF & _ "remitly.com" & @CRLF & _ "rewire.com" & @CRLF & _ "site.rewire.com" & @CRLF & _ "740514933" & @CRLF & _ "S-mobiili banking application (iOS)." & @CRLF & _ "The application can be found from App Store " & @CRLF & _ "https://apps.apple.com/fi/app/s-mobiili/id740514933?l=fi" & @CRLF & _ "api.sokos.fi" & @CRLF & _ "S-Group online beauty and fashion store." & @CRLF & _ "You do not need to have an account but to get access to all asset's functionality we prefer you create Sokos/S-Käyttäjätili account. Refer to instructions for www.sokos.fi for the account." & @CRLF & _ "Please ensure to place your @wearehackerone email into the User-Agent header when testing api.sokos.fi asset. Requests without this identification might be blocked." & @CRLF & _ "cfapi.voikukka.fi" & @CRLF & _ "This is a GraphQL API for s-kaupat.fi" & @CRLF & _ "digili.s-cloud.fi" & @CRLF & _ "Services for S-Bank and S-group customers where customers can take S-bank basic banking services into use (later "digipa") and gain S-Group co-op membership (later "digili). " & @CRLF & _ "Basic banking services include opening an account and setting it as a benefit services account, applying for Visa Debit-card and opening and ordering net bank credentials that can be used as logging into S-bank netbank and using credentials to identify oneself in digital environments." & @CRLF & _ "Digili and Digipa are different applications but they are built on top of same services. Difference Between Digili and Digipa is that in Digili user opens S-group co-op membership before opening basic banking services. In Digipa user can open banking services directly without the need to gain S-group co-op membership. In case user doesn’t have required co-op membership s/he is directed to Digili application." & @CRLF & _ "If user has already co-op membership and s/he enters Digili, user will be forwarded to open banking services. In case user has some of the offered basic banking services in use, the step is skipped and user is shown a possibility to open the missing services." & @CRLF & _ "Digili and Digipa applications can be entered through https://www.s-pankki.fi/fi/tule-asiakkaaksi/, https://www.s-kanava.fi/asiakaspalvelu/nain-liityt/ or taking S-mobiili into use as a non- S-group co-op member where user is directed automatically to Digili to gain S-group co-op membership that is a requirement to take S-mobiili into use." & @CRLF & _ "In order to access Digili or Digipa user needs to be able to authenticate himself/hersef with Finnish banking credentials or through Mobiilivarmenne." & @CRLF & _ "User need also to fulfill following requirements in order to be able to access the service:" & @CRLF & _ "- Needs to be 18 years of age" & @CRLF & _ "- Needs to have Finnish social security number" & @CRLF & _ "- Needs to have permanent street address in Finland" & @CRLF & _ "In case user is not a S-group co-op member there is a minimum of 20€ membership payment that needs to be made during the process." & @CRLF & _ "Only vulnerabilities under domains https://digili.s-cloud.fi/ and https://api.digili.s-cloud.fi are eligible for bounty." & @CRLF & _ "extranet.s-pankki.fi" & @CRLF & _ "S-Bank portal where customers can take care of their S-Bank actions with other banks credentials. " & @CRLF & _ "fi.spankki" & @CRLF & _ "S-mobiili banking application (Android)." & @CRLF & _ "The application can be found from Google Play https://play.google.com/store/apps/details?id=fi.spankki&hl=fi" & @CRLF & _ "https://crosskey.io/stores/s-pankki/apis" & @CRLF & _ "S-Bank PSD2 interface." & @CRLF & _ "mobile.s-pankki.fi" & @CRLF & _ "S-mobile banking application interface." & @CRLF & _ "online.s-pankki.fi" & @CRLF & _ "S-Bank netbank which provides netbank functionalities (accounts, payments, cards, loans, investments etc) to private customers. " & @CRLF & _ "Notice that you should use your own netbank credentials or demo customer (ID: 12345678 PW: 123456) credentials. " & @CRLF & _ "Please ensure to place your @wearehackerone email into the User-Agent header when testing online.s-pankki.fi asset. Requests without this identification might be blocked." & @CRLF & _ "tunnistus.s-ryhma.fi" & @CRLF & _ "S-Group online identity (S-käyttäjätili, later "S-ID")." & @CRLF & _ "To get access to all asset's functionality, we prefer you create new S-ID account via S-Kaupat (https://www.s-kaupat.fi/) "Kirjaudu (Login) / Luo S-käyttäjätili (Create new account)". You can also access the account, or other test-accounts created, via S-Kaupat "Kirjaudu / Kirjaudu S-käyttäjätilillä"." & @CRLF & _ "S-ID service at https://tunnistus.s-ryhma.fi is available in Finnish, Swedish and English." & @CRLF & _ "When you create S-ID accounts, please use info regarding HackerOne reference, for example: firstname.lastname+hackerone@email.com " & @CRLF & _ "To enable login via SMS OTP, you need to first verify the SMS number from "S-käyttäjätili" via S-Kaupat "Firstname / Oma profiili / Muokkaa tietojasi S-käyttäjätilillä". From this page under "Yhteystiedot" click "Vahvista puhelinnumero". " & @CRLF & _ "Notice that: " & @CRLF & _ "- SMS number verification requires recent-enough login/session. " & @CRLF & _ "- SMS number can only be "verified" state in one (1) account at a time. " & @CRLF & _ "You are allowed to access S-ID accounts that you have created for testing purposes, any other accounts are out-of-scope. " & @CRLF & _ "Notice that these "HackerOne" S-ID accounts will be automatically removed after a certain period of time. They are available for at least 3 months from date of creation. " & @CRLF & _ "www.prisma.fi" & @CRLF & _ "S-Group online consumer goods store." & @CRLF & _ "You do not need to have an account but to get access to all asset's functionality we prefer you create Prisma/S-Käyttäjätili account via "Kirjaudu" / "Log in"." & @CRLF & _ "In case you create Prisma/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Prisma/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months." & @CRLF & _ "Please use email address "firstname.lastname+hackerone@email.com" for order form and contact form." & @CRLF & _ "Note: Real orders will be delivered and charged with the given information. Only domestic delivery (Finland)." & @CRLF & _ "www.s-kaupat.fi" & @CRLF & _ "S-Group online grocery store. " & @CRLF & _ "You do not need to have an account but to get access to all asset's functionality we prefer you create S-Kaupat account via "Kirjaudu" / "Log in"." & @CRLF & _ "In case you create S-Kaupat account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these S-Kaupat "HackerOne" accounts will be automatically removed after 6 months. " & @CRLF & _ "If you create an grocery order please fill in "Älä kerää" / "Do not collect" info to field "lisätiedot kaupalle" and set the pickup date to minimum of five days from current date. " & @CRLF & _ "www.s-pankki.fi" & @CRLF & _ "S-bank public pages" & @CRLF & _ "www.sokos.fi" & @CRLF & _ "You do not need to have an account but to get access to all asset's functionality we prefer you create Sokos/S-Käyttäjätili account via "Kirjaudu" / "Log in"." & @CRLF & _ "In case you create Sokos/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Sokos/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months." & @CRLF & _ "*.flickr.com" & @CRLF & _ "All flickr.com are in scope unless otherwise listed as specifically out of scope. All third-party assets are out of scope. " & @CRLF & _ "328407587" & @CRLF & _ "com.yahoo.mobile.client.android.flickr" & @CRLF & _ "https://github.com/innocraft/" & @CRLF & _ "All other software on the innocraft GitHub organisation" & @CRLF & _ "https://github.com/matomo-org" & @CRLF & _ "All other software on the matomo-org GitHub organisation" & @CRLF & _ "https://github.com/matomo-org/docker" & @CRLF & _ " Official Docker project for Matomo Analytics " & @CRLF & _ "https://github.com/matomo-org/matomo" & @CRLF & _ "this repository contains the source code of Matomo Analytics" & @CRLF & _ "https://plugins.matomo.org/developer/innocraft" & @CRLF & _ "Official plugins by Innocraft" & @CRLF & _ "https://plugins.matomo.org/developer/matomo-org" & @CRLF & _ "Official plugins by the Matomo team" & @CRLF & _ "matomo.cloud" & @CRLF & _ "Matomo Analytics Cloud" & @CRLF & _ "*$username.matomo.cloud* is also in scope, but please limit tests to ones that don't affect the live instance. (no automated tools) You can easily set up your own Matomo instance for extensive testing (see https://matomo.org/docs/installation/) " & @CRLF & _ "*.getmeetio.com" & @CRLF & _ "Are in the scope:" & @CRLF & _ "admin.getmeetio.com" & @CRLF & _ "storage.getmeetio.com" & @CRLF & _ "stats-api.getmeetio.com" & @CRLF & _ "api.getmeetio.com" & @CRLF & _ "look.getmeetio.com" & @CRLF & _ "parse.getmeetio.com" & @CRLF & _ "*.streamlabs.com" & @CRLF & _ "*vc.logitech.com" & @CRLF & _ "1018340690" & @CRLF & _ "This is the iOS app for the Circle ecosystem of devices," & @CRLF & _ "1294578643" & @CRLF & _ "This app is Streamlabs: Stream Live by Streamlabs" & @CRLF & _ "1456293789" & @CRLF & _ "This app is Logi Tune by Logitech Inc." & @CRLF & _ "1476615877" & @CRLF & _ "This app is Streamlabs Deck by Streamlabs" & @CRLF & _ "632344648" & @CRLF & _ "App: BOOM & MEGABOOM by Ultimate Ears" & @CRLF & _ "Circle Cameras" & @CRLF & _ "Please note exploits resulting from physical hacks to the device itself are out of scope, and any received reports will be marked N/A in accordance with HackerOne policy. Please refrain from submitting reports for physical hacks to avoid losing Reputation." & @CRLF & _ "At this time we are unable to provide Circle devices for testing purposes. If you already own a Circle , hack away to your heart's content, otherwise watch this space for updates! " & @CRLF & _ "Eligible models include all Circle cameras (Circle View Doorbell, Circle View Camera, Circle 2, Circle) running the latest firmware." & @CRLF & _ "G Hub" & @CRLF & _ "Only the latest version of GHub is in scope." & @CRLF & _ "Logi Options+ PC/MAC" & @CRLF & _ "Logi Options+ software lets you configure your Logitech device." & @CRLF & _ "The latest version is eligible (PC & MAC)." & @CRLF & _ "Logi Tune PC/MAC" & @CRLF & _ "Logi Tune Desktop application for PC and MAC reports are eligible as long as they are on the latest version." & @CRLF & _ "Logitech MIXLINE" & @CRLF & _ "Logitech Mice & Keyboards" & @CRLF & _ "The current generation of Logitech Keyboards and Mouses." & @CRLF & _ "Logitech Sync" & @CRLF & _ "This is Sync Desktop Application by Logitech. The latest version is eligible." & @CRLF & _ "Presentation Remotes" & @CRLF & _ "In-scope devices: R500 Laser Presentation Remote; Spotlight Presentation Remote; R400 Laser Presentation Remote; R700 Laser Presentation Remote" & @CRLF & _ "Streamlabs Desktop Application PC/MAC" & @CRLF & _ "The latest version is eligible" & @CRLF & _ "USB Unifying and LightSpeed Receivers" & @CRLF & _ "Ultimate Ears Speakers" & @CRLF & _ "Products in scope are the current generation " & @CRLF & _ "BLAST, MEGABLAST, BOOM 3, MEGABOOM 3, WONDERBOOM 2, HYPERBOOM, POWER UP" & @CRLF & _ "Video Conferencing Products" & @CRLF & _ "All products running their latest firmware listed in the page below are eligible:" & @CRLF & _ "https://www.logitech.com/en-us/video-collaboration/products" & @CRLF & _ "accounts.logi.com" & @CRLF & _ "Non production testing site exists under sandbox.accounts.logi.com" & @CRLF & _ "circle.logi.com" & @CRLF & _ "Also includes the *.video.logi.com and *.circle.logi.com" & @CRLF & _ "See developer documentation at https://developers.logitech.com/circle" & @CRLF & _ "com.getmeetio.*" & @CRLF & _ "Meetio Room (com.getmeetio.room), Android" & @CRLF & _ "Meetio View (com.getmeetio.view), Android" & @CRLF & _ "Meetio Desk (com.getmeetio.meetiodesk), Android" & @CRLF & _ "Meetio Update (com.getmeetio.update), Android" & @CRLF & _ "Meetio System (com.getmeetio.system), Android" & @CRLF & _ "Meetio Personal (com.getmeetio.personal), Android" & @CRLF & _ "com.getmeetio.Meetio-Enterprise" & @CRLF & _ "Meetio Personal (com.getmeetio.Meetio-Enterprise), iOS" & @CRLF & _ "com.logitech.circle" & @CRLF & _ "This app is part of the Circle ecosystem of camera devices." & @CRLF & _ "com.logitech.logue" & @CRLF & _ "This App is Logi Tune for Zone Headsets by Logitech" & @CRLF & _ "com.logitech.ueboom" & @CRLF & _ "com.streamlabs" & @CRLF & _ "This is the "Streamlabs: Live Streaming" App by Streamlabs" & @CRLF & _ "com.streamlabs.slobsrc" & @CRLF & _ "gaming.logicool.co.jp" & @CRLF & _ "id.logi.com" & @CRLF & _ "logitechg.com.cn" & @CRLF & _ "meetiobook.com" & @CRLF & _ "sync.logitech.com" & @CRLF & _ "Cloud service associated with the Logitech Sync application" & @CRLF & _ "www.astrogaming.com" & @CRLF & _ "www.jaybirdsport.com" & @CRLF & _ "www.logicool.co.jp" & @CRLF & _ "www.logitech.com" & @CRLF & _ "www.logitech.com.cn" & @CRLF & _ "Ineligible for bounty: " & @CRLF & _ "store.logitech.com.cn is a hosted 3rd party service, so we will forward any reports onto the vendor." & @CRLF & _ "www.logitechg.com" & @CRLF & _ "www.ultimateears.com" & @CRLF & _ "*uat.marriott.com" & @CRLF & _ "user acceptance testing environments for marriott.com products . " & @CRLF & _ "455004730" & @CRLF & _ "activities.marriott.com" & @CRLF & _ "all-inclusive.marriott.com" & @CRLF & _ "careers.marriott.com" & @CRLF & _ "cpp.marriott.com" & @CRLF & _ "dcfgateway*.marriott.com" & @CRLF & _ "gateway*.marriott.com" & @CRLF & _ "help.marriott.com" & @CRLF & _ "homes-and-villas.marriott.com" & @CRLF & _ "hotel-deals.marriott.com" & @CRLF & _ "http://www.shopmarriott.com" & @CRLF & _ "Marriott Store" & @CRLF & _ "https://dcfgatewaytst1.marriott.com/" & @CRLF & _ "https://gatewaydsapdev2.marriott.com/" & @CRLF & _ "https://gatewaydsaptst1.marriott.com/" & @CRLF & _ "https://gatewaydsaptst2.marriott.com/" & @CRLF & _ "jobs.marriott.com" & @CRLF & _ "lawmanager.marriott.com" & @CRLF & _ "marriottfranchisetransactions.marriott.com" & @CRLF & _ "marrtool.com" & @CRLF & _ "mgs.marriott.com" & @CRLF & _ "mipartnerprivileges.marriott.com" & @CRLF & _ "moments.marriottbonvoy.com" & @CRLF & _ "passwordchallenge.marriott.com" & @CRLF & _ "This app is used for employees all over marriott to reset their passwords, for new employees to set their first password, and set up challenge questions." & @CRLF & _ "reservations.all-inclusive.marriott.com" & @CRLF & _ "sso.marriott.com" & @CRLF & _ "travelagents.marriott.com/" & @CRLF & _ "traveler.marriott.com" & @CRLF & _ "www.marriott.com" & @CRLF & _ "www.ritzcarlton.com/" & @CRLF & _ "This is the flagship website of one of our luxury brands that we acquired several years ago. " & @CRLF & _ "140.95.0.0/16" & @CRLF & _ "199.66.248.0/22" & @CRLF & _ "213.139.133.32/28" & @CRLF & _ "476639005" & @CRLF & _ "assets.hyatt.com" & @CRLF & _ "We are adding this subdomain to our program as our main domain pulls images and other assets from this site." & @CRLF & _ "blueskytours.globalbookingsolutions.com" & @CRLF & _ "Does not include additional subdomains." & @CRLF & _ "book.applevacations.com" & @CRLF & _ "book.beachbound.com" & @CRLF & _ "book.booktandl.com" & @CRLF & _ "book.cheapcaribbean.com" & @CRLF & _ "Do not target additional subdomains." & @CRLF & _ "book.extraholidaysvacations.com" & @CRLF & _ "booking.applevacations.com" & @CRLF & _ "booking.beachbound.com" & @CRLF & _ "booking.cheapcaribbean.com" & @CRLF & _ "com.Hyatt" & @CRLF & _ "confluence.hyattdev.com" & @CRLF & _ "ebsext.oft.hyatt.com" & @CRLF & _ "holidays-au.fijiairways.com" & @CRLF & _ "holidays-fj.fijiairways.com" & @CRLF & _ "holidays-hk.fijiairways.com" & @CRLF & _ "holidays-nz.fijiairways.com" & @CRLF & _ "holidays-sg.fijiairways.com" & @CRLF & _ "holidays-us.fijiairways.com" & @CRLF & _ "hyatt.com" & @CRLF & _ "jira.hyattdev.com" & @CRLF & _ "login.www.vaxvacationaccess.com" & @CRLF & _ "meetings.hyatt.com" & @CRLF & _ "mobileapp.hyatt.com" & @CRLF & _ "new.www.vaxvacationaccess.com" & @CRLF & _ "newsroom.images.hyatt.com" & @CRLF & _ "Only test newsroom.images.hyatt.com; newsroom.hyatt.com is not hosted by Hyatt (do not test)." & @CRLF & _ "plannerrequest.hyatt.com" & @CRLF & _ "public.hyatt.com" & @CRLF & _ "res.blueskytours.globalbookingsolutions.com" & @CRLF & _ "res.funjet.com" & @CRLF & _ "res.hyattinclusivecollection.com" & @CRLF & _ "res.nowresorts.com" & @CRLF & _ "res.secretsresorts.com" & @CRLF & _ "res.skyteam.com" & @CRLF & _ "res.southwestvacations.com" & @CRLF & _ "res.treasureisland.globalbookingsolutions.com" & @CRLF & _ "res.universalorlandovacations.com" & @CRLF & _ "res.vacations.buschgardens.com" & @CRLF & _ "res.vacations.discoverycove.com" & @CRLF & _ "res.vacations.seaworld.com" & @CRLF & _ "res.vacations.sesameplace.com" & @CRLF & _ "res.vacations.united.com" & @CRLF & _ "res.vacations.universalstudioshollywood.com" & @CRLF & _ "reservations.wynnvacations.com" & @CRLF & _ "rezagent.triseptsolutions.com" & @CRLF & _ "roominglist.hyatt.com" & @CRLF & _ "salesportal.hyatt.com" & @CRLF & _ "scapegoat.hyatt.com" & @CRLF & _ "shop.wyndhamvacationownership.trisept.travel" & @CRLF & _ "soaext.oft.hyatt.com" & @CRLF & _ "sso.oft.hyatt.com" & @CRLF & _ "upsell.hyatt.com" & @CRLF & _ "vacations.travelimpressions.com" & @CRLF & _ "vacations.united.com" & @CRLF & _ "vacations.universalstudioshollywood.com" & @CRLF & _ "vacations.us.palladiumhotelgroup.com" & @CRLF & _ "world.hyatt.com" & @CRLF & _ "www.applevacations.com" & @CRLF & _ "www.beachbound.com" & @CRLF & _ "www.blueskytours.com" & @CRLF & _ "www.cheapcaribbean.com" & @CRLF & _ "www.funjet.com" & @CRLF & _ "www.globalhotelchoices.com" & @CRLF & _ "www.hyatt.com" & @CRLF & _ "www.hyattconnect.com" & @CRLF & _ "www.hyattinclusivecollection.com" & @CRLF & _ "www.triseptapi.com" & @CRLF & _ "www.triseptdemo.com" & @CRLF & _ "www.triseptsolutions.com" & @CRLF & _ "www.universalorlandovacations.com" & @CRLF & _ "www.wynnvacations.com" & @CRLF & _ "*-api-*.acronis.com" & @CRLF & _ "*.5nine.com" & @CRLF & _ "*.acronis.com" & @CRLF & _ "*.acronis.work" & @CRLF & _ "*.devicelock.com" & @CRLF & _ "1118448159" & @CRLF & _ "Acronis Cyber Protect for [iOS](https://apps.apple.com/app/acronis-cyber-backup/id1118448159)." & @CRLF & _ "1192506963" & @CRLF & _ "Acronis Files Cloud for [iOS](https://apps.apple.com/us/app/files-cloud/id1192506963)." & @CRLF & _ "429704844" & @CRLF & _ "Acronis Files Advanced for [iOS](https://apps.apple.com/us/app/acronis-files-advanced/id429704844)." & @CRLF & _ "978342143" & @CRLF & _ "Acronis Mobile for [iOS](https://apps.apple.com/app/acronis-true-image-mobile/id978342143)." & @CRLF & _ "Acronis Agent" & @CRLF & _ "Acronis Agent is a client-side application for Acronis Cyber Protect that incorporates backup and cyber protection mechanisms. You may download versions for all supported platforms from [here](https://mc-beta-cloud.acronis.com/download/u/baas/4.0/)." & @CRLF & _ "Acronis Cloud Manager" & @CRLF & _ "Acronis Cloud Manager provides advanced monitoring, management, migration, and recovery for Microsoft Cloud environments. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/cloud-manager/trial/)." & @CRLF & _ "Acronis Cyber Files" & @CRLF & _ "Acronis Cyber Files is a secure file sync and share solution that enables your team to collaborate, access company files, and share documents on any device. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/files/trial/)." & @CRLF & _ "Acronis Cyber Infrastructure" & @CRLF & _ "Acronis Cyber Infrastructure unites software-defined compute, network and storage in a single, scalable product, designed for building private or public clouds. You can read more about it at [kb.acronis.com](https://kb.acronis.com/acronis-cyber-infrastructure)." & @CRLF & _ "Please note that this asset is only available periodically during testing phases." & @CRLF & _ "Acronis Cyber Protect" & @CRLF & _ "Acronis Cyber Protect is an on-premises cyber protection solution designed for business environments. You may request a trial by completing [registration](https://www.acronis.com/en-us/business/cyber-protect/trial/#/registration)." & @CRLF & _ "Acronis DeviceLock DLP" & @CRLF & _ "Acronis DeviceLock DLP provides comprehensive endpoint data loss prevention. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/devicelock/trial/)." & @CRLF & _ "Acronis Snap Deploy" & @CRLF & _ "Acronis Snap Deploy is designed to deploy and provision all of your servers and workstations at once. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/snap-deploy/trial/)." & @CRLF & _ "Acronis True Image (formerly Acronis Cyber Protect Home Office)" & @CRLF & _ "Acronis True Image is designed for protection of home computers. [Download a trial](https://www.acronis.com/en-us/products/true-image/trial/)." & @CRLF & _ "Other Acronis Domains" & @CRLF & _ "Other Acronis executables" & @CRLF & _ "account.acronis.com" & @CRLF & _ "Acronis Customer Portal." & @CRLF & _ "beta-cloud.acronis.com" & @CRLF & _ "Acronis Cyber Cloud beta environment. To request an account, please follow HackerOne [Credentials](https://docs.hackerone.com/en/articles/8466488-credentials) guide and select `beta-cloud.acronis.com` asset." & @CRLF & _ "com.acronis.abc" & @CRLF & _ "Acronis Cyber Protect for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2b)." & @CRLF & _ "com.acronis.acronistrueimage" & @CRLF & _ "Acronis Mobile for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2c)." & @CRLF & _ "Faucets" & @CRLF & _ "Chainlink Testnet Faucet is available at the following URL: https://faucets.chain.link/" & @CRLF & _ "https://github.com/smartcontractkit/chainlink" & @CRLF & _ "https://github.com/smartcontractkit/chainlink/tree/master/contracts" & @CRLF & _ "https://github.com/smartcontractkit/external-adapters-js/" & @CRLF & _ "https://github.com/smartcontractkit/staking-v0.1/tree/master/contracts" & @CRLF & _ "*.braintree-api.com" & @CRLF & _ "For testing and account creation, please use *.sandbox.braintree-api.com rather than production." & @CRLF & _ "*.braintree.tools" & @CRLF & _ "Please note, this is a development environment that is constantly in flux. Accordingly, vulnerabilities found on this asset will generally have lower impact and payouts." & @CRLF & _ "*.braintreegateway.com" & @CRLF & _ "*.braintreepayments.com" & @CRLF & _ "For testing and account creation, please use *.sand.braintreepayments.com rather than production." & @CRLF & _ "*.hyperwallet.com" & @CRLF & _ "*.paydiant.com" & @CRLF & _ "*.paylution.com" & @CRLF & _ "*.paypal.com" & @CRLF & _ "*.paypalcorp.com" & @CRLF & _ "*.venmo.com" & @CRLF & _ "*.xoom.com" & @CRLF & _ "351727428" & @CRLF & _ "[iOS Venmo App](https://apps.apple.com/us/app/venmo/id351727428)" & @CRLF & _ "Braintree SDK" & @CRLF & _ "PayPal SDK" & @CRLF & _ "api.loanbuilder.com" & @CRLF & _ "api.swiftfinancial.com" & @CRLF & _ "com.paypal.android.p2pmobile" & @CRLF & _ "com.paypal.merchant" & @CRLF & _ "com.paypal.merchant.client" & @CRLF & _ "com.venmo" & @CRLF & _ "com.xoom.android.app" & @CRLF & _ "com.xoom.app" & @CRLF & _ "decision.swiftfinancial.com" & @CRLF & _ "We are aware that the root URL of this domain returns an error, the API is functioning correctly." & @CRLF & _ "loanbuilder.com" & @CRLF & _ "my.loanbuilder.com" & @CRLF & _ "my.swiftfinancial.com" & @CRLF & _ "partner.swiftfinancial.com" & @CRLF & _ "paypal.me" & @CRLF & _ "paypalobjects.com" & @CRLF & _ "pigeon.swiftfinancial.com" & @CRLF & _ "prequal.swiftfinancial.com" & @CRLF & _ "py.pl" & @CRLF & _ "sandbox.braintreegateway.com" & @CRLF & _ "scrutiny.swiftfinancial.com" & @CRLF & _ "swiftcapital.com" & @CRLF & _ "swiftfinancial.com" & @CRLF & _ "www.loanbuilder.com" & @CRLF & _ "www.paypal-*.com" & @CRLF & _ "PayPal's Partner Sites (www.paypal-__.com) are mainly marketing based sites that are not part of the core PayPal customer domains (.paypal.com) and are managed by hosting vendor companies. They have variable timelines and are often decommissioned. A listing of these sites designated for deprecation will not be publically maintained due to frequent changes. When researching bugs on these sites, please keep this in mind as bug Submissions for sites on schedule for deprecation will not be honored." & @CRLF & _ "Submissions of bugs relating to services or domains not referenced above or for sites on schedule for deprecation are ineligible for the Bug Bounty Program and will not be eligible for a Bounty Payment." & @CRLF & _ "www.swiftcapital.com" & @CRLF & _ "www.swiftfinancial.com" & @CRLF & _ "*.cb.dev" & @CRLF & _ "**Caution: Reports about the testbed will be excluded if they do not affect the main site.** However it is useful to test some exploits." & @CRLF & _ "*.highwebmedia.com" & @CRLF & _ "This domain covers all our main media servers; such as video servers, chat servers, image servers, etc." & @CRLF & _ "*.mmcdn.com" & @CRLF & _ "Our new CDN Domain, replaces highwebmedia.com" & @CRLF & _ "*.mmwebc.dev" & @CRLF & _ "Our domain for Web Components " & @CRLF & _ "*.securegatewayaccess.com" & @CRLF & _ "Our billing customer service site. Any access here is critical and must be immediately reported." & @CRLF & _ "billingsupport.chaturbate.com" & @CRLF & _ "Alisas of the billing customer support site." & @CRLF & _ "chaturbate.com" & @CRLF & _ "The main chaturbate site!" & @CRLF & _ "m.chaturbate.com" & @CRLF & _ "The mobile version of Chaturbate" & @CRLF & _ "secure.chaturbate.com" & @CRLF & _ "The billing customer service and signup page" & @CRLF & _ "*.fanbox.cc" & @CRLF & _ "* This site uses pixiv account (signup at https://accounts.pixiv.net)." & @CRLF & _ "accounts.pixiv.net" & @CRLF & _ "* Signin / signup site for many pixiv products (`*.pixiv.net`, `*.booth.pm`, etc)." & @CRLF & _ "booth.pm" & @CRLF & _ "* PC: https://booth.pm" & @CRLF & _ "coban.pixiv.net" & @CRLF & _ "comic.pixiv.net" & @CRLF & _ "This site is in Japanese." & @CRLF & _ "This site uses pixiv account (signup at https://accounts.pixiv.net)." & @CRLF & _ "- Web: https://comic.pixiv.net" & @CRLF & _ "- iOS : https://apps.apple.com/jp/app/pixiv%E3%82%B3%E3%83%9F%E3%83%83%E3%82%AF/id975414811" & @CRLF & _ "- Android: https://play.google.com/store/apps/details?id=jp.pxv.android.manga" & @CRLF & _ "dic.pixiv.net" & @CRLF & _ "https://github.com/pixiv/charcoal" & @CRLF & _ "charcoal (https://github.com/pixiv/charcoal) is a set of libraries used as a design system and maintained by pixiv." & @CRLF & _ "- Vulnerabilities caused by the libraries included in charcoal" & @CRLF & _ "- Supply chain vulnerabilities related to the dependencies of charcoal libraries" & @CRLF & _ "- Vulnerabilities of sites using any of the charcoal libraries (including services by pixiv inc)" & @CRLF & _ "https://vroid.com/studio" & @CRLF & _ "hub.vroid.com" & @CRLF & _ "* This is a site where users share their 3D characters in [VRM file format](https://vrm.dev/en/)." & @CRLF & _ "* When testing with VRM, please use characters provided by [our official account](https://hub.vroid.com/users/36144806)." & @CRLF & _ " * Go to a character -> click "Use this model" -> click "Download"." & @CRLF & _ "* Please avoid interactions / exposure to other users to the best of you ability." & @CRLF & _ "neoket.net" & @CRLF & _ "novel.pixiv.net" & @CRLF & _ "- Web: https://novel.pixiv.net" & @CRLF & _ "pastela.app" & @CRLF & _ "- This site uses pixiv account (signup at https://accounts.pixiv.net)." & @CRLF & _ "- PC: https://pastela.app" & @CRLF & _ "- iPadOS: https://apps.apple.com/app/pastela/id6478907270" & @CRLF & _ "payment.pixiv.net" & @CRLF & _ "sensei.pixiv.net" & @CRLF & _ "sketch.pixiv.net" & @CRLF & _ "* This site is in Japanese." & @CRLF & _ "* PC: https://sketch.pixiv.net/" & @CRLF & _ "* iOS: https://itunes.apple.com/app/pixiv-sketch/id991334925" & @CRLF & _ "* Android: https://play.google.com/store/apps/details?id=jp.pxv.android.sketch" & @CRLF & _ "vroid.com" & @CRLF & _ "www.pixiv.net" & @CRLF & _ "* The core pixiv." & @CRLF & _ "* Signup at https://accounts.pixiv.net" & @CRLF & _ "* PC: https://www.pixiv.net/" & @CRLF & _ "* iOS: https://itunes.apple.com/app/pixiv/id337248563" & @CRLF & _ "* Android: https://play.google.com/store/apps/details?id=jp.pxv.android" & @CRLF & _ "CometBFT" & @CRLF & _ "CometBFT is a blockchain application platform; it provides the equivalent of a web-server, database, and supporting libraries for blockchain applications written in any programming language. CometBFT implements Byzantine Fault Tolerant (BFT) State Machine Replication (SMR) for arbitrary deterministic, finite state machines.
" & @CRLF & _ "For more background, see the [CometBFT docs site](https://docs.cometbft.com/v0.38/). To get started quickly with an example application, see the [quick start guide](https://docs.cometbft.com/v0.38/guides/quick-start)." & @CRLF & _ "## In-Scope Repositories" & @CRLF & _ "* [cometbft](https://github.com/cometbft/cometbft)" & @CRLF & _ "* [cometbft-db](https://github.com/cometbft/cometbft-db)" & @CRLF & _ "## LTS Policy" & @CRLF & _ "Bugs present in the latest released versions of the v0.34, v0.37 and v0.38 series are eligible for bounty. Bugs present in pre-releases of new versions are also eligible." & @CRLF & _ "CosmWasm" & @CRLF & _ " CosmWasm is a smart contract platform that focuses on security, performance and interoperability by Confio GMBH. It is the only smart contracting platform for public blockchains with significant adoption outside of the EVM. " & @CRLF & _ "For documentation about the platform and a Getting Started guide, please see https://www.cosmwasm.com/build " & @CRLF & _ "## In-scope Repositories" & @CRLF & _ "* Execution environment" & @CRLF & _ " * [cosmwasm](https://github.com/CosmWasm/cosmwasm)" & @CRLF & _ " * [wasmvm](https://github.com/CosmWasm/wasmvm)" & @CRLF & _ " * [wasmd](https://github.com/CosmWasm/wasmd)" & @CRLF & _ "* Standard library dependencies" & @CRLF & _ " * [serde-json-wasm](https://github.com/CosmWasm/serde-json-wasm)" & @CRLF & _ "* Libraries for building contracts" & @CRLF & _ " * [cw-plus](https://github.com/CosmWasm/cw-plus)" & @CRLF & _ " * [cw-storage-plus](https://github.com/CosmWasm/cw-storage-plus)" & @CRLF & _ " * [cw-utils](https://github.com/CosmWasm/cw-utils)" & @CRLF & _ "* Build tools" & @CRLF & _ " * [rust-optimizer](https://github.com/CosmWasm/rust-optimizer)" & @CRLF & _ "Cosmos SDK" & @CRLF & _ "The Cosmos SDK is an open-source framework for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. SDK-based blockchains are built out of composable [modules](https://docs.cosmos.network/main/build/building-modules/intro), most of which are open-source and readily available for any developers to use.

To get started, learn more about the [architecture of a Cosmos SDK application](https://docs.cosmos.network/main/learn/intro/sdk-app-architecture), or how to build application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial)." & @CRLF & _ "* [cosmossdk](https://github.com/cosmos/cosmos-sdk)" & @CRLF & _ "### Core packages" & @CRLF & _ "* [baseapp](https://github.com/cosmos/cosmos-sdk/tree/main/baseapp)" & @CRLF & _ "* [crypto](https://github.com/cosmos/cosmos-sdk/tree/main/crypto)" & @CRLF & _ "* [types](https://github.com/cosmos/cosmos-sdk/tree/main/types)" & @CRLF & _ "* [store](https://github.com/cosmos/cosmos-sdk/tree/main/store)" & @CRLF & _ "### Modules" & @CRLF & _ "* [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth)" & @CRLF & _ "* [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank)" & @CRLF & _ "* [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking)" & @CRLF & _ "* [x/slashing](https://github.com/cosmos/cosmos-sdk/tree/main/x/slashing)" & @CRLF & _ "* [x/evidence](https://github.com/cosmos/cosmos-sdk/tree/main/x/evidence)" & @CRLF & _ "* [x/distribution](https://github.com/cosmos/cosmos-sdk/tree/main/x/distribution)" & @CRLF & _ "* [x/mint](https://github.com/cosmos/cosmos-sdk/tree/main/x/mint)" & @CRLF & _ "We are interested in bugs in other modules, however the above are most likely to have significant vulnerabilities, due to the complexity/nuance involved. We also recommend reading the [specification](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules/README.md) of each module before digging into the code." & @CRLF & _ "Hermes Relayer" & @CRLF & _ "Hermes is a Rust implementation of an Inter-Blockchain Communication (IBC) relayer that is developed and maintained by Informal Systems. It provides a CLI to relay packets between Cosmos SDK chains, exposes [Prometheus](https://prometheus.io/) metrics and offers a REST API." & @CRLF & _ "The [documentation for Hermes](https://hermes.informal.systems/) includes a [guide for installation](https://hermes.informal.systems/quick-start/installation.html) and [several tutorials](https://hermes.informal.systems/tutorials/local-chains/index.html) that will help you get started with security testing in a local environment. " & @CRLF & _ "
This component of the Interchain Stack comprises primarily of 6 crates: " & @CRLF & _ "* [ibc-relayer](https://crates.io/crates/ibc-relayer) provides an implementation of an IBC relayer, as a *library*." & @CRLF & _ "* [ibc-relayer-cli](https://crates.io/crates/ibc-relayer-cli) is a CLI (a wrapper over the ibc-relayer library), comprising the [hermes](https://hermes.informal.systems/) binary." & @CRLF & _ "* [ibc-chain-registry](https://crates.io/crates/ibc-chain-registry) provides functions to fetch data from the [chain registry](https://github.com/cosmos/chain-registry) and automatically generate chain configuration for Hermes." & @CRLF & _ "* [ibc-telemetry](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for gathering telemetry data and exposing that in a Prometheus endpoint." & @CRLF & _ "* [ibc-relayer-rest](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for exposing a REST API to inspect the state of the relayer." & @CRLF & _ "* [ibc-test-framework](https://crates.io/crates/ibc-test-framework) provides the infrastructure and framework for writing end-to-end (E2E) tests that include the spawning of the relayer together with Cosmos full nodes." & @CRLF & _ "Horcrux" & @CRLF & _ "Horcrux is a [multi-party-computation \(MPC\)](https://en.wikipedia.org/wiki/Secure_multi-party_computation) signing service for CometBFT nodes built and maintained by Strangelove Labs. It provides high-availability key management for Cosmos validator operations, and mitigates the risk of double signing transactions." & @CRLF & _ "This documentation and set of guides will help you get started with learning about Horcrux:" & @CRLF & _ "### Guides:" & @CRLF & _ "* [PFC-Validator example shell script](https://github.com/PFC-Validator/horcrux-container/blob/main/launch-all.sh)" & @CRLF & _ "* [PFC-Validator Kubernetes Cluster yaml configs](https://github.com/PFC-Validator/PFC-Cluster/tree/main/manifests/cosmos/pisco)" & @CRLF & _ "* [Lavender.Five Ansible Cluster automation](https://github.com/LavenderFive/horcrux-ansible)" & @CRLF & _ "### Diagrams:" & @CRLF & _ "* [https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png](https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png)" & @CRLF & _ "* [https://github.com/strangelove-ventures/horcrux](https://github.com/strangelove-ventures/horcrux) " & @CRLF & _ "The Strangelove Labs team maintains a dedicated [Horcrux Support Policy](https://docs.google.com/document/d/1XrrOfigfoDuJUp04b_4BMvoDvgQwTQGutXVio5cAfAE/edit?usp=sharing). " & @CRLF & _ "IBC Go Relayer" & @CRLF & _ "The ibc-go relayer is a Golang implementation of an Interblockchain Communication (IBC) relayer maintained by Strangelove Labs. A relayer process monitors for updates on open paths between sets of IBC enabled chains and submits these updates in the form of specific message types to the counterparty chain. Clients are then used to track and verify the consensus state." & @CRLF & _ "In addition to relaying packets, this relayer can open paths across chains, thus creating clients, connections and channels.

" & @CRLF & _ "The [documentation for this relayer](https://github.com/cosmos/relayer?tab=readme-ov-file#table-of-contents) and a [demo](https://github.com/cosmos/relayer/blob/main/examples/README.md) for setting up a development environment are available. Additional information on how IBC works can be found [here](https://ibc.cosmos.network/main)." & @CRLF & _ "[https://github.com/cosmos/relayer](https://github.com/cosmos/relayer) " & @CRLF & _ "Packet Forward Middleware" & @CRLF & _ "Packet Forward Middleware (PFM) is an IBC middleware module built for Cosmos blockchains that routes incoming IBC packets from a source chain to a destination chain." & @CRLF & _ "This [diagram](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware%23sequence-diagrams) and [integration guide](https://github.com/cosmos/ibc-apps/blob/main/middleware/packet-forward-middleware/docs/integration.md) will help you get acquainted with the code." & @CRLF & _ "* [https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward)" & @CRLF & _ "The Strangelove Team maintains a [Support Policy](https://docs.google.com/document/d/1I50F_rvp7oPnn6UuKwUdulZvBtMnePoRXtBhrYWMjkE/edit?usp=sharing) for this component." & @CRLF & _ "https://github.com/cosmos/gaia" & @CRLF & _ "The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in!" & @CRLF & _ "* Injection exploits" & @CRLF & _ "* Privilege escalation" & @CRLF & _ "* IBC" & @CRLF & _ "* Inter-module interactions" & @CRLF & _ "* Network channel attacks" & @CRLF & _ "* Replay attacks" & @CRLF & _ "https://github.com/cosmos/iavl" & @CRLF & _ "The `iaviewer` application itself is not in-scope for the bug bounty program, unless there is an underlying bug in the `iavl` library that can be exploited through the application or other applications using the `iavl` library." & @CRLF & _ "https://github.com/cosmos/ics23" & @CRLF & _ "https://github.com/cosmos/ledger-cosmos" & @CRLF & _ "We are looking for security vulnerabilities that, when exploited, can make a person lose their fund, access to their private key or otherwise impact them _on the production system_, in this case, a public Ledger device." & @CRLF & _ "https://github.com/iqlusioninc/crates/tree/main/signatory" & @CRLF & _ "Restricted to the ed25519 provider sub-crates like dalek-ed25519 and ring." & @CRLF & _ "https://github.com/iqlusioninc/tmkms" & @CRLF & _ "https://github.com/iqlusioninc/yubihsm.rs" & @CRLF & _ "The bug bounty is restricted to the ed25519 pubkey and signing paths." & @CRLF & _ "ibc-go" & @CRLF & _ "The Inter-Blockchain Communication Protocol (IBC) allows blockchains to talk to each other. The protocol realizes this interoperability by specifying a set of data structures, abstractions, and semantics that can be implemented by any distributed ledger that satisfies a small set of requirements. " & @CRLF & _ "To learn more about IBC and its components, visit the [documentation site](https://ibc.cosmos.network/main/ibc/overview).
" & @CRLF & _ "* [https://github.com/cosmos/ibc-go/tree/main](https://github.com/cosmos/ibc-go/tree/main)" & @CRLF & _ "### IBC Core" & @CRLF & _ "* [02-client](https://github.com/cosmos/ibc-go/tree/main/modules/core/02-client)" & @CRLF & _ "* [03-connection](https://github.com/cosmos/ibc-go/tree/main/modules/core/03-connection)" & @CRLF & _ "* [04-channel](https://github.com/cosmos/ibc-go/tree/main/modules/core/04-channel)" & @CRLF & _ "* [05-port](https://github.com/cosmos/ibc-go/tree/main/modules/core/05-port)" & @CRLF & _ "* [23-commitment](https://github.com/cosmos/ibc-go/tree/main/modules/core/23-commitment)" & @CRLF & _ "* [24-host](https://github.com/cosmos/ibc-go/tree/main/modules/core/24-host)" & @CRLF & _ "### Application Modules" & @CRLF & _ "* [Transfer](https://github.com/cosmos/ibc-go/tree/main/modules/apps/transfer)" & @CRLF & _ "* [27-interchain-accounts](https://github.com/cosmos/ibc-go/tree/main/modules/apps/27-interchain-accounts)" & @CRLF & _ "### Light Clients" & @CRLF & _ "* [06–solomachine](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/06-solomachine)" & @CRLF & _ "* [07-tendermint](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/07-tendermint)" & @CRLF & _ "* [09-localhost](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/09-localhost)" & @CRLF & _ "* [08-wasm] (https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/08-wasm)" & @CRLF & _ "### Middleware Modules" & @CRLF & _ "* [29-fee](https://github.com/cosmos/ibc-go/tree/main/modules/apps/29-fee)" & @CRLF & _ "* [Callbacks](https://github.com/cosmos/ibc-go/tree/main/modules/apps/callbacks)" & @CRLF & _ "The ibc-go team has implemented a [Stable Release Policy](https://github.com/cosmos/ibc-go/blob/main/RELEASES.md%23stable-release-policy) that covers the protocol and components it maintains." & @CRLF & _ "com.affirm.central.audit" & @CRLF & _ "This is the Android testing app built for HackerOne. It's distributed through Google Play Store." & @CRLF & _ "com.affirm.internal.hackerone" & @CRLF & _ "This is the testing iOS app built for HackerOne. It is distributed through Crashlytics." & @CRLF & _ "sandbox.affirm.com" & @CRLF & _ "*.crypto.com" & @CRLF & _ "We will consider all vulnerability reports against assets in Crypto.com's control. Severity might be limited for certain assets based on business impact." & @CRLF & _ "*.mona.co" & @CRLF & _ "Crypto.com Exchange APIs that require an account" & @CRLF & _ "Includes any BFF APIs" & @CRLF & _ "Crypto.com Wallet Extension" & @CRLF & _ "Crypto.com mobile app APIs that require an account" & @CRLF & _ "app.mona.co" & @CRLF & _ "co.mona.android" & @CRLF & _ "Get the app here: https://play.google.com/store/apps/details?id=co.mona.android" & @CRLF & _ "You won’t need test accounts for this as it will be public-facing sites for now." & @CRLF & _ "The app should give you the functionality to start using CRO services." & @CRLF & _ "com.defi.wallet" & @CRLF & _ "https://apps.apple.com/app/crypto-com-wallet/id1512048310" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.defi.wallet" & @CRLF & _ "com.monaco.mobile" & @CRLF & _ "developer-platform-api.crypto.com" & @CRLF & _ "https://crypto.com/exchange" & @CRLF & _ "https://crypto.com/nft" & @CRLF & _ "https://crypto.com/price" & @CRLF & _ "https://etherscan.io/token/0xfe18ae03741a5b84e39c295ac9c856ed7991c38e" & @CRLF & _ "**Bounty Range Changes: CDCETH Smart Contract**" & @CRLF & _ "Critical Severity: Up to $50,000 USD" & @CRLF & _ "Extreme Tier: Up to $1,000,000" & @CRLF & _ "js.crypto.com" & @CRLF & _ "merchant.crypto.com" & @CRLF & _ "nadex.com" & @CRLF & _ "tax.crypto.com" & @CRLF & _ "web.crypto.com" & @CRLF & _ "com.goodrx" & @CRLF & _ "Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx" & @CRLF & _ "com.goodrx.iphone" & @CRLF & _ "iOS Download: https://itunes.apple.com/app/id485357017" & @CRLF & _ "www.goodrx.com" & @CRLF & _ "This our primary site. Our mobile site m.goodrx.com is also covered by this scope. Only issues regarding the frontend of https://www.goodrx.com/care will be considered in-scope. Any backend issue is belonging to a partner of ours." & @CRLF & _ "https://api-staging.pingone.com/*" & @CRLF & _ "* **What it is:**" & @CRLF & _ " * REST API for configuring and managing your PingOne For Customers organization" & @CRLF & _ "Please note that this documentation points to **PROD**, which is out of scope for this engagement. To access the ORT environment URLs will have to be appended with -staging like the console link above." & @CRLF & _ "https://apps-staging.pingone.com/*" & @CRLF & _ " * Cloudfront distribution for the PingOne for Customers login/authentication flow orchestration and self-service account/profile management user interfaces" & @CRLF & _ "* **What it does:**" & @CRLF & _ " * Provides user interface for administrators to configure authentication flows and assign different authentication policies " & @CRLF & _ " * Provides interface for end users to manage their account profiles and settings " & @CRLF & _ "https://console-staging.pingone.com/*" & @CRLF & _ " * Administrative console to the PingOne For Customers platform that manages user access, authentication types, and connected applications." & @CRLF & _ " * **Here's how to add an application to your PingOne For Customer environment:**" & @CRLF & _ " https://youtu.be/TBA5VTfnsSE" & @CRLF & _ " * **Sample client-side app (Please note that the content of the github repository is out of scope):**" & @CRLF & _ " https://github.com/pingidentity/pingone-customers-sample-oidc" & @CRLF & _ " * Allows administrators to configure authentication workflows and assign different authentication policies (SAML, OAuth2, and OpenID Connect are supported) to each of your applications." & @CRLF & _ " * Supports Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) across all connected applications." & @CRLF & _ " * Offers robust user-management capabilities." & @CRLF & _ "https://openam-bug-bounty-stag.forgeblocks.com/*" & @CRLF & _ " * Administrative console for the single-tenant SAAS PingOne Advaced Identity Cloud platform which manages IAM functionality for Enterprise customers." & @CRLF & _ " * Staging environment - Used for testing development changes, including stress tests and scalability tests with realistic deployment settings." & @CRLF & _ "* **Documentation:**" & @CRLF & _ " * https://backstage.forgerock.com/docs/idcloud/latest/overview.html " & @CRLF & _ "https://ort-admin.pingone.com/*" & @CRLF & _ " * Administrative web portal for PingOne For Enterprise (P14E)" & @CRLF & _ " * Allows P14E administrators to manage all aspects of their enterprise user accounts" & @CRLF & _ "https://ort-authenticator.pingone.com/*" & @CRLF & _ " * Multi-factor Authentication (MFA) authenticator service" & @CRLF & _ " * MFA is configured via the PingOne Desktop > Devices > My Device > Add." & @CRLF & _ " * Ping Authenticator used for Multi-Factor Authentication (MFA)" & @CRLF & _ " * The authenticator is a service which provides multi-factor via PingID mobile applications available in the iTunes and Android app stores, Yubikey Series 4, PingID Desktop apps for OS X and Windows, or email." & @CRLF & _ " * The authenticator service is a back-end hosted service." & @CRLF & _ " * The client MFA applications are not in scope but the protocol data and authenticator service are, this includes requests and responses." & @CRLF & _ " * Employs MFA (typically [PingID](https://www.pingidentity.com/en/cloud/pingid.html)) to authenticate users and then pass control back to PingOne for Enterprise" & @CRLF & _ "https://ort-desktop.pingone.com/*" & @CRLF & _ "* **What it is:** " & @CRLF & _ " * Central hub of Ping One For Enterprise, a cloud-based dock that provides users with secure SSO access to an expansive library of applications" & @CRLF & _ "* **What it does:** " & @CRLF & _ " * Provides many pre-existing integrations with popular SaaS applications" & @CRLF & _ " * Leverages SAML, OIDC and other secure identity standards to integrate with any other cloud-based applications" & @CRLF & _ "Provides the option of storing user identity data in PingOne’s cloud directory" & @CRLF & _ "*.betfair.com" & @CRLF & _ "*.betfair.es" & @CRLF & _ "*.betfair.it" & @CRLF & _ "*.betfair.ro" & @CRLF & _ "*.betfair.se" & @CRLF & _ "*.betsharedservices.io" & @CRLF & _ "*.betviewapi.com" & @CRLF & _ "*.bonne-terre-data-layer.com" & @CRLF & _ "*.dibz.co.uk" & @CRLF & _ "*.msgsvc.io" & @CRLF & _ "*.operationstechnology.io" & @CRLF & _ "*.paddypartners.com" & @CRLF & _ "*.paddypower.com" & @CRLF & _ "*.paddypower.it" & @CRLF & _ "*.platformservices.io" & @CRLF & _ "*.ppbdev.com" & @CRLF & _ "*.sbgcdn.com" & @CRLF & _ "*.sbgcore.com" & @CRLF & _ "*.sbgorigin.com" & @CRLF & _ "*.sbgservices.com" & @CRLF & _ "*.sbgtest.net" & @CRLF & _ "*.securityservices.io" & @CRLF & _ "*.skybet.co.uk" & @CRLF & _ "*.skybet.com" & @CRLF & _ "*.skybet.net" & @CRLF & _ "*.skybetservices.com" & @CRLF & _ "*.skybettest.net" & @CRLF & _ "*.skybettingandgaming.com" & @CRLF & _ "*.skybettingandgaming.design" & @CRLF & _ "*.skybettingandgaming.info" & @CRLF & _ "*.skybingo.com" & @CRLF & _ "*.skycasino.com" & @CRLF & _ "*.skygamingcontent.com" & @CRLF & _ "*.skypoker.com" & @CRLF & _ "*.skyvegas.com" & @CRLF & _ "*.sportinglife.com" & @CRLF & _ "com.betfair.exchange" & @CRLF & _ "Betfair Exchange Betting" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.betfair.exchange&gl=uk" & @CRLF & _ "https://assets.cdnbf.net/static/android/betfair-wrapper-exchange.apk" & @CRLF & _ "com.betfair.sportsbook" & @CRLF & _ "Betfair Sports Betting" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.betfair.sportsbook&gl=uk" & @CRLF & _ "https://assets.cdnbf.net/static/android/betfair-wrapper-sportsbook.apk" & @CRLF & _ "com.flutter.bem.release" & @CRLF & _ "com.paddypower.sportsbook.u.inhouse" & @CRLF & _ "Paddy Power Sports Betting: https://play.google.com/store/apps/details?id=com.paddypower.sportsbook.u.inhouse&gl=uk" & @CRLF & _ "itv7.itv.com" & @CRLF & _ "super6.skysports.com" & @CRLF & _ "bounty-node.rsk.co" & @CRLF & _ "A RSKj JSON RPC server is available for testing. You can obtain the list of JSON RPC methods supported from the rskj source code and from RSK and Ethereum documentation." & @CRLF & _ "You can attempt the following attacks:" & @CRLF & _ " * Bypass the Varnish JSON RPC method blacklist/whitelist filtering." & @CRLF & _ " * Application level DoS: exploit the whitelisted methods to consume server's resources. " & @CRLF & _ " * System Information disclosure (file system, private keys)" & @CRLF & _ " * Code execution (Hint: check the object mapping capabilities of the JSON parser library and Java reflection)" & @CRLF & _ "**Only application level DoS attacks are allowed. Do not attempt volumetric transport level attacks**" & @CRLF & _ "Sample Request:" & @CRLF & _ "`curl -s -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"web3_clientVersion", "params": {}, "id":666}' https://bounty-node.rsk.co `" & @CRLF & _ "The whitelisted methods are the following:" & @CRLF & _ "```web3_clientVersion" & @CRLF & _ "eth_getUncleCountByBlockNumber" & @CRLF & _ "net_version" & @CRLF & _ "net_listening" & @CRLF & _ "net_peerCount" & @CRLF & _ "eth_protocolVersion" & @CRLF & _ "eth_hashrate" & @CRLF & _ "eth_mining" & @CRLF & _ "eth_call" & @CRLF & _ "eth_estimateGas" & @CRLF & _ "eth_gasPrice" & @CRLF & _ "eth_blockNumber" & @CRLF & _ "eth_getBalance" & @CRLF & _ "eth_getBlockByHash" & @CRLF & _ "eth_getBlockByNumber" & @CRLF & _ "eth_getBlockTransactionCountByHash" & @CRLF & _ "eth_getBlockTransactionCountByNumber" & @CRLF & _ "eth_getCode" & @CRLF & _ "eth_getStorageAt" & @CRLF & _ "eth_getTransactionByBlockHashAndIndex" & @CRLF & _ "eth_getTransactionByBlockNumberAndIndex" & @CRLF & _ "eth_getTransactionByHash" & @CRLF & _ "eth_getTransactionCount" & @CRLF & _ "eth_getTransactionReceipt" & @CRLF & _ "eth_getUncleByBlockHashAndIndex" & @CRLF & _ "eth_getUncleByBlockNumberAndIndex" & @CRLF & _ "eth_getUncleCountByBlockHash" & @CRLF & _ "eth_sendRawTransaction" & @CRLF & _ "Good luck!" & @CRLF & _ "https://github.com/rsksmart/2wp-api" & @CRLF & _ "# Scope" & @CRLF & _ "We are interested in finding issues that lead to compromise of the app." & @CRLF & _ "# Out of scope" & @CRLF & _ "- `__test__` directory" & @CRLF & _ "- Vulnerabilities in dependencies/libraries" & @CRLF & _ "- Clickjacking" & @CRLF & _ "- Reports from automated tools or scans, without exploitability demonstration" & @CRLF & _ "- Theoretical vulnerabilities without demonstrated security impact" & @CRLF & _ "- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions" & @CRLF & _ "- Attacks requiring MITM or physical access to a user's device." & @CRLF & _ "- Attacks requiring a compromised victim device." & @CRLF & _ "- Comma Separated Values (CSV) injection without demonstrating a vulnerability." & @CRLF & _ "- Missing best practices in SSL/TLS configuration." & @CRLF & _ "- Any activity that could lead to the disruption of our service (DoS)." & @CRLF & _ "- Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS" & @CRLF & _ "- Rate limiting or bruteforce issues" & @CRLF & _ "- Missing best practices in Content Security Policy." & @CRLF & _ "- Missing HttpOnly or Secure flags on cookies" & @CRLF & _ "- Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...)" & @CRLF & _ "- Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]" & @CRLF & _ "- Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors)." & @CRLF & _ "- Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis." & @CRLF & _ "- Open redirect - unless an additional security impact can be demonstrated" & @CRLF & _ "- Issues that require unlikely user interaction" & @CRLF & _ "- Cache poisoning without demonstrated security impact" & @CRLF & _ "- Tabnabbing" & @CRLF & _ "- Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.)" & @CRLF & _ "- Reporting a leaked token without first confirming it is valid and has access to sensitive operations" & @CRLF & _ "- Secret recovery phrase brute-forcing" & @CRLF & _ "- Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.)" & @CRLF & _ "- Vulnerabilities under development branches in our source code." & @CRLF & _ "- Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment)" & @CRLF & _ "- Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory" & @CRLF & _ "- Lack of binary protection (anti-debugging) controls." & @CRLF & _ "- Absence of certificate pinning" & @CRLF & _ "https://github.com/rsksmart/2wp-app" & @CRLF & _ "# We are interested in finding:" & @CRLF & _ "- Exploits to extract the private keys of the wallet from the memory" & @CRLF & _ "- Ways to gain control over the software or hardware wallets" & @CRLF & _ "- Ways to change the transaction by adding or removing data" & @CRLF & _ "#Out of scope" & @CRLF & _ "- `test` directory" & @CRLF & _ "https://github.com/rsksmart/powpeg-node" & @CRLF & _ " - Attacks requiring physical access or local user level access to a user's device." & @CRLF & _ " - Previously known vulnerable libraries without a working Proof of Concept." & @CRLF & _ " - Denial of our service (DoS) not directly related to a flaw in the IOVLabs code or environment." & @CRLF & _ " - DoS attacks that require sending multiple network packets at any layer. We’re interested in DoS that depends on the data and can't be stopped at the network level." & @CRLF & _ " - Flaws on the configuration related to the option to store private keys on disk." & @CRLF & _ " - Vulnerabilities reported on the rskj project are out of scope for the powpeg-node." & @CRLF & _ "https://github.com/rsksmart/rif-wallet" & @CRLF & _ "##Out of scope" & @CRLF & _ "* Clickjacking" & @CRLF & _ "* Reports from automated tools or scans, without exploitability demonstration" & @CRLF & _ "* Theoretical vulnerabilities without demonstrated security impact" & @CRLF & _ "* Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions" & @CRLF & _ "* Attacks requiring MITM or physical access to a user's device." & @CRLF & _ "* Attacks requiring a compromised victim device." & @CRLF & _ "* Previously known vulnerable libraries without a working Proof of Concept." & @CRLF & _ "* Comma Separated Values (CSV) injection without demonstrating a vulnerability." & @CRLF & _ "* Missing best practices in SSL/TLS configuration." & @CRLF & _ "* Any activity that could lead to the disruption of our service (DoS)." & @CRLF & _ "* Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS" & @CRLF & _ "* Rate limiting or bruteforce issues" & @CRLF & _ "* Missing best practices in Content Security Policy." & @CRLF & _ "* Missing HttpOnly or Secure flags on cookies" & @CRLF & _ "* Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...)" & @CRLF & _ "* Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]" & @CRLF & _ "* Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors)." & @CRLF & _ "* Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis." & @CRLF & _ "* Open redirect - unless an additional security impact can be demonstrated" & @CRLF & _ "* Issues that require unlikely user interaction" & @CRLF & _ "* Cache poisoning" & @CRLF & _ "* Tabnabbing" & @CRLF & _ "* Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.)" & @CRLF & _ "* Reporting a leaked token without first confirming it is valid and has access to sensitive operations" & @CRLF & _ "* Secret recovery phrase brute-forcing" & @CRLF & _ "* Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.)" & @CRLF & _ "* Vulnerabilities under development branches in our source code." & @CRLF & _ "* Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment)" & @CRLF & _ "* Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory" & @CRLF & _ "* Lack of binary protection (anti-debugging) controls." & @CRLF & _ "* Absence of certificate pinning" & @CRLF & _ "https://github.com/rsksmart/rif-wallet-libs" & @CRLF & _ "https://github.com/rsksmart/rif-wallet-services" & @CRLF & _ "https://github.com/rsksmart/rsk-powhsm/" & @CRLF & _ "* Attacks that allow extracting the seed from the device, including but not limited to:" & @CRLF & _ "Gaining access to the device recovery mode without wiping the seed first." & @CRLF & _ "* Allowing the installation and use of arbitrary ledger apps without wiping the seed first." & @CRLF & _ "* Attacks that allow signing arbitrary hashes with the BTC key id." & @CRLF & _ "* Attacks that gain access to arbitrary BIP32 paths (either for signing or extracting the public key)." & @CRLF & _ "* Attacks that allow the manipulation of the blockchain state's best block without the corresponding PoW." & @CRLF & _ "* Attacks that allow the manipulation of the blockchain state's ancestor block and/or ancestor receipts root without the corresponding proof of best block ancestry." & @CRLF & _ "* Attacks that fake an authentic attestation on a device running different versions of either the UI or Signer." & @CRLF & _ "* Attacks that allow producing an authentic attestation on a device with a pre-generated or well-known seed." & @CRLF & _ "* Attacks that lead the ledger into a DOS state without the need for physical device access. This does not mean ledger device has open external interface." & @CRLF & _ "* Attacks that lead the middleware manager into a DOS state without the need for physical access to the host. This does not mean the middleware has open external interface." & @CRLF & _ "* Transactions in either the RSK or Bitcoin networks that may lead the powHSM into signing arbitrary pegouts or hashes." & @CRLF & _ "* Side channel attacks." & @CRLF & _ "* Supply chain attacks that have direct consequences on the production software." & @CRLF & _ "* Identification and reporting of vulnerabilities in the Ledger source code will be eligible for rewards after 90 days from the initial disclosure from Ledger." & @CRLF & _ "* Vulnerabilities discovered in the Ledger source code will be rewarded according to the general reward table specified for the bug bounty program, rather than the powHSM project reward table." & @CRLF & _ "* Vulnerabilities found in the Ledger source code will not qualify for the bonus reward associated with Remote Execution Code." & @CRLF & _ "## Out of Scope" & @CRLF & _ "* Vulnerabilities related to the ledger devices used by the rsk-powhsm; this includes their physical security." & @CRLF & _ "* Vulnerabilities that don't ultimately allow for the arbitrary or unsecure use of any of the keys derived from the device seed." & @CRLF & _ "* Vulnerabilities in TCPSigner component, which is made solely for testing and fuzzing purposes." & @CRLF & _ "* Vulnerabilities located in code under the following path `firmware/src/hal/src/x86/` since is code related to the TCPSigner component." & @CRLF & _ "* All code related to SGX is out of scope." & @CRLF & _ "Due to the complexity of the project some of the points may be interpreted ambiguously, therefore we reserve a right to make a final decision on the report regarding its relevance to the scope and specified severity. Please, reach us if you have any doubts on the scope." & @CRLF & _ "https://github.com/rsksmart/rskj" & @CRLF & _ "RSKj Installation instructions: https://dev.rootstock.io/rsk/node/" & @CRLF & _ "Binary releases: https://github.com/rsksmart/rskj/releases" & @CRLF & _ "Discord channel for technical questions: https://discord.com/invite/fPerbqcWGE" & @CRLF & _ "Important: DoS attacks that require sending multiple network packets at any layer are out of scope. We’re interested in DoS that depends on the data and can't be stopped at the network level." & @CRLF & _ "https://github.com/rsksmart/tokenbridge" & @CRLF & _ "The system is designed to allow to move tokens between blockchains if and only if 50% of the members approve it. Vulnerabilities that require access to a member's private key will be valid but will be considered medium risk at most." & @CRLF & _ "* The private key handling and storage is out of scope." & @CRLF & _ "* Malicious ERC20 tokens are out of scope because there is a whitelisting process in place." & @CRLF & _ "* Multi-signature wallet." & @CRLF & _ "* Tests located under `test` folder in (all of them)." & @CRLF & _ "* Open Zeppelin contracts located in `bridge/contracts/zeppelin` " & @CRLF & _ "*.bitmex.com" & @CRLF & _ "1589023233" & @CRLF & _ "All Other BitMEX Assets" & @CRLF & _ "All other assets that are provably owned by BitMEX." & @CRLF & _ "com.bitmex.app.android" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.bitmex.app.android.testnet" & @CRLF & _ "Please see the instructions under the mobile beta access section of our policy" & @CRLF & _ "https://testflight.apple.com/join/533gFghn" & @CRLF & _ "testnet.bitmex.com" & @CRLF & _ "When testing our platform, please use our testing environment at `testnet.bitmex.com` and not `www.bitmex.com`. " & @CRLF & _ "API Docs: https://testnet.bitmex.com/app/apiOverview" & @CRLF & _ "www.bitmex.com" & @CRLF & _ "*.adaptive-shield.com" & @CRLF & _ "Excluding 3rd party maintained targets" & @CRLF & _ "*.bionic.ai" & @CRLF & _ "*.crowdstrike.com" & @CRLF & _ "**Excluding 3rd party maintained targets**" & @CRLF & _ "*.flowsecurity.app" & @CRLF & _ "Excluding 3rd party maintained targets " & @CRLF & _ "*.humio.com" & @CRLF & _ "*.preempt.com" & @CRLF & _ "*.preemptsecurity.com" & @CRLF & _ "*.reposify.com" & @CRLF & _ "*.securecircle.com" & @CRLF & _ "CrowdStrike public infrastructure" & @CRLF & _ "apps.apple.com/us/app/crowdstrike-falcon/id1458815656" & @CRLF & _ "falcon-sandbox.com" & @CRLF & _ "hybrid-analysis.com" & @CRLF & _ "play.google.com/store/apps/details?id=com.crowdstrike.falconmobile" & @CRLF & _ "www.crowdstrike.com" & @CRLF & _ "**Including all localized sites: crowdstrike.de, crowdstrike.com.au, crowdstrike.co.uk, crowdstrike.fr, crowdstrike.jp, crowdstrike.com.br**" & @CRLF & _ "www.crowdstrike.org" & @CRLF & _ "**CrowdStrike Foundation Website**" & @CRLF & _ "All Other In-Scope Assets" & @CRLF & _ "academy.databricks.com" & @CRLF & _ "accounts.cloud.databricks.com" & @CRLF & _ "advocates.databricks.com" & @CRLF & _ "community.databricks.com" & @CRLF & _ "customer-academy.databricks.com" & @CRLF & _ "databricks.com" & @CRLF & _ "demo.cloud.databricks.com" & @CRLF & _ "docs.databricks.com" & @CRLF & _ "help.databricks.com" & @CRLF & _ "https://community.cloud.databricks.com/" & @CRLF & _ "[Register for Demo Accounts](https://docs.databricks.com/en/getting-started/community-edition.html)" & @CRLF & _ "Documentation :" & @CRLF & _ "* For information on using Databricks, please visit https://docs.databricks.com/." & @CRLF & _ "https://dbc-9a3f8ed1-7608.cloud.databricks.com" & @CRLF & _ "For information on using Databricks, please visit https://docs.databricks.com/" & @CRLF & _ "kb.databricks.com" & @CRLF & _ "labs.databricks.com" & @CRLF & _ "marketplace.databricks.com" & @CRLF & _ "partners.databricks.com" & @CRLF & _ "support.databricks.com" & @CRLF & _ "*.elastic.co" & @CRLF & _ "All subdomains are in scope UNLESS OTHERWISE LISTED IN OUT-OF-SCOPE. Local, or on-premise Elastic stack is also IN-scope." & @CRLF & _ "*.elasticnet.co" & @CRLF & _ "*.elstc.co" & @CRLF & _ "*.eops.nl" & @CRLF & _ "*.found.io" & @CRLF & _ "Exfiltration of data or attacks against any customer clusters will not be eligible for rewards. Local, or on-premise Elastic stack is also in-scope. Only the latest supported versions of the Elastic Stack will be eligible for a bounty." & @CRLF & _ "*.swiftype.com" & @CRLF & _ "Beats" & @CRLF & _ "Issue that span across multiple Beats" & @CRLF & _ "Source: https://github.com/elastic/beats" & @CRLF & _ "Download: https://www.elastic.co/downloads/beats/" & @CRLF & _ "Including" & @CRLF & _ "- Auditbeat" & @CRLF & _ "- Filebeat" & @CRLF & _ "- Heartbeat" & @CRLF & _ "- Metricbeat" & @CRLF & _ "- Packetbeat" & @CRLF & _ "- Winlogbeat" & @CRLF & _ "- Elastic Agent" & @CRLF & _ "Beats - Auditbeat" & @CRLF & _ "Must be a supported version: https://www.elastic.co/support/eol" & @CRLF & _ "Includes" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/beats/auditbeat" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/beats/auditbeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/auditbeat" & @CRLF & _ "Beats - Filebeat" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/beats/filebeat" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/beats/filebeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/filebeat" & @CRLF & _ "Beats - Heartbeat" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/beats/heartbeat" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/beats/heartbeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/heartbeat" & @CRLF & _ "Beats - Metricbeat" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/beats/metricbeat" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/beats/metricbeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/metricbeat" & @CRLF & _ "Beats - Packetbeat" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/beats/packetbeat" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/beats/packetbeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/packetbeat" & @CRLF & _ "Beats - Winlogbeat" & @CRLF & _ "- Download: https://www.elastic.co/downloads/beats/winlogbeat" & @CRLF & _ "- Source code: https://github.com/elastic/beats/tree/main/winlogbeat" & @CRLF & _ "Elastic Agent" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/elastic-agent" & @CRLF & _ "- With Fleet: https://www.elastic.co/guide/en/fleet/current/fleet-elastic-agent-quick-start.html" & @CRLF & _ "- Source code: https://github.com/elastic/elastic-agent" & @CRLF & _ "Elastic Behavior Detections" & @CRLF & _ "Elastic invites security researchers to test our detection (SIEM) and endpoint (EDR) rulesets for potential bypasses, vulnerabilities, and areas for improvement. For this period (Dec 4 2024 - Dec 31 2024), the focus for this bounty period is on Windows behavior detections, particularly on bypassing detection capabilities tied to specific MITRE ATT&CK techniques such as Process Injection, Lateral Movement, Phishing: Spearphishing Attachments, and Impair Defenses." & @CRLF & _ "We are looking for submissions that demonstrate realistic, high-impact techniques that evade detection, focusing on novel approaches and measurable risks." & @CRLF & _ "Submissions will be evaluated based on their impact and complexity. The reward tiers are structured as follows:" & @CRLF & _ "- Low: Alerts generated are only low severity" & @CRLF & _ "- Medium: No alerts generated (SIEM or Endpoint)" & @CRLF & _ "For complete details on target rulesets, MITRE techniques, and submission guidelines, view the full scope [here](https://docs.google.com/document/d/1YDyaFpIRNumh2zOSSNHY1lzL0RXNqxIkv_-0SAgdtjk/edit?tab=t.0#heading=h.1fkf7cph0u7z)." & @CRLF & _ "Elastic Clients" & @CRLF & _ "- Java Client: https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/index.html" & @CRLF & _ "- JavaScript Client: https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/index.html" & @CRLF & _ "- Ruby Client: https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/index.html" & @CRLF & _ "- Go Client: https://www.elastic.co/guide/en/elasticsearch/client/go-api/current/index.html" & @CRLF & _ "- .NET Client: https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/index.html" & @CRLF & _ "- PHP Client: https://www.elastic.co/guide/en/elasticsearch/client/php-api/current/index.html" & @CRLF & _ "- Perl Client: https://www.elastic.co/guide/en/elasticsearch/client/perl-api/current/index.html" & @CRLF & _ "- Python Client: https://www.elastic.co/guide/en/elasticsearch/client/python-api/current/index.html" & @CRLF & _ "- Eland Client: https://www.elastic.co/guide/en/elasticsearch/client/eland/current/index.html" & @CRLF & _ "- Rust Client: https://www.elastic.co/guide/en/elasticsearch/client/rust-api/current/index.html" & @CRLF & _ "Elastic Cloud Enterprise (ECE)" & @CRLF & _ "- Download: https://www.elastic.co/downloads/enterprise" & @CRLF & _ "Elastic Cloud on Kubernetes (ECK)" & @CRLF & _ "- Download: https://www.elastic.co/downloads/elastic-cloud-kubernetes" & @CRLF & _ "Elastic Enterprise Search" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/enterprise-search" & @CRLF & _ "- Docker: https://www.docker.elastic.co/r/enterprise-search" & @CRLF & _ "- Cloud: https://cloud.elastic.co" & @CRLF & _ "Elastic Maps Server" & @CRLF & _ "- Download: https://www.elastic.co/downloads/elastic-maps-server" & @CRLF & _ "Elastic Package Registry" & @CRLF & _ "- https://github.com/elastic/package-registry" & @CRLF & _ "- https://epr.elastic.co/search?all" & @CRLF & _ "Elastic's package registry is used to pull elastic packages. Being able to modify our package registry is of particular interest to us." & @CRLF & _ "Elastic Synthetics Monitoring" & @CRLF & _ "To get access, do the following steps:" & @CRLF & _ "1. Create a new deployment on cloud using an account with your @wearehackerone.com email alias." & @CRLF & _ "2. Once in the deployment, go to the Observability application and pick the "Uptime"" & @CRLF & _ "3. Go to the Monitor Management tab" & @CRLF & _ "4. Fill out the request form." & @CRLF & _ "5. Wait 24 hours for our team to approve you." & @CRLF & _ "Elasticsearch" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/elasticsearch" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/elasticsearch" & @CRLF & _ "- Source code: https://github.com/elastic/elasticsearch" & @CRLF & _ "- Instance on Cloud: https://cloud.elastic.co" & @CRLF & _ "Fleet Server" & @CRLF & _ "Setup (Included in Elastic Cloud): https://www.elastic.co/guide/en/fleet/8.8/fleet-server.html" & @CRLF & _ "Source: https://github.com/elastic/fleet-server" & @CRLF & _ "Kibana" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/kibana" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/kibana" & @CRLF & _ "- Source code: https://github.com/elastic/kibana" & @CRLF & _ "Logstash" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/logstash" & @CRLF & _ "- Docker container: https://www.docker.elastic.co/r/logstash" & @CRLF & _ "- Source code: https://github.com/elastic/logstash" & @CRLF & _ "Observability - APM Agents" & @CRLF & _ "- .NET Agent: https://www.elastic.co/guide/en/apm/agent/dotnet/current/setup.html" & @CRLF & _ "- .NET Agent Source: https://github.com/elastic/apm-agent-dotnet" & @CRLF & _ "- Java Agent: https://www.elastic.co/guide/en/apm/agent/java/current/setup.html" & @CRLF & _ "- Java Agent Source: https://github.com/elastic/apm-agent-java" & @CRLF & _ "- JavaScript RUM Agent: https://www.elastic.co/guide/en/apm/agent/rum-js/current/getting-started.html" & @CRLF & _ "- JavaScript RUM Agent Source: https://github.com/elastic/apm-agent-rum-js" & @CRLF & _ "- Go Agent: https://www.elastic.co/guide/en/apm/agent/go/current/getting-started.html" & @CRLF & _ "- Go Agent Source: https://github.com/elastic/apm-agent-go" & @CRLF & _ "- Node.js Agent: https://www.elastic.co/guide/en/apm/agent/nodejs/current/set-up.html" & @CRLF & _ "- Node.js Agent Source: https://github.com/elastic/apm-agent-nodejs" & @CRLF & _ "- PHP Agent: https://www.elastic.co/guide/en/apm/agent/php/current/setup.html" & @CRLF & _ "- PHP Agent Source: https://github.com/elastic/apm-agent-php" & @CRLF & _ "- Python Agent: https://www.elastic.co/guide/en/apm/agent/python/current/set-up.html" & @CRLF & _ "- Python Agent Source: https://github.com/elastic/apm-agent-python" & @CRLF & _ "- Ruby Agent: https://www.elastic.co/guide/en/apm/agent/ruby/current/set-up.html" & @CRLF & _ "- Ruby Agent Source: https://github.com/elastic/apm-agent-ruby" & @CRLF & _ "Observability - APM Server" & @CRLF & _ "- All platforms: https://www.elastic.co/downloads/apm" & @CRLF & _ "- Docker: https://www.docker.elastic.co/r/apm/apm-server" & @CRLF & _ "- Source code: https://github.com/elastic/apm-server" & @CRLF & _ "If you found something that we own that is not explicitly listed as in-scope, please file it under this asset for us to investigate. We don't want our scope section to stop you from finding us vulnerabilities!" & @CRLF & _ "Software Supply Chain" & @CRLF & _ "Includes threats highlighted by SLSA https://slsa.dev/spec/v0.1/threats" & @CRLF & _ "- Source" & @CRLF & _ "- Build" & @CRLF & _ "- Dependencies" & @CRLF & _ "- Package" & @CRLF & _ "Specifically " & @CRLF & _ "- Github Workflows @ https://github.com/elastic - look under the .github/workflows directory" & @CRLF & _ "- Dependency Confusion" & @CRLF & _ "- Actual credential exfiltration or leaks (not theoretical) from build services (below)" & @CRLF & _ "- Command injection against build service" & @CRLF & _ "**Build Services**" & @CRLF & _ "Buildkite - https://buildkite.com/elastic" & @CRLF & _ "Github Actions - https://github.com/elastic/" & @CRLF & _ "Jenkins" & @CRLF & _ "- https://elasticsearch-ci.elastic.co" & @CRLF & _ "- https://apm-ci.elastic.co/" & @CRLF & _ "- https://beats-ci.elastic.co/" & @CRLF & _ "- https://clients-ci.elastic.co/" & @CRLF & _ "- https://cloud-ci.elastic.co/" & @CRLF & _ "- https://devops-ci.elastic.co/" & @CRLF & _ "- https://elasticsearch-ci.elastic.co/" & @CRLF & _ "- https://infra-ci.elastic.co/" & @CRLF & _ "- https://internal-ci.elastic.co/" & @CRLF & _ "- https://kibana-ci.elastic.co/" & @CRLF & _ "- https://logstash-ci.elastic.co/" & @CRLF & _ "- https://swiftype-ci.elastic.co/" & @CRLF & _ "cloud.elastic.co" & @CRLF & _ "**How to test**" & @CRLF & _ "1. Go to https://cloud.elastic.co/" & @CRLF & _ "1. Click “Sign Up”" & @CRLF & _ "1. Enter your @wearehackerone email and click “Start Free Trial” (you can create multiple trials if necessary)" & @CRLF & _ "1. Find your verification email and click “Verify and Accept”" & @CRLF & _ "1. Set your password" & @CRLF & _ "1. Click “Start Free Trial”" & @CRLF & _ "You should now be able to create an Elasticsearch deployment in any hosted infrastructure you choose. Once you create a deployment, try to find bugs!" & @CRLF & _ "Only the latest supported versions of the Elastic Stack will be eligible for a bounty." & @CRLF & _ "Bugs describing missing rate limiting on cloud.elastic.co/api/v1/users/_login are out of scope. The API is rate limited but doesn't return a 429." & @CRLF & _ "elastic.co credentials" & @CRLF & _ "www.elastic.co" & @CRLF & _ "The main page for Elastic" & @CRLF & _ "*.advisorsolutions.gs.com" & @CRLF & _ "*.ayco.com" & @CRLF & _ "*.folioclient.com" & @CRLF & _ "*.foliodigitalwealth.com" & @CRLF & _ "This site is in the process of being retired. Only Critical issues will be considered for bounty" & @CRLF & _ "*.foliofirst.com" & @CRLF & _ "*.foliofn.com" & @CRLF & _ "*.folioidentity.com" & @CRLF & _ "*.folioinstitutional.com" & @CRLF & _ "*.folioinvesting.com" & @CRLF & _ "*.global-liquidity.gs.com" & @CRLF & _ "*.goldman.com" & @CRLF & _ "*.goldmanpfm.com" & @CRLF & _ "Avoid all active testing on contact and registration forms, such as "Contact us", "Register for a Demo", and "Speak With a Financial Advisor". These forms may generate emails that will affect the business. If we start receiving test submissions on these forms, we may have to pause eligibility for these sites." & @CRLF & _ "*.goldmansachs.com" & @CRLF & _ "This is Goldman Sachs' main website. " & @CRLF & _ "*.gs-mosaic.gs.com" & @CRLF & _ "*.gs-mosaic.qa.gs.com" & @CRLF & _ "*.gs.com" & @CRLF & _ "Excludes third-party hosted applications, including:" & @CRLF & _ "- *.subscriptions.gs.com" & @CRLF & _ "- gset.gs.com" & @CRLF & _ "- 10ksbv.eo.gs.com" & @CRLF & _ "- BlackInBusiness.gs.com" & @CRLF & _ "*.gs.de" & @CRLF & _ "Includes:" & @CRLF & _ "*.gsmarkets.de" & @CRLF & _ "*.gsmarkets.nl" & @CRLF & _ "*.gsmarkets.at" & @CRLF & _ "*.gsmarkets.be" & @CRLF & _ "Excludes the 3rd party hosted site:" & @CRLF & _ "classic.gs.de" & @CRLF & _ "In scope sites may display a page overlay to US visitors which can be hidden using an adblocker like uBlock Origin" & @CRLF & _ "*.gsam.com" & @CRLF & _ "*.gspublishing.com" & @CRLF & _ "*.gsselect.com" & @CRLF & _ "*.honestdollar.com" & @CRLF & _ "*.marcus.co.uk" & @CRLF & _ "*.marcus.com" & @CRLF & _ "*.nextcapital.com" & @CRLF & _ "Any domain pointing to a third party service that is not a cloud provider is out of scope for testing. If unsure whether an asset is in scope, please reach out to bugbounty@gs.com before testing." & @CRLF & _ "*.nnip.com" & @CRLF & _ "*.qaglobal-liquidity.gs.com" & @CRLF & _ "*.vennhypotheken.nl" & @CRLF & _ "GS Select iOS app" & @CRLF & _ "[GS Select iOS app](https://apps.apple.com/us/app/gs-select/id1634151697)" & @CRLF & _ "api.foliofn.com" & @CRLF & _ "apigw.foliofn.com" & @CRLF & _ "com.gs.gsnow.external" & @CRLF & _ "[GS Now iOS](https://apps.apple.com/us/app/gs-now/id1473474041)" & @CRLF & _ "com.gs.gstrader.external" & @CRLF & _ "[Marquee Trader Mobile](https://apps.apple.com/us/app/marquee-trader-mobile/id1518269915)" & @CRLF & _ "com.gs.mobile.gsnow" & @CRLF & _ "[GS Now Android](https://play.google.com/store/apps/details?id=com.gs.mobile.gsnow)" & @CRLF & _ "com.gs.mobile.trader" & @CRLF & _ "[Marquee Trader Android](https://play.google.com/store/apps/details?id=com.gs.mobile.trader&hl=en_IN&gl=US)" & @CRLF & _ "com.gs.pfmg.wellness" & @CRLF & _ "[Goldman Sachs Wellness Android](https://play.google.com/store/apps/details?id=com.gs.pfmg.wellness&hl=en_IN&gl=US)" & @CRLF & _ "com.gs.pwmdigital.external" & @CRLF & _ "[GS PWM iOS](https://apps.apple.com/us/app/gs-pwm/id1440077444)" & @CRLF & _ "com.gs.pwmdigital.external.android" & @CRLF & _ "[GS PWM Android](https://play.google.com/store/apps/details?id=com.gs.pwmdigital.external.android)" & @CRLF & _ "com.marcus.android" & @CRLF & _ "[Marcus US Android](https://play.google.com/store/apps/details?id=com.marcus.android&hl=en_IN&gl=US)" & @CRLF & _ "com.marcus.android.uk" & @CRLF & _ "[Marcus UK: Online Savings Bank Android](https://play.google.com/store/apps/details?id=com.marcus.android.uk)" & @CRLF & _ "com.marcus.ios-uk" & @CRLF & _ "[Marcus UK: Online savings bank](https://apps.apple.com/gb/app/marcus-uk-online-savings-bank/id1489511701)" & @CRLF & _ "com.marcus.ios-us" & @CRLF & _ "[Marcus by Goldman Sachs](https://apps.apple.com/us/app/marcus-save-borrow-invest/id1489511701)" & @CRLF & _ "developer.gs.com" & @CRLF & _ "goldmansachsindices.com" & @CRLF & _ "marquee.gs.com" & @CRLF & _ "research.gs.com" & @CRLF & _ "www.fitvermogen.nl" & @CRLF & _ "www.rocaton.com" & @CRLF & _ "Excludes:" & @CRLF & _ "*.rocaton.com" & @CRLF & _ "secure.rocaton.com" & @CRLF & _ "983980808" & @CRLF & _ "https://itunes.apple.com/us/app/yoti/id983980808" & @CRLF & _ "Yoti Password Manager browser extension" & @CRLF & _ "https://chromewebstore.google.com/detail/yoti-password-manager/ajgehecfkfhindkhdcjmifbngkfdflla" & @CRLF & _ "api.yoti.com" & @CRLF & _ "ccloud.yoti.com" & @CRLF & _ "code.yoti.com" & @CRLF & _ "com.yoti.mobile.android.live" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.yoti.mobile.android.live" & @CRLF & _ "core.yoti.com" & @CRLF & _ "hub.yoti.com" & @CRLF & _ "you must use "[Hackerone] <whatever name here>" when creating any organisation/application/service within Hub!" & @CRLF & _ "identity.yoti.com" & @CRLF & _ "www.yotisign.com" & @CRLF & _ "You must use "[Hackerone] ORG_NAME" when registering an organisation!" & @CRLF & _ "Steam Client" & @CRLF & _ "Steam Servers" & @CRLF & _ "api.steampowered.com" & @CRLF & _ "com.valvesoftware.Steam" & @CRLF & _ "developer.valvesoftware.com" & @CRLF & _ "help.steampowered.com" & @CRLF & _ "partner.steamgames.com" & @CRLF & _ "partner.steampowered.com" & @CRLF & _ "playartifact.com" & @CRLF & _ "steamcommunity.com" & @CRLF & _ "store.steampowered.com" & @CRLF & _ "support.steampowered.com" & @CRLF & _ "www.counter-strike.net" & @CRLF & _ "www.dota2.com" & @CRLF & _ "www.teamfortress.com" & @CRLF & _ "www.valvesoftware.com" & @CRLF & _ "*.3lateral.com" & @CRLF & _ "***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty." & @CRLF & _ "If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation." & @CRLF & _ "*.amplitude-game.com" & @CRLF & _ "*.artstation.com" & @CRLF & _ "***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty. " & @CRLF & _ "*.audicagame.com" & @CRLF & _ "*.cubicmotion.com" & @CRLF & _ "*.dancecentral.com" & @CRLF & _ "*.dropmix.com" & @CRLF & _ "*.easy.ac" & @CRLF & _ "*.epicgames.com" & @CRLF & _ "*.epicgames.dev" & @CRLF & _ "*.fallguys.com" & @CRLF & _ "*.fortnite.com" & @CRLF & _ "*.harmonixmusic.com" & @CRLF & _ "*.hmxservices.com" & @CRLF & _ "*.hmxwebservices.com" & @CRLF & _ "*.mediatonic.co.uk" & @CRLF & _ "*.oncatapult.com" & @CRLF & _ "*.psynet.gg" & @CRLF & _ "*.psyonix.com" & @CRLF & _ "*.quixel.com" & @CRLF & _ "When assessing Quixel models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information. " & @CRLF & _ "*.rocketleague.com" & @CRLF & _ "**==The white hat is no longer offered as a reward for Rocket League findings.==**" & @CRLF & _ "*.singspacegame.com" & @CRLF & _ "*.sketchfab.com" & @CRLF & _ "When assessing Sketchfab models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information." & @CRLF & _ "*.twinmotion.com" & @CRLF & _ "*.unrealengine.com" & @CRLF & _ "*.unrealtournament.com" & @CRLF & _ "Any other Epic games owned asset not listed in the out of scope section" & @CRLF & _ "Note: Acceptance of findings of this type are at the discretion of the Epic Games team." & @CRLF & _ "EOS C# SDK" & @CRLF & _ "[C# SDK] (https://dev.epicgames.com/portal/api/v2/services/sdk/download/?sdkType=c_sharp)" & @CRLF & _ "EpicGamesLauncher.exe " & @CRLF & _ "Local privilege escalation is currently out of scope for this asset." & @CRLF & _ "EpicOnlineServices" & @CRLF & _ "FortniteClient-Android-Shipping-arm64-es2.apk" & @CRLF & _ "FortniteClient-Win64-Shipping.exe" & @CRLF & _ "FortniteLauncher-Win64-Shipping.exe" & @CRLF & _ "FortniteLauncher-Win64-Shipping_BE.exe" & @CRLF & _ "FortniteLauncher-Win64-Shipping_EAC.exe" & @CRLF & _ "FortniteLauncher.exe" & @CRLF & _ "UnrealEditorFortnite-Win64-Shipping.exe" & @CRLF & _ "aqtooling.com" & @CRLF & _ "aquiris.com.br" & @CRLF & _ "aquiris.studio" & @CRLF & _ "aquiristech.com" & @CRLF & _ "ballistic.com" & @CRLF & _ "ballistic.com.br" & @CRLF & _ "buckingfuggy.com" & @CRLF & _ "capturingreality.com" & @CRLF & _ "fab.com" & @CRLF & _ "fortnite.com" & @CRLF & _ "harmonixmusic.com" & @CRLF & _ "hc2services.com" & @CRLF & _ "hc2tooling.com" & @CRLF & _ "hmxservices.com" & @CRLF & _ "horizonchase.com" & @CRLF & _ "horizonchase.com.br" & @CRLF & _ "horizonchaseturbo.com" & @CRLF & _ "id1520720139" & @CRLF & _ "id1534920947" & @CRLF & _ "innersloth.kidswebservices.com" & @CRLF & _ "kidswebservices.com" & @CRLF & _ "metahuman.unrealengine.com" & @CRLF & _ "This is an API Base, please also see the following list of endpoints" & @CRLF & _ "GET: /health-check" & @CRLF & _ "GET: /metrics" & @CRLF & _ "GET: /api/v1/getClientSession" & @CRLF & _ "GET: /api/v1/getQueuePosition" & @CRLF & _ "GET: /api/v1/get-eula" & @CRLF & _ "POST: /api/v1/accept-eula" & @CRLF & _ "niantic.kidswebservices.com" & @CRLF & _ "playwonderbox.com" & @CRLF & _ "playwonderbox.com.br" & @CRLF & _ "staging.kidswebservices.com" & @CRLF & _ "twinmotion.unrealengine.com" & @CRLF & _ "GET: /logout" & @CRLF & _ "GET: /api/drive/account" & @CRLF & _ "GET: /api/drive/presentations" & @CRLF & _ "POST: /api/drive/rename_presentation" & @CRLF & _ "POST: /api/drive/delete_presentation" & @CRLF & _ "POST: /api/drive/share_presentation" & @CRLF & _ "POST: /api/drive/unshare_presentation" & @CRLF & _ "POST: /api/drive/create_session" & @CRLF & _ "POST: /api/drive/user_position" & @CRLF & _ "POST: /api/public/create_session" & @CRLF & _ "POST: /api/public/user_position" & @CRLF & _ "POST: /api/public/presentation" & @CRLF & _ "v1. kidswebservices.com" & @CRLF & _ "v1staging.kidswebservices.com " & @CRLF & _ "wonderboxapi.com" & @CRLF & _ "wonderboxdev.com" & @CRLF & _ "*.cloud.malwarebytes.com" & @CRLF & _ "Domains supporting many Malwarebytes services and products." & @CRLF & _ "*.cyrus-security.com" & @CRLF & _ "*.malwarebytes.com" & @CRLF & _ "* academy.malwarebytes.com" & @CRLF & _ "*.mb-cosmos.com" & @CRLF & _ "*.mbamupdates.com" & @CRLF & _ "*.mwb-threatintel.com" & @CRLF & _ "*.mwbsys.com" & @CRLF & _ "*.threatdown.com" & @CRLF & _ "Any other Malwarebytes asset" & @CRLF & _ "Please use this category to report vulnerabilities in any other assets not listed in other categories." & @CRLF & _ "Note: Due to the broad scope of this category, eligibility and rewards will decided on the case-by-case basis." & @CRLF & _ "BrowserGuard (Firefox/Chrome/Safari browser extension)" & @CRLF & _ "Malwarebytes Browser Guard crushes unwanted and unsafe content, giving you a safer and faster browsing experience. Not only that, it is the world’s first browser extension that can identify and stop tech support scams." & @CRLF & _ "* Product page: https://www.malwarebytes.com/browserguard" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468293-Malwarebytes-Browser-Guard" & @CRLF & _ "Malwarebytes Anti-Ransomware" & @CRLF & _ "Advanced antivirus and anti-malware with faster, safer web browsing." & @CRLF & _ "* Product page: https://forums.malwarebytes.com/forum/172-anti-ransomware-beta/" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/articles/360038523414-What-is-Malwarebytes-Anti-Ransomware" & @CRLF & _ "Malwarebytes Device Control" & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/cloud" & @CRLF & _ "* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula" & @CRLF & _ "Malwarebytes Endpoint Detection and Response (EDR)" & @CRLF & _ "Cross-platform threat prevention and remediation for Windows, Mac, and Linux" & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/edr / https://www.malwarebytes.com/business/edr/server-security/" & @CRLF & _ "Malwarebytes Endpoint Protection" & @CRLF & _ "Comprehensive security that keeps your devices safe and teams productive." & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/endpoint-protection / https://www.malwarebytes.com/business/endpoint-protection/server-security" & @CRLF & _ "Malwarebytes Incident Response" & @CRLF & _ "Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. The solution bolsters your enterprise cyber resilience and incident response process by compressing response times with fast and complete remediation." & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/incident-response" & @CRLF & _ "* Documentation: https://www.malwarebytes.com/business/incident-response" & @CRLF & _ "Malwarebytes Privacy (VPN)" & @CRLF & _ "With a single click, our next-generation VPN helps protect your online privacy, secures your WiFi connection, and delivers speeds way faster than older VPNs." & @CRLF & _ "* Product page: https://www.malwarebytes.com/vpn" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360003545953-Malwarebytes-Privacy" & @CRLF & _ "**Note**: The scope of the bug bounty program is limited to **ONLY** the VPN client installed on desktop/endpoint. **Server-side** is strictly **NOT** in scope, but your feedback is appreciated, **NOT** rewarded. The primary goal of this bug bounty program is to explore if there are any IP leak, DNS leak, and Data leak vulnerabilities present or not. As a researcher and creative thinker, you are welcome to explore for any other vulnerabilities if they are applicable to the client." & @CRLF & _ "Malwarebytes Remediation for CrowdStrike" & @CRLF & _ "Malwarebytes Remediation for CrowdStrike works seamlessly with CrowdStrike Real Time Response (RTR) functionality. It provides automated remediation that thoroughly removes malware on machines where CrowdStrike Falcon has stopped an attack." & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/crowdstrike" & @CRLF & _ "* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4413798516627-Malwarebytes-Remediation-for-CrowdStrike-integration-guide" & @CRLF & _ "Malwarebytes ToolSet (MBTS)" & @CRLF & _ "* Product page: https://www.malwarebytes.com/techbench" & @CRLF & _ "* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057875-Toolset" & @CRLF & _ "Malwarebytes Windows Firewall Control" & @CRLF & _ "Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better. It runs in the system tray and allows the user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall." & @CRLF & _ "* Product page: https://www.binisoft.org/wfc" & @CRLF & _ "* Documentation: https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf" & @CRLF & _ "Malwarebytes for Mac" & @CRLF & _ "* Product page: https://www.malwarebytes.com/mac" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468253-Malwarebytes-for-Mac" & @CRLF & _ "Malwarebytes for Teams" & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/teams" & @CRLF & _ "* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4414671777043-For-Teams" & @CRLF & _ "Malwarebytes for Windows" & @CRLF & _ "* Product page: https://www.malwarebytes.com/premium" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows" & @CRLF & _ "Vulnerability & Patch Management" & @CRLF & _ "Understand risks quickly and strengthen defenses across your digital ecosystem with modules for our cloud-based security management platform." & @CRLF & _ "* Product page: https://www.malwarebytes.com/business/vulnerability-patch-management" & @CRLF & _ "* Documentation: https://www.malwarebytes.com/business/vulnerability-patch-management" & @CRLF & _ "cloud.malwarebytes.com" & @CRLF & _ "Platform that support most of Malwarebytes for business products." & @CRLF & _ "* Product page: https://cloud.malwarebytes.com" & @CRLF & _ "* Documentation: https://www.malwarebytes.com/business/cloud" & @CRLF & _ "com.malwarebytes.Malwarebytes" & @CRLF & _ "Get all the extra iOS security you need in one app. Protect yourself from online threats and put a stop to annoying spam calls and texts. Browse the web with confidence and focus on the messages that matter." & @CRLF & _ "* Product page: https://www.malwarebytes.com/ios" & @CRLF & _ "* Appstore: https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS" & @CRLF & _ "my.malwarebytes.com" & @CRLF & _ "Portal to manage your subscriptions and billing." & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458094-My-Account-Billing" & @CRLF & _ "oneview.malwarebytes.com" & @CRLF & _ "The Malwarebytes OneView multi-tenant dashboard enables you to grow revenue while lowering costs with a single pane of glass to centrally manage customer and partner accounts, cloud subscriptions for servers and workstations, invoicing, and integrations. The admin console provides direct linkage to the Malwarebytes internal team for rapid creation and resolution of support tickets." & @CRLF & _ "* Product page: https://www.malwarebytes.com/partners/managed-service-providers" & @CRLF & _ "* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057491-OneView" & @CRLF & _ "org.malwarebytes.antimalware" & @CRLF & _ "* Product page: https://www.malwarebytes.com/android / https://www.malwarebytes.com/chromebook" & @CRLF & _ "* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458034-Malwarebytes-for-Android-Chrome-OS" & @CRLF & _ "www.malwarebytes.com" & @CRLF & _ " MS Office Add-In" & @CRLF & _ "Grammarly add-on (works with MS Word and Outlook for Windows), where authorized users can check their Word documents or emails. Auto-update functionality can be tested on an [older version](https://download-office.grammarly.com/installer/GrammarlyAddInSetup6.6.110.exe)." & @CRLF & _ "Download URL: https://download-office.grammarly.com/latest/GrammarlyAddInSetup.exe ." & @CRLF & _ "Prerequisites: MS Word/Outlook, .NET Framework 4.5." & @CRLF & _ "Vulnerabilities are eligible for submission if they’re reproducible on **any version of** Word/Outlook on Windows 10 with **all latest security patches applied**. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word/Outlook license if the report appears being valid." & @CRLF & _ "*.grammarly.com" & @CRLF & _ "*.grammarly.io" & @CRLF & _ "*.grammarlyaws.com" & @CRLF & _ "AppActions" & @CRLF & _ "With app actions, you can connect Grammarly to apps you use every day and perform common tasks directly from Grammarly. This saves time by avoiding context-switching and helps you stay in the flow of writing. " & @CRLF & _ "URL's in scope:" & @CRLF & _ "- 3p-access.grammarly.com/* " & @CRLF & _ "- goldengate.grammarly.com/skills-proxy/* " & @CRLF & _ "- goldengate.grammarly.com/skills/*" & @CRLF & _ "You can read more about "App Actions" here - https://support.grammarly.com/hc/en-us/articles/21227721882253-Introducing-App-Actions." & @CRLF & _ "Browser Extensions" & @CRLF & _ "The extension is available in the extension/add-on store of the respective browser: " & @CRLF & _ "* [Chrome](https://chrome.google.com/webstore/detail/grammarly-for-chrome/kbfnbcaeplbcioakkpcpgfkobkghlhen?hl=en) " & @CRLF & _ "* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/grammarly-1/)" & @CRLF & _ "* [Edge](https://microsoftedge.microsoft.com/addons/detail/grammarly-ai-writing-and/cnlefmmeadmemmdciolhbnfeacpdfbkd)" & @CRLF & _ "* [Safari](https://apps.apple.com/us/app/grammarly-for-safari/id1462114288)" & @CRLF & _ "**Browser Extension vulnerabilities will not be distinguished. For example, if a vulnerability exists in the Chrome and Safari extensions, we will consider it the same vulnerability and will only award one bounty.**" & @CRLF & _ "Capture the Flag" & @CRLF & _ "The first hacker who reports the `$FLAG` saved in the document (`document_id: 1198436185`) of the user `h1_ctf@grammarly.com` (`user_id: 1411519194`) will be awarded a **$100K bounty**." & @CRLF & _ "Grammarly AI Assistant" & @CRLF & _ "Grammarly's AI writing assistant is a powerful tool that leverages generative AI to assist users in composing, rewriting, ideating, and replying to texts. It's contextually aware and offers personalized suggestions that respect user authenticity. The assistant is integrated into Grammarly's existing product offerings and can be used across many popular desktop applications and websites. It provides on-demand assistance, allowing users to generate high-quality, task-appropriate writing and revisions. The assistant is also capable of incorporating organizational context for Grammarly Business customers, providing text that's tailored to the business." & @CRLF & _ "- Read more about Writing Assistant: https://www.grammarly.com/ai" & @CRLF & _ "- Article to help you get started with Grammarly Assistant" & @CRLF & _ "https://support.grammarly.com/hc/en-us/articles/14528857014285-Introducing-generative-AI-assistance" & @CRLF & _ "Grammarly Auth Services" & @CRLF & _ "Multiple services that are used for authentication and authorization." & @CRLF & _ "`auth.grammarly.com`" & @CRLF & _ "`tokens.grammarly.com`" & @CRLF & _ "`sso.grammarly.com`" & @CRLF & _ "Grammarly Business Features" & @CRLF & _ "### Security features" & @CRLF & _ "- Account roles and permissions" & @CRLF & _ "- SAML single sign-on" & @CRLF & _ "- Managed mode" & @CRLF & _ "- Invite and domain capture" & @CRLF & _ "### Team features" & @CRLF & _ "- Style guide" & @CRLF & _ "- Brand tones" & @CRLF & _ "- Knowledge Share" & @CRLF & _ "- Snippets" & @CRLF & _ "- Analytics dashboard" & @CRLF & _ "## Supporting Resources" & @CRLF & _ "- [Overview of Business features](https://www.grammarly.com/business)" & @CRLF & _ "- [Feature comparison](https://www.grammarly.com/plans)" & @CRLF & _ "- [Snippets Introduction](https://www.grammarly.com/business/snippets)" & @CRLF & _ "- [Brand tones introduction](https://www.grammarly.com/business/brand-tones)" & @CRLF & _ "- [Analytics introduction](https://www.grammarly.com/business/analytics)" & @CRLF & _ "- [Style Guide introduction](https://www.grammarly.com/business/styleguide)" & @CRLF & _ "- [Knowledge Share introduction](https://support.grammarly.com/hc/en-us/articles/16664924710797-Introducing-Knowledge-Share)" & @CRLF & _ "- [Managed Mode](https://support.grammarly.com/hc/en-us/articles/8341171286541-Managed-Mode)" & @CRLF & _ "- [Invite](https://support.grammarly.com/hc/en-us/articles/115000931852-Invite-team-members)" & @CRLF & _ "- [Domain Capture](https://support.grammarly.com/hc/en-us/articles/19489029001869-How-to-automatically-join-or-request-to-join-a-Grammarly-Business-subscription)" & @CRLF & _ "- [Roles and permissions](https://support.grammarly.com/hc/en-us/articles/19026306820109-Group-manager-permissions-for-team-members)" & @CRLF & _ "- [How to use style guides](https://support.grammarly.com/hc/en-us/articles/360043832652-Create-style-rules)" & @CRLF & _ "- [How to use analytics dashboard](https://support.grammarly.com/hc/en-us/articles/360061408151-Analyze-my-team-s-writing-performance)" & @CRLF & _ "- [How to use Brand tones](https://support.grammarly.com/hc/en-us/articles/4403544890253-Set-brand-tones)" & @CRLF & _ "- [How to use snippets](https://support.grammarly.com/hc/en-us/articles/4403077145485-Create-snippets)" & @CRLF & _ "- [Articles to setup SSO](https://support.grammarly.com/hc/en-us/sections/360010341231-SAML-Single-Sign-On) " & @CRLF & _ "Grammarly Desktop for Windows" & @CRLF & _ "https://download-windows.grammarly.com/GrammarlyInstaller.exe" & @CRLF & _ "Grammarly Desktop for macOS" & @CRLF & _ "https://download-mac.grammarly.com/Grammarly.dmg" & @CRLF & _ "Grammarly for Microsoft Word" & @CRLF & _ "Vulnerabilities are eligible for submission if they’re reproducible on any version of Word on OS with all latest security patches applied. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word license if the report appears to be valid." & @CRLF & _ "You can install **Grammarly for Microsoft Word** at https://appsource.microsoft.com/en-us/product/office/WA200001011" & @CRLF & _ "app.grammarly.com" & @CRLF & _ "app.grammarly.com is Grammarly’s web application, enabling users to create, edit, and manage documents while accessing the full suite of Grammarly features through the online editor." & @CRLF & _ "capi.grammarly.com" & @CRLF & _ "CAPI: A service dedicated to text analysis, primarily utilizing WebSocket communication with a few HTTP endpoints." & @CRLF & _ "com.grammarly.android.keyboard" & @CRLF & _ "Vulnerabilities in Grammarly Mobile Keyboard for Android with a working proof of concept may qualify for an additional bounty through the [Google Play Security Rewards Program](https://hackerone.com/googleplay). To see which vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s [Vulnerability Criteria](https://hackerone.com/googleplay)." & @CRLF & _ "com.grammarly.keyboard" & @CRLF & _ "grammarly.ai" & @CRLF & _ "This service doesn't handle, store or transfer any internal data or data of our users. Additionally, it is located in a separate VPC and isn't part of our infrastructure." & @CRLF & _ "We accept only **critical submissions**(SSRF, XXE, SQLi, RCE) with a clearly reproducible **proof of concept code**." & @CRLF & _ "​" & @CRLF & _ " _Reports that don't match these criteria will be closed as "N/A"._ " & @CRLF & _ "https://github.com/hyperledger/besu" & @CRLF & _ "https://github.com/hyperledger/besu-errorprone-checks" & @CRLF & _ "https://github.com/hyperledger/besu-native" & @CRLF & _ "https://github.com/hyperledger/besu-verkle-trie" & @CRLF & _ "https://github.com/hyperledger/fabric" & @CRLF & _ "https://github.com/hyperledger/fabric-admin-sdk" & @CRLF & _ "https://github.com/hyperledger/fabric-amcl" & @CRLF & _ "https://github.com/hyperledger/fabric-ca" & @CRLF & _ "https://github.com/hyperledger/fabric-chaincode-go" & @CRLF & _ "https://github.com/hyperledger/fabric-chaincode-java" & @CRLF & _ "https://github.com/hyperledger/fabric-chaincode-node" & @CRLF & _ "https://github.com/hyperledger/fabric-cli" & @CRLF & _ "https://github.com/hyperledger/fabric-config" & @CRLF & _ "https://github.com/hyperledger/fabric-contract-api-go" & @CRLF & _ "https://github.com/hyperledger/fabric-gateway" & @CRLF & _ "https://github.com/hyperledger/fabric-gateway-java" & @CRLF & _ "https://github.com/hyperledger/fabric-lib-go" & @CRLF & _ "https://github.com/hyperledger/fabric-private-chaincode" & @CRLF & _ "https://github.com/hyperledger/fabric-protos" & @CRLF & _ "https://github.com/hyperledger/fabric-protos-go" & @CRLF & _ "https://github.com/hyperledger/fabric-protos-go-apiv2" & @CRLF & _ "https://github.com/hyperledger/fabric-samples" & @CRLF & _ "https://github.com/hyperledger/fabric-sdk-go" & @CRLF & _ "https://github.com/hyperledger/fabric-sdk-java" & @CRLF & _ "https://github.com/hyperledger/fabric-sdk-node" & @CRLF & _ "https://github.com/hyperledger/fabric-sdk-py" & @CRLF & _ "1604650263" & @CRLF & _ "351331194" & @CRLF & _ "https://apps.apple.com/gb/app/badoo-dating-chat-friends/id351331194" & @CRLF & _ "403684733" & @CRLF & _ "https://apps.apple.com/gb/app/badoo-premium/id403684733" & @CRLF & _ "6444040977" & @CRLF & _ "930441707" & @CRLF & _ "https://apps.apple.com/us/app/bumble-dating-meet-people/id930441707" & @CRLF & _ "badoo.com" & @CRLF & _ "badoocdn.com" & @CRLF & _ "bma.badoo.com" & @CRLF & _ "bma.bumble.com" & @CRLF & _ "ccardseu1.badoo.com" & @CRLF & _ "ccardsus1.badoo.com" & @CRLF & _ "chatdate.app" & @CRLF & _ "com.badoo.hotornot" & @CRLF & _ "com.badoo.mobile" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.badoo.mobile" & @CRLF & _ "com.badoo.twa" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.badoo.twa" & @CRLF & _ "com.bumble.app" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.bumble.app" & @CRLF & _ "com.bumblebff.app" & @CRLF & _ "com.flashgap.fruits" & @CRLF & _ "com.flashgap.fruitz" & @CRLF & _ "com.hotornot.app" & @CRLF & _ "com.official.rnapp" & @CRLF & _ "corp.badoo.com" & @CRLF & _ "eu1.badoo.com" & @CRLF & _ "getofficial.co" & @CRLF & _ "hotornot.com" & @CRLF & _ "m.badoo.com" & @CRLF & _ "meu1.badoo.com" & @CRLF & _ "mus1.badoo.com" & @CRLF & _ "translate.badoo.com" & @CRLF & _ "us1.badoo.com" & @CRLF & _ "www.bumble.com" & @CRLF & _ " api.spotify.com, api-partner.spotify.com" & @CRLF & _ "Based on simple REST principles, the Spotify Web API endpoints return JSON metadata about music artists, albums, and tracks, directly from the Spotify Data Catalogue." & @CRLF & _ "Web API also provides access to user related data, like playlists and music that the user saves in the Your Music library. Such access should be enabled through selective authorization, by the user." & @CRLF & _ "A full list of the objects returned by the endpoints of the Spotify Web API - https://developer.spotify.com/documentation/web-api/" & @CRLF & _ "`api-partner` is a similar API used by Spotify's partners, aka Ads API. It's documentation is available @ https://developer.spotify.com/documentation/ads-api" & @CRLF & _ "*.atspotify.com" & @CRLF & _ "If a bug you have submitted affects a site managed by a third party we will award you a $100 bonus payment and close the report as informational." & @CRLF & _ "*.avecspotify.com" & @CRLF & _ "*.byspotify.com" & @CRLF & _ "*.enspotify.com" & @CRLF & _ "*.forspotify.com" & @CRLF & _ "*.fromspotify.com" & @CRLF & _ "*.spotify.com" & @CRLF & _ "Main spotify domain wildcard for assets on this domain that are not otherwise listed." & @CRLF & _ "*.spotify.net" & @CRLF & _ "Internal spotify domain wildcard for assets on this domain that are not otherwise listed." & @CRLF & _ "*.tospotify.com" & @CRLF & _ "*.withspotify.com" & @CRLF & _ "Anchor" & @CRLF & _ "Anchor was acquired by Spotify in 2019." & @CRLF & _ "~~~" & @CRLF & _ "anchor.fm" & @CRLF & _ "Android SDK" & @CRLF & _ "* https://developer.spotify.com/documentation/android/ " & @CRLF & _ "* https://github.com/spotify/android-sdk " & @CRLF & _ "Backstage source code" & @CRLF & _ "https://github.com/spotify/backstage" & @CRLF & _ "GHE" & @CRLF & _ "Jira" & @CRLF & _ "Megaphone" & @CRLF & _ "Megaphone was acquired by Spotify in November 2020." & @CRLF & _ "** These targets are NOT in scope:**" & @CRLF & _ "support.megaphone.fm" & @CRLF & _ "Okta" & @CRLF & _ "Other Spotify websites" & @CRLF & _ "Please use this asset for non *.spotify.com websites. This includes sites associated with Spotify, but aren't otherwise listed as a separate asset." & @CRLF & _ "Find below a list of in-scope targets. Note that it is continuously updated:" & @CRLF & _ "closetheplaygap.com" & @CRLF & _ "eyeofthestormers.com" & @CRLF & _ "lifeatspotify.com" & @CRLF & _ "play-portraits.com" & @CRLF & _ "reviewvault.com" & @CRLF & _ "sonalytic.com" & @CRLF & _ "spotify-library.com" & @CRLF & _ "spotify.design" & @CRLF & _ "spotify.dev" & @CRLF & _ "spotify.stackenterprise.co" & @CRLF & _ "spotifycharts.com" & @CRLF & _ "spotifycodes.com" & @CRLF & _ "spotifycs.my.salesforce.com" & @CRLF & _ "spotifyforpartners.com" & @CRLF & _ "spotifyforvendors.com" & @CRLF & _ "spotifynewsroom.jp" & @CRLF & _ "spotifyonstage.com" & @CRLF & _ "spotifypodcastsummit.com" & @CRLF & _ "spotifypremium.jp" & @CRLF & _ "spotifysoundcheck.com" & @CRLF & _ "spotifyvault.com" & @CRLF & _ "timetoplayfair.com" & @CRLF & _ "Podsights" & @CRLF & _ "Podsights was acquired by Spotify in February 2022. " & @CRLF & _ "[ Non-core asset]" & @CRLF & _ "** These targets are in scope: **" & @CRLF & _ "admin.podsights.com" & @CRLF & _ "api.pdst.fm" & @CRLF & _ "cdn.pdst.fm" & @CRLF & _ "dash.podsights.com" & @CRLF & _ "metarouter.pdst.io" & @CRLF & _ "pdst.fm" & @CRLF & _ "ping.pdst.fm" & @CRLF & _ "podcast-graph-dot-adaptive-growth.appspot.com" & @CRLF & _ "podsights.com" & @CRLF & _ "sink.pdst.fm" & @CRLF & _ "Sonantic" & @CRLF & _ "Sonantic was acquired by Spotify in June 2022. " & @CRLF & _ "app.sonantic.io" & @CRLF & _ "api.sonantic.io" & @CRLF & _ "label-studio-public.sonantic.io" & @CRLF & _ "Spotify SDKs" & @CRLF & _ "For Spotify SDK (note: there is a specific scope for Web, Android and iOS SDK)" & @CRLF & _ "https://developer.spotify.com/" & @CRLF & _ "Spotify desktop application (Windows and Mac)" & @CRLF & _ "VPN" & @CRLF & _ "Web Playback SDK" & @CRLF & _ "* https://developer.spotify.com/documentation/web-playback-sdk/" & @CRLF & _ "assets.spotify.com" & @CRLF & _ "* Do not run automated scans against this target. They are often very noisy." & @CRLF & _ "backstage.io" & @CRLF & _ "Backstage is an open-source developer portal." & @CRLF & _ "Find below a list of in-scope targets. Note that it is continuously updated: " & @CRLF & _ "com.anchorfminc.Anchor" & @CRLF & _ "com.spotify.client" & @CRLF & _ "Spotify - Music and Podcasts" & @CRLF & _ "https://itunes.apple.com/us/app/spotify-music-and-podcasts/id324684580" & @CRLF & _ "com.spotify.kids" & @CRLF & _ "Spotify Kids" & @CRLF & _ "https://apps.apple.com/ie/app/Spotify-Kids/id1470209570" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.spotify.kids" & @CRLF & _ "com.spotify.lite" & @CRLF & _ "Spotify Lite" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.spotify.lite" & @CRLF & _ "com.spotify.music" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.spotify.music" & @CRLF & _ "com.spotify.s4a" & @CRLF & _ "Spotify for Artists" & @CRLF & _ "https://itunes.apple.com/us/app/spotify-for-artists/id1222021797" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.spotify.s4a" & @CRLF & _ "com.spotify.tv.android" & @CRLF & _ "Spotify Music - for Android TV" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.spotify.tv.android" & @CRLF & _ "fm.anchor.android" & @CRLF & _ "iOS SDK" & @CRLF & _ "* https://developer.spotify.com/documentation/ios/ " & @CRLF & _ "* https://github.com/spotify/ios-sdk " & @CRLF & _ "*.guilded.gg" & @CRLF & _ "*.ra.roblox.com" & @CRLF & _ "*.rbx.com" & @CRLF & _ "*.roblox.com" & @CRLF & _ "App api's that are used within Roblox." & @CRLF & _ "Roblox Client" & @CRLF & _ "Applies to Windows/Osx/Mobile Platform" & @CRLF & _ "Roblox Engine" & @CRLF & _ "Roblox Studio" & @CRLF & _ "blox.link" & @CRLF & _ "*.cp.dyson.com" & @CRLF & _ "This namespace is used to publish API's relating to the registration and control of Dyson connected products." & @CRLF & _ "*.dyson.com" & @CRLF & _ "993135524" & @CRLF & _ "(Dyson Link App - https://itunes.apple.com/gb/app/dyson-link/id993135524)" & @CRLF & _ "Dyson Connected Products (IoT Hardware)" & @CRLF & _ "Github findings" & @CRLF & _ "Any issues found on Github that could pose a risk for Dyson such as leaked credentials." & @CRLF & _ "These reports will be evaluated on a case-by-case basis" & @CRLF & _ "Other Dyson Assets" & @CRLF & _ "We welcome reports for all other assets that are owned or managed by Dyson. If you are unsure if something you have found is a Dyson asset, then please contact us first for clarification." & @CRLF & _ "api.dyson.at" & @CRLF & _ "api.dyson.be" & @CRLF & _ "api.dyson.ch" & @CRLF & _ "api.dyson.co.uk" & @CRLF & _ "api.dyson.com" & @CRLF & _ "api.dyson.de" & @CRLF & _ "api.dyson.dk" & @CRLF & _ "api.dyson.es" & @CRLF & _ "api.dyson.fr" & @CRLF & _ "api.dyson.ie" & @CRLF & _ "api.dyson.it" & @CRLF & _ "api.dyson.nl" & @CRLF & _ "api.dyson.no" & @CRLF & _ "api.dyson.pt" & @CRLF & _ "api.dyson.se" & @CRLF & _ "api.dysoncanada.ca" & @CRLF & _ "api.fi.dyson.com" & @CRLF & _ "com.dyson.mobile.android" & @CRLF & _ "(Dyson Link App - https://play.google.com/store/apps/details?id=com.dyson.mobile.android)" & @CRLF & _ "shop.dyson.co.za" & @CRLF & _ "shop.dyson.tw" & @CRLF & _ "www.dyson.ae" & @CRLF & _ "www.dyson.at" & @CRLF & _ "www.dyson.be" & @CRLF & _ "www.dyson.ch" & @CRLF & _ "www.dyson.cn" & @CRLF & _ "www.dyson.co.il" & @CRLF & _ "www.dyson.co.jp" & @CRLF & _ "www.dyson.co.kr" & @CRLF & _ "www.dyson.co.nz" & @CRLF & _ "www.dyson.co.th" & @CRLF & _ "www.dyson.co.uk" & @CRLF & _ "www.dyson.com" & @CRLF & _ "www.dyson.com.au" & @CRLF & _ "www.dyson.com.ee" & @CRLF & _ "www.dyson.com.mx" & @CRLF & _ "www.dyson.com.ro" & @CRLF & _ "www.dyson.com.sg" & @CRLF & _ "www.dyson.com.tr" & @CRLF & _ "www.dyson.com.ua" & @CRLF & _ "www.dyson.cz" & @CRLF & _ "www.dyson.de" & @CRLF & _ "www.dyson.dk" & @CRLF & _ "www.dyson.es" & @CRLF & _ "www.dyson.fr" & @CRLF & _ "www.dyson.hk" & @CRLF & _ "www.dyson.hu" & @CRLF & _ "www.dyson.ie" & @CRLF & _ "www.dyson.in" & @CRLF & _ "www.dyson.it" & @CRLF & _ "www.dyson.my" & @CRLF & _ "www.dyson.nl" & @CRLF & _ "www.dyson.no" & @CRLF & _ "www.dyson.pl" & @CRLF & _ "www.dyson.pt" & @CRLF & _ "www.dyson.se" & @CRLF & _ "www.dyson.tw" & @CRLF & _ "www.dyson.vn" & @CRLF & _ "www.dysoncanada.ca" & @CRLF & _ "www.fi.dyson.com" & @CRLF & _ "www.gr.dyson.com" & @CRLF & _ "www.sa.dyson.com" & @CRLF & _ "*.shipt.com" & @CRLF & _ "971888874" & @CRLF & _ "IOS Member App" & @CRLF & _ "976353472" & @CRLF & _ "IOS Shopper App" & @CRLF & _ "admin.shipt.com" & @CRLF & _ "*No credentials will be provided. Unauthenticated assessment only." & @CRLF & _ "api.shipt.com" & @CRLF & _ "app.shipt.com" & @CRLF & _ "com.shipt.groceries" & @CRLF & _ "Shipt Member App" & @CRLF & _ "com.shipt.shopper" & @CRLF & _ "Shipt Shopper App" & @CRLF & _ "shop.shipt.com" & @CRLF & _ "shoppingcart.shipt.com" & @CRLF & _ "staging-admin.shipt.com" & @CRLF & _ "*No credentials will be provided" & @CRLF & _ "staging-api.shipt.com" & @CRLF & _ "staging-app.shipt.com" & @CRLF & _ "staging-shop.shipt.com" & @CRLF & _ "staging-shoppingcart.shipt.com" & @CRLF & _ "www.shipt.com" & @CRLF & _ "Please follow normal scope (no DOS, social engineering, etc.) and please refrain from assessing any other wp-engine platforms. " & @CRLF & _ "*.nordvpn.com" & @CRLF & _ "Third-party services under our subdomains are out of scope **(please read full policy for details).**" & @CRLF & _ "1486322860" & @CRLF & _ "NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)" & @CRLF & _ "Please make sure you are testing the latest version." & @CRLF & _ "905953485" & @CRLF & _ "NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8)" & @CRLF & _ "All Mobile Assets" & @CRLF & _ "iOS: App Store (905953485) NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8)" & @CRLF & _ " iOS: App Store (1486322860) NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)" & @CRLF & _ "Android .apk: com.nordvpn.android NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/)" & @CRLF & _ "Android Play Store: com.nordvpn.android NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android)" & @CRLF & _ "Android Play Store: com.nordpass.android.app.password.manager NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)" & @CRLF & _ "NordPass - Linux Executable" & @CRLF & _ "[Direct Web Download](https://nordpass.com/download/linux/)" & @CRLF & _ "Please make sure you are testing the latest version" & @CRLF & _ "NordPass - MacOS Executable" & @CRLF & _ "[Direct Web Download](https://nordpass.com/download/macos/)" & @CRLF & _ "NordPass - Windows Executable" & @CRLF & _ "[Direct Web Download](https://nordpass.com/download/windows/)" & @CRLF & _ "NordVPN - Linux Executable" & @CRLF & _ "[Direct Web Download](https://nordvpn.com/download/linux/)" & @CRLF & _ "NordVPN - MacOS Executable" & @CRLF & _ "[Direct Web Download](https://nordvpn.com/download/mac/)" & @CRLF & _ "[MacOS App Store](https://apps.apple.com/us/app/nordvpn-vpn-fast-secure/id905953485)" & @CRLF & _ "NordVPN - Windows Executable" & @CRLF & _ "[Direct Web Download]( https://nordvpn.com/download/windows/)" & @CRLF & _ "NordVPN Browser Extension" & @CRLF & _ "* Chrome: https://nordvpn.com/download/chrome-extension/" & @CRLF & _ "* Firefox: https://nordvpn.com/download/firefox-extension/" & @CRLF & _ "app.nordpass.com" & @CRLF & _ "com.nordpass.android.app.password.manager" & @CRLF & _ "NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)" & @CRLF & _ "com.nordvpn.android" & @CRLF & _ "NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android)" & @CRLF & _ "NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/)" & @CRLF & _ "*.lyst.co" & @CRLF & _ "*.lyst.com" & @CRLF & _ "*.lystit.com" & @CRLF & _ "597940518" & @CRLF & _ "cdna.lystit.com" & @CRLF & _ "com.lyst.lystapp" & @CRLF & _ "mobileapi.lystit.com" & @CRLF & _ "*.kiwi.com" & @CRLF & _ "Mostly branded versions of our main www.kiwi.com site, please report vulnerabilities only for www.kiwi.com and don't duplicate it here." & @CRLF & _ "*.skypicker.com" & @CRLF & _ "APIs & internal tools." & @CRLF & _ "auth.skypicker.com" & @CRLF & _ "Authentication API used on www.kiwi.com." & @CRLF & _ "com.skypicker.Skypicker" & @CRLF & _ "**Primary target** - Available in [App Store](https://itunes.apple.com/bs/app/kiwi-com-cheap-flight-tickets/id657843853)" & @CRLF & _ "com.skypicker.main" & @CRLF & _ "**Primary target** - Available in the [Play Store](https://play.google.com/store/apps/details?id=com.skypicker.main)" & @CRLF & _ "http://www.kiwi.com/stories" & @CRLF & _ "Online travel magazine Kiwi.com Stories, with very limited impact on our sites & infrastructure." & @CRLF & _ "https://github.com/kiwicom/*" & @CRLF & _ "Note that archived projects are out of scope." & @CRLF & _ "jobs.kiwi.com" & @CRLF & _ "Hiring page, no sensitive information, likely no impact on our company." & @CRLF & _ "tequila.kiwi.com" & @CRLF & _ "B2B platform. Backend API requests are proxied via **tequila-api.kiwi.com** & **api.tequila.kiwi.com**" & @CRLF & _ "www.kiwi.com" & @CRLF & _ "Our main website" & @CRLF & _ "https://github.com/discourse/discourse" & @CRLF & _ "try.discourse.org" & @CRLF & _ "Enjin Blockchain" & @CRLF & _ "The Enjin Blockchain refers to either the Enjin Relaychain or the Enjin Matrixchain. It does not refer to other (community-operated) Matrixchains." & @CRLF & _ "Issues originating from Substrate are notifiable but ineligible for a bounty as Enjin Blockchain will automatically work towards scheduling upgrades from Substrate, which includes new features; bug fixes; and security fixes." & @CRLF & _ "Enjin Coin - Ethereum ERC-20 Contract" & @CRLF & _ "Mainnet Contract: `0xF629cBd94d3791C9250152BD8dfBDF380E2a3B9c`" & @CRLF & _ "**Background**" & @CRLF & _ "Enjin Coin (ENJ) is an Ethereum-based cryptocurrency used to directly back the value of next-generation blockchain assets. It is the gold standard for digital assets." & @CRLF & _ "**Additional Conditions**" & @CRLF & _ "All testing must be conducted on the Goerli (testnet) contract. The deployed contract is identical to that of the Mainnet contract." & @CRLF & _ "com.enjin.mobile.wallet" & @CRLF & _ "https://apps.apple.com/us/app/enjin-cryptocurrency-wallet/id1349078375" & @CRLF & _ "The Enjin Wallet is a secure, feature-packed, and convenient blockchain asset wallet built for traders, gamers, and developers." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.enjin.mobile.wallet" & @CRLF & _ "nft.io" & @CRLF & _ "You can also test, for free, on [canary.nft.io](https://canary.nft.io)." & @CRLF & _ "platform.enjin.io" & @CRLF & _ "You can also test, for free, on [platform.canary.enjin.io](https://platform.canary.enjin.io)." & @CRLF & _ "The Enjin Platform is open-source. You can access the code on our [GitHub Organization](https://github.com/enjin). All related repositories start with the `platform-` prefix." & @CRLF & _ "Nintendo Switch System" & @CRLF & _ "Nintendo Switch applications for which Nintendo is the publisher worldwide" & @CRLF & _ "cdn.plaid.com" & @CRLF & _ "This is on Amazon CloudFront, so the scope here is limited to our content and configuration issues." & @CRLF & _ "dashboard.plaid.com" & @CRLF & _ "Plaid's developer dashboard" & @CRLF & _ "demo.plaid.com" & @CRLF & _ "Demo Plaid developer integration" & @CRLF & _ "https://github.com/plaid/plaid-link-android" & @CRLF & _ "Plaid's drop-in client-side module for authentication. Available for web, mobile web and iOS." & @CRLF & _ "https://github.com/plaid/plaid-link-examples" & @CRLF & _ "https://github.com/plaid/plaid-link-ios" & @CRLF & _ "https://github.com/plaid/plaid-ruby" & @CRLF & _ "The official Ruby bindings for the Plaid API. It's generated from our OpenAPI schema" & @CRLF & _ "https://github.com/plaid/react-native-plaid-link-sdk" & @CRLF & _ "Plaid Link for React Native" & @CRLF & _ "https://github.com/plaid/react-plaid-link" & @CRLF & _ "React hooks and components for integrating with the Plaid Link drop module" & @CRLF & _ "my.plaid.com" & @CRLF & _ "Portal for customers to access their information as seen by Plaid apps they have permissioned. https://my.plaid.com" & @CRLF & _ "plaid.com" & @CRLF & _ "Plaid's marketing website, not full *.plaid.com" & @CRLF & _ "production.plaid.com" & @CRLF & _ "Plaid's developer API. Docs: https://plaid.com/docs" & @CRLF & _ "secure.plaid.com" & @CRLF & _ "This is an alias for cdn.plaid.com" & @CRLF & _ "*.myinsights.io" & @CRLF & _ "*.scatec.io" & @CRLF & _ "*.sellzone.com" & @CRLF & _ "*.semrush.com" & @CRLF & _ "*.semrush.net" & @CRLF & _ "*.seoab.io" & @CRLF & _ "*.seoquake.com" & @CRLF & _ "Leaked/Сompromised Employee accounts" & @CRLF & _ "Please review the program policy on this scope before submitting your report. " & @CRLF & _ "Other Semrush Related Asset" & @CRLF & _ "Please use this Asset tag for any High and Critical report that does not relate directly to another Semrush asset listed in scope, and is also NOT listed under the "Out of Scope" section." & @CRLF & _ "Please note, that Semrush will only accept and review valid high and critical severity reports." & @CRLF & _ "*.quora.com" & @CRLF & _ "Except for subdomains managed by third parties, such as help.quora.com, careers.quora.com, and business.quora.com." & @CRLF & _ "com.quora.android" & @CRLF & _ "The latest version of Android app installed from the official store at:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.quora.android" & @CRLF & _ "com.quora.app.mobile" & @CRLF & _ "The latest version of iOS app installed from the official store at:" & @CRLF & _ "https://itunes.apple.com/us/developer/quora-inc/id456034440" & @CRLF & _ "http://poe.com" & @CRLF & _ "0x0d8775f648430679a709e98d2b0cb6250d2887ef" & @CRLF & _ "We are particularly interested in any security issue which has consequences for this Ethereum address." & @CRLF & _ "0x44fcfabfbe32024a01b778c025d70498382cced0" & @CRLF & _ "0x67fa2c06c9c6d4332f330e14a66bdf1873ef3d2b" & @CRLF & _ "0x7c31560552170ce96c4a7b018e93cddc19dc61b6" & @CRLF & _ "0xfbfa258b9028c7d4fc52ce28031469214d10daeb" & @CRLF & _ "account.brave.com" & @CRLF & _ "basicattentiontoken.org" & @CRLF & _ "We are not generally interested in bugs on the static website hosted <basicattentiontoken.org>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions." & @CRLF & _ "brave.com" & @CRLF & _ "We are not generally interested in bugs on <brave.com>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions." & @CRLF & _ "com.brave.browser" & @CRLF & _ "com.brave.browser_beta" & @CRLF & _ "com.brave.ios.browser" & @CRLF & _ "creators.basicattentiontoken.org" & @CRLF & _ "https://github.com/brave-intl/bat-balance" & @CRLF & _ "https://github.com/brave-intl/bat-client" & @CRLF & _ "https://github.com/brave-intl/bat-go" & @CRLF & _ "https://github.com/brave-intl/bat-ledger" & @CRLF & _ "https://github.com/brave-intl/bat-publisher" & @CRLF & _ "https://github.com/brave-intl/publishers" & @CRLF & _ "https://github.com/brave/brave-core" & @CRLF & _ "https://github.com/brave/vault-updater" & @CRLF & _ "https://laptop-updates.brave.com/latest/dev/debian64" & @CRLF & _ "https://laptop-updates.brave.com/latest/dev/ubuntu64" & @CRLF & _ "https://laptop-updates.brave.com/latest/fedora64" & @CRLF & _ "https://laptop-updates.brave.com/latest/linux64" & @CRLF & _ "https://laptop-updates.brave.com/latest/mint64" & @CRLF & _ "https://laptop-updates.brave.com/latest/openSUSE64" & @CRLF & _ "https://laptop-updates.brave.com/latest/osx" & @CRLF & _ "https://laptop-updates.brave.com/latest/winia32" & @CRLF & _ "https://laptop-updates.brave.com/latest/winx64" & @CRLF & _ "search.brave.com" & @CRLF & _ "talk.brave.com" & @CRLF & _ "Burp Collaborator" & @CRLF & _ "Burp Collaborator is part of Burp Suite Pro - for further information refer to https://portswigger.net/burp/help/collaborator.html" & @CRLF & _ "Burp Suite Enterprise Edition" & @CRLF & _ "Download from https://portswigger.net/requestfreetrial/enterprise" & @CRLF & _ "Burp Suite Pro/Community" & @CRLF & _ "Download from https://portswigger.net/burp" & @CRLF & _ "forum.portswigger.net" & @CRLF & _ "https://enterprise-demo.portswigger.net/" & @CRLF & _ "This is a hosted demo of Burp Suite Enterprise Edition. " & @CRLF & _ "portswigger.net" & @CRLF & _ "https://portswigger.net" & @CRLF & _ "FIles.com REST API" & @CRLF & _ "## REST API" & @CRLF & _ "Full documentation for the REST API can be found here: https://developers.files.com/" & @CRLF & _ "The REST API URL is tied to your specific site (https://*sitename*.files.com) that was generated when you created the trial using the [BUGBOUNTY] setup process defined in the Policy section." & @CRLF & _ "Files.com Desktop Application for Windows or Mac" & @CRLF & _ "Download for desktop application is located here: https://www.files.com/docs/desktop/" & @CRLF & _ "Files.com SDK's" & @CRLF & _ "Full documentation for the Files.com SDK’s can be found here: " & @CRLF & _ "https://developers.files.com/#per-language-sdks" & @CRLF & _ "app.files.com" & @CRLF & _ "Files.com Web Application" & @CRLF & _ "www.files.com" & @CRLF & _ "This is the main marketing site for Files.com. " & @CRLF & _ "On the marketing site asset (https://www.files.com) we will only accept vulnerabilities that lead to a vulnerability on the main *.files.com platform." & @CRLF & _ "your-assigned-subdomain.files.com" & @CRLF & _ "**Files.com Web Application** " & @CRLF & _ "**Please review the Out of Scope assets** -- note that not all subdomains of https://*.files.com are in scope for this asset. Please review the listing of assets marked Out of Scope prior to any testing. This list will change so please refer back during all phases of testing." & @CRLF & _ "The actual application URL will be created as https://*your-assigned-subdomain*.files.com when you create the trial account using the [BUGBOUNTY] process outlined in the Policy section." & @CRLF & _ "Exness Investor" & @CRLF & _ "https://apps.apple.com/id/app/exness-investor/id1579331769" & @CRLF & _ "Exness Social Trading" & @CRLF & _ "https://apps.apple.com/id/app/exness-social-trading/id1392465628" & @CRLF & _ "Exness Trade: Online Trading" & @CRLF & _ "https://apps.apple.com/id/app/exness-trader-trade-on-the-go/id1359763701" & @CRLF & _ "api.excalls.mobi" & @CRLF & _ "Mobile API" & @CRLF & _ "com.exness.android.pa" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.exness.android.pa" & @CRLF & _ "com.exness.investments" & @CRLF & _ "Social Trading" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.exness.investments" & @CRLF & _ "com.exness.investor" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.exness.investor" & @CRLF & _ "exness.com" & @CRLF & _ "Public Area for Web Trading" & @CRLF & _ "exnessaffiliates.com" & @CRLF & _ "Partnership programs" & @CRLF & _ "https://my.exness.com/pa/pim/manager" & @CRLF & _ "Portfolio Management" & @CRLF & _ "https://my.exness.com/pa/socialtrading" & @CRLF & _ "https://my.exness.com/webtrading/" & @CRLF & _ "Web Terminal For Trading" & @CRLF & _ "my.exness.com" & @CRLF & _ "Personal Area for Web Trading" & @CRLF & _ "pay.ibex.exchange" & @CRLF & _ "Payments Services" & @CRLF & _ "pwapi.ex2b.com" & @CRLF & _ "Public Web API" & @CRLF & _ "social-trading.exness.com" & @CRLF & _ "*.scopely.com" & @CRLF & _ "Vulnerabilities reported on Scopely services additional to the games in scope are now eligible for monetary rewards. " & @CRLF & _ "*.scopely.io" & @CRLF & _ "*.withbuddies.com" & @CRLF & _ "Backend API servers included in scope." & @CRLF & _ "Please take into account that any kind of DOS is totally forbidden." & @CRLF & _ "Games Tier 1" & @CRLF & _ "This asset was added for bounty table purposes." & @CRLF & _ "Games Tier 2" & @CRLF & _ "Games Tier 3" & @CRLF & _ "com.foxnextgames.m3" & @CRLF & _ "com.kitkagames.fallbuddies" & @CRLF & _ "[Stumbleguys](https://play.google.com/store/apps/details?id=com.kitkagames.fallbuddies)" & @CRLF & _ "Stumble Guys is a massive multiplayer party knockout game with up to 32 players online. Join millions of players and stumble to victory in this fun multiplayer knockout battle royale! Are you ready to enter the running chaos? Running, stumbling, falling, jumping, and winning has never been so fun!" & @CRLF & _ "com.pieyel.scrabble" & @CRLF & _ "[Scrabble GO](https://apps.apple.com/nz/app/scrabble-go-new-word-game/id1215933788)" & @CRLF & _ "The world’s greatest word game, is all new and reimagined as a free to play mobile game!" & @CRLF & _ "**Status:** Available worldwide." & @CRLF & _ "Shared Framework: Yes" & @CRLF & _ "[Scrabble GO](https://play.google.com/store/apps/details?id=com.pieyel.scrabble)" & @CRLF & _ "com.scopely.monopolygo" & @CRLF & _ "[Monopoly GO! ](https://play.google.com/store/apps/details?id=com.scopely.monopolygo)" & @CRLF & _ "Hit GO! Roll the dice! Earn MONOPOLY money, interact with your friends, family members and fellow Tycoons from around the world as you explore the expanding universe of MONOPOLY GO! It’s the new way to play - board flipping cleanup not required!" & @CRLF & _ "com.scopely.startrek" & @CRLF & _ "[Star Trek Fleet Command ](https://play.google.com/store/apps/details?id=com.scopely.startrek)" & @CRLF & _ "You have the conn! Summon your skills in strategy, combat, diplomacy, and leadership to master the dangerous universe of Star Trek Fleet Command." & @CRLF & _ "com.scopely.yux" & @CRLF & _ "[Yahtzee with Buddies Dice Game](https://apps.apple.com/us/app/yahtzee-with-buddies-dice/id1206967173)" & @CRLF & _ "Roll dice to play YAHTZEE® With Buddies! It is the fun, classic board game with a new look. Play dice with friends in this multiplayer game." & @CRLF & _ "[Yahtzee with Buddies Dice Game](https://play.google.com/store/apps/details?id=com.scopely.yux)" & @CRLF & _ "com.withbuddies.dice.free" & @CRLF & _ "[Dice With Buddies: Social Game](https://apps.apple.com/us/app/dice-with-buddies-social-game/id432750508)" & @CRLF & _ "Dice With Buddies is a fun, new spin on your favorite classic dice game! Enjoyed by millions of players, you can play free multiplayer board games with family, friends, or new buddies! " & @CRLF & _ "[Dice With Buddies: Social Game](https://play.google.com/store/apps/details?id=com.withbuddies.dice.free)" & @CRLF & _ "id1427744264" & @CRLF & _ "[Star Trek Fleet Command](https://apps.apple.com/us/app/star-trek-fleet-command/id1427744264)" & @CRLF & _ "id1541153375" & @CRLF & _ "[StumbleGuys](https://apps.apple.com/es/app/stumble-guys/id1541153375)" & @CRLF & _ "id1621328561" & @CRLF & _ "[Monopoly GO!](https://apps.apple.com/us/app/monopoly-go/id1621328561)" & @CRLF & _ "api.localizestaging.com" & @CRLF & _ "api.localizestaging.com maps to the APIs that are documented here: https://help.localizejs.com/reference" & @CRLF & _ "Please refrain from testing against the Production endpoint (https://api.localizejs.com). Instead, the staging endpoint should be used (https://api.localizestaging.com)" & @CRLF & _ "app.localizestaging.com" & @CRLF & _ "cdn.localizestaging.com" & @CRLF & _ "localizestaging.com" & @CRLF & _ "localizestaging.com is the primary asset in scope of this program." & @CRLF & _ "This application uses Stripe for credit card payment processing. To test payment related functionality, you may use test credit cards as documented by Stripe: https://stripe.com/docs/testing" & @CRLF & _ "*.buddypress.org,bbpress.org,profiles.wordpress.org" & @CRLF & _ "*.trac.wordpress.org, *.svn.wordpress.org, *.git.wordpress.org, github.com/WordPress" & @CRLF & _ "**Do _not_ pentest Trac instances**, it's very annoying to clean up after. Setup a local environment instead; the custom source code is available via the Git command below, in the `trac.wordpress.org` subfolder. **If you ignore this you'll forfeit any bounty.**" & @CRLF & _ "The projects here are kept mostly for archival purposes and non-critical information disclosure will generally not be eligible for a bounty." & @CRLF & _ "Only report vulnerabilities in our custom code, don't report vulnerabilities that only exist upstream in Trac itself. Report those directly to info@edgewall.com." & @CRLF & _ "All source code that isn't behind authentication is intended to be public. The source code itself has `High` CVSS impact scores. The applications that manage the code (Trac, Git, SVN, etc) have `Low` scores, except for vulnerabilities that allow modifications to the source code." & @CRLF & _ "Most of the source code in these domains is contained in the "meta" repository: `git clone git://meta.git.wordpress.org/`" & @CRLF & _ "*.wordcamp.org" & @CRLF & _ "*.wordpress.net" & @CRLF & _ "All WordPress.net domains, including (but not limited to) jobs.wordpress.net." & @CRLF & _ "This is a shared-hosting environment, and these are generally low-value targets, so we're usually only interested in high- and medium- severity issues that affect the entire server (not just an individual site)." & @CRLF & _ "*.wordpress.org" & @CRLF & _ "All wordpress.org domains that **are not listed in other assets**, including (but not limited to) the following:" & @CRLF & _ "* login.wordpress.org" & @CRLF & _ "* developer.wordpress.org" & @CRLF & _ "* make.wordpress.org" & @CRLF & _ "* translate.wordpress.org" & @CRLF & _ "* global.wordpress.org, {locale}.wordpress.org (e.g., de.wordpress.org, es-mx.wordpress.org)" & @CRLF & _ "* learn.wordpress.org" & @CRLF & _ "BBPress Core" & @CRLF & _ "Download source code from: https://bbpress.org/download/" & @CRLF & _ "BuddyPress Core" & @CRLF & _ "Download source code from: https://buddypress.org/download/" & @CRLF & _ "GlotPress" & @CRLF & _ "All code located under [the GlotPress organization](https://github.com/GlotPress/) on GitHub." & @CRLF & _ "The most important target is the `glotpress-wp` repository. Other repositories are in scope, but may have a lower importance." & @CRLF & _ "Gutenberg" & @CRLF & _ "Download source code from https://github.com/WordPress/gutenberg" & @CRLF & _ "Official WordPress plugins" & @CRLF & _ "Any plugin listed on the WordPress.org profile for [the "wordpressdotorg" account](https://profiles.wordpress.org/wordpressdotorg#content-plugins)." & @CRLF & _ "To find the source code for any of them, clicking on the name will take you to the plugin's page within the WordPress.org plugin directory. Once there, click on the `Download` button for a `.zip` file of the latest release, or click on the `Development` tab for links to the code browser and Subversion repository." & @CRLF & _ "WP-CLI" & @CRLF & _ "All code located under [the WP-CLI organization](https://github.com/wp-cli) on GitHub." & @CRLF & _ "The most important targets are the main `wp-cli` repository, and any repositories for commands that are bundled with the distributed `wp-cli` source code, like `cache-command`, `scaffold-command`, etc." & @CRLF & _ "Other repositories are in scope, but may have a lower importance." & @CRLF & _ "WordPress Core" & @CRLF & _ "Download source code from: https://wordpress.org/download/source/" & @CRLF & _ "api.wordpress.org" & @CRLF & _ "codex.wordpress.org,codex.bbpress.org,codex.buddypress.org" & @CRLF & _ "These are wikis, they're intended to be freely edited by anonymous users. We are not interested in vulnerabilities unless they have a severe impact." & @CRLF & _ "doaction.org" & @CRLF & _ "gutenberg.run" & @CRLF & _ "Each subdomain of this site provides temporary live preview sites for Gutenberg pull requests. Only critical vulnerabilities should be submitted, because the impact of low/medium vulnerabilities is barely noticable." & @CRLF & _ "More info: https://github.com/WordPress/gutenberg.run" & @CRLF & _ "irclogs.wordpress.org" & @CRLF & _ "These are public logs of very old conversations. We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, XSS, modifying the logs, etc). DoS is not severe in this case." & @CRLF & _ "lists.wordpress.org" & @CRLF & _ "We are not interested in vulnerabilities unless they have a severe impact." & @CRLF & _ "mercantile.wordpress.org" & @CRLF & _ "This site runs uses [the WooCommerce plugin](https://woocommerce.com/), but we don't accept reports for that. We only accept reports for our custom code. If you find any vulnerabilities that are also present in WooCommerce itself, please [report them to Automattic](/automattic)." & @CRLF & _ "Please don't submit test orders (especially automated ones). They don't test any of our custom code, and are a pain to clean up." & @CRLF & _ "Additionally, price manipulation is a common invalid report, please see #682344." & @CRLF & _ "munin-*.wordpress.org" & @CRLF & _ "We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, SSRF). Metrics data is intentionally made public." & @CRLF & _ "planet.wordpress.org" & @CRLF & _ "wordpressfoundation.org" & @CRLF & _ "Desktop Client" & @CRLF & _ "Issues affecting the Desktop Client available from [https://nextcloud.com/install/#install-clients](https://nextcloud.com/install/#install-clients "https://nextcloud.com/install/#install-clients")" & @CRLF & _ "com.nextcloud.Talk" & @CRLF & _ "Our official iOS Talk client from [https://itunes.apple.com/app/id1296825574](https://itunes.apple.com/app/id1296825574)" & @CRLF & _ "com.nextcloud.client" & @CRLF & _ "Our official Android client from [https://play.google.com/store/apps/details?id=com.nextcloud.client](https://play.google.com/store/apps/details?id=com.nextcloud.client "https://play.google.com/store/apps/details?id=com.nextcloud.client")" & @CRLF & _ "com.nextcloud.talk2" & @CRLF & _ "Our official Android Talk client from [https://play.google.com/store/apps/details?id=com.nextcloud.talk2](https://play.google.com/store/apps/details?id=com.nextcloud.talk2)" & @CRLF & _ "com.peterandlinda.iOCNotes" & @CRLF & _ "Our official iOS Nextcloud Notes client from [https://itunes.apple.com/app/id813973264](https://itunes.apple.com/app/id813973264)" & @CRLF & _ "daita/files_fulltextsearch_tesseract" & @CRLF & _ "Code from [https://github.com/daita/files_fulltextsearch_tesseract](https://github.com/daita/files_fulltextsearch_tesseract) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "https://github.com/nextcloud/collectives" & @CRLF & _ "Code from [https://github.com/nextcloud/collectives](https://github.com/nextcloud/collectives) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "https://github.com/nextcloud/files_confidential" & @CRLF & _ "Code from [https://github.com/nextcloud/files_confidential](https://github.com/nextcloud/files_confidential) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "https://github.com/nextcloud/tables" & @CRLF & _ "Code from [https://github.com/nextcloud/tables](https://github.com/nextcloud/tables) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "it.niedermann.owncloud.notes" & @CRLF & _ "Our official Android Notes client from [https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes](https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes "https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes")" & @CRLF & _ "it.twsweb.Nextcloud" & @CRLF & _ "Our official iOS client from [https://itunes.apple.com/app/nextcloud/id1125420102](https://itunes.apple.com/app/nextcloud/id1125420102 "https://itunes.apple.com/app/nextcloud/id1125420102")" & @CRLF & _ "nextcloud/3rdparty" & @CRLF & _ "Code from [https://github.com/nextcloud/3rdparty](https://github.com/nextcloud/3rdparty "https://github.com/nextcloud/3rdparty") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/activity" & @CRLF & _ "Code from [https://github.com/nextcloud/activity](https://github.com/nextcloud/activity "https://github.com/nextcloud/activity") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/approval" & @CRLF & _ "Code from [https://github.com/nextcloud/approval](https://github.com/nextcloud/approval) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/bruteforcesettings" & @CRLF & _ "Code from [https://github.com/nextcloud/bruteforcesettings](https://github.com/nextcloud/bruteforcesettings) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/calendar" & @CRLF & _ "Code from [https://github.com/nextcloud/calendar](https://github.com/nextcloud/calendar) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/calendar_resource_management" & @CRLF & _ "Code from [https://github.com/nextcloud/calendar_resource_management](https://github.com/nextcloud/calendar_resource_management) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/circles" & @CRLF & _ "Code from [https://github.com/nextcloud/circles](https://github.com/nextcloud/circles "https://github.com/nextcloud/circles") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/contacts" & @CRLF & _ "Code from [https://github.com/nextcloud/contacts](https://github.com/nextcloud/contacts) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/data_request" & @CRLF & _ "Code from [https://github.com/nextcloud/data_request](https://github.com/nextcloud/data_request) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/deck" & @CRLF & _ "Code from [https://github.com/nextcloud/deck](https://github.com/nextcloud/deck "https://github.com/nextcloud/deck") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/end_to_end_encryption" & @CRLF & _ "Code from [https://github.com/nextcloud/end_to_end_encryption](https://github.com/nextcloud/end_to_end_encryption "https://github.com/nextcloud/end_to_end_encryption") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/external" & @CRLF & _ "Code from [https://github.com/nextcloud/external](https://github.com/nextcloud/external) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_accesscontrol" & @CRLF & _ "Code from [https://github.com/nextcloud/files\_accesscontrol](https://github.com/nextcloud/files_accesscontrol "https://github.com/nextcloud/files\_accesscontrol") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_antivirus" & @CRLF & _ "Code from [https://github.com/nextcloud/files_antivirus](https://github.com/nextcloud/files_antivirus) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_automatedtagging" & @CRLF & _ "Code from [https://github.com/nextcloud/files\_automatedtagging](https://github.com/nextcloud/files_automatedtagging "https://github.com/nextcloud/files\_automatedtagging") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_fulltextsearch" & @CRLF & _ "Code from [https://github.com/nextcloud/files_fulltextsearch](https://github.com/nextcloud/files_fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_lock" & @CRLF & _ "Code from [https://github.com/nextcloud/files_lock](https://github.com/nextcloud/files_lock) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_pdfviewer" & @CRLF & _ "Code from [https://github.com/nextcloud/files\_pdfviewer](https://github.com/nextcloud/files_pdfviewer "https://github.com/nextcloud/files\_pdfviewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_retention" & @CRLF & _ "Code from [https://github.com/nextcloud/files\_retention](https://github.com/nextcloud/files_retention "https://github.com/nextcloud/files\_retention") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_rightclick" & @CRLF & _ "Code from [https://github.com/nextcloud/files_rightclick](https://github.com/nextcloud/files_rightclick "https://github.com/nextcloud/files_rightclick") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/files_texteditor" & @CRLF & _ "Code from [https://github.com/nextcloud/files\_texteditor](https://github.com/nextcloud/files_texteditor "https://github.com/nextcloud/files\_texteditor") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/firstrunwizard" & @CRLF & _ "Code from [https://github.com/nextcloud/firstrunwizard](https://github.com/nextcloud/firstrunwizard "https://github.com/nextcloud/firstrunwizard") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/flow_notifications" & @CRLF & _ "Code from [https://github.com/nextcloud/flow_notifications](https://github.com/nextcloud/flow_notifications) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/fulltextsearch" & @CRLF & _ "Code from [https://github.com/nextcloud/fulltextsearch](https://github.com/nextcloud/fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/fulltextsearch_elasticsearch" & @CRLF & _ "Code from [https://github.com/nextcloud/fulltextsearch_elasticsearch](https://github.com/nextcloud/fulltextsearch_elasticsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/globalsiteselector" & @CRLF & _ "Code from [https://github.com/nextcloud/globalsiteselector](https://github.com/nextcloud/globalsiteselector) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/groupfolders" & @CRLF & _ "Code from [https://github.com/nextcloud/groupfolders](https://github.com/nextcloud/groupfolders) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/guests" & @CRLF & _ "Code from [https://github.com/nextcloud/guests](https://github.com/nextcloud/guests) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/logreader" & @CRLF & _ "Code from [https://github.com/nextcloud/logreader](https://github.com/nextcloud/logreader "https://github.com/nextcloud/logreader") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/mail" & @CRLF & _ "Code from [https://github.com/nextcloud/mail](https://github.com/nextcloud/mail "https://github.com/nextcloud/mail") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/nextcloud_announcements" & @CRLF & _ "Code from [https://github.com/nextcloud/nextcloud\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\_announcements") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/notes" & @CRLF & _ "Code from [https://github.com/nextcloud/notes](https://github.com/nextcloud/notes "https://github.com/nextcloud/notes") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/notifications" & @CRLF & _ "Code from [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/notify_push" & @CRLF & _ "Code from [https://github.com/nextcloud/notify_push](https://github.com/nextcloud/notify_push) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/onlyoffice" & @CRLF & _ "Code from [https://github.com/ONLYOFFICE/onlyoffice-nextcloud](https://github.com/ONLYOFFICE/onlyoffice-nextcloud) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "**Note:** We only issue monetary awards for issue in our own code base. For any bugs within ONLYOFFICE, please contact [ONLYOFFICE](https://www.onlyoffice.com/support-contact-form.aspx)." & @CRLF & _ "nextcloud/password_policy" & @CRLF & _ "Code from [https://github.com/nextcloud/password\_policy](https://github.com/nextcloud/password_policy "https://github.com/nextcloud/password\_policy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/photos" & @CRLF & _ "Code from [https://github.com/nextcloud/photos](https://github.com/nextcloud/photos "https://github.com/nextcloud/photos") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/privacy" & @CRLF & _ "Code from [https://github.com/nextcloud/privacy](https://github.com/nextcloud/privacy "https://github.com/nextcloud/privacy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/recommendations" & @CRLF & _ "Code from [https://github.com/nextcloud/recommendations](https://github.com/nextcloud/recommendations "https://github.com/nextcloud/recommendations") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/related_resources" & @CRLF & _ "Code from [https://github.com/nextcloud/related_resources](https://github.com/nextcloud/related_resources) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/richdocuments" & @CRLF & _ "Code from [https://github.com/nextcloud/richdocuments](https://github.com/nextcloud/richdocuments) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "**Note:** We only issue monetary awards for issue in our own code base. For any bugs within Collabora Online, please contact [Collabora](https://www.collaboraoffice.com/about-us/)." & @CRLF & _ "nextcloud/server" & @CRLF & _ "Code from [https://github.com/nextcloud/server](https://github.com/nextcloud/server "https://github.com/nextcloud/server") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/serverinfo" & @CRLF & _ "Code from [https://github.com/nextcloud/serverinfo](https://github.com/nextcloud/serverinfo "https://github.com/nextcloud/serverinfo") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/sharepoint" & @CRLF & _ "Code from [https://github.com/nextcloud/sharepoint](https://github.com/nextcloud/sharepoint) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/socialsharing" & @CRLF & _ "Code from [https://github.com/nextcloud/socialsharing](https://github.com/nextcloud/socialsharing) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/spreed" & @CRLF & _ "Code from [https://github.com/nextcloud/spreed](https://github.com/nextcloud/spreed) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/survey_client" & @CRLF & _ "Code from [https://github.com/nextcloud/survey\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\_client") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/suspicious_login" & @CRLF & _ "Code from [https://github.com/nextcloud/suspicious_login](https://github.com/nextcloud/suspicious_login) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/terms_of_service" & @CRLF & _ "Code from [https://github.com/nextcloud/terms_of_service](https://github.com/nextcloud/terms_of_service) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/text" & @CRLF & _ "Code from [https://github.com/nextcloud/text](https://github.com/nextcloud/text "https://github.com/nextcloud/text") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/twofactor_totp" & @CRLF & _ "Code from [https://github.com/nextcloud/twofactor_totp](https://github.com/nextcloud/twofactor_totp) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/twofactor_webauthn" & @CRLF & _ "Code from [https://github.com/nextcloud/twofactor_webauthn](https://github.com/nextcloud/twofactor_webauthn) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/updater" & @CRLF & _ "Code from [https://github.com/nextcloud/updater](https://github.com/nextcloud/updater "https://github.com/nextcloud/updater") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/user_migration" & @CRLF & _ "Code from [https://github.com/nextcloud/user_migration](https://github.com/nextcloud/user_migration) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/user_oidc" & @CRLF & _ "Code from [https://github.com/nextcloud/user_oidc](https://github.com/nextcloud/user_oidc) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/user_saml" & @CRLF & _ "Code from [https://github.com/nextcloud/user\_saml](https://github.com/nextcloud/user_saml "https://github.com/nextcloud/user\_saml") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/viewer" & @CRLF & _ "Code from [https://github.com/nextcloud/viewer](https://github.com/nextcloud/viewer "https://github.com/nextcloud/viewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "nextcloud/workflow_script" & @CRLF & _ "Code from [https://github.com/nextcloud/workflow_script](https://github.com/nextcloud/workflow_script) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases." & @CRLF & _ "Subdomain Takeover (SDTO)" & @CRLF & _ "Subdomain Takeovers will be evaluated on their severity considering cookie scoping, historical significance and potential traffic volume. They maybe bounty eligible or alternately informative as determined by their security impact to Starbucks." & @CRLF & _ "Refer to the Appropriate Proof of Concepts section of this policy for information on how to construct a valid proof of concept for these reports." & @CRLF & _ "app.starbucks.com" & @CRLF & _ "Starbucks US" & @CRLF & _ "https://app.starbucks.com" & @CRLF & _ "com.starbucks.mobilecard" & @CRLF & _ "Starbucks USA Android app." & @CRLF & _ "https://play.google.com/store/apps/details?id=com.starbucks.mobilecard" & @CRLF & _ "com.starbucks.mystarbucks" & @CRLF & _ "Starbucks US ios app." & @CRLF & _ "https://itunes.apple.com/us/app/starbucks/id331177714" & @CRLF & _ "openapi.starbucks.com" & @CRLF & _ "Starbucks digital service capabilities to 3rd party business partner(s)/cooperators via standard Open API." & @CRLF & _ "secureui.starbucks.com" & @CRLF & _ "Starbucks Payment Processing" & @CRLF & _ "https://secureui.starbucks.com/" & @CRLF & _ "www.starbucks.ca" & @CRLF & _ "Starbucks Canada" & @CRLF & _ "https://www.starbucks.ca/" & @CRLF & _ "www.starbucks.com" & @CRLF & _ "https://www.starbucks.com/" & @CRLF & _ "www.starbucksreserve.com" & @CRLF & _ "Starbucks Reserve" & @CRLF & _ "https://www.starbucksreserve.com/" & @CRLF & _ "https://github.com/ruby/ruby" & @CRLF & _ "*.rockstargames.com" & @CRLF & _ "Some subdomains excluded. See the rest of the scope table below." & @CRLF & _ "Rockstar Games Launcher" & @CRLF & _ "circolocorecords.com/" & @CRLF & _ "prod.ros.rockstargames.com" & @CRLF & _ "rockstarnorth.com" & @CRLF & _ "socialclub.rockstargames.com" & @CRLF & _ "store.rockstargames.com" & @CRLF & _ "Please note that the checkout/payment process go through the Xsolla platform. If you believe you have found a vulnerability in the checkout/payment process, please confirm first whether the vulnerability is in the general Xsolla platform, or our specific implementation." & @CRLF & _ "support.rockstargames.com" & @CRLF & _ "Vulnerability reports for support.rockstargames.com may not be awarded bounties if it is discovered that the root vulnerability lies in Zendesk's code. Hackers are encouraged to submit such reports to [Zendesk's bug bounty program](https://hackerone.com/zendesk)." & @CRLF & _ "*.github.net" & @CRLF & _ "Subdomains under `*.github.net` run services for our internal production network. Many of these services are not accessible from outside our internal network. Not all subdomains are [in-scope](https://bounty.github.com/#scope)" & @CRLF & _ "*.githubapp.com" & @CRLF & _ "Subdomains under `*.githubapp.com` provide a number of internal services to GitHub employees. Not all subdomains are [in-scope](https://bounty.github.com/#scope)" & @CRLF & _ "*.githubusercontent.com" & @CRLF & _ "Copilot" & @CRLF & _ "Copilot Chat on dotcom" & @CRLF & _ "Copilot for Business" & @CRLF & _ "Dependabot" & @CRLF & _ "Dependabot powers GitHub's [automated security fixes](https://help.github.com/en/articles/configuring-automated-security-fixes). This feature allows GitHub users to automatically update vulnerable dependencies. The core logic of Dependabot is [open-source](https://github.com/dependabot/dependabot-core) and an [overview of the architecture](https://github.com/dependabot/dependabot-core#architecture) is available." & @CRLF & _ " * Execution environment breakout attacks, providing access to private networked resources or other users' data" & @CRLF & _ " * Security issues in [`dependabot-core`](https://github.com/dependabot/dependabot-core)" & @CRLF & _ "GitHub CLI" & @CRLF & _ "[GitHub CLI](https://cli.github.com) is an open source command line tool for working with your GitHub.com account. It is built with Golang, and performs several GitHub.com commands from your terminal, such as viewing, commenting and performing other actions on issues and PRs." & @CRLF & _ "GitHub CSP" & @CRLF & _ "While content-injection vulnerabilities are already in-scope for our [GitHub.com bounty](https://bounty.github.com/targets/github.html), we also accept bounty reports for novel [CSP](https://developers.google.com/web/fundamentals/security/csp/) bypasses affecting GitHub.com, even if they do not include a content-injection vulnerability. Using an intercepting proxy or your browser's developer tools, experiment with injecting content into the DOM. See if you can execute arbitrary JavaScript or exfiltrate sensitive page contents such as CSRF tokens. Reports of other previously-unknown impacts from content-injection will also be considered." & @CRLF & _ "Previously identified attacks are not eligible for reward (we've put a lot of thought into CSP bypasses already). You can find a discussion of known attacks and our attempts to mitigate them [here](http://githubengineering.com/githubs-csp-journey/). Attacks against CSP features not used on GitHub.com, such as script nonces, are not eligible for reward. Vulnerabilities resulting from injection in implausible locations, such as within an element that doesn't contain user-content, are not eligible for reward. Rewards are determined at our discretion: if you think you've found something cool and novel, report it!" & @CRLF & _ "GitHub Desktop" & @CRLF & _ "[GitHub Desktop](https://desktop.github.com) is an open-source [Electron](https://electronjs.org)-based app for working with your GitHub.com or GitHub Enterprise account. Only the following vulnerabilities are eligible for reward:" & @CRLF & _ " * Remote code execution via protocol handlers such as `x-github-client://`" & @CRLF & _ " * Code execution without user interaction when cloning or fetching malicious repositories" & @CRLF & _ "GitHub Enterprise Cloud" & @CRLF & _ "GitHub Enterprise Cloud is the cloud-hosted version of GitHub Enterprise. It is designed for teams who want advanced authentication and permissions without managing infrastructure. More information about GitHub Enterprise Cloud is available at https://github.com/enterprise" & @CRLF & _ "GitHub Enterprise Server" & @CRLF & _ "GitHub Enterprise Server is the on-premise version of GitHub Enterprise. GitHub Enterprise Server shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies. GitHub Enterprise Server adds a number of features for enterprise infrastructures, including additional authentication backends and clustering options." & @CRLF & _ " Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate." & @CRLF & _ " * Bypassing instance-wide authentication, also known as [*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/)" & @CRLF & _ " * External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)" & @CRLF & _ " * In-app administration of the instance using a site administrator control panel" & @CRLF & _ " * [User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)" & @CRLF & _ " * [Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/) and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/) to configure and update the instance" & @CRLF & _ " * [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)" & @CRLF & _ " * [GitHub Connect](https://help.github.com/enterprise/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com/) allows users to share specific features and workflows between your GitHub Enterprise Server instance and a GitHub.com organization on GitHub Enterprise Cloud." & @CRLF & _ " * See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/) for a list of services typically open on an instance." & @CRLF & _ "You can request a trial of GitHub Enterprise Server for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty)." & @CRLF & _ "GitHub Pages" & @CRLF & _ "GitHub Pages is our static site hosting service designed to host your personal, organization, or project pages directly from a GitHub repository. It uses the Jekyll static site generator and officially supported themes are are developed in the pages-themes organization. GitHub Pages support custom domains and can be secured with HTTPS. Eligible submissions include:" & @CRLF & _ "* Executing arbitrary code during the build process, either via a custom Jekyll theme or vulnerabilities in the command-line Git tools when cloning or checking-out repositories" & @CRLF & _ "* Reading arbitrary files during the build process which discloses sensitive information, for example by misusing path traversal or symbolic links in a custom Jekyll theme" & @CRLF & _ "**Individual GitHub Pages sites hosted under `*.github.io` are out-of-scope.**" & @CRLF & _ "GitHub Production Credentials" & @CRLF & _ "GitHub, Inc. uses a mix of our own physical infrastructure, cloud platforms and third-party services to keep everything running smoothly. Keeping credentials and access tokens secure for these resources is paramount to the security of our employees and users." & @CRLF & _ "* Credentials allowing access to cloud services, package managers and other resources used by GitHub, Inc employees" & @CRLF & _ "* Credentials accidentally made public in repositories which allow access to GitHub, Inc resources. This does *not* include credentials exposed by our users and credentials which do not allow access to GitHub, Inc resources." & @CRLF & _ "* Credentials exposed by third-party services which allow access to GitHub, Inc resources" & @CRLF & _ "Please review our [guidance for handling PII](https://bounty.github.com/#handling_personally_identifiable_information_pii) before investigating credentials allowing access to GitHub, Inc resources. The reward amount is based on the impact of the leaked credential which will be determined by the GitHub Security team." & @CRLF & _ "GitHub for mobile" & @CRLF & _ "Bring GitHub collaboration tools to your small screens with [GitHub for mobile](https://github.com/mobile)." & @CRLF & _ "api.github.com" & @CRLF & _ "The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority." & @CRLF & _ "Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors." & @CRLF & _ "You can find the app at [https://api.github.com](https://api.github.com "https://api.github.com") and can find the API documentation at [https://developer.github.com](https://developer.github.com "https://developer.github.com")." & @CRLF & _ "classroom.github.com" & @CRLF & _ "education.github.com" & @CRLF & _ "GitHub Education offers a variety of tools to help educators and researchers work more effectively inside and outside of the classroom. More details are available at https://education.github.com/. GitHub Classroom is [open-source](https://github.com/education/classroom)" & @CRLF & _ "gist.github.com" & @CRLF & _ "Gist is one of the first products launched by GitHub after GitHub.com. It is a service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies." & @CRLF & _ "Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. For example, if you find a reflected XSS that is only possible in Opera, and Opera is \<2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, at \>60% of our traffic, will earn a much larger reward." & @CRLF & _ "You can find the app at [https://gist.github.com](https://gist.github.com "https://gist.github.com")." & @CRLF & _ "github.com" & @CRLF & _ "GitHub.com is our main web site. It is our most intricate application with a number of user inputs and access methods. GitHub.com is built on Ruby on Rails and leverages a number of Open Source technologies." & @CRLF & _ "You can find the app at [https://github.com](https://github.com "https://github.com")." & @CRLF & _ "npm CLI" & @CRLF & _ "npmjs.com" & @CRLF & _ "This is the domain for npm’s public-facing websites. All subdomains under npmjs.com are in scope." & @CRLF & _ "npmjs.org" & @CRLF & _ "This is the domain for npm’s registry, public-facing databases, and APIs. All subdomains under npmjs.org are in scope." & @CRLF & _ "*.simpletax.ca" & @CRLF & _ "*.wealthsimple.com" & @CRLF & _ "com.wealthsimple" & @CRLF & _ "com.wealthsimple.wealthsimple" & @CRLF & _ "https://github.com/mainwp/mainwp" & @CRLF & _ "We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation." & @CRLF & _ "We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha." & @CRLF & _ "https://github.com/mainwp/mainwp-child" & @CRLF & _ "*.district.in" & @CRLF & _ "*.edition.in" & @CRLF & _ "*.hyperpure.com" & @CRLF & _ "*.insider.in" & @CRLF & _ "*.runnr.in" & @CRLF & _ "*.ticketnew.com" & @CRLF & _ "*.tktnew.com" & @CRLF & _ "*.zdev.net" & @CRLF & _ "*.zomans.com" & @CRLF & _ "This domain is mainly used for internal applications that are hosted in AWS. Our area of interest is any issue that can potentially give anyone unrestricted access or expose internal or confidential data." & @CRLF & _ "*.zomato.com" & @CRLF & _ "434613896" & @CRLF & _ "Zomato: Food Delivery & Dining" & @CRLF & _ "All Assets (other than Blinkit)" & @CRLF & _ "Bounty table header" & @CRLF & _ "All District Assets (Other than Zomato, BlinkIT & Hyperpure)" & @CRLF & _ "All Zomato Assets (Other than BlinkIT & Hyperpure)" & @CRLF & _ "BlinkIT, Hyperpure assets (in scope)" & @CRLF & _ "api.grofers.com" & @CRLF & _ "api2.grofers.com" & @CRLF & _ "blinkit.com" & @CRLF & _ "com.application.zomato" & @CRLF & _ "com.grofers.customerapp" & @CRLF & _ "Blinkit's Customer Android App:" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.grofers.customerapp " & @CRLF & _ "http://*.grofer.io" & @CRLF & _ "http://*.grofers.com" & @CRLF & _ "winecellar.zomato.com" & @CRLF & _ "Tor" & @CRLF & _ "https://gitlab.torproject.org/tpo/core/tor" & @CRLF & _ "Supported versions for Tor can be found at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases." & @CRLF & _ "Tor Browser" & @CRLF & _ "https://gitlab.torproject.org/tpo/applications/tor-browser" & @CRLF & _ "It's a good start to look at the latest stable, alpha, and nightly builds. The former can be found at https://www.torproject.org/download/ and nightlies can be obtained via http://f4amtbsowhix7rrf.onion/tor-browser-builds/." & @CRLF & _ "*.binary.com" & @CRLF & _ "*.deriv.cloud" & @CRLF & _ "*.deriv.com" & @CRLF & _ "*.derivws.com" & @CRLF & _ "api.deriv.com" & @CRLF & _ "app.deriv.com" & @CRLF & _ "cashier.deriv.com" & @CRLF & _ "derivws.com" & @CRLF & _ "github.com/binary-com" & @CRLF & _ "github.com/deriv-com" & @CRLF & _ "oauth.deriv.com" & @CRLF & _ "secure-dfadmin.deriv.com" & @CRLF & _ "smarttrader.deriv.com" & @CRLF & _ "1005070636" & @CRLF & _ "-" & @CRLF & _ "589698942" & @CRLF & _ "com.fishbowlmedia.fishbowl" & @CRLF & _ "com.glassdoor.app" & @CRLF & _ "https://*.glassdoor.com/*" & @CRLF & _ "https://api.fishbowlapp.com/*" & @CRLF & _ "https://api.glassdoor.com/*" & @CRLF & _ "https://design.glassdoor.com/*" & @CRLF & _ "https://help.glassdoor.com/*" & @CRLF & _ "https://www.fishbowlapp.com/*" & @CRLF & _ "https://www.glassdoor.com/*" & @CRLF & _ "*.gotinder.com" & @CRLF & _ "*.tinder.com" & @CRLF & _ "*.tinderops.net" & @CRLF & _ "*.tinderwebstaging.com" & @CRLF & _ "*.tstaging.com" & @CRLF & _ "*.tstaging.tools" & @CRLF & _ "547702041" & @CRLF & _ "com.tinder" & @CRLF & _ "*.fetlife.com" & @CRLF & _ "fetlife.com" & @CRLF & _ "*.algolia.net" & @CRLF & _ "*.algolianet.com" & @CRLF & _ "dashboard.algolia.com" & @CRLF & _ "www.algolia.com" & @CRLF & _ "*.grab-sure.com" & @CRLF & _ "*.grab.co" & @CRLF & _ "*.grab.com" & @CRLF & _ "*.grabpay.com" & @CRLF & _ "*.grabtaxi.com" & @CRLF & _ "*.myteksi.com" & @CRLF & _ "*.myteksi.net" & @CRLF & _ "*.ovo.id" & @CRLF & _ "Staging/Development/UAT environments are considered out-of-scope, such as:" & @CRLF & _ "- *.byte-stack.net" & @CRLF & _ "- *.dududev" & @CRLF & _ "- *.uat-ovo.net" & @CRLF & _ "and other assets that might not be explicitly listed." & @CRLF & _ "*.taralite.com" & @CRLF & _ "and other assets that might not be explicitly listed" & @CRLF & _ "1142114207" & @CRLF & _ "OVO iOS application" & @CRLF & _ "https://apps.apple.com/ID/app/id1142114207" & @CRLF & _ "1257641454" & @CRLF & _ "Grab Driver" & @CRLF & _ "* Eligible for updated mobile Apps bounty rewards offering (up to $15,000 for a Critical vulnerability)" & @CRLF & _ "1343620481" & @CRLF & _ "GrabPay Merchant" & @CRLF & _ "647268330" & @CRLF & _ "Grab (iOS)" & @CRLF & _ "C100447517" & @CRLF & _ "Grab Superapp for Huawei Devices(using HMS)" & @CRLF & _ "https://appgallery.huawei.com/#/app/C100447517" & @CRLF & _ "C103149579" & @CRLF & _ "Grab Driver app for Huawei Devices(using HMS)" & @CRLF & _ "https://appgallery.huawei.com/#/app/C103149579" & @CRLF & _ "api.grabpay.com" & @CRLF & _ "**What it does:** Grab iOS and Android apps communicate with this service while you use Grab specifically for newer payment features. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at GrabPay." & @CRLF & _ "**What to look for:** Much like our external API, `api.grabpay.com` is a RESTful API performed over HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the `X-mts-ssid` header and look for authorization and access control issues, business logic and etc. Please keep in mind that you should only ever perform this testing against accounts you own, accessing any data not owned by you can result in disqualification. " & @CRLF & _ "**What it runs on:** Golang / Java" & @CRLF & _ "com.grab.merchant" & @CRLF & _ "com.grabpay.merchant" & @CRLF & _ "com.grabtaxi.driver2" & @CRLF & _ "com.grabtaxi.passenger" & @CRLF & _ "Grab (Android)" & @CRLF & _ "gamma.grab.co" & @CRLF & _ "gifts.grab.com" & @CRLF & _ "grab.careers" & @CRLF & _ "jira.grab.com" & @CRLF & _ "Please note that since this is a third-party application, most reports will typically be marked with a maximum of medium-severity (especially due to modifications not controlled by the Grab team, but by the vendor). In cases where the vulnerability is severe enough, such as an RCE, mass retrieval of personal information etc, we will review them on a case-by-case basis and will reward a bounty accordingly at our discretion." & @CRLF & _ "kartaview.org" & @CRLF & _ "manage.grab.co" & @CRLF & _ "ovo.id" & @CRLF & _ "OVO's Android App:" & @CRLF & _ "https://play.google.com/store/apps/details?id=ovo.id" & @CRLF & _ "*.byte-stack.net" & @CRLF & _ "*.dududev" & @CRLF & _ "*.uat-ovo.net and other assets that might not be explicitly listed." & @CRLF & _ "p.grabtaxi.com" & @CRLF & _ "**What it does:** Grab iOS and Android apps communicate with this service while you use Grab. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at Grab." & @CRLF & _ "**What to look for:** Much like our external API, p.grabtaxi.com is a RESTful API performed over certificate-pinned HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the X-mts-ssid header and look for authorization and access control issues, user enumeration, business logic etc. Please keep in mind that you should only ever perform this testing against accounts you own, failure to do so could result in ban from the program, which nobody wants!." & @CRLF & _ "**What it runs on:** Golang" & @CRLF & _ "wiki.grab.com" & @CRLF & _ "xtramile.grabpay.com" & @CRLF & _ "com.moneybird.Moneybird" & @CRLF & _ "com.moneybird.android" & @CRLF & _ "moneybird.com" & @CRLF & _ "moneybirdstorage.com" & @CRLF & _ "SSO_Saml_connector" & @CRLF & _ "https://support.dashlane.com/hc/en-us/articles/360014277880-Setting-up-the-SSO-Connector" & @CRLF & _ "Standalone Chrome extension" & @CRLF & _ "The standalone extension is available here : https://chrome.google.com/webstore/detail/dashlane-password-manager/fdjamakpfbbddfjaooikfcpapjohcfmg" & @CRLF & _ "api.dashlane.com" & @CRLF & _ "app.dashlane.com" & @CRLF & _ "com.dashlane" & @CRLF & _ "com.dashlane.dashlanephonefinal" & @CRLF & _ "console.dashlane.com" & @CRLF & _ "gehmmocbbkpblljhkekmfhjpfbkclbph" & @CRLF & _ "It's the standalone edge extension" & @CRLF & _ "https://microsoftedge.microsoft.com/addons/detail/dashlane-password-manag/gehmmocbbkpblljhkekmfhjpfbkclbph" & @CRLF & _ "https://www.dashlane.com/fr/directdownload-v2?os=OS_X_10_12_6&platform=website&target=launcher_macosx" & @CRLF & _ "Our OSX installer" & @CRLF & _ "https://www.dashlane.com/fr/directdownload-v2?os=none&platform=website&target=archive_win" & @CRLF & _ "Our windows installer" & @CRLF & _ "logs.dashlane.com" & @CRLF & _ "ws1.dashlane.com" & @CRLF & _ "www.dashlane.com" & @CRLF & _ "www.udemy.com" & @CRLF & _ "yourcompany.udemy.com" & @CRLF & _ "1174276185" & @CRLF & _ "You need an existing Zendesk Account to use the iOS app. Please sign up for an Account per the instructions in our program page. " & @CRLF & _ "Zendesk Support for iOS is built for agents, team leads, and managers on the move. It's a fast and secure productivity tool that gives you visibility to your account in real time. Get ahead of the day and keep things running by bringing the right people, conversations, and information together. Support for iOS is available for iPhone and iPad, so you can access Zendesk whether you're at your office or on the go! " & @CRLF & _ "488534576" & @CRLF & _ "https://apps.apple.com/us/app/base-crm-sales-tracking/id488534576" & @CRLF & _ "549057844" & @CRLF & _ "Zendesk Chat for iOS" & @CRLF & _ "com.futuresimple.base" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.futuresimple.base" & @CRLF & _ "com.zendesk.android" & @CRLF & _ "Zendesk Support for Android" & @CRLF & _ "com.zopim.android" & @CRLF & _ "Zendesk Chat for Android" & @CRLF & _ "developer.zendesk.com" & @CRLF & _ "This site hosts our documentation and API reference. " & @CRLF & _ "h1-your-domain.zendesk.com" & @CRLF & _ "The Zendesk Suite is the collection or our core Products. Reports in any of the following Products & services should be submitted here:" & @CRLF & _ "* Support, Agent Workspace & Ticketing systems - `/agent/`" & @CRLF & _ "* Admin center - `/admin/`" & @CRLF & _ "* [Our Public API's](https://www.postman.com/zendesk-redback/zendesk-public-api/overview) - `/api/`" & @CRLF & _ "* Authentication & Auxiliary functionality - `/auth/` and `/access/`" & @CRLF & _ "* Billing - `/billing/` " & @CRLF & _ "* Chat - `/chat/`" & @CRLF & _ "* Community Forum - `/collaboration/`" & @CRLF & _ "* Explore (Data & Analytics) - `/explore/`" & @CRLF & _ "* Help Centre - `/hc/`" & @CRLF & _ "* Other paths that are not explicitly listed in other parts of the scope. " & @CRLF & _ "More details can be found at https://support.zendesk.com/hc/en-us/articles/4408881937306-Getting-started-with-Zendesk-Suite-Introduction " & @CRLF & _ "http://h1-your-domain.zendesk.com/qa/" & @CRLF & _ "AutoQA analyzes every interaction – including with AI agents – then shows you which ones need extra support. You’ll spend less time hunting through a stack of tickets, and more time actually solving issues." & @CRLF & _ " All reports related to QA (`/qa/`) and sub-paths should be submitted here." & @CRLF & _ "We will also accept bounties for the legacy domains https://kibbles.klausapp.com & https://app.klausapp.com however note that you cannot create new accounts under these domains." & @CRLF & _ "[Setting up Zendesk QA – Zendesk help](https://support.zendesk.com/hc/en-us/sections/7162431070618-Setting-up-Zendesk-QA)" & @CRLF & _ "http://h1-your-domain.zendesk.com/sell" & @CRLF & _ "In this context, "h1-your-domain" is on your own personal testing account." & @CRLF & _ "http://h1-your-domain.zendesk.com/wfm/" & @CRLF & _ "Zendesk Workforce management (WFM) improves the predictability and efficiency of customer service organizations through its wide range of planning, scheduling and monitoring tools. All reports related to WFM (`/wfm/`) and sub-paths should be submitted here." & @CRLF & _ "[Zendesk Workforce management \(WFM\) resources](https://support.zendesk.com/hc/en-us/articles/6457209788442-Zendesk-Workforce-management-WFM-resources)" & @CRLF & _ "https://developer.zendesk.com/documentation/zendesk-sdks/#android" & @CRLF & _ "Zendesk Support SDK for Android" & @CRLF & _ "https://developer.zendesk.com/documentation/zendesk-sdks/#ios" & @CRLF & _ "Zendesk Support SDK for iOS " & @CRLF & _ "www.zendesk.com" & @CRLF & _ "zopim.com" & @CRLF & _ "business.kayak.com" & @CRLF & _ "com.kayak.android" & @CRLF & _ "The most recent version of this app is in scope" & @CRLF & _ "com.kayak.travel" & @CRLF & _ "www.cheapflights.com" & @CRLF & _ "including local versions: e.g. www.cheapflights.co.uk, www.cheapflights.com.au, etc. Please check https://www.kayak.com/global for full list of domains that belong to us." & @CRLF & _ "www.checkfelix.com" & @CRLF & _ "www.hotelscombined.com" & @CRLF & _ "including local versions: e.g. www.hotelscombined.com.au, www.hotelscombined.co.kr, etc. Please check https://www.kayak.com/global for full list of domains that belong to us." & @CRLF & _ "www.kayak.com" & @CRLF & _ "including localised versions: e.g. www.kayak.de, www.kayak.fr and www.kayak.co.uk, etc. Please check https://www.kayak.com/global for full list of domains that belong to us." & @CRLF & _ "www.momondo.com" & @CRLF & _ "including localised versions: e.g. www.momondo.dk, www.momondo.se, etc." & @CRLF & _ "www.mundi.com.br" & @CRLF & _ "www.swoodoo.com" & @CRLF & _ "*.hey.com" & @CRLF & _ "3.basecamp.com" & @CRLF & _ "Basecamp 3" & @CRLF & _ "Basecamp.app" & @CRLF & _ "Basecamp for Mac: https://basecamp.com/via#basecamp-for-your-mac-or-pc" & @CRLF & _ "HEY.app" & @CRLF & _ "HEY for macOS: https://hey.com/apps/" & @CRLF & _ "HEY.exe" & @CRLF & _ "HEY for Windows: https://www.microsoft.com/en-us/p/hey-mail/9pf08ljw7gw2" & @CRLF & _ "ONCE: Campfire" & @CRLF & _ "basecamp3.exe" & @CRLF & _ "Basecamp for Windows: https://basecamp.com/via#basecamp-for-your-mac-or-pc" & @CRLF & _ "com.basecamp.bc3" & @CRLF & _ "Basecamp for Android: https://basecamp.com/via#basecamp-for-ios-and-android-devices" & @CRLF & _ "com.basecamp.bc3-ios" & @CRLF & _ "Basecamp for iOS: https://basecamp.com/via#basecamp-for-ios-and-android-devices" & @CRLF & _ "com.basecamp.hey" & @CRLF & _ "HEY for Android: https://play.google.com/store/apps/details?id=com.basecamp.hey" & @CRLF & _ "com.hey.app.ios" & @CRLF & _ "HEY for iOS: https://apps.apple.com/us/app/hey-email/id1506603805" & @CRLF & _ "hey-mail" & @CRLF & _ "HEY for Linux: https://snapcraft.io/hey-mail/" & @CRLF & _ "launchpad.37signals.com" & @CRLF & _ "Launchpad" & @CRLF & _ "world.hey.com" & @CRLF & _ "*.shopify.com" & @CRLF & _ "Reports involving *.shopify.com are reviewed on a per case basis for bounty eligibility, this includes shopifycompass.com. Any services operated by a third party without a proof of concept demonstrating impact on *.myshopify.com users will likely be ineligible for a bounty. " & @CRLF & _ "*.shopify.io" & @CRLF & _ "*.shopify.io may include developer test or third party applications. If you are unsure about a domain and it looks like a test or third party application, please email us at bugbounty@shopify.com before spending time on it." & @CRLF & _ "*.shopifycloud.com" & @CRLF & _ "*.shopifycloud.com may include developer test or third party applications. For example, devdegree*.shopifycloud.com, vendorvoice.shopifycloud.com, nsolid-test-console.shopifycloud.com. These types of domains are not considered in scope and reports pertaining to them will be closed Informative. If you are unsure about a domain and it looks like a test application, please email us at bugbounty@shopify.com before spending time on it." & @CRLF & _ "*.shopifycs.com" & @CRLF & _ "Shopify's service for handling credit card data in a PCI compliant way." & @CRLF & _ "*.shopifykloud.com" & @CRLF & _ "Shopify Kloud includes all *.shopifykloud.com applications. Please note, there may be developer test or third party applications launched on the domain which may have low security implications for Shopify. If you are unsure about a subdomain on *.shopifykloud.com and it looks like a test application, email us at bugbounty AT shopify.com before spending time on it." & @CRLF & _ "Shopify Developed Apps" & @CRLF & _ "Shopify apps and sales channels means everything installed via the following link https://apps.shopify.com/collections/made-by-shopify " & @CRLF & _ "Shopify Mobile Applications" & @CRLF & _ "Android: https://play.google.com/store/apps/dev?id=8929232438554100687" & @CRLF & _ "iOS: https://itunes.apple.com/ca/developer/shopify-inc/id371294475" & @CRLF & _ "Note: any services operated by a third party without a proof of concept demonstrating impact on Shopify users will likely be ineligible for a bounty." & @CRLF & _ "accounts.shopify.com" & @CRLF & _ "admin.shopify.com" & @CRLF & _ "arrive-server.shopifycloud.com" & @CRLF & _ "https://github.com/Shopify/*" & @CRLF & _ "Public repositories available under the Shopify organization in Github." & @CRLF & _ "linkpop.com" & @CRLF & _ "partners.shopify.com" & @CRLF & _ "shop.app" & @CRLF & _ "shopify.plus" & @CRLF & _ "shopifyinbox.com" & @CRLF & _ "your-store.myshopify.com" & @CRLF & _ "Your development store hosted at `*.myshopify.com`. Create a development store by signing up at https://partners.shopify.com/" & @CRLF & _ "api.mapbox.com" & @CRLF & _ "Our APIs are the primary interface to Mapbox for many of our customers, and all actions a customer can take on their account run through them. " & @CRLF & _ "https://docs.mapbox.com/android/" & @CRLF & _ "[Maps SDK for Android](https://docs.mapbox.com/android/maps/overview/)" & @CRLF & _ "[Navigation SDK for Android](https://docs.mapbox.com/android/navigation/overview/)" & @CRLF & _ "https://docs.mapbox.com/api/" & @CRLF & _ "The Mapbox web services APIs allow for programmatic access to Mapbox tools and services." & @CRLF & _ "- [Accounts Service APIs](https://docs.mapbox.com/api/accounts/)" & @CRLF & _ "- [Maps Service APIs](https://docs.mapbox.com/api/maps/)" & @CRLF & _ "- [Navigation Service APIs](https://docs.mapbox.com/api/navigation/)" & @CRLF & _ "- [Search Service APIs](https://docs.mapbox.com/api/search/)" & @CRLF & _ "https://docs.mapbox.com/ios/maps/overview/" & @CRLF & _ "[Maps SDK for iOS](https://docs.mapbox.com/ios/maps/overview/)" & @CRLF & _ "https://github.com/mapbox" & @CRLF & _ "Mapbox has 700+ public Github repositories that are within scope, though only reports that can be actively exploited on Mapbox infrastructure will be eligible for a monetary bounty. " & @CRLF & _ "Submissions on assets containing the "Mapbox" name but not owned by Mapbox are not eligible for bounty. " & @CRLF & _ "Some repositories in the Mapbox GitHub organization may contain experimental code and are not eligible for a bounty. " & @CRLF & _ "* Please submit any open source security issues directly to HackerOne, do not open security-related issues on public Github repositories." & @CRLF & _ "* Please send any questions about the eligibility of an open source repository to security@mapbox.com. " & @CRLF & _ "A few of our popular open-source repositories: " & @CRLF & _ "[node-sqlite3](https://github.com/mapbox/node-sqlite3) | [node-pre-gyp](https://github.com/mapbox/node-pre-gyp) | [carmen](https://github.com/mapbox/carmen)" & @CRLF & _ "https://www.mapbox.com/mapbox-gl-js/" & @CRLF & _ "Mapbox GL JS is a JavaScript library that uses WebGL to render interactive maps from vector tiles and Mapbox styles. It is part of the Mapbox GL ecosystem, which includes Mapbox Mobile, a compatible renderer written in C++ with bindings for desktop and mobile platforms. " & @CRLF & _ "www.mapbox.com" & @CRLF & _ "- https://mapbox.com" & @CRLF & _ "- https://studio.mapbox.com/" & @CRLF & _ "- https://account.mapbox.com/" & @CRLF & _ "*.airbnb-aws.com" & @CRLF & _ "Lower Impact Scope" & @CRLF & _ "*.airbnb.com" & @CRLF & _ "Higher Impact Scope" & @CRLF & _ "*.airbnbcitizen.com" & @CRLF & _ "*.atairbnb.com" & @CRLF & _ "*.byairbnb.com" & @CRLF & _ "*.hoteltonight-test.com" & @CRLF & _ "*.hoteltonight.com" & @CRLF & _ "*.luxuryretreats.com" & @CRLF & _ "*.muscache.com" & @CRLF & _ "*.withairbnb.com" & @CRLF & _ "Localized airbnb sites listed at the link below:" & @CRLF & _ "**https://www.airbnb.com/sitemaps/localized**" & @CRLF & _ "api.airbnb.com" & @CRLF & _ "assets.airbnb.com" & @CRLF & _ "callbacks.airbnb.com" & @CRLF & _ "com.airbnb.android" & @CRLF & _ "com.airbnb.app" & @CRLF & _ "com.luxuryretreats.ios" & @CRLF & _ "m.airbnb.com" & @CRLF & _ "next.airbnb.com" & @CRLF & _ "omgpro.airbnb.com" & @CRLF & _ "one.airbnb.com" & @CRLF & _ "open.airbnb.com" & @CRLF & _ "support-api.airbnb.com" & @CRLF & _ "www.airbnb.com" & @CRLF & _ "www.hoteltonight.com" & @CRLF & _ "*.booking.com" & @CRLF & _ "if there's any vulnerabilities raised on this asset that are owned by a third party we will not be accepting those reports" & @CRLF & _ "*.fareharbor.com" & @CRLF & _ "*.fareharbor.engineering" & @CRLF & _ "*.rentalcars.com" & @CRLF & _ "accommodations.booking.com" & @CRLF & _ "account.booking.com" & @CRLF & _ "admin.booking.com" & @CRLF & _ "Incorrect permission check for different roles is out of scope." & @CRLF & _ "autocomplete.booking.com" & @CRLF & _ "booking.com" & @CRLF & _ "careers.booking.com" & @CRLF & _ "cars.booking.com" & @CRLF & _ "chat.booking.com" & @CRLF & _ "compass.fareharbor.com" & @CRLF & _ "demo.fareharbor.com" & @CRLF & _ "distribution-xml.booking.com" & @CRLF & _ "experiences.booking.com" & @CRLF & _ "fareharborsites.com" & @CRLF & _ "fhdn.fareharbor.com" & @CRLF & _ "flights.booking.com" & @CRLF & _ "http://secure-iphone-xml.booking.com/json/" & @CRLF & _ "https://apps.apple.com/us/app/booking-com-hotels-travel/id367003839" & @CRLF & _ "https://apps.apple.com/us/app/pulse-for-booking-com-partners/id992795726" & @CRLF & _ "https://iphone-xml.booking.com/json/" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.booking&hl=en" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.booking.hotelmanager&hl=en" & @CRLF & _ "https://secure-iphone-xml.booking.com/json/" & @CRLF & _ "indicative-pricing.taxi.booking.com" & @CRLF & _ "kyc-onboarding.booking.com" & @CRLF & _ "marketing.fareharbor.com" & @CRLF & _ "metasearch-api.booking.com" & @CRLF & _ "paybridge.booking.com" & @CRLF & _ "paymentcomponent.booking.com" & @CRLF & _ "paynotifications.booking.com" & @CRLF & _ "phone-validation.taxi.booking.com" & @CRLF & _ "portal.taxi.booking.com" & @CRLF & _ "readonly.fareharbor.com" & @CRLF & _ "secure-supply-xml.booking.com" & @CRLF & _ "secure.booking.com" & @CRLF & _ "sites.fareharbor.com" & @CRLF & _ "spark.fareharbor.com" & @CRLF & _ "supplier.auth.toag.booking.com" & @CRLF & _ "supply-xml.booking.com" & @CRLF & _ "tableau.fareharbor.engineering" & @CRLF & _ "taxi.booking.com" & @CRLF & _ "taxis.booking.com" & @CRLF & _ "teleport.fareharbor.engineering" & @CRLF & _ "webhooks.booking.com" & @CRLF & _ "widget.rentalcars.com" & @CRLF & _ "www.fareharbor.com" & @CRLF & _ "*.staging-airtableblocks.com" & @CRLF & _ "IMPORTANT: this domain is NOT eligible for stored XSS via building custom apps/blocks functionality." & @CRLF & _ "*.staging.airtable.com" & @CRLF & _ "airtable.js SDK (https://www.npmjs.com/package/airtable)" & @CRLF & _ "- Install `airtable.js` via `npm install airtable`" & @CRLF & _ "- Visit https://staging.airtable.com/account and generate an API key" & @CRLF & _ "- Create a new Javascript file and add the following lines:" & @CRLF & _ "```javascript" & @CRLF & _ "const Airtable = require('airtable');" & @CRLF & _ "const airtable = new Airtable({" & @CRLF & _ " apiKey: 'PUT YOUR API KEY HERE'," & @CRLF & _ " endpointUrl: 'https://api-staging.airtable.com', // IMPORTANT: you MUST set the endpointUrl attribute to this URL, or else you will be testing on airtable.com, which is out of scope" & @CRLF & _ "});" & @CRLF & _ "See https://staging.airtable.com/api for instructions on how to use the API, as well as [the source code on Github](https://github.com/airtable/airtable.js)" & @CRLF & _ "Please note that reports about outdated/vulnerable dependencies flagged by `npm audit` or `yarn audit` are **out of scope**. Vulnerabilities discovered via manual code audits are acceptable." & @CRLF & _ "api-staging.airtable.com" & @CRLF & _ "Go to https://staging.airtable.com/account to generate an API key. See https://staging.airtable.com/api for API documentation per base." & @CRLF & _ "staging.airtable.com" & @CRLF & _ "*.lightroom.adobe.com" & @CRLF & _ "Please refer to Lightroom Web Test Plan on how to access/test the environment." & @CRLF & _ "Adobe Commerce, Commerce B2B and Commerce Open Source" & @CRLF & _ "C2PA Tool" & @CRLF & _ "Please refer to Content Authenticity Initiative Test Plan on how to access/test the environment." & @CRLF & _ "ColdFusion" & @CRLF & _ "Please refer to ColdFusion Test Plan on how to access/test the environment." & @CRLF & _ "account.adobe.com" & @CRLF & _ "Please refer to IMS Test Plan on how to access/test the environment." & @CRLF & _ "account.magento.com" & @CRLF & _ "accounts.magento.cloud" & @CRLF & _ "acrobat.adobe.com" & @CRLF & _ "adobeid-na1.services.adobe.com" & @CRLF & _ "auth.services.adobe.com" & @CRLF & _ "com.adobe.Adobe-Reader" & @CRLF & _ "com.adobe.lrmobile" & @CRLF & _ "Lightroom" & @CRLF & _ "com.adobe.reader" & @CRLF & _ "com.adobe.scan.android" & @CRLF & _ "com.adobe.scan.ios" & @CRLF & _ "contributor.stock.adobe.com" & @CRLF & _ "firefly.adobe.com" & @CRLF & _ "http://federatedid-na1.services.adobe.com" & @CRLF & _ "http://ims-na1.adobelogin.com" & @CRLF & _ "https://contentcredentials.org/" & @CRLF & _ "https://github.com/contentauth/c2pa-js" & @CRLF & _ "https://github.com/contentauth/c2pa-rs" & @CRLF & _ "imagine.magento.com" & @CRLF & _ "learningmanager.adobe.com" & @CRLF & _ "Please refer to Adobe Learning Manager Test Plan on how to access/test the environment." & @CRLF & _ "magento.com" & @CRLF & _ "magentocommerce.com" & @CRLF & _ "magentolive.com" & @CRLF & _ "marketplace.magento.com" & @CRLF & _ "net.s2stagehance.com" & @CRLF & _ "Please refer to Behance Test Plan on how to access the environment." & @CRLF & _ "new.express.adobe.com" & @CRLF & _ "Please refer to Express Test Plan on how to access the environment." & @CRLF & _ "photoshop.adobe.com" & @CRLF & _ "Please refer to Photoshop Web Test Plan on how to access/test the environment." & @CRLF & _ "repo.magento.com" & @CRLF & _ "stock.adobe.com" & @CRLF & _ "u.magento.com" & @CRLF & _ "*.blockchain.com" & @CRLF & _ "1557515848" & @CRLF & _ "Blockchain.com Exchange App" & @CRLF & _ "https://apps.apple.com/us/app/blockchain-com-exchange/id1557515848" & @CRLF & _ "493253309" & @CRLF & _ "Blockchain.com Wallet App" & @CRLF & _ "https://itunes.apple.com/us/app/blockchain-wallet-bitcoin/id493253309" & @CRLF & _ "api.blockchain.info" & @CRLF & _ "com.blockchain.exchange" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.blockchain.exchange" & @CRLF & _ "piuk.blockchain.android" & @CRLF & _ "https://play.google.com/store/apps/details?id=piuk.blockchain.android" & @CRLF & _ "ws.blockchain.info" & @CRLF & _ "www.blockchain.info" & @CRLF & _ "*.ubnt.com" & @CRLF & _ "*.ui.com" & @CRLF & _ "AmpliFi" & @CRLF & _ "Cloudkey" & @CRLF & _ "EdgeMAX" & @CRLF & _ "UCRM" & @CRLF & _ "UFiber" & @CRLF & _ "UID" & @CRLF & _ "https://ui.com/uid" & @CRLF & _ "UNMS" & @CRLF & _ "UniFi" & @CRLF & _ "UniFi Access" & @CRLF & _ "UniFi Cloud" & @CRLF & _ "UniFi Gateways (UDM, UXG, USG)" & @CRLF & _ "UniFi LED" & @CRLF & _ "UniFi Network Application" & @CRLF & _ "UniFi Protect" & @CRLF & _ "UniFi Switches" & @CRLF & _ "UniFi Talk" & @CRLF & _ "UniFi Wireless Access Points" & @CRLF & _ "account.ui.com" & @CRLF & _ "airFiber" & @CRLF & _ "airMAX" & @CRLF & _ "careers.ui.com" & @CRLF & _ "com.ubnt.discovery.app" & @CRLF & _ "com.ubnt.easyunifi" & @CRLF & _ "com.ubnt.umobile" & @CRLF & _ "community.ui.com" & @CRLF & _ "design.ui.com" & @CRLF & _ "fw-update.ubnt.com" & @CRLF & _ "ispdesign.ui.com" & @CRLF & _ "rma.ui.com" & @CRLF & _ "store.ui.com" & @CRLF & _ "uisp.com" & @CRLF & _ "unifi.ui.com" & @CRLF & _ "*.sc-core.net" & @CRLF & _ "Snapchat's internal services" & @CRLF & _ "*.sc-corp.net" & @CRLF & _ "Lens Studio" & @CRLF & _ "Tier A - Core Assets" & @CRLF & _ "Tier B - Non Core (Bitmoji, Playcanvas)" & @CRLF & _ "accounts.snapchat.com" & @CRLF & _ "Snapchat's account management website. " & @CRLF & _ "ads.snapchat.com" & @CRLF & _ "app.snapchat.com" & @CRLF & _ "Main server-side application hosted on Google App Engine under the hostname feelinsonice-hrd.appspot.com and app.snapchat.com." & @CRLF & _ "blog.playcanvas.com" & @CRLF & _ "business.snapchat.com" & @CRLF & _ "Snapchat's Business Manager. " & @CRLF & _ "businesshelp.snapchat.com" & @CRLF & _ "Snapchat's Salesforce instance" & @CRLF & _ "code.playcanvas.com" & @CRLF & _ "com.bitstrips.imoji" & @CRLF & _ "[iOS App Store](https://itunes.apple.com/us/app/bitmoji-keyboard-your-avatar/id868077558)" & @CRLF & _ "[Google Play Store](https://play.google.com/store/apps/details?id=com.bitstrips.imoji)" & @CRLF & _ "com.snapchat.android" & @CRLF & _ "[Google Play Store](https://play.google.com/store/apps/details?id=com.snapchat.android)" & @CRLF & _ "com.toyopagroup.picaboo" & @CRLF & _ "[iOS App Store](https://itunes.apple.com/us/app/snapchat/id447188370?mt=8)" & @CRLF & _ "create.snapchat.com" & @CRLF & _ "Snapchat's Geofilter creation tool. " & @CRLF & _ "developer.playcanvas.com" & @CRLF & _ "forum.playcanvas.com" & @CRLF & _ "geofilters.snapchat.com" & @CRLF & _ "Snapchat's on-demand Geofilters purchase website. " & @CRLF & _ "https://lensstudio.snapchat.com/api/" & @CRLF & _ "kit.snapchat.com" & @CRLF & _ "SNAPKIT web application and SDKs" & @CRLF & _ "launch.playcanvas.com" & @CRLF & _ "login.playcanvas.com" & @CRLF & _ "map.snapchat.com" & @CRLF & _ "msg.playcanvas.com" & @CRLF & _ "my.snapchat.com" & @CRLF & _ "Snapchat's Spotlight on the web. " & @CRLF & _ "playcanv.as" & @CRLF & _ "playcanvas.com" & @CRLF & _ "relay.playcanvas.com" & @CRLF & _ "rt.playcanvas.com" & @CRLF & _ "scan.snapchat.com" & @CRLF & _ "Snapcode creation website" & @CRLF & _ "snappublisher.snapchat.com" & @CRLF & _ "Snapchat's publisher tool. " & @CRLF & _ "spectacles.com" & @CRLF & _ "Snapchat's spectacles purchase website. " & @CRLF & _ "store.playcanvas.com" & @CRLF & _ "store.snapchat.com" & @CRLF & _ "Snapchat's Bitmoji Merch Store" & @CRLF & _ "story.snapchat.com" & @CRLF & _ "web.snapchat.com" & @CRLF & _ "www.bitmoji.com" & @CRLF & _ "www.bitstrips.com" & @CRLF & _ "336381998" & @CRLF & _ "[Priceline iOS App](https://apps.apple.com/us/app/priceline-hotel-travel-deals/id336381998)" & @CRLF & _ "Penny" & @CRLF & _ "https://www.priceline.com/penny" & @CRLF & _ "admin.rezserver.com" & @CRLF & _ "**Policy Guidance**" & @CRLF & _ "We are not currently providing credentials for this asset." & @CRLF & _ "**Rules of Engagement**" & @CRLF & _ "- In request headers use 'hackerone-{your username}' for user-agent" & @CRLF & _ "- Keep low volume of requests - Automated testing is not permitted" & @CRLF & _ "- Do not Fuzz Contact forms" & @CRLF & _ "- Do not Fuzz "Request Account Activation" & "Request Product Activation"" & @CRLF & _ "- Do not Fuzz request for "Change Request under Sites" " & @CRLF & _ "- Do not modify other hacker_* user accounts under Hacker one test account" & @CRLF & _ "**Non-Qualifying Vulnerabilities and Exclusions**" & @CRLF & _ "- CSRF " & @CRLF & _ "api.rezserver.com" & @CRLF & _ "**Rezserver API**" & @CRLF & _ "_Policy Guidance_" & @CRLF & _ "_Rules_" & @CRLF & _ "- Don't use automated tools or scanners" & @CRLF & _ "- Don't DDoS" & @CRLF & _ "_Out of scope vulnerabilities_" & @CRLF & _ "- Missing best practices in HTTP header configuration." & @CRLF & _ "- Any activity that could lead to the disruption of our service (DoS)" & @CRLF & _ "- Missing best practices in SSL/TLS configuration" & @CRLF & _ "- Account/email enumeration issues" & @CRLF & _ "- Disclosure of software version numbers (we maintain forks of several tools, and apply security patches accordingly)" & @CRLF & _ "- Content Spoofing/Text Injection that cannot be leveraged for XSS or sensitive data disclosure" & @CRLF & _ "_Endpoints out of scope_" & @CRLF & _ "- Hotel: BookRequest" & @CRLF & _ "- Air: All endpoints" & @CRLF & _ "- Car: All endpoints" & @CRLF & _ "- Custom: All endpoints" & @CRLF & _ "com.priceline.android.negotiator" & @CRLF & _ "cruises.priceline.com" & @CRLF & _ "flyiin.com" & @CRLF & _ "press.priceline.com" & @CRLF & _ "priceline.com" & @CRLF & _ "reservations.rezserver.com" & @CRLF & _ "secure.rezserver.com" & @CRLF & _ "www.bookingholdings.com" & @CRLF & _ "www.getaroom.com" & @CRLF & _ "www.priceline.com" & @CRLF & _ "*.uberinternal.com" & @CRLF & _ "*ubereats.com" & @CRLF & _ "Includes all subdomains (*.ubereats.com) except subdomains listed in out of scope." & @CRLF & _ "Recon Data" & @CRLF & _ "Uber provides endpoints to determine whether an asset belongs to Uber:" & @CRLF & _ "https://appsec-analysis.uber.com/public/bugbounty/ListDomains" & @CRLF & _ "https://appsec-analysis.uber.com/public/bugbounty/ListIPs" & @CRLF & _ "All of the endpoints support offset and limit as optional parameters." & @CRLF & _ "Example: https://appsec-analysis.uber.com/public/bugbounty/ListDomains?offset=0&limit=100." & @CRLF & _ "The public endpoints for asset information are for recon purposes. Information returned by those endpoints (or not) does not mean a bounty is guaranteed." & @CRLF & _ "uber.com" & @CRLF & _ "Includes all subdomains (*.uber.com) except subdomains listed in out of scope. " & @CRLF & _ "*.yelp-support.com" & @CRLF & _ "*.yelp.com" & @CRLF & _ "*.yelpwifi.com" & @CRLF & _ "284910350" & @CRLF & _ "Yelp Mobile" & @CRLF & _ "542767785" & @CRLF & _ "Restaurant Manager iOS app" & @CRLF & _ "936983378" & @CRLF & _ "Yelp for Business Owners" & @CRLF & _ "com.yelp.android" & @CRLF & _ "Yelp Mobile for Android " & @CRLF & _ "com.yelp.android.biz" & @CRLF & _ "yelptop100.com" & @CRLF & _ "*.cloud.vimeo.com" & @CRLF & _ "Upload endpoints such as \ *.cloud.vimeo.com" & @CRLF & _ "*.livestream.com" & @CRLF & _ "*.magisto.com" & @CRLF & _ "**EXCEPTION** - Subdomains owned/controlled/managed/etc by a 3rd party." & @CRLF & _ "*.new.livestream.com" & @CRLF & _ "*.vhx.tv" & @CRLF & _ "**EXCEPT for community.vhx.tv, 3rd party sites and EXCEPT a single-customer configured site**" & @CRLF & _ "The vulnerability must affect every site in order to be valid." & @CRLF & _ "*.vimeo.com" & @CRLF & _ "See scope/program for more definitive information. Does not include 3rd parties under vimeo.com domain names. Subject to realization we missed one." & @CRLF & _ "1491791513" & @CRLF & _ "425194759" & @CRLF & _ "486781045" & @CRLF & _ "493086499" & @CRLF & _ "Livestream software (Producer, Studio)" & @CRLF & _ "Out of scope: any attacks of the install process, that require additional configuration files, dll, etc that are put onto the machine via virus, malware, confidence, etc." & @CRLF & _ "VHX Branded Customer Android Apps" & @CRLF & _ "**Vulnerabilities must affect ANY/ALL VHX branded Android apps and not just a single VHX customer app**" & @CRLF & _ "VHX Branded Customer Roku Apps" & @CRLF & _ "**Vulnerabilities must affect ANY/ALL VHX branded Roku apps and not just a single VHX customer app**" & @CRLF & _ "VHX Branded Customer iOS Apps" & @CRLF & _ "**Vulnerabilities must affect ANY/ALL VHX branded iOS apps and not just a single VHX customer app**" & @CRLF & _ "api.vhx.tv" & @CRLF & _ "api.vimeo.com" & @CRLF & _ "applause1.magisto.com" & @CRLF & _ "channelstore.roku.com/details/48061/vhx" & @CRLF & _ "Roku App" & @CRLF & _ "checkout.vimeo.com" & @CRLF & _ "This is an S3 bucket behind a CDN. We will be responsible for things WE can control about this (Content, S3 permissions, CDN headers, etc). For items beyond our control, those are not in scope." & @CRLF & _ "com.livestream.livestream" & @CRLF & _ "com.magisto" & @CRLF & _ "com.vimeo.android.videoapp" & @CRLF & _ "com.vimeocreate.videoeditor.moviemaker" & @CRLF & _ "donations.livestream.com" & @CRLF & _ "embed.vhx.tv" & @CRLF & _ "http://vimeo.com/api" & @CRLF & _ "Legacy API endpoints such as vimeo.com/api" & @CRLF & _ "http://vimeo.com/create" & @CRLF & _ "http://vimeo.com/ondemand" & @CRLF & _ "Vimeo On Demand hosted sites: https://vimeo.com/ondemand" & @CRLF & _ "magisto.com,www.magisto.com" & @CRLF & _ "player.vimeo.com" & @CRLF & _ "staging.magisto.com" & @CRLF & _ "vhx.tv" & @CRLF & _ "The VHX homepage at vhx.tv redirects to a login page at ott.vimeo.com. Please submit these reports to the VHX program." & @CRLF & _ "vimeo.magisto.com" & @CRLF & _ "Only as it integrates with Vimeo. For anything about it itself, please report on the Magisto program" & @CRLF & _ "vimeopro.com" & @CRLF & _ "Vimeo Pro portfolios hosted on vimeopro.com" & @CRLF & _ "www.livestream.com" & @CRLF & _ "www.vimeo.com" & @CRLF & _ "288429040" & @CRLF & _ "api.linkedin.com" & @CRLF & _ "business.linkedin.com" & @CRLF & _ "com.linkedin.android" & @CRLF & _ "www.linkedin.com" & @CRLF & _ "api.greenhouse.io" & @CRLF & _ "Documentation:" & @CRLF & _ "https://developers.greenhouse.io/harvest.html" & @CRLF & _ "https://developers.greenhouse.io/job-board.html#retrieve-a-department" & @CRLF & _ "app.greenhouse.io" & @CRLF & _ "app.interseller.io" & @CRLF & _ "Please do not spam the payment form as this is manage by a third party and is out of scope for testing. Vulnerabilities related to paywall bypass are out of scope. " & @CRLF & _ "boards.greenhouse.io" & @CRLF & _ "interseller.io" & @CRLF & _ "This is a Marketing website and will produce less bounties than the actual product application" & @CRLF & _ "jss.greenhouse.io" & @CRLF & _ "onboarding.greenhouse.io" & @CRLF & _ "support.greenhouse.io" & @CRLF & _ "www.greenhouse.io" & @CRLF & _ "*.gitlab.net" & @CRLF & _ "Hosts owned and operated by GitLab." & @CRLF & _ "*.gitlab.org" & @CRLF & _ "*.gitlap.com" & @CRLF & _ "Hosts owned and operated by GitLab. gitla**p** with a p!" & @CRLF & _ "GitLab for Jira Cloud" & @CRLF & _ "Other non-production infrastructure" & @CRLF & _ "Hosts owned and operated by GitLab other than gitlab.com itself and our static websites." & @CRLF & _ "Your Own GitLab Instance" & @CRLF & _ "about.gitlab.com" & @CRLF & _ "There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable." & @CRLF & _ "advisories.gitlab.com" & @CRLF & _ "customers.gitlab.com" & @CRLF & _ "Server-side Denial of Service is out of scope as per our Policy." & @CRLF & _ "design.gitlab.com" & @CRLF & _ "docs.gitlab.com" & @CRLF & _ "gitlab.com" & @CRLF & _ "https://gitlab.com/gitlab-org/gitaly" & @CRLF & _ "https://gitlab.com/gitlab-org/gitlab" & @CRLF & _ "https://gitlab.com/gitlab-org/gitlab-pages" & @CRLF & _ "https://gitlab.com/gitlab-org/gitlab-runner" & @CRLF & _ "https://gitlab.com/gitlab-org/gitlab-shell" & @CRLF & _ "https://gitlab.com/gitlab-org/gitlab-vscode-extension" & @CRLF & _ "https://gitlab.com/gitlab-org/opstrace/opstrace" & @CRLF & _ "registry.gitlab.com" & @CRLF & _ "*.twimg.com" & @CRLF & _ "*.twitter.com" & @CRLF & _ "*.vine.co" & @CRLF & _ "*.x.ai" & @CRLF & _ "*.x.com" & @CRLF & _ "com.atebits.Tweetie2" & @CRLF & _ "com.twitter.android" & @CRLF & _ "gnip.com" & @CRLF & _ "x.com" & @CRLF & _ "GitHub repositories" & @CRLF & _ "[Any _**source**_ repository on my Github account](https://github.com/iandunn?tab=repositories&type=source), _**except**_ for the ones marked as **archived**. " & @CRLF & _ "Forks are not in-scope, please report any issues with those upstream. Archived repos are not maintained." & @CRLF & _ "This refers to the source code in the repositories listed on that page, **not** to the github.com website itself. You can report potential vulnerabilities in github.com to [them](https://github.com/security)." & @CRLF & _ "WordPress.org plugins" & @CRLF & _ "[Any plugin listed on my WordPress.org profile](https://profiles.wordpress.org/iandunn#content-plugins) is within scope, **except** for these:" & @CRLF & _ "* Email Post Changes and Jetpack should be submitted to [Automattic](https://hackerone.com/automattic) instead." & @CRLF & _ "* CampTix, CampTix Network Tools, P2 New Post Categories, Tagregator, and SupportFlow should be submitted to [WordPress](https://hackerone.com/wordpress) instead, because they're [Meta team](https://make.wordpress.org/meta/) projects." & @CRLF & _ "* Manage Tags Capabilities is not covered, since I don't have commit access to it." & @CRLF & _ "This refers to the source code of the plugins listed on that page, **not** to the wordpress.org website itself. You can report potential vulnerabilities in wordpress.org to [their program](/wordpress)." & @CRLF & _ "*.cloudflare.com" & @CRLF & _ "Excluding support.cloudflare.com, community.cloudflare.com and other SaaS applications" & @CRLF & _ "*.cloudflarepartners.com" & @CRLF & _ "*.teams.cloudflare.com" & @CRLF & _ "1.1.1.1 Resolver" & @CRLF & _ "A blazing fast DNS resolver built for private browsing." & @CRLF & _ "https://1.1.1.1/" & @CRLF & _ "https://developers.cloudflare.com/1.1.1.1/what-is-1.1.1.1/" & @CRLF & _ "https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/" & @CRLF & _ "AI Gateway" & @CRLF & _ "https://developers.cloudflare.com/ai-gateway/" & @CRLF & _ "AMP Real URL" & @CRLF & _ "https://developers.cloudflare.com/speed/optimization/other/amp-real-url/" & @CRLF & _ "API Shield" & @CRLF & _ "https://developers.cloudflare.com/api-shield/" & @CRLF & _ "Area 1" & @CRLF & _ "Bot Management" & @CRLF & _ "Cloudflare enables you to manage bots with speed and accuracy by applying several detection methods: Behavioral analysis, machine learning, and fingerprinting." & @CRLF & _ "https://www.cloudflare.com/products/bot-management/" & @CRLF & _ "Browser Isolation" & @CRLF & _ "https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/" & @CRLF & _ "CDNJS" & @CRLF & _ "CDNJS is a free and open source project to organize and provide popular front-end web development resources to developers via a fast CDN infrastructure without usage limitations and fees." & @CRLF & _ "https://github.com/cdnjs/cdnjs" & @CRLF & _ "https://blog.cloudflare.com/an-update-on-cdnjs/" & @CRLF & _ "China Network" & @CRLF & _ "https://developers.cloudflare.com/china-network/" & @CRLF & _ "Cloudflare Access" & @CRLF & _ "Cloudflare Access is an application that controls access to your sites and integrates with social and enterprise identity providers (IdP) for managing user credentials." & @CRLF & _ "https://www.cloudflare.com/products/cloudflare-access/" & @CRLF & _ "Cloudflare Analytics" & @CRLF & _ "https://developers.cloudflare.com/analytics/" & @CRLF & _ "Cloudflare CASB" & @CRLF & _ "Cloudflare's cloud access security broker (CASB) service gives comprehensive visibility and control over SaaS apps, so you can easily prevent data leaks and compliance violations. With Zero Trust security, block insider threats, Shadow IT, risky data sharing, and bad actors." & @CRLF & _ "https://www.cloudflare.com/products/zero-trust/casb/" & @CRLF & _ "Cloudflare Cache " & @CRLF & _ "https://developers.cloudflare.com/cache/" & @CRLF & _ "Cloudflare D1" & @CRLF & _ "https://blog.cloudflare.com/introducing-d1/" & @CRLF & _ "Cloudflare DNS" & @CRLF & _ "Cloudflare Durable Objects" & @CRLF & _ "https://developers.cloudflare.com/durable-objects/" & @CRLF & _ "Cloudflare Pages" & @CRLF & _ "https://developers.cloudflare.com/pages" & @CRLF & _ "Cloudflare R2" & @CRLF & _ "https://blog.cloudflare.com/r2-open-beta/" & @CRLF & _ "Cloudflare Tunnel" & @CRLF & _ "Cloudflare Tunnel offers an easy way to expose web servers securely to the internet, without opening up firewall ports and configuring ACLs." & @CRLF & _ "https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/" & @CRLF & _ "Cloudflare Workers CI" & @CRLF & _ "Cloudflare Zaraz" & @CRLF & _ "https://developers.cloudflare.com/zaraz/" & @CRLF & _ "Cloudflare Zero Trust/Cloudflare One" & @CRLF & _ "Data Loss Prevention (DLP)" & @CRLF & _ "https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/" & @CRLF & _ "Gateway" & @CRLF & _ "https://developers.cloudflare.com/cloudflare-one/policies/gateway/" & @CRLF & _ "Hyperdrive" & @CRLF & _ "https://developers.cloudflare.com/hyperdrive/" & @CRLF & _ "Images" & @CRLF & _ "https://developers.cloudflare.com/speed/optimization/images/#image-optimization" & @CRLF & _ "Load Balancing" & @CRLF & _ "Cloudflare's Load Balancing automatically reduces latency by directing visitors to infrastructure closest to them." & @CRLF & _ "https://www.cloudflare.com/load-balancing/" & @CRLF & _ "Magic Firewall" & @CRLF & _ "https://developers.cloudflare.com/magic-firewall/" & @CRLF & _ "Magic Transit" & @CRLF & _ "Magic Transit is a software-defined networking product that offers IP transit with DDoS protection, next-gen firewall, traffic acceleration and more for your on-premise and data center networks from a single, easy-to-use interface." & @CRLF & _ "https://www.cloudflare.com/magic-transit/" & @CRLF & _ "Magic WAN" & @CRLF & _ "https://developers.cloudflare.com/magic-wan/" & @CRLF & _ "Open source tools from Cloudflare" & @CRLF & _ "https://github.com/cloudflare" & @CRLF & _ "SSL/TLS" & @CRLF & _ "https://developers.cloudflare.com/ssl/" & @CRLF & _ "Spectrum" & @CRLF & _ "Spectrum extends the power of Cloudflare's DDoS, TLS, and IP Firewall to TCP and UDP-based services, keeping them online and secure." & @CRLF & _ "https://www.cloudflare.com/products/cloudflare-spectrum/" & @CRLF & _ "Stream" & @CRLF & _ "Cloudflare Stream is an easy-to-use, affordable, on-demand video streaming platform. Stream seamlessly integrates video storage, encoding, and a customizable player with Cloudflare’s fast, secure, and reliable global network." & @CRLF & _ "https://www.cloudflare.com/products/cloudflare-stream/" & @CRLF & _ "Turnstile" & @CRLF & _ "https://developers.cloudflare.com/turnstile/" & @CRLF & _ "Vectorize" & @CRLF & _ "https://developers.cloudflare.com/vectorize/" & @CRLF & _ "WARP Mobile Apps" & @CRLF & _ "Download on Android: https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone" & @CRLF & _ "Download on iOS: https://itunes.apple.com/us/app/1-1-1-1-faster-internet/id1423538627" & @CRLF & _ "WARP is a free VPN for mobile phones. The app can be used as a 1.1.1.1 DNS resolver or VPN or our premium paid service Warp+. It works on wireguard protocol. See documentation section for more details." & @CRLF & _ "Areas of interest:" & @CRLF & _ "Can other apps snoop with Warp" & @CRLF & _ "Downgrade of connections" & @CRLF & _ "Misconfiguration in the apps or backend" & @CRLF & _ "MITM attacks" & @CRLF & _ "Using WARP+ features without paying" & @CRLF & _ "WARP desktop client" & @CRLF & _ "Cloudflare Zero Trust client applications releases on Windows, Linux and MacOS" & @CRLF & _ "Waiting Room" & @CRLF & _ "https://developers.cloudflare.com/waiting-room/" & @CRLF & _ "Workers" & @CRLF & _ "https://developers.cloudflare.com/workers/" & @CRLF & _ "Workers AI" & @CRLF & _ "https://developers.cloudflare.com/workers-ai/" & @CRLF & _ "Workers KV" & @CRLF & _ "https://developers.cloudflare.com/kv/" & @CRLF & _ "api.cloudflare.com" & @CRLF & _ "cloudflareworkers.com" & @CRLF & _ "This is a Cloudflare Workers test site." & @CRLF & _ "Cloudflare Workers provides a lightweight JavaScript execution environment that allows developers to augment existing applications or create entirely new ones without configuring or maintaining infrastructure." & @CRLF & _ "https://www.cloudflare.com/products/cloudflare-workers/" & @CRLF & _ "dash.cloudflare.com" & @CRLF & _ "The Cloudflare dashboard (https://dash.cloudflare.com/) and any direct calls from the dashboard to other Cloudflare owned resources are considered in scope." & @CRLF & _ "http://github.com/cloudflare" & @CRLF & _ "https://github.com/cloudflare/workerd" & @CRLF & _ "one.dash.cloudflare.com" & @CRLF & _ "waf.cumulusfire.net" & @CRLF & _ "This domain must be used for testing WAF bypasses." & @CRLF & _ "*.srvcs.tumblr.com" & @CRLF & _ "*.tumblr.com" & @CRLF & _ "**The Blog Network**" & @CRLF & _ "*Note: Blogs are cached for 1 minute after first request (60s from first request); content is re-loaded into cache when a new request is submitted after the 61st second.*" & @CRLF & _ "How to identify you are looking at the Blog Network:" & @CRLF & _ "* Header: `X-tumblr-user` can be used to identify if the domain is a blog on the Blog Network" & @CRLF & _ "* View the domain in a browser, there will be a Tumblr banner visible. " & @CRLF & _ "Exclusions for this asset:" & @CRLF & _ "* JavaScript is allowed; XSS is excluded from eligibility." & @CRLF & _ "* Pages can be framed; Clickjacking or other X-Frame-Options attacks are excluded from eligibility." & @CRLF & _ "Crowdsignal" & @CRLF & _ "Any issues on https://crowdsignal.com/, and or Crowdsignal WordPress plugins" & @CRLF & _ "Jetpack" & @CRLF & _ "Any issues related to the Jetpack plugin https://github.com/Automattic/jetpack and/or https://jetpack.com/" & @CRLF & _ "WooCommerce" & @CRLF & _ "Any security issues on the WordPress WooCommerce plugin (https://wordpress.org/plugins/woocommerce/) and/or https://woocommerce.com/" & @CRLF & _ "WordPress Plugins & Themes" & @CRLF & _ "Any security issue found on any WordPress plugin or theme that's **maintained/created by Automattic**." & @CRLF & _ "This includes but is not limited to" & @CRLF & _ "- WP-Supercache (https://wordpress.org/plugins/wp-super-cache/)" & @CRLF & _ "- WP-Job-Manager (https://github.com/Automattic/WP-Job-Manager)" & @CRLF & _ "- Sensei LMS (https://github.com/Automattic/sensei)" & @CRLF & _ "See https://profiles.wordpress.org/automattic/ for more details" & @CRLF & _ "WordPress.com VIP" & @CRLF & _ "Any issue in the WordPress.com VIP infrastructure, WordPress plugins, or client sites." & @CRLF & _ "akismet.com" & @CRLF & _ "Any issues on https://akismet.com/, or the Akismet WordPress plugin." & @CRLF & _ "api.tumblr.com" & @CRLF & _ "assets.tumblr.com" & @CRLF & _ "com.tumblr" & @CRLF & _ "- Minimum OS version: API 21" & @CRLF & _ "- API keys in code" & @CRLF & _ "- Certificate pinning" & @CRLF & _ "com.tumblr.tumblr" & @CRLF & _ "- Minimum OS version: iOS 11" & @CRLF & _ "embed.tumblr.com" & @CRLF & _ "gravatar.com" & @CRLF & _ "intensedebate.com" & @CRLF & _ "mailpoet.com" & @CRLF & _ "Any issue in https://www.mailpoet.com/, or the MailPoet WordPress plugin." & @CRLF & _ "my.pressable.com" & @CRLF & _ "safe.tumblr.com" & @CRLF & _ "secure.tumblr.com" & @CRLF & _ "simperium.com" & @CRLF & _ "simplenote.com" & @CRLF & _ "t.umblr.com" & @CRLF & _ "wordpress.com" & @CRLF & _ "www.tumblr.com" & @CRLF & _ "*.irccloud-cdn.com" & @CRLF & _ "Please note that this domain hosts user-uploaded files which are intentionally public for sharing on IRC. These do not constitute an information disclosure vulnerability and reports will be closed as "Not Applicable"." & @CRLF & _ "*.irccloud.com" & @CRLF & _ "In particular IRC connection hosts listed here: https://www.irccloud.com/networks" & @CRLF & _ "api.irccloud.com" & @CRLF & _ "blog.irccloud.com" & @CRLF & _ "com.irccloud.IRCCloud" & @CRLF & _ "The iOS app is open source, decompilation issues are not eligible https://github.com/irccloud/ios" & @CRLF & _ "Vulnerabilities requiring local or root access to a device are also not eligible." & @CRLF & _ "com.irccloud.android" & @CRLF & _ "The Android app is open source, decompilation issues are not eligible https://github.com/irccloud/android" & @CRLF & _ "https://github.com/irccloud/android" & @CRLF & _ "https://github.com/irccloud/ios" & @CRLF & _ "irc.irccloud.com" & @CRLF & _ "Support IRC network." & @CRLF & _ "irccloud.com" & @CRLF & _ "team-irc.irccloud.com" & @CRLF & _ "Private team IRC servers" & @CRLF & _ "www.irccloud.com" & @CRLF & _ "*.base.org" & @CRLF & _ "*.cbhq.net" & @CRLF & _ "*.coinbase.com" & @CRLF & _ "54.175.255.192/27" & @CRLF & _ "Coinbase WaaS (Wallet as a Service)" & @CRLF & _ "Documentation: https://www.coinbase.com/cloud/products/waas" & @CRLF & _ "Applications that may have been missed as a part of our standard scope; this will be assessed on a by submission basis. " & @CRLF & _ "Web3 Smart Contracts" & @CRLF & _ "api.coinbase.com" & @CRLF & _ "api.custody.coinbase.com" & @CRLF & _ "Please see the instructions for the custody.coinbase.com asset on how to get an account." & @CRLF & _ "cloud.coinbase.com" & @CRLF & _ "coinbase.com" & @CRLF & _ "com.coinbase.android" & @CRLF & _ "com.coinbase.ios" & @CRLF & _ "com.coinbase.wallite" & @CRLF & _ "commerce.coinbase.com" & @CRLF & _ "custody.coinbase.com" & @CRLF & _ "* **[Coinbase Custody - Institutional User Roles Overview](https://hackerone.app.box.com/s/l8rqfuv0xgaf15nwdzmffvsrxjm6vr8n)**" & @CRLF & _ "* **[Custody API Documentation](https://docs.custody.coinbase.com/)**" & @CRLF & _ "http://coinbase.com" & @CRLF & _ "https://base.org" & @CRLF & _ "https://chrome.google.com/webstore/detail/coinbase-wallet-extension/hnfanknocfeofbddgcijnmhnfnkdnaad" & @CRLF & _ "institutional.coinbase.com" & @CRLF & _ "international.coinbase.com" & @CRLF & _ "nft.coinbase.com" & @CRLF & _ "org.toshi" & @CRLF & _ "org.toshi.distribution" & @CRLF & _ "prime.coinbase.com" & @CRLF & _ "pro.coinbase.com" & @CRLF & _ "*.quip.com" & @CRLF & _ "Only accepting Critical reports 2023-12-01 to 2025-02-01" & @CRLF & _ "647922896" & @CRLF & _ "itunes.apple.com/us/app/quip-docs-chat-sheets/id647922896" & @CRLF & _ "Slack Desktop Application" & @CRLF & _ "api.slack.com" & @CRLF & _ "The Slack API" & @CRLF & _ "app.slack.com" & @CRLF & _ "com.Slack" & @CRLF & _ "com.quip.quip" & @CRLF & _ "Only accepting Critical reports 2023-12-01 to 2025-02-01." & @CRLF & _ "com.slack.slackmdm" & @CRLF & _ "Reports are accepted for vulnerabilities specific to the [Slack EMM/MDM version of the app](https://apps.apple.com/us/app/slack-for-emm/id1254292716)." & @CRLF & _ "EMM client vulnerabilities in the absence of a valid MDM configuration via a supported MDM provider, (such as MobileIron), on an EMM-enabled Slack team are excluded." & @CRLF & _ "com.tinyspeck.chatlyio" & @CRLF & _ "The main Slack app is included: [Slack iOS App](https://apps.apple.com/us/app/slack/id618783545)" & @CRLF & _ "Other versions of the app, such as the EMM and Intune versions, are not included." & @CRLF & _ "edgeapi.slack.com" & @CRLF & _ "https://github.com/slackhq/nebula" & @CRLF & _ "https://salesforce.quip.com/blog/desktop" & @CRLF & _ "slack-imgs.com" & @CRLF & _ "slack-redir.net" & @CRLF & _ "slack-status.com" & @CRLF & _ "slack.com" & @CRLF & _ "The slack.com site and application." & @CRLF & _ "slackatwork.com" & @CRLF & _ "slackb.com" & @CRLF & _ "spaces.pm" & @CRLF & _ "www.quip.com" & @CRLF & _ "https://github.com/rails/rails" & @CRLF & _ "*.vpn.hackerone.net" & @CRLF & _ "The HackerOne hacker VPN is used by hackers and HackerOne personnel. We'd be most interested in vulnerabilities that allow you to route traffic to other clients (lack of client isolation), routing traffic to internal HackerOne / Amazon networks, and bypassing [sslsplit](https://github.com/droe/sslsplit). Traffic routed through the VPN will originate from `66.232.20.0/23` or `206.166.248.0/23` (HackerOne netblocks). The VPN is based on OpenVPN." & @CRLF & _ "206.166.248.0/23" & @CRLF & _ "This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we're interested in." & @CRLF & _ "66.232.20.0/23" & @CRLF & _ "a5s.hackerone-ext-content.com" & @CRLF & _ "This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party." & @CRLF & _ "api.hackerone.com" & @CRLF & _ "This is our public API that customers use to read and interact with reports. To look for vulnerabilities in this asset, create a sandboxed program, select HackerOne Professional or HackerOne Enterprise in the Product Edition settings page, and create an API token. This system’s backend is written in Ruby, converts the request to a GraphQL query, and serializes the GraphQL result to JSON." & @CRLF & _ "app.pullrequest.com" & @CRLF & _ "Please use your `@wearehackerone.com` email address when signing up." & @CRLF & _ "b5s.hackerone-ext-content.com" & @CRLF & _ "cover-photos-us-east-2.hackerone-user-content.com" & @CRLF & _ "This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object." & @CRLF & _ "cover-photos.hackerone-user-content.com" & @CRLF & _ "ctf.hacker101.com" & @CRLF & _ "The Hacker101 CTF domain, ctf.hacker101.com, is not connected to HackerOne's production environment. It is hosted on Amazon AWS. Users authenticate through HackerOne.com (OAuth). The maximum bounty for any vulnerability on this asset is $500 right now. The CTF challenges itself are not in scope for our bug bounty program." & @CRLF & _ "errors.hackerone.net" & @CRLF & _ "A separate domain that we use to capture information of client and server side exceptions." & @CRLF & _ "hackathon-photos-us-east-2.hackerone-user-content.com" & @CRLF & _ "hackathon-photos.hackerone-user-content.com" & @CRLF & _ "hackerone-ext-content.com" & @CRLF & _ "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com" & @CRLF & _ "This is an Amazon S3 bucket that contains attachments of reports and activities. These attachments may contain confidential information. A signed request is required to download an object." & @CRLF & _ "hackerone-user-content.com" & @CRLF & _ "hackerone.com" & @CRLF & _ "This is our main application that hackers and customers use to interact with each other. It connects with a database that contains information about vulnerability reports, users, and programs. This system’s backend is written in Ruby and exposes data to the client through GraphQL, rendered pages, and JSON endpoints." & @CRLF & _ "hackerone.live" & @CRLF & _ "https://*.hackerone-ext-content.com" & @CRLF & _ "https://*.hackerone-user-content.com/" & @CRLF & _ "mta-sts.wearehackerone.com" & @CRLF & _ "profile-photos-us-east-2.hackerone-user-content.com" & @CRLF & _ "profile-photos.hackerone-user-content.com" & @CRLF & _ "reviewer.pullrequest.com" & @CRLF & _ "www.hackerone.com" & @CRLF & _ "This is our marketing website. It does not contain any report or customer information. It may store information about hackers, such as information collected through the [penetration tester sign up form](https://www.hackerone.com/hackers/pentest-community-application). The website runs Drupal with a few customizations." & @CRLF & _ "www.wearehackerone.com" & @CRLF & _ "*.agilebits.com" & @CRLF & _ "null" & @CRLF & _ "All other domains, subdomains, and 1Password Accounts that are not owned by you, including accounts where you are a user but not the owner, are out of scope." & @CRLF & _ "https://support.1password.com" & @CRLF & _ "https://www.1password.com/" & @CRLF & _ "*.zipbooks.com" & @CRLF & _ "Zipbooks related assets" & @CRLF & _ "blog.ishosting.com" & @CRLF & _ "help.ishosting.com" & @CRLF & _ "" & @CRLF & _ "https://*.amazonaws.com/*" & @CRLF & _ "db.*.supabase.co" & @CRLF & _ "Supabase database domains belonging to our customers." & @CRLF & _ "Test only domains belonging to your own account. Domains that are part of your account are in-scope" & @CRLF & _ "https://*.supabase.co" & @CRLF & _ "Supabase Product APIs and database domains belonging to our customers." & @CRLF & _ "https://api.supabase.com/platform/pg-meta/project_id/query" & @CRLF & _ "This is intended to take raw SQL queries. This end-point is not "SQL injectable". The ability to escalate privileges via this end-point is a valid issue, but executing SQL is not." & @CRLF & _ "https://github.com/supabase-community/" & @CRLF & _ "https://supabase.dev/" & @CRLF & _ "Supabase Contributor Portal - Guide for contributing to Supabase" & @CRLF & _ "https://supabase.productions/" & @CRLF & _ "The official Supabase album" & @CRLF & _ "auth.finnair.com" & @CRLF & _ "Please note, that this assets is out of the program scope." & @CRLF & _ "x.com" & @CRLF & _ "Anything discovered with any of Circle's published media is out of scope." & @CRLF & _ "youtube.com" & @CRLF & _ "www.advisoryworld.com" & @CRLF & _ "The specific URL www.advisoryworld.com is out of scope. However, reports on other AdvisoryWorld sites are welcome." & @CRLF & _ "Security vulnerabilities that are identified in Peloton products or in website domains owned, operated, or controlled by Peloton that are not listed above are OOS" & @CRLF & _ "*.varonis-preprod.com" & @CRLF & _ "All other assets" & @CRLF & _ "issue-management.iontrading.com" & @CRLF & _ "*.nimiq.com" & @CRLF & _ "Blockchain testnet" & @CRLF & _ "https://github.com/nimiq/core-js/" & @CRLF & _ "https://github.com/nimiq/core-rs/" & @CRLF & _ "https://github.com/nimiq/ledger-app-nimiq" & @CRLF & _ "https://keyguard.nimiq.com/" & @CRLF & _ "https://miner.nimiq.com/" & @CRLF & _ "www.lowesprosupply.com/" & @CRLF & _ "Please do not request a user account for this asset." & @CRLF & _ "Testing is to be performed as an unauthenticated user." & @CRLF & _ "*.rentals.rei.com" & @CRLF & _ "This is an out of scope asset since it is owned and managed by a 3rd party." & @CRLF & _ "desktop.rei.com" & @CRLF & _ "destinations.rei.com" & @CRLF & _ "foryourbenefit-rei.com/" & @CRLF & _ "future-login.rei.com" & @CRLF & _ "greenvestrentals.rei.com" & @CRLF & _ "http://rei.com/blog" & @CRLF & _ "http://rei.com/rei-garage" & @CRLF & _ "http://rei.com/rentals" & @CRLF & _ "http://rei.com/used" & @CRLF & _ "partners2.rei.com" & @CRLF & _ "rei.jobs" & @CRLF & _ "reia.my.site.com" & @CRLF & _ "reiadventures.force.com" & @CRLF & _ "reifund.org" & @CRLF & _ "test-login.rei.com" & @CRLF & _ "vpn.rei.com" & @CRLF & _ "wpvip.rei.com" & @CRLF & _ "*.3cx.com" & @CRLF & _ "blog.privy.io" & @CRLF & _ "demo.privy.io" & @CRLF & _ "docs.privy.io" & @CRLF & _ "privy.io" & @CRLF & _ "The primary Privy site where you can learn about products & services, get support, etc." & @CRLF & _ "Set-top-boxes, smart TVs, streaming sticks Out of Scope" & @CRLF & _ "**Out of Scope**" & @CRLF & _ "Third party websites or systems hosted by non-Netflix entities Out of Scope" & @CRLF & _ "ir.netflix.com" & @CRLF & _ "ir.netflix.net" & @CRLF & _ "netflixinvestor.com" & @CRLF & _ "*.security.neustar" & @CRLF & _ "http://customertest.drivershistory.com/dr3/api/dr30/getcombined" & @CRLF & _ "https://customertest.drivershistory.com/currentversion5/wsdhilookup.asmx" & @CRLF & _ "https://customertest.drivershistory.com/currentversion6/wssubjectprescreenplus.asmx" & @CRLF & _ "www.wellhive.com" & @CRLF & _ "WellHive's marketing website." & @CRLF & _ "*www.aeromexico.com" & @CRLF & _ "https://www.aeromexico.com" & @CRLF & _ "support.lighstpark.com" & @CRLF & _ "www.tilismtechservices.com" & @CRLF & _ "This is a third-party service; therefore, issues related to this asset are out of scope for our program." & @CRLF & _ "https://api-3.xverse.app" & @CRLF & _ "https://api.xverse.app" & @CRLF & _ "https://inscribe.xverse.app/" & @CRLF & _ "https://ord.xverse.app" & @CRLF & _ "https://pool.xverse.app/" & @CRLF & _ "https://sponsor.xverse.app" & @CRLF & _ "https://xverse.app" & @CRLF & _ "http://support.wonder.com" & @CRLF & _ "www.greenfly.com" & @CRLF & _ "*.ionity.eu" & @CRLF & _ "www.cleverreach.com" & @CRLF & _ "*dhcp*.gobrightspeed.net" & @CRLF & _ "dhcp.embarqhsd.net" & @CRLF & _ "https://www.*.nba.com" & @CRLF & _ "nba.net" & @CRLF & _ "**Only subdomains listed in the policy are eligible for submission**. " & @CRLF & _ "https://visayanelectric.com/" & @CRLF & _ "iflex.snaboitiz.com/wp-content/*" & @CRLF & _ "support.worldcoin.com" & @CRLF & _ "https://api-test.nicex.com" & @CRLF & _ "https://test.nicex.com" & @CRLF & _ "test.nicex.com" & @CRLF & _ "*.envira.es" & @CRLF & _ "While Eurofins Group has acquired parts of ENVIRA, the domain *.envira.es (and others, e.g. envira.global) are not Eurofins Assets and therefore are not in scope of this program." & @CRLF & _ "*.eurofins-digitaltesting.com" & @CRLF & _ "Eurofins Digital Testing has been divested in 2022 and is not part of the Eurofins Group anymore. Please refrain from any security testing on any former Eurofins Digital Testing Asset." & @CRLF & _ "*.sgs.com" & @CRLF & _ "While Eurofins Group has acquired parts of SGS Group, the domain *.sgs.com is not an Eurofins Asset and therefore not in scope of this program." & @CRLF & _ "samplekinect.eurofins.com" & @CRLF & _ "This application is out of scope. Please refrain from any security testing until further notice." & @CRLF & _ "Anything not in scope" & @CRLF & _ "Devices" & @CRLF & _ "Placeholder for the Rewards modal" & @CRLF & _ "Services, Apps, Mobile" & @CRLF & _ "*.truist.com" & @CRLF & _ "Only exception is www.truist.com" & @CRLF & _ "Other: Out-of-Scope" & @CRLF & _ "Scope item added for the Bounty Modal" & @CRLF & _ "gnltn.com" & @CRLF & _ "ldry.com" & @CRLF & _ "This asset is temporarily out of scope." & @CRLF & _ "api.redoxengine.com" & @CRLF & _ "Please ensure all testing is performed against the staging instance at testapi.redoxengine.com" & @CRLF & _ "candi.redoxengine.com" & @CRLF & _ "Please ensure all testing is performed against the staging instance at testapp.redoxengine.com" & @CRLF & _ "dashboard.redoxengine.com" & @CRLF & _ "Please ensure all testing is performed against the staging instance at 10x.redoxengine.com" & @CRLF & _ "gamma.redoxengine.com" & @CRLF & _ "Please ensure all testing is performed against the staging instance at gamma.redoxstage.com" & @CRLF & _ "https://redoxengine.atlassian.net" & @CRLF & _ "Internal Jira is out of scope" & @CRLF & _ "redox.slack.com" & @CRLF & _ "Internal Slack is out of scope" & @CRLF & _ "sso.redoxengine.com" & @CRLF & _ "Website 3rd Party/Chat Systems" & @CRLF & _ "Chat bot and contact forms on www.egress.com" & @CRLF & _ "wisdomtree.com" & @CRLF & _ "Wisdomtree.com and Wisdomtree.eu are out of scope of this project. If you find something that you wish to report please reach out to security@wisdomtree.com." & @CRLF & _ "wisdomtree.eu" & @CRLF & _ "defenceshare.mod.uk" & @CRLF & _ "Please use vdp.kahootz.com" & @CRLF & _ "affiliate.napoleongames.be" & @CRLF & _ "3rd party" & @CRLF & _ "affiliates.superbet.com" & @CRLF & _ "affiliates.superbet.rs" & @CRLF & _ "https://legacy-web.superbet.ro/session/login" & @CRLF & _ "All our LOGIN services are out of scope for the moment." & @CRLF & _ "Any bruteforce attempt on our login services will be considered misbehavior and you will be banned from the program. We won't reward any credentials identified using bruteforce attacks." & @CRLF & _ "Thank you!" & @CRLF & _ "https://retail.prod.incubator.superbet.ro/ssbt-api/" & @CRLF & _ "out of scope" & @CRLF & _ "blog.magiceden.io" & @CRLF & _ "This service is done through substack and they are unwilling to fix reported bugs" & @CRLF & _ "cdn.magiceden.dev" & @CRLF & _ "http://ord-mirror.magiceden.dev" & @CRLF & _ "img-cdn.magiceden.dev" & @CRLF & _ "mainframe.magiceden.io" & @CRLF & _ "*.pramericalife.in" & @CRLF & _ "*.prudential.co.kr" & @CRLF & _ "*.prudentialagf.cl" & @CRLF & _ "*.prudentialplc.com" & @CRLF & _ "Prudential Joint Ventures" & @CRLF & _ "afphabitat.cl" & @CRLF & _ "pramericalife.in" & @CRLF & _ "prudentialagf.cl" & @CRLF & _ "analytics.boozt.com" & @CRLF & _ "bmp.boozt.com" & @CRLF & _ "www.kronor.io" & @CRLF & _ "We are not interested in issues found in the www.kronor.io website." & @CRLF & _ "api.frontegg.com" & @CRLF & _ "portal.frontegg.com" & @CRLF & _ "servicos.indrive.com" & @CRLF & _ "sinet.startup.inDriver" & @CRLF & _ ""Contact Us" Functionality" & @CRLF & _ "Placeholder for the top Rewards modal" & @CRLF & _ "Services and Apps" & @CRLF & _ "engineering.rei.com" & @CRLF & _ "login.rei.com" & @CRLF & _ "rei.gladly.com" & @CRLF & _ "Spamming the Gladly chat bot widget is considered out of scope." & @CRLF & _ "reicasting.com" & @CRLF & _ "blog.mergify.com" & @CRLF & _ "We do not manage our blogging infrastructure directly." & @CRLF & _ "mergify.com" & @CRLF & _ "We do not manage the infrastructure of our Web hosting service." & @CRLF & _ "https://blog.zabbix.com/" & @CRLF & _ "This website out of the scope of this program." & @CRLF & _ "https://cloud.zabbix.com/" & @CRLF & _ "https://exam.zabbix.com/" & @CRLF & _ "https://git.zabbix.com/" & @CRLF & _ "https://space.zabbix.com/" & @CRLF & _ "https://support.zabbix.com/" & @CRLF & _ "https://translate.zabbix.com/" & @CRLF & _ "https://www.zabbix.com/" & @CRLF & _ "developer.arkoselabs.com" & @CRLF & _ "This site is managed by a 3rd party provider." & @CRLF & _ "https://status.arkoselabs.com/" & @CRLF & _ "https://careers.abb/global/en" & @CRLF & _ "https://hub.electrification.us.abb.com/wcc/eh/" & @CRLF & _ "https://www.stringsizer.abb.com" & @CRLF & _ "billing.dynamic.xyz" & @CRLF & _ "docs.moderntreasury.com" & @CRLF & _ "help.moderntreasury.com" & @CRLF & _ "trust.moderntreasury.com" & @CRLF & _ "www.moderntreasury.com" & @CRLF & _ "*.daimler.com" & @CRLF & _ "*.fuso.com" & @CRLF & _ "*.thomasbuildbuses.com" & @CRLF & _ "3rd party integrations" & @CRLF & _ "bigstockphoto.fr" & @CRLF & _ "ofcourse.com" & @CRLF & _ "Support chat" & @CRLF & _ "Please do not submit reports related to the chat function in the application." & @CRLF & _ "*.api.cx.metamask.io" & @CRLF & _ "**All reports regarding this asset should be submitted to the Consensys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there.**" & @CRLF & _ "_Note: Consensys is the company that owns MetaMask, and is not a third party._" & @CRLF & _ "Core Tier Assets" & @CRLF & _ "MetaMask's Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Core Tier bounty table. This table can be found on our program page, and includes the following assets:" & @CRLF & _ "* MetaMask SDK" & @CRLF & _ "* metamask.io" & @CRLF & _ "* `https://metamask.github.io/phishing-warning/<vX.Y.Z>`" & @CRLF & _ "* Authentication component" & @CRLF & _ " * `https://authentication.api.cx.metamask.io/`" & @CRLF & _ " * `https://oidc.api.cx.metamask.io`" & @CRLF & _ "* `https://user-storage.api.cx.metamask.io`" & @CRLF & _ "* Message signing snap" & @CRLF & _ "Metamask Flask Extension" & @CRLF & _ "Installation Link: https://chrome.google.com/webstore/detail/metamask-flask-developmen/ljfoeinjpaedjfecbmggjgodbgkmjkjk" & @CRLF & _ "This is an experimental playground for developers, where new or proposed features can be rolled out and tested before deploying them to the broader public." & @CRLF & _ "Non-Core Tier Assets" & @CRLF & _ "MetaMask's Non-Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Non-Core Tier bounty table. This table can be found on our program page, and includes the following assets:" & @CRLF & _ "* https://snaps.metamask.io" & @CRLF & _ "* *.metamask.io (with exceptions)" & @CRLF & _ "* Snaps Development Packages" & @CRLF & _ "Wallet Tier Assets" & @CRLF & _ "MetaMask's Wallet Tier Assets are specific MetaMask assets which are paid out in accordance with our Wallet Tier bounty table. This table can be found on our program page, and includes the following assets:" & @CRLF & _ "* MetaMask Extension" & @CRLF & _ "* MetaMask Mobile (io.metamask.Metamask, io.metamask)" & @CRLF & _ "* MetaMask Snaps" & @CRLF & _ "community.metamask.io" & @CRLF & _ "Vulnerability reports related to this domain should be directed to the Discourse bug bounty program: https://hackerone.com/discourse" & @CRLF & _ "developer.metamask.io" & @CRLF & _ "_Please note that MetaMask part of Consensys, and the MetaMask developer dashboard (previously known as infura) is considered a first party Consensys product._" & @CRLF & _ "https://metamask.github.io/" & @CRLF & _ "This domain is the root of various static GitHub pages applications which range from test sites, to development tools, to production security controls. Vulnerabilities which can be used to have impact on an in-scope asset will still be considered for a bounty." & @CRLF & _ "https://mmi-support.metamask.io/" & @CRLF & _ "https://support.metamask.io/" & @CRLF & _ "https://www.npmjs.com/search?q=%40metamask" & @CRLF & _ "Vulnerabilities within npm packages in the @metamask namespace that do not pose a risk to MetaMask users" & @CRLF & _ "permissionless.snaps.metamask.io" & @CRLF & _ "An experimental directory for permissionless snaps. Is currently under development, and may potentially be put in scope in the future. " & @CRLF & _ "*.skinport.com" & @CRLF & _ "*.floqast.com" & @CRLF & _ "FloQast's Marketing Website" & @CRLF & _ "*.floqast.studio" & @CRLF & _ "FloQast's Marketing Website for our Digital Entertainment Division" & @CRLF & _ "Any Asset Not Specifically Listed as In-Scope" & @CRLF & _ "Any domain, device, or asset not specifically listed as "In-Scope" for this program." & @CRLF & _ "s3://floqast" & @CRLF & _ "The "floqast" S3 bucket is not owned by us. We have static code analysis tools that prevent developers from connecting any of our services to it." & @CRLF & _ "connector.callsign.com" & @CRLF & _ "dashboard.callsign.com" & @CRLF & _ "pathway.callsign.com" & @CRLF & _ "portal.callsign.com" & @CRLF & _ "programs.callsign.com" & @CRLF & _ "support.callsign.com" & @CRLF & _ "www.callsign.com" & @CRLF & _ "Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions." & @CRLF & _ "blog.palantir.com" & @CRLF & _ "certification.palantir.com" & @CRLF & _ "community.palantir.com" & @CRLF & _ "explore.palantir.com" & @CRLF & _ "gear.palantir.com" & @CRLF & _ "go.palantir.com" & @CRLF & _ "info.palantir.com" & @CRLF & _ "investors.palantir.com" & @CRLF & _ "learn.palantir.com" & @CRLF & _ "3rd-party certification website/service." & @CRLF & _ "palantirfedstart.com" & @CRLF & _ "Any domain related to FedStart or Palantir FedStart. " & @CRLF & _ "palantirpacusa.com" & @CRLF & _ "Any domain related to the Palantir PAC. " & @CRLF & _ "sandbox.training.palantir.com" & @CRLF & _ "store.palantir.com" & @CRLF & _ "training.palantir.com" & @CRLF & _ "community.modernfertility.com" & @CRLF & _ "https://*.ro.co/api/members" & @CRLF & _ "https://login.ro.co/authorize" & @CRLF & _ "https://ro.co/api/account-exists" & @CRLF & _ "https://ro.co/api/presigned-upload-url" & @CRLF & _ "https://ro.co/messages/*" & @CRLF & _ "https://ro.co/weight-loss/glp1-insurance-checker/*" & @CRLF & _ "https://ro.co/weight-loss/supply-tracker/*" & @CRLF & _ "*.Windstreambundledeals.com" & @CRLF & _ "This site is off limits." & @CRLF & _ "*.getwindstream.com" & @CRLF & _ "*.orderwindstream.com" & @CRLF & _ "*.windstreamdeals.com" & @CRLF & _ "*.windstreamoffers.com" & @CRLF & _ "Allworx" & @CRLF & _ "*.account.mongodb.com/*" & @CRLF & _ "*.atlas.mongodb.com/*" & @CRLF & _ "*.cloud.mongodb.com/*" & @CRLF & _ "All Evergreen Assets (including staging)" & @CRLF & _ "Please note that all evergreen endpoints (including staging) are out of scope of this program and not eligible for bounty" & @CRLF & _ "Enterprise Edition Products and Tools" & @CRLF & _ "Drivers, cloud tools, enterprise cloud and enterprise server" & @CRLF & _ "MongoDB Community Edition Cloud Manager" & @CRLF & _ "Please note this includes: cloud.mongodb.com" & @CRLF & _ "MongoDB Driver: Swift" & @CRLF & _ "Please note as per https://www.mongodb.com/docs/drivers/swift/" & @CRLF & _ "The Swift driver is no longer under active development as of 2022." & @CRLF & _ "MonogoDB Community Server" & @CRLF & _ "auth.mongodb.com/" & @CRLF & _ "http://*.auth.mongodb.com/*" & @CRLF & _ "https://www.mongodb.com/community/forums/*" & @CRLF & _ "https://www.mongodb.com/community/forums/* " & @CRLF & _ "Is out of scope, please refrain from testing this site." & @CRLF & _ "*.chattest.deribit.com" & @CRLF & _ "deribit.zendesk.com" & @CRLF & _ "office.deribit.com" & @CRLF & _ "veriscope.deribit.com" & @CRLF & _ "activate.fidelity.com" & @CRLF & _ "activate1.fidelity.com" & @CRLF & _ "alertmanagerams.streetscape.com" & @CRLF & _ "alertstreaming.fidelity.com" & @CRLF & _ "alertstreaming.streetscape.com" & @CRLF & _ "alumni.fidelity.com" & @CRLF & _ "boundless.fidelity.com" & @CRLF & _ "china.fidelity.com" & @CRLF & _ "dmt.fidelity.com" & @CRLF & _ "dmtfi.fidelity.com" & @CRLF & _ "esgpro.fidelity.com" & @CRLF & _ "event.fidelity.com" & @CRLF & _ "fcone.fidelity.com" & @CRLF & _ "fctms.fidelity.com" & @CRLF & _ "https://api-stage.fidelity.com/brokerage-debit-card-order/v1" & @CRLF & _ "https://api-test.fidelity.com/brokerage-account-checking-stop-payment/v1" & @CRLF & _ "https://api.fidelity.com/brokerage-account-checking-stop-payment/v1" & @CRLF & _ "https://api.fidelity.com/brokerage-debit-card-order/v1" & @CRLF & _ "india.fidelity.com" & @CRLF & _ "jobs.fidelity.com" & @CRLF & _ "metrics.fidelity.com" & @CRLF & _ "reviews.fidelity.com" & @CRLF & _ "reviews.retail.fidelity.com" & @CRLF & _ "sitecatalyst.fidelity.com" & @CRLF & _ "social.fidelity.com" & @CRLF & _ "social.retail.fidelity.com" & @CRLF & _ "testjobs.fidelity.com" & @CRLF & _ "www.boundless.fidelity.com" & @CRLF & _ "www.fidelityworkplace.com" & @CRLF & _ "www.india.fidelity.com" & @CRLF & _ "www.jobs.fidelity.com" & @CRLF & _ "www.myfidelitysolutions.com" & @CRLF & _ "dolimg.com" & @CRLF & _ "dwss-ptp.disney.com" & @CRLF & _ "espnbet.com" & @CRLF & _ "magicalfloralandgifts.com" & @CRLF & _ "tokyodisneyresort.jp" & @CRLF & _ "This licensing partnership site is OUT of scope of the VDP." & @CRLF & _ "www.enchantedfinejewelry.com" & @CRLF & _ "*.hiltonhotels.jp" & @CRLF & _ "eis.hilton.com" & @CRLF & _ "https://jobs.hilton.com" & @CRLF & _ "creators.gymshark.com" & @CRLF & _ "gymshark.okta.com" & @CRLF & _ "onboarding.gymshark.com" & @CRLF & _ "slack.moov.io" & @CRLF & _ "support.moov.io" & @CRLF & _ "support.moov.io is not in scope for reporting as this is not our application." & @CRLF & _ "tools.cards.moov.io" & @CRLF & _ "tools.moov.io" & @CRLF & _ "help.strongdm.com" & @CRLF & _ "Our support site is hosted externally by Zendesk. No security testing should be done against the platform itself. Any security issues found within the platform should be reported [directly to Zendesk](https://hackerone.com/zendesk)." & @CRLF & _ "security.strongdm.com" & @CRLF & _ "Our Security Portal is hosted externally by SafeBase. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to security@safebase.io" & @CRLF & _ "status.strongdm.com" & @CRLF & _ "Our Status Page site is hosted externally by Atlassian. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to [Atlassian](https://bugcrowd.com/atlassian)." & @CRLF & _ " @properties" & @CRLF & _ "*.attorneyskeytitle.com" & @CRLF & _ "*.chartwellescrow.com" & @CRLF & _ "*.ctccal.com" & @CRLF & _ "*.firstalliancetitle.com" & @CRLF & _ "*.kvstitle.com" & @CRLF & _ "*.legacytexastitle.com" & @CRLF & _ "*.sqstitle.com" & @CRLF & _ "Chartwell" & @CRLF & _ "Christie’s International Real Estate" & @CRLF & _ "Consumer’s Title of California " & @CRLF & _ "Glide " & @CRLF & _ "KVS Title " & @CRLF & _ "LegacyTexas Title" & @CRLF & _ "SQS Square Settlements" & @CRLF & _ "glide.com" & @CRLF & _ "http://www.compass.com/api/v3/lead_forms/agent_profile" & @CRLF & _ "http://www.compass.com/contact/" & @CRLF & _ "staebapp01.allegion.com" & @CRLF & _ "Out of scope" & @CRLF & _ "stczpisupplier.allegion.com" & @CRLF & _ "Not in scope" & @CRLF & _ "stisupplier.allegion.com" & @CRLF & _ "support.wickr.com" & @CRLF & _ "community.pagerduty.com" & @CRLF & _ "http://www.pagerduty.com/support/" & @CRLF & _ "The Support Form and ticketing system is owned by a third party. " & @CRLF & _ "university.pagerduty.com" & @CRLF & _ "www.pagerduty.com/contact-us/" & @CRLF & _ "The "Contact Us" form is operated by a third party. " & @CRLF & _ "affiliates.payoneer.com" & @CRLF & _ "blog.payoneer.com" & @CRLF & _ "brand.payoneer.com" & @CRLF & _ "community.payoneer.com" & @CRLF & _ "duediligence.payoneer.com" & @CRLF & _ "explore.payoneer.com" & @CRLF & _ "investorday.payoneer.com" & @CRLF & _ "register.payoneer.com" & @CRLF & _ "skuad.io" & @CRLF & _ "tracks.payoneer.com" & @CRLF & _ "Dunnhumby" & @CRLF & _ "Please report any vulnerabilities here:" & @CRLF & _ "https://www.dunnhumby.com/security.txt" & @CRLF & _ "Tesco Bank" & @CRLF & _ "Tesco Mobile" & @CRLF & _ "https://www.tescomobile.com/.well-known/security.txt" & @CRLF & _ "*.plexlabs.io" & @CRLF & _ "clicks.moonpay.com" & @CRLF & _ "docs.hypermint.com" & @CRLF & _ "docs.moonpay.com" & @CRLF & _ "ethpass.xyz" & @CRLF & _ "Don't report for this domain as will be not rewarded" & @CRLF & _ "help.moonpay.com" & @CRLF & _ "page.moonpay.com" & @CRLF & _ "plexlabs.io" & @CRLF & _ "qr.moonpay.com" & @CRLF & _ "request-headers-no-proxy.moonpay.com" & @CRLF & _ "request-headers.moonpay.com" & @CRLF & _ "storefront.hypermint.com" & @CRLF & _ "support.moonpay.com" & @CRLF & _ "*.koho.ca/cdn-cgi" & @CRLF & _ "Customer Support Request Forms" & @CRLF & _ "Customer support request forms (i.e. - Veeam Customer Portal Cases and Case Escalation Forms) are not in scope for this program." & @CRLF & _ "Virtual Chat Assistants" & @CRLF & _ "Virtual chat assistants on our websites are provided by an out of scope 3rd party and are not in scope for this program." & @CRLF & _ "https://www.mavieencouleurs.fr" & @CRLF & _ "autodiscover.apnic.net" & @CRLF & _ "Out of scope because it's a CNAME to a 3rd party." & @CRLF & _ "enterpriseenrollment.apnic.net" & @CRLF & _ "enterpriseregistration.apnic.net" & @CRLF & _ "help.apnic.net" & @CRLF & _ "info.apnic.net" & @CRLF & _ "login.apnic.net" & @CRLF & _ "lyncdiscover.apnic.net" & @CRLF & _ "sip.apnic.net" & @CRLF & _ "upload.apnic.net" & @CRLF & _ "*.app.cloud.gov" & @CRLF & _ "Domains of the form *.app.cloud.gov are customer domains, and are out of scope." & @CRLF & _ "*.cloud.gov" & @CRLF & _ "Only the subdomains of `cloud.gov` explicitly listed are in scope; all other subdomains are excluded." & @CRLF & _ "*.data.gov" & @CRLF & _ "18f.gov" & @CRLF & _ "18f.gsa.gov" & @CRLF & _ "all-sorns.app.cloud.gov" & @CRLF & _ "data.gov applications" & @CRLF & _ "Please do not perform any testing on third-party applications that happen to be powered by data.gov (i.e. https://data.gov/applications/)" & @CRLF & _ "http://github.com/18f/identity-saml-java" & @CRLF & _ "http://github.com/18f/identity-saml-python" & @CRLF & _ "manage.data.gov" & @CRLF & _ "vote.gov" & @CRLF & _ "careers.tenable.com" & @CRLF & _ "cloud.tenable.com" & @CRLF & _ "community.tenable.com" & @CRLF & _ "de.tenable.com" & @CRLF & _ "developers.tenable.com" & @CRLF & _ "docs.tenable.com" & @CRLF & _ "fr.tenable.com" & @CRLF & _ "go.tenable.com" & @CRLF & _ "login.tenable.com" & @CRLF & _ "partners.tenable.com" & @CRLF & _ "static.tenable.com" & @CRLF & _ "suggestions.tenable.com" & @CRLF & _ "university.tenable.com" & @CRLF & _ "www.tenable.com" & @CRLF & _ "Assets operated by, but not owned by, Snowplow." & @CRLF & _ "We would like to focus your attention on our own estate, not the solutions we spin up for our customers or the technology of our partners. Starting your journey at https://snowplowanalytics.com should keep you in the right zone. " & @CRLF & _ "segashop.co.uk" & @CRLF & _ "http://*.neweggbusiness.com" & @CRLF & _ "jobs.newegg.com" & @CRLF & _ "Site content on this subdomain hosted by 3rd party" & @CRLF & _ "sellerportal.newegg.com" & @CRLF & _ "sellingpilot.newegg.com" & @CRLF & _ "*.maconsotempsreel.octopusenergy.fr" & @CRLF & _ "*.fastly.net" & @CRLF & _ "community.fastly.com" & @CRLF & _ "connect.fastly.com" & @CRLF & _ "Adagio" & @CRLF & _ "Adagio is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Barista Bros" & @CRLF & _ "Barista Bros is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Cafe Punta Del Cielo" & @CRLF & _ "Cafe Punta Del Cielo is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Cinnabon" & @CRLF & _ "Cinnabon is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Emerils" & @CRLF & _ "Emerils is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Evian" & @CRLF & _ "Evian is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Gloria Jean's" & @CRLF & _ "Gloria Jean's is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Hollys Coffee" & @CRLF & _ "Hollys Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand." & @CRLF & _ "Kahlua" & @CRLF & _ "Kahlua is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Krispy Kreme" & @CRLF & _ "Krispy Kreme is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Laughing Man" & @CRLF & _ "Laughing Man is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Margaritaville" & @CRLF & _ "Margaritaville is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Newman's Own" & @CRLF & _ "Newman's Own is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Panera Bread" & @CRLF & _ "Panera Bread is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Peet's Coffee" & @CRLF & _ "Peet's Coffee is not a wholly owned brand by Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "RC Cola International" & @CRLF & _ "RC Cola International is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Swiss Miss" & @CRLF & _ "Swiss Miss is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Timothy's World Coffee" & @CRLF & _ "Timothy's World Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "Vitacoco" & @CRLF & _ "Vitacoco is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "support.commercial.keurig.com" & @CRLF & _ "support.keurig.ca" & @CRLF & _ "support.keurig.com" & @CRLF & _ "support.keurigdrpepper.com" & @CRLF & _ "www.diedrichroasters.com" & @CRLF & _ "Diedrich is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand" & @CRLF & _ "*dev*.krisp.ai" & @CRLF & _ "Development environment" & @CRLF & _ "metabase.krisp.ai" & @CRLF & _ "sdk-docs.krisp.ai" & @CRLF & _ "url5145.krisp.ai" & @CRLF & _ "voice-ai-newsletter.krisp.ai" & @CRLF & _ "whatsnew.krisp.ai" & @CRLF & _ "DMARC Policy" & @CRLF & _ "DMARC Policy for all services is not in-scope for the bug bounty program. " & @CRLF & _ "HSTS & CAA Configuration" & @CRLF & _ "Strict Transport Security & Certification Authority Authorization for all services is not in-scope for the bug bounty program. " & @CRLF & _ "Hedera Mainnet API Endpoints" & @CRLF & _ "https://docs.hedera.com/guides/mainnet/mainnet-nodes#mainnet-node-address-book" & @CRLF & _ "Hedera Owned Domains & Subdomains" & @CRLF & _ "_.hedera.com_" & @CRLF & _ "_.hederacouncil.org_" & @CRLF & _ "_.hedera.io_" & @CRLF & _ "_.hederahashgraph.com_" & @CRLF & _ "_.hashgraph.com_" & @CRLF & _ "Mainnet Mirror Node APIs" & @CRLF & _ "https://mainnet.mirrornode.hedera.com" & @CRLF & _ "https://hcs.mainnet.mirrornode.hedera.com" & @CRLF & _ "The testnet mirror node REST API offers the ability to query transaction information" & @CRLF & _ "Services Hosted by 3rd Party" & @CRLF & _ "Example: shop.hedera.com, members.hedera.com, status.hedera.com, docs.hedera.com, netki.hedera.com, etc." & @CRLF & _ "Weak Password Policy" & @CRLF & _ "Weak Password Policy for all services is not in-scope for the bug bounty program. " & @CRLF & _ "api-2.khealth.io" & @CRLF & _ "careers.khealth.com" & @CRLF & _ "This asset is out of scope. Submissions relating to this asset will not be rewarded." & @CRLF & _ "http://*.hydrogenhealth.com" & @CRLF & _ "All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope." & @CRLF & _ "https://khealth.com/careers" & @CRLF & _ "khealth-test.com" & @CRLF & _ "This asset is included here in order to indicate its out-of-scope status" & @CRLF & _ "support.smtp2go.com" & @CRLF & _ "Vendor/Partner" & @CRLF & _ "Any services not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing. " & @CRLF & _ "Additionally, vulnerabilities found in JetBlue systems from our business partners fall outside of this policy’s scope and should be reported directly to the business partner according to their disclosure policy (if any)." & @CRLF & _ "*.awards.slotomania.com" & @CRLF & _ "com.youdagames.gop3multiplayer" & @CRLF & _ "This App belongs to our Tier 3 category of rewards system." & @CRLF & _ "id877638937" & @CRLF & _ "sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com" & @CRLF & _ "Reflected Cross-Site-Scripting (RXSS) vulnerabilities in the following assets are temporarily out of scope." & @CRLF & _ "dev-proxy-ci-centralus.agrisync.com" & @CRLF & _ "http://www.deere.com/assets/pdfs" & @CRLF & _ "account-reader.tide.co" & @CRLF & _ "admin.tide.co" & @CRLF & _ "bot-*.bo.tide.co" & @CRLF & _ "community.tide.co" & @CRLF & _ "domains.tide.co" & @CRLF & _ "http://*-staging.tide.co" & @CRLF & _ "http://*-wip.tide.co" & @CRLF & _ "http://*.staging.tide.co" & @CRLF & _ "http://*.stg-tideplatform.in" & @CRLF & _ "http://*.wip-tideplatform.in" & @CRLF & _ "http://*.wip.tide.co" & @CRLF & _ "mi.tide.co" & @CRLF & _ "portaldesign.tide.co" & @CRLF & _ "status-*.tide.co" & @CRLF & _ "status.tide.co" & @CRLF & _ "www.tidecharity.org.uk" & @CRLF & _ "ceros.leafnow.com" & @CRLF & _ "com.mts.webtrading" & @CRLF & _ "https://bids.acqcenter.com" & @CRLF & _ "https://dp.acqcenter.com" & @CRLF & _ "https://eiamd-eis.com" & @CRLF & _ "https://frtcmodernization.com" & @CRLF & _ "https://nicmontereyea.com" & @CRLF & _ "https://nwtteis.com" & @CRLF & _ "https://pmsr-eis.com" & @CRLF & _ "https://sealbeachea.com" & @CRLF & _ "https://uat1.acqcenter.com" & @CRLF & _ "https://uat2.acqcenter.com" & @CRLF & _ "Globalpaymentsinc.com and Globalpayments.com - OUT OF SCOPE" & @CRLF & _ "Globalpaymentsinc.com and Globalpayments.com are out of scope for the Vulnerability Disclosure Program. Research on these assets are only allowed in our private bug bounty program with specific testing instructions. " & @CRLF & _ "Leaked Credentials" & @CRLF & _ "UCS" & @CRLF & _ "blog.clubhouse.com" & @CRLF & _ "wvcorp.tva.com" & @CRLF & _ "This site has a very weak auth page in front of it and was done as a matter of "requirement" at the time. This site is being modified to remove the auth page as the data is public and nonsensitive." & @CRLF & _ "signin.costco.com" & @CRLF & _ "consensys-solutions.net" & @CRLF & _ "consensys.net" & @CRLF & _ "events.on-running.com" & @CRLF & _ "events.on.com" & @CRLF & _ "https://shz64n.on-running.com/" & @CRLF & _ "partners.on-running.com" & @CRLF & _ "partners.on.com" & @CRLF & _ "shz64n.on.com/" & @CRLF & _ "help.hypr.com" & @CRLF & _ "partners.hypr.com" & @CRLF & _ "support.hypr.com" & @CRLF & _ "*.who.int" & @CRLF & _ "covid19app.who.int" & @CRLF & _ "*.getbouncer.com" & @CRLF & _ "Onboarding Verification Link Crawling" & @CRLF & _ "Stripe has a project in place to revamp its crawling infrastructure for onboard verification links. Until that work is completed reports related to this feature will be reviewed but closed as informative." & @CRLF & _ "Stripe Third Party Apps and Integrations" & @CRLF & _ "Vulnerabilities found in third party apps, integrations, and their infrastructure should be reported to the responsible developer. This includes third parties that insecurely implement Stripe components or API methods." & @CRLF & _ "Reporters should only report vulnerabilities in Stripe third party apps and integrations to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty. Please include specifics regarding steps taken to communicate with the third party." & @CRLF & _ "Freshsales-iOS-App" & @CRLF & _ "Freshsales iOS app can be downloaded from https://apps.apple.com/us/app/freshsales/id1073125057" & @CRLF & _ "com.freshdesk.freshsales.mobile" & @CRLF & _ "Freshsales Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk" & @CRLF & _ "freshworks.atlassian.net" & @CRLF & _ "We don't use this Atlassian JIRA instance." & @CRLF & _ "http://yourdomain.myfreshworks.com/crm/marketer" & @CRLF & _ "Due to a product revamp, we have decided to remove Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team." & @CRLF & _ "Freshmarketer Endpoint - yourdomain.myfreshworks.com/crm/marketer" & @CRLF & _ "http://yourdomain.myfreshworks.com/crm/sales" & @CRLF & _ "Due to a product revamp, we have decided to remove Freshsales product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team." & @CRLF & _ "Freshsales Endpoint - yourdomain.myfreshworks.com/crm/sales" & @CRLF & _ "wchat.freshchat.com" & @CRLF & _ "www.freshworks.com" & @CRLF & _ "The domain www.freshworks.com is a static webpage containing no sensitive information." & @CRLF & _ "yourdomain.freshping.io" & @CRLF & _ "yourdomain.freshstatus.io" & @CRLF & _ "yourdomain.freshsurvey.io" & @CRLF & _ "www.corda.net" & @CRLF & _ "www.r3.com" & @CRLF & _ "aem-prod.brookfieldproperties.com" & @CRLF & _ "aem-qa.brookfieldproperties.com" & @CRLF & _ "aem-test.brookfieldproperties.com" & @CRLF & _ "apts.brookfieldproperties.com" & @CRLF & _ "auexpe.brookfieldproperties.com" & @CRLF & _ "autodiscover.brookfieldproperties.com" & @CRLF & _ "azuebtpblu0501d.brookfieldproperties.com" & @CRLF & _ "bamazaubtaap01p.brookfieldproperties.com" & @CRLF & _ "bfpl30clpcc01.brookfieldproperties.com" & @CRLF & _ "bfpl30clpcs01.brookfieldproperties.com" & @CRLF & _ "bpoazusmpsap01p.brookfieldproperties.com" & @CRLF & _ "bpoazusmpsap02p.brookfieldproperties.com" & @CRLF & _ "brexpc.cluster.brookfieldproperties.com" & @CRLF & _ "brexpe.brookfieldproperties.com" & @CRLF & _ "brookfieldproperties.com" & @CRLF & _ "brospf.brookfieldproperties.com" & @CRLF & _ "camkm-pvwa01.brookfieldproperties.com" & @CRLF & _ "canrpc.brookfieldproperties.com" & @CRLF & _ "captive.brookfieldproperties.com" & @CRLF & _ "causash-pvwa02.brookfieldproperties.com" & @CRLF & _ "click.b.brookfieldproperties.com" & @CRLF & _ "click.e.brookfieldproperties.com" & @CRLF & _ "cloud.b.brookfieldproperties.com" & @CRLF & _ "cloud.e.brookfieldproperties.com" & @CRLF & _ "collab-edge.brookfieldproperties.com" & @CRLF & _ "conteudo.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-au9-01-ms.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-au9-01.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-br1-01-ms.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-br1-01.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-eu8-01.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-na9-01-ms.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-p-na9-01.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-s-au9-02.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-s-br1-02.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-s-ca2-01.brookfieldproperties.com" & @CRLF & _ "cuc-bf-1-s-eu8-02.brookfieldproperties.com" & @CRLF & _ "cyberark.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-au9-01.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-br1-01.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-br1-02.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-ca2-01.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-eu8-01.brookfieldproperties.com" & @CRLF & _ "expc-bf-1-p-na9-01.brookfieldproperties.com" & @CRLF & _ "files.brookfieldproperties.com" & @CRLF & _ "google.brookfieldproperties.com" & @CRLF & _ "hello.rent.brookfieldproperties.com" & @CRLF & _ "icdworkspace.brookfieldproperties.com" & @CRLF & _ "image.b.brookfieldproperties.com" & @CRLF & _ "image.e.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-p-br1-01-ms.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-p-br1-01.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-p-eu8-01.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-p-na9-01.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-s-br1-02.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-s-ca2-01.brookfieldproperties.com" & @CRLF & _ "imp-bf-1-s-eu8-02.brookfieldproperties.com" & @CRLF & _ "investors.brookfieldproperties.com" & @CRLF & _ "iotservices.brookfieldproperties.com" & @CRLF & _ "link.agency.brookfieldproperties.com" & @CRLF & _ "link.bp.brookfieldproperties.com" & @CRLF & _ "lyncdiscover.brookfieldproperties.com" & @CRLF & _ "lyncdiscoverinternal.brookfieldproperties.com" & @CRLF & _ "na1bthyb01.brookfieldproperties.com" & @CRLF & _ "na1bthyb02.brookfieldproperties.com" & @CRLF & _ "na2btled01.brookfieldproperties.com" & @CRLF & _ "na2btlfe01.brookfieldproperties.com" & @CRLF & _ "nac1m-s1.brookfieldproperties.com" & @CRLF & _ "nac1m-t1.brookfieldproperties.com" & @CRLF & _ "nac1m-t2.brookfieldproperties.com" & @CRLF & _ "nac1m-t3.brookfieldproperties.com" & @CRLF & _ "nac225l-s1.brookfieldproperties.com" & @CRLF & _ "nac225l-t1.brookfieldproperties.com" & @CRLF & _ "naexpe.brookfieldproperties.com" & @CRLF & _ "oncite.brookfieldproperties.com" & @CRLF & _ "pam.brookfieldproperties.com" & @CRLF & _ "rent.brookfieldproperties.com" & @CRLF & _ "rooms.brookfieldproperties.com" & @CRLF & _ "roomsicd.brookfieldproperties.com" & @CRLF & _ "secure.brookfieldproperties.com" & @CRLF & _ "staging.brookfieldproperties.com" & @CRLF & _ "staging.rent.brookfieldproperties.com" & @CRLF & _ "staging.webadmin.brookfieldproperties.com" & @CRLF & _ "thycotic.brookfieldproperties.com" & @CRLF & _ "tsbazusaudit01p.brookfieldproperties.com" & @CRLF & _ "tsbazussqldb01s.brookfieldproperties.com" & @CRLF & _ "tsbazuswdsdc01p.brookfieldproperties.com" & @CRLF & _ "tsgazauwdsdc01p.brookfieldproperties.com" & @CRLF & _ "tsgazsgwdsdc01p.brookfieldproperties.com" & @CRLF & _ "tsgazsgwdsdc02p.brookfieldproperties.com" & @CRLF & _ "tsgazusexhyb01p.brookfieldproperties.com" & @CRLF & _ "tsgazusexhyb02p.brookfieldproperties.com" & @CRLF & _ "tsgazusipmap01p.brookfieldproperties.com" & @CRLF & _ "tsgwsusexhyb01p.brookfieldproperties.com" & @CRLF & _ "tsgwsusexhyb02p.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-au9-01-ms.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-au9-01.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-br1-01-ms.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-br1-01.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-eu8-01.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-na9-01-ms.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-p-na9-01.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-au9-02.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-br1-02.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-ca2-01.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-ca2-02.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-eu8-02.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-na9-02.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-na9-03.brookfieldproperties.com" & @CRLF & _ "ucm-bf-1-s-na9-04.brookfieldproperties.com" & @CRLF & _ "ukexpe.brookfieldproperties.com" & @CRLF & _ "usarpc.brookfieldproperties.com" & @CRLF & _ "usash-pvwa02.brookfieldproperties.com" & @CRLF & _ "view.b.brookfieldproperties.com" & @CRLF & _ "view.e.brookfieldproperties.com" & @CRLF & _ "webadmin.brookfieldproperties.com" & @CRLF & _ "webmail.brookfieldproperties.com" & @CRLF & _ "workspace.brookfieldproperties.com" & @CRLF & _ "workspaceicd.brookfieldproperties.com" & @CRLF & _ "workspaceportal.brookfieldproperties.com" & @CRLF & _ "www.azuebtpblu0501d.brookfieldproperties.com" & @CRLF & _ "www.bamazaubtaap01p.brookfieldproperties.com" & @CRLF & _ "www.bfpl30clpcs01.brookfieldproperties.com" & @CRLF & _ "www.brexpc.cluster.brookfieldproperties.com" & @CRLF & _ "www.brookfieldproperties.com" & @CRLF & _ "www.captive.brookfieldproperties.com" & @CRLF & _ "www.cuc-bf-1-p-au9-01-ms.brookfieldproperties.com" & @CRLF & _ "www.cuc-bf-1-p-br1-01-ms.brookfieldproperties.com" & @CRLF & _ "www.cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com" & @CRLF & _ "www.expc-bf-1-p-au9-01.brookfieldproperties.com" & @CRLF & _ "www.expc-bf-1-p-br1-01.brookfieldproperties.com" & @CRLF & _ "www.expc-bf-1-p-eu8-01.brookfieldproperties.com" & @CRLF & _ "www.na2btled01.brookfieldproperties.com" & @CRLF & _ "www.pam.brookfieldproperties.com" & @CRLF & _ "www.secure.brookfieldproperties.com" & @CRLF & _ "www.thycotic.brookfieldproperties.com" & @CRLF & _ "www.tsgazauwdsdc01p.brookfieldproperties.com" & @CRLF & _ "www.tsgazsgwdsdc01p.brookfieldproperties.com" & @CRLF & _ "www.tsgazusipmap01p.brookfieldproperties.com" & @CRLF & _ "www.ucm-bf-1-p-au9-01-ms.brookfieldproperties.com" & @CRLF & _ "www.ucm-bf-1-p-br1-01-ms.brookfieldproperties.com" & @CRLF & _ "www.ucm-bf-1-p-eu8-01-ms.brookfieldproperties.com" & @CRLF & _ "community.doppler.com" & @CRLF & _ "This is our community hub hosted on Discourse." & @CRLF & _ "docs.doppler.com" & @CRLF & _ "This subdomain points to our docs hosted on ReadMe." & @CRLF & _ "doppler.com" & @CRLF & _ "This is our marketing website built on Webflow." & @CRLF & _ "http://calendly.com/doppler/enterprise" & @CRLF & _ "Please do not attempt to test the Doppler calendly integration" & @CRLF & _ "https://github.com/DopplerHQ/awesome-bots" & @CRLF & _ "This is a public collection of resources maintained by the community." & @CRLF & _ "support.doppler.com" & @CRLF & _ "This is our support hub hosted on Zendesk." & @CRLF & _ "*.grindrads.com" & @CRLF & _ "This site is hosted by a third-party, Bucksense. Please contact security@bucksense.com to report security vulnerabilities." & @CRLF & _ "*.intomore.com" & @CRLF & _ "Any databases, Wordpress instances, web infrastructure related to INTO is out of scope" & @CRLF & _ "blog.grindr.com" & @CRLF & _ "The site is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here:" & @CRLF & _ "https://www.squarespace.com/vulnerability-reporting" & @CRLF & _ "github.com/thesokrin/vfd" & @CRLF & _ "Known issue; this repo describes staging systems that are no longer in use. Please do not submit reports unless you are able to demonstrate a connection between this code and live infrastructure." & @CRLF & _ "go.grindr.com" & @CRLF & _ "This site is hosted by a third-party, GoLinks. Please contact them at https://www.golinks.io/contact.php" & @CRLF & _ "grindr.atlassian.net" & @CRLF & _ "This site is hosted by a third-party; please direct security vulnerabilities to Atlassian at https://bugcrowd.com/atlassian" & @CRLF & _ "grindrbloop.com" & @CRLF & _ "This is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here:" & @CRLF & _ "grindrtogo.grindr.com" & @CRLF & _ "This site is hosted by a third-party, Shopify. Please report security issues on their HackerOne account:" & @CRLF & _ "https://hackerone.com/shopify" & @CRLF & _ "help.grindr.com" & @CRLF & _ "The site is hosted by a third-party, ZenDesk. Please report security issues on their HackerOne account: https://hackerone.com/zendesk?type=team" & @CRLF & _ "https://github.com/grindrlabs" & @CRLF & _ "investors.grindr.com" & @CRLF & _ "This is Grindr's Investor Relations site. The site is hosted by a third-party, Q4 inc." & @CRLF & _ "As recommended on https://www.q4inc.com/contact-us/default.aspx, submit security related issues or concerns to support@q4inc.com" & @CRLF & _ "kindr.grindr.com" & @CRLF & _ "This site is hosted by a third-party, Wix. Please report security issues on their HackerOne account:" & @CRLF & _ "https://support.wix.com/en/article/reporting-a-security-issue" & @CRLF & _ "selfservice.grindr.com" & @CRLF & _ "shop.grindr.com" & @CRLF & _ "shop.grindrbloop.com" & @CRLF & _ "*.browser.cloud.com" & @CRLF & _ "*.citrix*.com" & @CRLF & _ "*.cloudburrito.com" & @CRLF & _ "Staging Environment for Citrix Cloud" & @CRLF & _ "*.podio.com" & @CRLF & _ "*.securevdr.com" & @CRLF & _ "*.xmdev.cloud.com" & @CRLF & _ "Dev Environment for CEM (XenMobile)" & @CRLF & _ "*.xmqa.cloud.com" & @CRLF & _ "QA Environment for Citrix Endpoint Management (XenMobile)" & @CRLF & _ "*.xmtest.cloud.com" & @CRLF & _ "Test Environment for CEM (XenMobile)" & @CRLF & _ "accounts-internal.cloud.com" & @CRLF & _ "citrix.cloud.com" & @CRLF & _ "launch.cloud.com" & @CRLF & _ "www.cloud.com" & @CRLF & _ "c21.hk" & @CRLF & _ "century21.hk" & @CRLF & _ "*.afadvantage.gov" & @CRLF & _ "*.cio.gov" & @CRLF & _ "*.itdashboard.gov" & @CRLF & _ "alpha.sam.gov" & @CRLF & _ "fbo.gov" & @CRLF & _ "fdms.gov" & @CRLF & _ "fedidcard.gov" & @CRLF & _ "fsrs.gov" & @CRLF & _ "gobiernousa.gov" & @CRLF & _ "gsaauctions.gov" & @CRLF & _ "info.gov" & @CRLF & _ "innovation.gov" & @CRLF & _ "itdashboard.gov" & @CRLF & _ "kids.gov" & @CRLF & _ "performance.gov" & @CRLF & _ "pic.gov" & @CRLF & _ "pif.gov" & @CRLF & _ "plainlanguage.gov" & @CRLF & _ "presidentialinnovationfellows.gov" & @CRLF & _ "realestatesales.gov" & @CRLF & _ "www.openmage.org" & @CRLF & _ "This asset is hosted by Github Pages. Please observe [Github's security program](https://hackerone.com/github) and report directly to them if any issues are found with the underlying technologies. Only issues directly affecting the security or privacy of the OpenMage organization should be submitted to this program." & @CRLF & _ "### Email services for the openmage.org domain are not in scope! Reports relating to SPF and DMARC will be closed immediately as N/A." & @CRLF & _ "*cars.aerlingus.com" & @CRLF & _ "aerlingus.estore.iagl.digital" & @CRLF & _ "Replaced with https://www.shopping.ba.com (same code base)" & @CRLF & _ "ba.estore.iagl.digital" & @CRLF & _ "buyavios.iberia.com" & @CRLF & _ "Replaced with https://pgt.shopping.ba.com/ (same code base)" & @CRLF & _ "https://*.iagloyalty.com" & @CRLF & _ "This asset is hosted by Hubspot, and as such these reports should be submitted to them directly." & @CRLF & _ "https://docs-next.apiportal.dev.iagl.digital/docs" & @CRLF & _ "Replaced with https://docs.iagloyalty.com" & @CRLF & _ "https://docs.iagloyalty.com" & @CRLF & _ "https://shop.ba.com/" & @CRLF & _ "https://www.iagcargo.com/en/page/claims-process" & @CRLF & _ "https://www.iagcargo.com/en/page/critical-performance-guarantee-refund-request" & @CRLF & _ "https://www.iagcargo.com/en/page/prioritise-performance-guarantee-refund-request" & @CRLF & _ "https://www.iagcargo.com/en/page/product/live-animals" & @CRLF & _ "https://www.iagcargo.com/en/page/product/pets" & @CRLF & _ "https://www.iagcargo.com/en/page/product/relocation" & @CRLF & _ "https://www.iagcargo.com/en/page/tracking-devices-enquiry" & @CRLF & _ "https://www.iagcargo.com/es/page/claims-process" & @CRLF & _ "https://www.iagcargo.com/es/page/critical-performance-guarantee-refund-request" & @CRLF & _ "https://www.iagcargo.com/es/page/prioritise-performance-guarantee-refund-request" & @CRLF & _ "https://www.iagcargo.com/es/page/product/live-animals" & @CRLF & _ "https://www.iagcargo.com/es/page/product/pets" & @CRLF & _ "https://www.iagcargo.com/es/page/product/relocation" & @CRLF & _ "https://www.iagcargo.com/es/page/tracking-devices-enquiry" & @CRLF & _ "https://www.iberia.com/*/*.do*" & @CRLF & _ "https://www.iberia.com/cs/satellite*" & @CRLF & _ "iberia.estore.iagl.digital" & @CRLF & _ "pgt.estore.aerlingus.com" & @CRLF & _ "vueling.estore.iagl.digital" & @CRLF & _ "www.hangar51.com" & @CRLF & _ "This asset is hosted by Webflow, and as such these reports should be submitted to them directly at https://webflow.com/security" & @CRLF & _ "8x8-meeting-rooms" & @CRLF & _ "8x8 Spaces - " & @CRLF & _ "https://apps.apple.com/us/app/8x8-meeting-rooms/id1468264023" & @CRLF & _ "While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions" & @CRLF & _ "8x8.wavecell.com" & @CRLF & _ "(webmail.wavecell.com)" & @CRLF & _ "Powered by [Hubspot](https://bugcrowd.com/hubspot)." & @CRLF & _ "Jitsi Meet Desktop" & @CRLF & _ "https://desktop.jitsi.org/Main/Download.html" & @CRLF & _ "Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions." & @CRLF & _ "accountmanager.8x8.com" & @CRLF & _ "com.atlassian.JitsiMeet.ios" & @CRLF & _ "https://apps.apple.com/us/app/jitsi-meet/id1165103905" & @CRLF & _ "While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions." & @CRLF & _ "com.spot8x8.spot" & @CRLF & _ "8x8 Spaces - https://play.google.com/store/apps/details?id=com.spot8x8.spot" & @CRLF & _ "express.8x8.com" & @CRLF & _ "feedback.wavecell.com" & @CRLF & _ "Powered by [Canny](https://canny.io/security)." & @CRLF & _ "get8x8.com" & @CRLF & _ "http://*.callstats.io" & @CRLF & _ "Sold to Spearline. No longer owned by 8x8." & @CRLF & _ "http://*.contactnow.8x8.com" & @CRLF & _ "http://*.jitsi.org" & @CRLF & _ "http://*.sameroom.io" & @CRLF & _ "investors.8x8.com" & @CRLF & _ "mobileidentity.8x8.com" & @CRLF & _ "also api.mobileidentity.8x8.com" & @CRLF & _ "(more info to come soon)" & @CRLF & _ "org.jitsi.meet" & @CRLF & _ "https://play.google.com/store/apps/details?id=org.jitsi.meet" & @CRLF & _ "supersite.8x8.com" & @CRLF & _ "support-portal.8x8.com" & @CRLF & _ "support.8x8.com" & @CRLF & _ "vm.8x8.com" & @CRLF & _ "www.8x8.com" & @CRLF & _ "www.wavecell.com" & @CRLF & _ "eflow.watsons.com.tw/" & @CRLF & _ "form.watsons.com.my" & @CRLF & _ "https://www.watsons.com.my/blog" & @CRLF & _ "Any feedback form" & @CRLF & _ "MarketPlace Submission process." & @CRLF & _ "community.miro.com" & @CRLF & _ "developers.miro.com" & @CRLF & _ "events.miro.com" & @CRLF & _ "help.miro.com" & @CRLF & _ "miro.com/api/stream/v1/*" & @CRLF & _ "miro.com/careers/vacancy/*" & @CRLF & _ "miro.com/contact/*" & @CRLF & _ "status.miro.com" & @CRLF & _ "*.corebridgefinancial.com" & @CRLF & _ "*.travelguard.com" & @CRLF & _ "travel.aig.co.jp" & @CRLF & _ "Subdomains maintained by third parties, other than AIG, are not in scope for this program." & @CRLF & _ "www-1008.aig.com" & @CRLF & _ "www.corebridgefinancial.com" & @CRLF & _ "*.fip.finra.org" & @CRLF & _ "https://ews.finra.org/*" & @CRLF & _ "*.pantheonsite.io" & @CRLF & _ "careers.chime.com" & @CRLF & _ "3rd-party vendor" & @CRLF & _ "nd.chime.com" & @CRLF & _ "blog.launchdarkly.com" & @CRLF & _ "launchdarkly.com" & @CRLF & _ "This is our static marketing site." & @CRLF & _ "sandbox.launchdarkly.com" & @CRLF & _ "slack.launchdarkly.com" & @CRLF & _ "status.launchdarkly.com" & @CRLF & _ "*.matic.network" & @CRLF & _ "https://github.com/maticnetwork/contracts" & @CRLF & _ "#Contracts" & @CRLF & _ "This repository contains the smart contracts that power Matic Network" & @CRLF & _ "*.skale.network" & @CRLF & _ "https://github.com/skalenetwork/skale-node-cli" & @CRLF & _ "https://github.com/skalenetwork/validator-cli" & @CRLF & _ "Spamming of forms and APIs with automated vulnerability scanners are strictly out of scope" & @CRLF & _ "help.yesware.com" & @CRLF & _ "roadmap.vendasta.com" & @CRLF & _ "Uses a third-party content management system so it is ineligible for VDP." & @CRLF & _ "t.yesware.com" & @CRLF & _ "This subdomain is used for generated email tracking links. **We do not accept open-redirect issues for this subdomain**." & @CRLF & _ "www.vendasta.com" & @CRLF & _ "www.yesware.com" & @CRLF & _ "www.designsystems.com" & @CRLF & _ "event.us-east-1.sws.siemens.com" & @CRLF & _ "http://o0pv3l7chl.execute-api.us-east-1.amazonaws.com/dev" & @CRLF & _ "https://react.vis.pre2.usea1.devops.sws.siemens.com/sample/dist/index.html" & @CRLF & _ "poh0v3odoi.execute-api.eu-central-1.amazonaws.com" & @CRLF & _ "*.aws.*" & @CRLF & _ "*.dev" & @CRLF & _ ".*a2z*." & @CRLF & _ "AWS and AWS customer assets are strictly out of scope" & @CRLF & _ "Amazon Web Services (AWS)" & @CRLF & _ "Currently, anything related to AWS should be considered out of scope and should be reported directly to AWS: https://aws.amazon.com/security/vulnerability-reporting/" & @CRLF & _ "Anything considered a non-prod asset" & @CRLF & _ "Anything which redirects to AWS" & @CRLF & _ "amazongames.com" & @CRLF & _ "learning.logistics.amazon.com" & @CRLF & _ "CS.Money Antiscam" & @CRLF & _ "This is our Google Chrome extension, which protects our users from potential scams. No longer supported and thus out of scope." & @CRLF & _ "[Chrome Web Store](https://chrome.google.com/webstore/detail/csmoney-antiscam/bocdepodnagbohblgjmooobalmcojkpg)" & @CRLF & _ "grafana.cs.money" & @CRLF & _ "Out of scope. This is our instance of Grafana." & @CRLF & _ "old.cs.money" & @CRLF & _ "Out of scope. This was the old version of our primary web application." & @CRLF & _ "Any assets not listed" & @CRLF & _ "\*.[any-domain].[or.id|com|net|org|id|web.id]:[2082|2083|2086|2087|2095|2096]/any backend we not manage" & @CRLF & _ "\*.1337.or.id, wiki.1337.or.id, news.1337.or.id" & @CRLF & _ "Browser extensions/add-ons" & @CRLF & _ "\- XSSRush (Chrome/Firefox)" & @CRLF & _ "access-dr.navient.com" & @CRLF & _ "access.navient.com" & @CRLF & _ "altaccess.navient.com" & @CRLF & _ "assist.navient.com" & @CRLF & _ "clientaccess.citrixcloud.navient.com" & @CRLF & _ "filegateway.navient.com" & @CRLF & _ "fms.navient.com" & @CRLF & _ "jobs.navient.com" & @CRLF & _ "m.jobs.navient.com" & @CRLF & _ "militaryadvisorchatbot-qa.navient.com" & @CRLF & _ "militaryvirtualassist-public.navient.com" & @CRLF & _ "mynavientwellbeing.com" & @CRLF & _ "navientlogin.b2clogin.com" & @CRLF & _ "navientpath.com" & @CRLF & _ "news.navient.com" & @CRLF & _ "o8.studentloan.navient.com" & @CRLF & _ "pcx.navient.com" & @CRLF & _ "rsa.citrixcloud.navient.com" & @CRLF & _ "services.navient.com" & @CRLF & _ "services2.navient.com" & @CRLF & _ "ssp.navient.com" & @CRLF & _ "studentloan.navient.com" & @CRLF & _ "tableau-prod.navient.com" & @CRLF & _ "tableau-test.navient.com" & @CRLF & _ "adsmanager.truecaller.com" & @CRLF & _ "community.truecaller.com" & @CRLF & _ "support.truecaller.com" & @CRLF & _ "www.investnext.com" & @CRLF & _ "com.evernote.android" & @CRLF & _ "help.evernote.com" & @CRLF & _ "https://svn.filezilla-project.org/svn/filezilla3/trunk/src/storj/" & @CRLF & _ "This also includes the libstorj dependency." & @CRLF & _ "Tier 1" & @CRLF & _ "Bounty table header" & @CRLF & _ "Tier 2" & @CRLF & _ "Tier 3" & @CRLF & _ "account.clario.co" & @CRLF & _ "api-ne.clario.co" & @CRLF & _ "api.account.opendoor.ltd" & @CRLF & _ "old" & @CRLF & _ "*.hcltechsw.com" & @CRLF & _ "*.atp-exodus.com" & @CRLF & _ "We do not own atp-exodus.com assets hence it should be considered out of scope." & @CRLF & _ "exodus.atlassian.net" & @CRLF & _ "We do not own Atlassian instance at https://exodus.atlassian.net . Any reports containing this out-of-scope asset will be marked as N/A" & @CRLF & _ "exodusstore.blob.core.windows.net" & @CRLF & _ "This azure bucket does not belong to us please refrain from submitting." & @CRLF & _ "get.exodus.*" & @CRLF & _ "This subdomain is hosted on a 3rd party dataset" & @CRLF & _ "http://exodus.com/keybase.txt" & @CRLF & _ "intentionally public. Any report related to this will be marked Not-Applicable" & @CRLF & _ "http://www.exodus.com/contact-support" & @CRLF & _ "https://exodus.atlassian.net" & @CRLF & _ "We do not own this instance, Any report related to this will be marked as `Not-Applicable` " & @CRLF & _ "slack-invite.exodus.com" & @CRLF & _ "Invite link to our public Slack, there are no vulnerabilities." & @CRLF & _ "support-helpers.a.exodus.io" & @CRLF & _ "This subdomain points to our support and hiring services which are hosted on 3rd party dataset" & @CRLF & _ "support.exodus.com" & @CRLF & _ "Domain is not in scope for testing" & @CRLF & _ "www.exodus.com/job-application/*" & @CRLF & _ "3rd party service installed on the endpoint" & @CRLF & _ "Out Of Scope" & @CRLF & _ "#### Out of Scope:" & @CRLF & _ "* admin.topcoder.com" & @CRLF & _ "* api-work.topcoder.com" & @CRLF & _ "* dev.arena.topcoder.com" & @CRLF & _ "* qa.arena.topcoder.com" & @CRLF & _ "* arenaws.topcoder.com" & @CRLF & _ "* asteroids.topcoder.com" & @CRLF & _ "* beta.topcoder.com" & @CRLF & _ "* beta-community-app.topcoder.com" & @CRLF & _ "* blitz.topcoder.com" & @CRLF & _ "* bluehost.topcoder.com" & @CRLF & _ "* bluehost-test01.topcoder.com" & @CRLF & _ "* bluehost-test02.topcoder.com" & @CRLF & _ "* cmap-leaders.topcoder.com" & @CRLF & _ "* coder.topcoder.com" & @CRLF & _ "* codeyourwayin.topcoder.com" & @CRLF & _ "* dtn.topcoder.com" & @CRLF & _ "* epa.topcoder.com" & @CRLF & _ "* hphaven.topcoder.com" & @CRLF & _ "* ideas.topcoder.com" & @CRLF & _ "* info.topcoder.com" & @CRLF & _ "* internal-api.topcoder.com" & @CRLF & _ "* jp.topcoder.com" & @CRLF & _ "* lightning.topcoder.com" & @CRLF & _ "* link.topcoder.com" & @CRLF & _ "* mediasharedev.topcoder.com" & @CRLF & _ "* mediasharepoc.topcoder.com" & @CRLF & _ "* mobile.topcoder.com" & @CRLF & _ "* predix.topcoder.com" & @CRLF & _ "* qa.topcoder.com" & @CRLF & _ "* software.qa.topcoder.com" & @CRLF & _ "* studio.qa.topcoder.com" & @CRLF & _ "* site.topcoder.com" & @CRLF & _ "* smtp.topcoder.com" & @CRLF & _ "* swift.topcoder.com" & @CRLF & _ "* talk.topcoder.com" & @CRLF & _ "* tcdev1.topcoder.com" & @CRLF & _ "* tcdev3.topcoder.com" & @CRLF & _ "* topgear.topcoder.com" & @CRLF & _ "* training.topcoder.com" & @CRLF & _ "* tunnel1.topcoder.com" & @CRLF & _ "* vorbote.topcoder.com" & @CRLF & _ "* wiki.topcoder.com" & @CRLF & _ "* x-receiver.topcoder.com" & @CRLF & _ "www.gmelius.com" & @CRLF & _ "Gmelius' www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider." & @CRLF & _ "api.outpost.co" & @CRLF & _ "app.outpost.co" & @CRLF & _ "www.mplans.com" & @CRLF & _ "www.outpost.co" & @CRLF & _ "www.teamoutpost.com" & @CRLF & _ "*.mtnfootball.com" & @CRLF & _ "HI we no longer are in ownership of this domain or subdomains." & @CRLF & _ "41.189.179.249" & @CRLF & _ "41.216.67.108" & @CRLF & _ "41.216.78.13" & @CRLF & _ "41.216.80.172" & @CRLF & _ "achom.ir" & @CRLF & _ "areeba.com.gh" & @CRLF & _ "areeba.com.gn" & @CRLF & _ "electricityservices.mtn.com.sy" & @CRLF & _ "faulucareers.co.ke" & @CRLF & _ "gameplus.mtnonline.com" & @CRLF & _ "games.mtnonline.com" & @CRLF & _ "h14de.n2.ips.mtn.co.ug" & @CRLF & _ "h1576.n2.ips.mtn.co.ug" & @CRLF & _ "h163e.n2.ips.mtn.co.ug" & @CRLF & _ "h18e.n1.ips.mtn.co.ug" & @CRLF & _ "h19f2.n2.ips.mtn.co.ug" & @CRLF & _ "h19f6.n2.ips.mtn.co.ug" & @CRLF & _ "h1b24.n2.ips.mtn.co.ug" & @CRLF & _ "h1b6e.n2.ips.mtn.co.ug" & @CRLF & _ "h1c1c.n2.ips.mtn.co.ug" & @CRLF & _ "h1c5b.n1.ips.mtn.co.ug" & @CRLF & _ "h1f7.n1.ips.mtn.co.ug" & @CRLF & _ "h1fa.n1.ips.mtn.co.ug" & @CRLF & _ "h2252.n1.ips.mtn.co.ug" & @CRLF & _ "h2276.n1.ips.mtn.co.ug" & @CRLF & _ "h22d.n1.ips.mtn.co.ug" & @CRLF & _ "h22eb.n1.ips.mtn.co.ug" & @CRLF & _ "h2302.n1.ips.mtn.co.ug" & @CRLF & _ "h234e.n1.ips.mtn.co.ug" & @CRLF & _ "h235.n1.ips.mtn.co.ug" & @CRLF & _ "h245a.n1.ips.mtn.co.ug" & @CRLF & _ "h2472.n1.ips.mtn.co.ug" & @CRLF & _ "h254e.n1.ips.mtn.co.ug" & @CRLF & _ "h27d.n2.ips.mtn.co.ug" & @CRLF & _ "h27d6.n1.ips.mtn.co.ug" & @CRLF & _ "h27da.n1.ips.mtn.co.ug" & @CRLF & _ "h2826.n1.ips.mtn.co.ug" & @CRLF & _ "h2a36.n1.ips.mtn.co.ug" & @CRLF & _ "h2a8.n1.ips.mtn.co.ug" & @CRLF & _ "h2cf3.n1.ips.mtn.co.ug" & @CRLF & _ "h2cf3.n1.ips.mtn.co.ug:8070" & @CRLF & _ "h2d.n1.ips.mtn.co.ug" & @CRLF & _ "h2d5.n1.ips.mtn.co.ug" & @CRLF & _ "h2dea.n1.ips.mtn.co.ug" & @CRLF & _ "h30e.n1.ips.mtn.co.ug" & @CRLF & _ "h341b.n1.ips.mtn.co.ug" & @CRLF & _ "h3426.n1.ips.mtn.co.ug" & @CRLF & _ "h37d.n1.ips.mtn.co.ug" & @CRLF & _ "h3b5.n1.ips.mtn.co.ug" & @CRLF & _ "h3b68.n1.ips.mtn.co.ug" & @CRLF & _ "h3b7.n1.ips.mtn.co.ug" & @CRLF & _ "h3e5.n1.ips.mtn.co.ug" & @CRLF & _ "h456.n1.ips.mtn.co.ug" & @CRLF & _ "h62a.n1.ips.mtn.co.ug" & @CRLF & _ "h652.n2.ips.mtn.co.ug" & @CRLF & _ "h696.n2.ips.mtn.co.ug" & @CRLF & _ "h69a.n2.ips.mtn.co.ug" & @CRLF & _ "h6a2.n2.ips.mtn.co.ug" & @CRLF & _ "h6a6.n2.ips.mtn.co.ug" & @CRLF & _ "h6b6.n2.ips.mtn.co.ug" & @CRLF & _ "h6ba.n2.ips.mtn.co.ug" & @CRLF & _ "h6c6.n2.ips.mtn.co.ug" & @CRLF & _ "h6ca.n2.ips.mtn.co.ug" & @CRLF & _ "h6ce.n1.ips.mtn.co.ug" & @CRLF & _ "h6d2.n2.ips.mtn.co.ug" & @CRLF & _ "h6d6.n2.ips.mtn.co.ug" & @CRLF & _ "h6fa.n1.ips.mtn.co.ug" & @CRLF & _ "h742.n1.ips.mtn.co.ug" & @CRLF & _ "h7c2.n1.ips.mtn.co.ug" & @CRLF & _ "h80e.n1.ips.mtn.co.ug" & @CRLF & _ "h82e.n1.ips.mtn.co.ug" & @CRLF & _ "h862.n1.ips.mtn.co.ug" & @CRLF & _ "h93e.n1.ips.mtn.co.ug" & @CRLF & _ "hb16.n1.ips.mtn.co.ug" & @CRLF & _ "hb56.n1.ips.mtn.co.ug" & @CRLF & _ "hb92.n1.ips.mtn.co.ug" & @CRLF & _ "hbce.n1.ips.mtn.co.ug" & @CRLF & _ "hd65.n2.ips.mtn.co.ug" & @CRLF & _ "he2.n1.ips.mtn.co.ug" & @CRLF & _ "hfa.n4.ips.mtn.co.ug" & @CRLF & _ "hfe.n1.ips.mtn.co.ug" & @CRLF & _ "http://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331" & @CRLF & _ "https://www.evod.co.za/" & @CRLF & _ "https://www.mtn.com/contact/become-supplier/" & @CRLF & _ "Aware of the fucntion and tested via pentest teams" & @CRLF & _ "https://www.mtn.com/investors/sign-up-for-investor-information/" & @CRLF & _ "Not in scope aware of this and we have tested and happy with results from external pen testing firm" & @CRLF & _ "https://www.mtn.com/wp-json/" & @CRLF & _ "HI," & @CRLF & _ "Hosted WordPress site, this is enabled on the hosted environment, other mitigation in place to prevent ddos and brute force from happening" & @CRLF & _ "https://www.mtn.com/wp-json/wp/v2/users/" & @CRLF & _ "https://www.mtn.com/wp-login.php" & @CRLF & _ "https://www.mtn.com/xmlrpc.php" & @CRLF & _ "https://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331" & @CRLF & _ "irancel.ir" & @CRLF & _ "irancell.ir" & @CRLF & _ "jolie.ir" & @CRLF & _ "lonestarcell.org" & @CRLF & _ "m-game.mtnonline.com" & @CRLF & _ "move2mtn.com" & @CRLF & _ "mtn-bissau.com" & @CRLF & _ "Domain does not belong to MTN Bissau." & @CRLF & _ "mtn-eschool.com" & @CRLF & _ "mtn-ic.com" & @CRLF & _ "mtn-weca.com" & @CRLF & _ "mtn.com.cy" & @CRLF & _ "This is from an entity that was sold off " & @CRLF & _ "mtn.com.ye" & @CRLF & _ "This forms part of an entity that was sold off " & @CRLF & _ "mtnblog.co.za" & @CRLF & _ "mtnbusiness.tel" & @CRLF & _ "mtnfootball.com" & @CRLF & _ "mtngame.net" & @CRLF & _ "mtngb.com" & @CRLF & _ "mtnhostedservices.com" & @CRLF & _ "mtnhostedservices.net" & @CRLF & _ "mtnlibmusic.com" & @CRLF & _ "mtnmail.org" & @CRLF & _ "mtnmail.tel" & @CRLF & _ "mtnmailsync.com" & @CRLF & _ "mtnmmo.com" & @CRLF & _ "mtnmobad.mtnbusiness.com.ng" & @CRLF & _ "mtnmobilemoney.us" & @CRLF & _ "mtnmobility.net" & @CRLF & _ "mtnonlineservices.com" & @CRLF & _ "mtnpulse.tel" & @CRLF & _ "mtnrechargelink.com" & @CRLF & _ "mtnspotlight.com" & @CRLF & _ "mtnsyr.com" & @CRLF & _ "mtnvoicemail.com" & @CRLF & _ "mtnzakhele.tel" & @CRLF & _ "mwstatic-game.mtnonline.com" & @CRLF & _ "novafone.com.lr" & @CRLF & _ "ptldynamic-game.mtnonline.com" & @CRLF & _ "ptlstatic-game.mtnonline.com" & @CRLF & _ "sharehub.co.ke" & @CRLF & _ "wap-game.mtnonline.com" & @CRLF & _ "wapstatic-game.mtnonline.com" & @CRLF & _ "www.evod.co.za" & @CRLF & _ "www.mtnbusiness.co.za" & @CRLF & _ "yellomonitoring.ir" & @CRLF & _ "https://github.com/kubernetes/ingress-gce" & @CRLF & _ "https://github.com/kubernetes/ingress-nginx" & @CRLF & _ "api-staging.gocardless.com" & @CRLF & _ "Staging version of the Dashboard API. Please test the Sandbox deployment instead." & @CRLF & _ "api.gocardless.com" & @CRLF & _ "Production version of the Merchant Dashboard API component." & @CRLF & _ "Please test the Sandbox deployment instead." & @CRLF & _ "brand.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Webflow". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report." & @CRLF & _ "connect.gocardless.com" & @CRLF & _ "Production version of the Merchant Dashboard OpenID authentication component." & @CRLF & _ "gocardless-status.com, status.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Atlassian"." & @CRLF & _ "learn.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "PayTo University"." & @CRLF & _ "manage.gocardless-staging.io" & @CRLF & _ "Staging version of the Merchant Dashboard application. Please test the Sandbox deployment instead." & @CRLF & _ "manage.gocardless.com" & @CRLF & _ "Production version of the Merchant Dashboard application." & @CRLF & _ "oauth-staging.gocardless.com" & @CRLF & _ "Staging version of the OAuth API. Please test the Sandbox deployment instead." & @CRLF & _ "oauth.gocardless.com" & @CRLF & _ "Production version of the authentication component of the GC4X application." & @CRLF & _ "outgrow.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Outgrow"." & @CRLF & _ "partnerportal.gocardless.com, gocardless.my.site.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Salesforce". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report." & @CRLF & _ "pay.gocardless.com" & @CRLF & _ "Production version of the API used to process billing requests, related to the Merchant Dashboard application." & @CRLF & _ "privacy.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Transcend"." & @CRLF & _ "qbo-api.gocardless.com" & @CRLF & _ "This is an API endpoint for a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks"." & @CRLF & _ "qbo.gocardless.com" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks"." & @CRLF & _ "storybook.gocardless.io" & @CRLF & _ "This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Storybook". " & @CRLF & _ "support.gocardless.com" & @CRLF & _ "This is our Zendesk instance. However, it is not under our control, and vulnerabilities should reported directly to Zendesk. If you think there is an issue that is caused specifically by our implementation of Zendesk that is not present in other instances, do let us know, and we can consider issuing a reward." & @CRLF & _ "xero-sandbox.gocardless.com" & @CRLF & _ "GoCardless integration with Xero (GC4X). Users and permissions are managed through the Dashboard application (manage.gocardless). ReadOnly users cannot access GC4X; ReadWrite and Admin users have the same level of access on GC4X." & @CRLF & _ "xero-staging.gocardless.com" & @CRLF & _ "Testing environment for the GoCardless integration with Xero. Frequently used by merchants for testing implementations." & @CRLF & _ "xero.gocardless.com" & @CRLF & _ "Production version of the GoCardless integration with Xero. " & @CRLF & _ "*.acordocerto.com.br" & @CRLF & _ "preview.midigator.com" & @CRLF & _ "This is a demo site hosting exclusively test data to preview the functionality of the production website." & @CRLF & _ "CounterAct 8.3" & @CRLF & _ "This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings! " & @CRLF & _ "datapod-1-100-ingest.development.forescoutcloud.net" & @CRLF & _ "* Expanded Datapod Host Range to 100 nodes" & @CRLF & _ "** Naming convention is datapod-[1-100]-ingest.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-ingest.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-ingest.development.forescoutcloud.net" & @CRLF & _ "and so on." & @CRLF & _ "datapod-1-100-ingest.testing.forescoutcloud.net" & @CRLF & _ "** Naming convention is datapod-[1-100]-ingest.testing.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-ingest.testing.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-ingest.testing.forescoutcloud.net" & @CRLF & _ "datapod-1-100-query.development.forescoutcloud.net" & @CRLF & _ "** Naming convention is datapod-[1-100]-query.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-query.development.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-query.development.forescoutcloud.net" & @CRLF & _ "datapod-1-100-query.testing.forescoutcloud.net" & @CRLF & _ "** Naming convention is datapod-[1-100]-query.testing.forescoutcloud.net" & @CRLF & _ "** Example: datapod-1-ingest.query.forescoutcloud.net" & @CRLF & _ "** Example: datapod-10-ingest.query.forescoutcloud.net" & @CRLF & _ "datapod-1-ingest.acceptance.forescoutcloud.net" & @CRLF & _ "datapod-1-query.acceptance.forescoutcloud.net" & @CRLF & _ "forescout.service-now.com" & @CRLF & _ "mgmtpod-1-100-dashboard.development.forescoutcloud.net" & @CRLF & _ "* Expanded Mgmtpod Host Range to 100 nodes" & @CRLF & _ "** Naming convention is mgmtpod-[1-100]-dashboard.development.forescoutcloud.net" & @CRLF & _ "** Example: mgmtpod-1-dashboard.development.forescoutcloud.net" & @CRLF & _ "** Example: mgmtpod-10-dashboard.development.forescoutcloud.net" & @CRLF & _ "mgmtpod-1-100.development.forescoutcloud.net" & @CRLF & _ "** Naming convention is mgmtpod-[1-100].development.forescoutcloud.net" & @CRLF & _ "** Example: mgmtpod-1.development.forescoutcloud.net" & @CRLF & _ "** Example: mgmtpod-10.development.forescoutcloud.net" & @CRLF & _ "*nvapis.line.me " & @CRLF & _ "URLs that contain `nvapis.line.me` will be out of scope." & @CRLF & _ "Example: `dev-nvapis.line.me`, `kr-nvapis.line.me` etc" & @CRLF & _ "DEMAE-CAN" & @CRLF & _ "LINE BANK" & @CRLF & _ "LINE FINANCIAL" & @CRLF & _ "LINE Pay" & @CRLF & _ "Please refrain from testing any functionality that is related to financial transactions. **This includes LINE Pay functionality within the LINE Application and Rabbit Pay for Thailand.**" & @CRLF & _ "LINE TAXI" & @CRLF & _ "LINEMAN" & @CRLF & _ "Yahoo Japan" & @CRLF & _ "https://entry.line.me/" & @CRLF & _ "livedoor" & @CRLF & _ "prod-fido-fido2-server.line-apps.com" & @CRLF & _ "This domain is a FIDO API endpoint for testing integrations. It has no user data and is purely for testing implementations. As such, it is out of scope for this program." & @CRLF & _ "*.sky.com.mx" & @CRLF & _ "This is out of scope for submission. " & @CRLF & _ "12.0.1.28" & @CRLF & _ "accbusinesspricing.att.com" & @CRLF & _ "attdashboard.wireless.att.com" & @CRLF & _ "attpurchasing.com" & @CRLF & _ "This is out of scope for submission" & @CRLF & _ "attsuppliers.com" & @CRLF & _ "authkeysmx01.att.com.mx" & @CRLF & _ "c2m-projectone.att.com" & @CRLF & _ "https://clec.att.com/clec/" & @CRLF & _ "prod-taxexempt.att.com" & @CRLF & _ "projectone.att.com" & @CRLF & _ "rcloud.social" & @CRLF & _ "wf-projectone.att.com" & @CRLF & _ "*solidus.io" & @CRLF & _ "academy.datastax.com" & @CRLF & _ "*Automated Scanning Prohibited*" & @CRLF & _ "Sign ups are open, you may use any email address that can be verified to sign up for the academy." & @CRLF & _ "community.datastax.com" & @CRLF & _ "https://*cla.datastax.com/" & @CRLF & _ "*.dev.dynatracelabs.com" & @CRLF & _ "*.dynatrace.com" & @CRLF & _ "This is our corporate website and it is out of scope of this program. " & @CRLF & _ "EasyTrade demo application" & @CRLF & _ "This is a demo application which helps you fill your testing environment with data. " & @CRLF & _ "For more details please have a look at the "Useful tips" section of the policy or the [github repo](https://github.com/Dynatrace/easytrade)" & @CRLF & _ "easyTravel demo application" & @CRLF & _ "This is a demo application which helps you fill your testing environment with data. For more details please have a look at the "Useful tips" section of the policy or our [community page](https://community.dynatrace.com/t5/Start-with-Dynatrace/easyTravel-Documentation-and-Download/m-p/181271)." & @CRLF & _ "https://github.com/Dynatrace-oss-contrib" & @CRLF & _ "Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/)." & @CRLF & _ "*.citymapper.com/" & @CRLF & _ "*.drivewithvia.com" & @CRLF & _ "citymapper.com" & @CRLF & _ "remix.com" & @CRLF & _ "ridewithvia.com" & @CRLF & _ "ridewithvia.okta.com" & @CRLF & _ "status.coda.io" & @CRLF & _ "*.criticalstack.com" & @CRLF & _ "When creating accounts on this asset, please use the following information. If you need multiple accounts, please use {username}+1@wearehackerone.com etc." & @CRLF & _ "Email: " & @CRLF & _ "{username}@wearehackerone.com " & @CRLF & _ "First Name: Bug Bounty" & @CRLF & _ "Last Name: Tester " & @CRLF & _ "DOB: 7/27/1994" & @CRLF & _ "Phone Number: 123-456-7890" & @CRLF & _ "Business Name: Bug Bounty Program " & @CRLF & _ "Address: 1680 Capital One Drive" & @CRLF & _ "State: VA" & @CRLF & _ "City: McLean " & @CRLF & _ "Country: USA" & @CRLF & _ "*.intelstack.com" & @CRLF & _ "*.unitedincome.com" & @CRLF & _ "414607046" & @CRLF & _ "asos-idcheck.capitalone.co.uk" & @CRLF & _ "3rd Party Asset" & @CRLF & _ "com.yinzcam.facilities.verizon" & @CRLF & _ "idcheck.capitalone.co.uk" & @CRLF & _ "jamfproqa.capitalone.com" & @CRLF & _ "littlewoods-idcheck.capitalone.co.uk" & @CRLF & _ "luma-idcheck.capitalone.co.uk" & @CRLF & _ "ocean-idcheck.capitalone.co.uk" & @CRLF & _ "postoffice-idcheck.capitalone.co.uk" & @CRLF & _ "thinkmoney-idcheck.capitalone.co.uk" & @CRLF & _ "travel-qa.capitalone.com" & @CRLF & _ "travel.capitalone.com" & @CRLF & _ "very-idcheck.capitalone.co.uk" & @CRLF & _ "reddit.secure.force.com" & @CRLF & _ "[Non-core asset]" & @CRLF & _ "Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren't eligible for payout, but misconfigurations that are Reddit's responsibility are. " & @CRLF & _ "*bc.earlywarning.com" & @CRLF & _ "ccpa*.zellepay.com" & @CRLF & _ "ccpa.zellepay.com" & @CRLF & _ "demo.earlywarning.com" & @CRLF & _ "docs.earlywarning.com" & @CRLF & _ "flip0717.earlywarning.com" & @CRLF & _ "toolkit.zellepay.com" & @CRLF & _ "zellepay.earlywarning.com" & @CRLF & _ "Out of scope per Salesforce policy" & @CRLF & _ "*.email.instacart.com" & @CRLF & _ "brand.instacart.com" & @CRLF & _ "careers.instacart.com" & @CRLF & _ "carrotstore.instacart.com" & @CRLF & _ "corporate.instacart.com" & @CRLF & _ "covidresponse.instacart.com" & @CRLF & _ "design.instacart.com" & @CRLF & _ "enterprise-status.instacart.com" & @CRLF & _ "Third-party system - [Atlassian Statuspage](https://www.atlassian.com/software/statuspage)" & @CRLF & _ "instacart.careers" & @CRLF & _ "life.instacart.com" & @CRLF & _ "news.instacart.com" & @CRLF & _ "tech.instacart.com" & @CRLF & _ "www.phpbb.com" & @CRLF & _ "Please limit your reports to the phpBB git repository for now." & @CRLF & _ "developers.fortmatic.com" & @CRLF & _ "Out of scope third-party hosted integration" & @CRLF & _ "docs.fortmatic.com" & @CRLF & _ "email.fortmatic.com" & @CRLF & _ "static.fortmatic.com" & @CRLF & _ "china.airasiago.com" & @CRLF & _ "thailand.airasiago.com" & @CRLF & _ "www.expediapartnersolutions.com" & @CRLF & _ "api-portal.etoro.com" & @CRLF & _ "etorox.com" & @CRLF & _ "templates.etoro.com" & @CRLF & _ "*.netlify.app" & @CRLF & _ "Except for the in scope subdomains listed as in scope." & @CRLF & _ "*.netlify.com" & @CRLF & _ "*.netlifycms.org" & @CRLF & _ "answers.netlify.com" & @CRLF & _ "docs.netlify.com" & @CRLF & _ "https://github.com/netlify/" & @CRLF & _ "webpop.com" & @CRLF & _ "This is an old asset and will be deprecated in the near future. " & @CRLF & _ "www.netlify.com" & @CRLF & _ "This is Netlify's marketing website. " & @CRLF & _ "*.canada.fanduel.com" & @CRLF & _ "*.fndl.dev" & @CRLF & _ "appsflyer.com" & @CRLF & _ "crashlytics.com" & @CRLF & _ "help.creditkarma.com" & @CRLF & _ "SalesForce owned-endpoint. Manual Testing only. No Automated Scanning. " & @CRLF & _ "• No automated scanning on this endpoint." & @CRLF & _ "• Overnight hours only (10PM - 2AM PT)" & @CRLF & _ "• Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from HackerOne and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga." & @CRLF & _ "https://www.creditkarma.com/all/advice" & @CRLF & _ "https://www.creditkarma.com/article/*" & @CRLF & _ "socialverification.creditkarma.com" & @CRLF & _ "socialverification.stage.creditkarma.com" & @CRLF & _ "taplytics.com" & @CRLF & _ "tax.creditkarma.com" & @CRLF & _ "taxsupport.creditkarma.com" & @CRLF & _ ".*mercadolibre.*" & @CRLF & _ "Redelcom" & @CRLF & _ "Any other asset related to redelcom" & @CRLF & _ "ajuda.kangu.com.br" & @CRLF & _ "developersforum" & @CRLF & _ "Any asset related to developersforum " & @CRLF & _ "Including but not limited to:" & @CRLF & _ "https://developersforum.mercadolibre.com.ar/" & @CRLF & _ "https://developersforum.mercadolibre.com.co/" & @CRLF & _ "https://developersforum.mercadolibre.cl/" & @CRLF & _ "https://developersforum.mercadolibre.com.mx/" & @CRLF & _ "https://developersforum.mercadolibre.com.ve/" & @CRLF & _ "Other urbancompany.com subdomains except for the ones in-scope" & @CRLF & _ "Examples of out-of-scope subdomains include but not limited to:" & @CRLF & _ "- careers.urbancompany.com" & @CRLF & _ "- careers.urbanclap.com" & @CRLF & _ "- blog.urbancompany.com" & @CRLF & _ "- blog.urbanclap.com" & @CRLF & _ "- sherlock.urbanclap.com" & @CRLF & _ "- sherlock.urbancompany.com " & @CRLF & _ "- ops.urbanclap.com " & @CRLF & _ "- ops.urbancompany.com" & @CRLF & _ "- configs.urbanclap.com" & @CRLF & _ "- configs.urbancompany.com" & @CRLF & _ "- jarvis.urbanclap.com" & @CRLF & _ "- jarvis.urbancompany.com" & @CRLF & _ "- pro.urbanclap.com" & @CRLF & _ "- dev*.urbanclap.com" & @CRLF & _ "- All staging and dev subdomains" & @CRLF & _ "https://www.remitly.com/blog" & @CRLF & _ "*.egadvertising.com" & @CRLF & _ "*.hoteis.com" & @CRLF & _ "*.hoteles.com" & @CRLF & _ "events.nutanix.com" & @CRLF & _ "frame.nutanix.com" & @CRLF & _ "karbon.nutanix.com" & @CRLF & _ "This domain and its sub-domains are out of scope." & @CRLF & _ "mops.nutanix.com" & @CRLF & _ "next.nutanix.com" & @CRLF & _ "webex.nutanix.com" & @CRLF & _ "*.flickr.net" & @CRLF & _ "amt.flickr.com" & @CRLF & _ "appletv.flickr.com" & @CRLF & _ "blog.flickr.com" & @CRLF & _ "blogtest.flickr.com" & @CRLF & _ "bluebird.flickr.com" & @CRLF & _ "code.flickr.com" & @CRLF & _ "csp.flickr.com" & @CRLF & _ "flickrhelp.com" & @CRLF & _ "Please don't research or file reports against our customer support features" & @CRLF & _ "guce.flickr.com" & @CRLF & _ "health.flickr.com" & @CRLF & _ "help.flickr.com" & @CRLF & _ "links.flickr.com" & @CRLF & _ "This asset is used for emails and is out of scope." & @CRLF & _ "parkorbird.flickr.com" & @CRLF & _ "stage.guce.flickr.com" & @CRLF & _ "trunk.guce.flickr.com" & @CRLF & _ "api.matomo.org" & @CRLF & _ "forum.matomo.org" & @CRLF & _ "Please don't post test posts on the forum." & @CRLF & _ "The forum is using discourse, so please report any security issues [on their bug bounty](https://hackerone.com/discourse)" & @CRLF & _ "matomo.org" & @CRLF & _ "Project website" & @CRLF & _ "plugins.matomo.org" & @CRLF & _ "The Matomo Marketplace Platform is excluded from this bug bounty" & @CRLF & _ "shop.matomo.org" & @CRLF & _ "*.capturis.com" & @CRLF & _ "Submissions for noncredentialed access only. NISC does not issue credentials for its public vulnerability disclosure program." & @CRLF & _ "*.igear.coop" & @CRLF & _ "*.nisc-mic.coop" & @CRLF & _ "*.nisc.coop" & @CRLF & _ "*.saitek-fr.com" & @CRLF & _ "*.saitek.com" & @CRLF & _ "*.saitekforum.com" & @CRLF & _ "*.wilife.com" & @CRLF & _ "Logitech Alert Cameras" & @CRLF & _ "Logitech Alert cameras and the Commander software were EOL'ed many years ago and are not in scope for submission." & @CRLF & _ "Squeezebox Products" & @CRLF & _ "Squeezebox products were EOL'ed many years ago and aren't eligible for submissions." & @CRLF & _ "*.phunware.com" & @CRLF & _ "*.ritzcarltonyachtcollection.com" & @CRLF & _ "We need to handle some internal ownership details until we can support this asset as part of our scope. Please do not test it. " & @CRLF & _ "*moxymix*.marriott.com" & @CRLF & _ "Any domains or infrastructure pertaining to Moxy Mix projects are OOS until further notice. Thanks for working with our policy changes!" & @CRLF & _ "Not-Listed Assets" & @CRLF & _ "## Any asset *not* listed in-scope is *ineligible* for bounty and will be marked N/A" & @CRLF & _ "Phoenix Platform" & @CRLF & _ "apps.ritzcarlton.com" & @CRLF & _ "element-hotels.marriott.com" & @CRLF & _ "hotelexcellence.marriott.com" & @CRLF & _ "luxurybrands.marriott.com" & @CRLF & _ "marriott.tech" & @CRLF & _ "marriottlearnourbrands.com" & @CRLF & _ "meetings-excellence.marriott.com" & @CRLF & _ "mi.bookmarriott.com" & @CRLF & _ "milux.marriott.com" & @CRLF & _ "springhillsuites.marriott.com" & @CRLF & _ "towneplacesuites.marriott.com" & @CRLF & _ "This is a vanity site " & @CRLF & _ "vacations.marriott.com" & @CRLF & _ "We do not own this site. " & @CRLF & _ "www.github.com" & @CRLF & _ "We do not own this domain but we wish to receive notice of repositories on here that may contain our data. " & @CRLF & _ "www.travelagents.marriott.com" & @CRLF & _ "learn.acronis.com" & @CRLF & _ "Intercom" & @CRLF & _ "Intercom is a 3rd party add-on and is not in scope." & @CRLF & _ "blog.chain.link" & @CRLF & _ "chainlinklabs.com" & @CRLF & _ "The asset chainlinklabs.com is out of scope for this program." & @CRLF & _ "create.smartcontract.com" & @CRLF & _ "docs.chain.link" & @CRLF & _ "github.com/smartcontractkit/chainlink/contracts/src/*/dev" & @CRLF & _ "The contracts in the chainlink/contracts/src/*/dev directory are currently in development and not considered production-ready." & @CRLF & _ "github.com/smartcontractkit/chainlink/examples" & @CRLF & _ "The Chainlink Examples directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development." & @CRLF & _ "https://github.com/smartcontractkit/chainlink/tree/master/core/internal" & @CRLF & _ "The internal directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development." & @CRLF & _ "https://github.com/smartcontractkit/chainlink/tree/master/core/sgx" & @CRLF & _ "The Chainlink SGX directory contains tools and private keys in order to test the Chainlink's SGX compatibility in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development." & @CRLF & _ "https://github.com/smartcontractkit/chainlink/tree/master/integration" & @CRLF & _ "The Chainlink Integration directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development." & @CRLF & _ "https://github.com/smartcontractkit/chainlink/tree/master/tools" & @CRLF & _ "The Chainlink Tools directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development." & @CRLF & _ "*.atlassian.net" & @CRLF & _ "*.paypal.cn" & @CRLF & _ "**Please submit all `https://www.paypal.cn/` reports to the associated bounty program:**" & @CRLF & _ "- Paypal.vulbox.com" & @CRLF & _ "braintree.com" & @CRLF & _ "Please note braintree.com does not belong to PayPal, and as such is out of scope. " & @CRLF & _ "com.paypal.here" & @CRLF & _ "com.paypal.herehd" & @CRLF & _ "www.gopay.com" & @CRLF & _ "**Please submit all `Gopay` reports to:**" & @CRLF & _ "cbswag.com" & @CRLF & _ "This is a Shopify store, we recommend you submit any shopify bugs to their program: https://hackerone.com/shopify" & @CRLF & _ "status.chaturbate.com" & @CRLF & _ "This is a 3rd party site and therefore ineligible." & @CRLF & _ "support.chaturbate.com" & @CRLF & _ "The support site is 3rd party and therefore not part of the bounty program." & @CRLF & _ "*.pixiv.co.jp" & @CRLF & _ "factory.pixiv.net" & @CRLF & _ "* This site is in Japanese." & @CRLF & _ "* This site uses pixiv account (signup at https://accounts.pixiv.net)." & @CRLF & _ "*.affirm.com" & @CRLF & _ "https://github.com/crypto-com/chain-desktop-wallet" & @CRLF & _ "https://github.com/crypto-com/cro-staking" & @CRLF & _ "https://github.com/crypto-com/swap-contracts-core" & @CRLF & _ "https://github.com/crypto-com/swap-contracts-periphery" & @CRLF & _ "com.goodrx.doctors" & @CRLF & _ "iOS Download: https://itunes.apple.com/app/id1122105489" & @CRLF & _ "Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.doctors" & @CRLF & _ "com.goodrx.gold" & @CRLF & _ "iOS Download: https://itunes.apple.com/app/id1249717355" & @CRLF & _ "Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.gold" & @CRLF & _ "Gold workflow and features are being migrated into the primary GoodRx consumer app. Bounties for the Gold application must be replicated within the core GoodRx application to qualify for a bounty." & @CRLF & _ "investors.goodrx.com" & @CRLF & _ "This subdomain is not managed by GoodRx." & @CRLF & _ "sso.identity.goodrx.com" & @CRLF & _ "This sub-domain is manged by Auth0. Bugs hosted on this domain would be covered by Auth0's bug bounty program and not GoodRx's." & @CRLF & _ "support.goodrx.com" & @CRLF & _ "This subdomain is managed by Zendesk. Any issues on this page would be covered by Zendesk's bug bounty program." & @CRLF & _ "admin.pingone.com" & @CRLF & _ "api.pingone.com" & @CRLF & _ "authenticator.pingone.com" & @CRLF & _ "console.pingone.com" & @CRLF & _ "desktop.pingone.com" & @CRLF & _ "https://*.pingidentity.com" & @CRLF & _ "https://*.pingidentity.io" & @CRLF & _ "https://*.pingidentity.net" & @CRLF & _ "https://developer.pingidentity.com/*" & @CRLF & _ "test-desktop.pingone.com" & @CRLF & _ "test-sso.connect.pingidentity.com" & @CRLF & _ "uploads-staging.pingone.com" & @CRLF & _ "uploads.pingone.com" & @CRLF & _ "*.betfair.com.au" & @CRLF & _ "Betfair Australia is not part of Flutter UK&I division" & @CRLF & _ "*.email.skybet.com" & @CRLF & _ "This domain is out of scope." & @CRLF & _ "*.s6.sbgservices.com" & @CRLF & _ "*.sbagmail.skybettingandgaming.com" & @CRLF & _ "*.sbg.life" & @CRLF & _ "*.sbga.me" & @CRLF & _ "*.sbgcolab.com" & @CRLF & _ "*.sbgdataintl.com" & @CRLF & _ "*.sbggraduates.com" & @CRLF & _ "*.sbgmail.skybettingandgaming.com" & @CRLF & _ "*.sbgpeople.com" & @CRLF & _ "*.sbpartner.it" & @CRLF & _ "*.skybet-it.info" & @CRLF & _ "*.skybet.de" & @CRLF & _ "*.skybet.it" & @CRLF & _ "*.skybetcareers.com" & @CRLF & _ "*.skybetchiusuraconto.it" & @CRLF & _ "*.skybetgraduates.com" & @CRLF & _ "*.skybetpartner.de" & @CRLF & _ "*.skybettingandgamingresearch.com" & @CRLF & _ "*.skybusinessemail.com" & @CRLF & _ "This domain is not is not owned or managed by Flutter UK&I division" & @CRLF & _ "*.technology.skybettingandgaming.com" & @CRLF & _ "*.us.betfair.com" & @CRLF & _ "Betfair US is not part of the Flutter UK&I division" & @CRLF & _ "affiliatehub.skybet.com" & @CRLF & _ "community.betfair.com" & @CRLF & _ "This domain is temporarily out of scope." & @CRLF & _ "community.skypoker.com" & @CRLF & _ "community.staging.skypoker.com" & @CRLF & _ "email1.skybet.com" & @CRLF & _ "online.*.skybingo.com" & @CRLF & _ "https://online.<x>.skybingo.com/<y> is just a proxy to https://<x>.virtuefusion.com/<y> which is a third party website not owned or operated by Flutter UK&I, and as such we can neither give your permission to test it, not is it ieligable for bounty payments." & @CRLF & _ "Findings for this domain should be forwarded to www.playtech.com " & @CRLF & _ "partners.skybet.com" & @CRLF & _ "sbagmail.skybettingandgaming.com" & @CRLF & _ "skymail.sky.com" & @CRLF & _ "skyrgs.blueprintgaming.com" & @CRLF & _ "support.developer.betfair.com" & @CRLF & _ "technology.skybettingandgaming.com" & @CRLF & _ "www.betfair.com.co" & @CRLF & _ "Betfair Colombia is not part of the Flutter UK&I division" & @CRLF & _ "*.iovlabs.org" & @CRLF & _ "IOV Labs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "*.rif.technology" & @CRLF & _ "RIF websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "*.rifos.org" & @CRLF & _ "RIF OS websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "*.rootstock.io" & @CRLF & _ "Rootstock websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "*.rootstocklabs.com" & @CRLF & _ "Rootstocklabs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "*.rsk.co" & @CRLF & _ "RSK websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope." & @CRLF & _ "academy.bitmex.com" & @CRLF & _ "The academy subdomain and its subdomains are deprecated and therefore out of scope." & @CRLF & _ "affiliates.bitmex.com" & @CRLF & _ "bitmex-org.freshworks.com" & @CRLF & _ "bitmex.freshdesk.com" & @CRLF & _ "blog.bitmex.com" & @CRLF & _ "public-testnet.bitmex.com" & @CRLF & _ "public.bitmex.com" & @CRLF & _ "research.bitmex.com" & @CRLF & _ "status.bitmex.com" & @CRLF & _ "support.bitmex.com" & @CRLF & _ "**Do not use automated tools on support.bitmex.com.**" & @CRLF & _ "*.azuredatabricks.net" & @CRLF & _ "*.cloud.databricks.com" & @CRLF & _ "Other subdomains of *.azuredatabricks.net and other ‘o’ parameters" & @CRLF & _ "feedback.databricks.com" & @CRLF & _ "forums.databricks.com" & @CRLF & _ "go.databricks.com" & @CRLF & _ "https://databricks-prod-cloudfront.cloud.databricks.com/public/*" & @CRLF & _ "blog.thecoalition.com" & @CRLF & _ "Coalition's blog is hosted by Ghost. Security bugs in Ghost may be reported per https://github.com/TryGhost/Ghost/blob/master/SECURITY.md" & @CRLF & _ "help.thecoalition.com" & @CRLF & _ "Coalition's help site is hosted by Intercom. Security bugs in Intercom may be reported directly to the vendor." & @CRLF & _ "www.thecoalition.com" & @CRLF & _ "Coalition's www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider." & @CRLF & _ "*.elasticsearch.cn" & @CRLF & _ "This domain is not affiliated with Elastic." & @CRLF & _ "buy.elastic.co" & @CRLF & _ "community.elastic.co" & @CRLF & _ "discuss.elastic.co" & @CRLF & _ "elasticon.elastic.co" & @CRLF & _ "go.es.co" & @CRLF & _ "https://github.com/elastic/*/wiki" & @CRLF & _ "Our wikis are public on purpose" & @CRLF & _ "https://github.com/swiftype/*/wiki" & @CRLF & _ "Our wikis are meant to be public" & @CRLF & _ "info.elastic.co" & @CRLF & _ "jobs.elastic.co" & @CRLF & _ "learn.elastic.co" & @CRLF & _ "link.email.elastic.co" & @CRLF & _ "partners.elastic.co" & @CRLF & _ "sendgrid.elastic.co" & @CRLF & _ "track.email.elastic.co" & @CRLF & _ "training.elastic.co" & @CRLF & _ "wiki.elastic.co" & @CRLF & _ "*.clientevents.gs.com" & @CRLF & _ "*.communicatie.vennhypotheken.nl" & @CRLF & _ "*.events.gs.com" & @CRLF & _ "Any similar events pages are also all out of scope. These are all usually hosted by a vendor and as such we can't authorize testing on these assets. Please check in with us at bugbounty@gs.com when in doubt about an asset being in scope" & @CRLF & _ "*.overrules.vennhypotheken.nl" & @CRLF & _ "*.rocaton.com,secure.rocaton.com" & @CRLF & _ "www.rocaton.com is in scope, but other subdomains are not." & @CRLF & _ "*.scripts.vennhypotheken.nl" & @CRLF & _ "*.subscriptions.gs.com" & @CRLF & _ "10ksbv.eo.gs.com" & @CRLF & _ "18098.nextcapital.com" & @CRLF & _ "All .cn domains" & @CRLF & _ "Please note that all GS assets with .cn domains are Out of scope" & @CRLF & _ "billpay.goldman.com" & @CRLF & _ "blackinbusiness.gs.com" & @CRLF & _ "deb.nextcapital.com" & @CRLF & _ "email.nextcapital.com" & @CRLF & _ "gset.gs.com" & @CRLF & _ "gsg-uk.goldman.com" & @CRLF & _ "Do not pentest" & @CRLF & _ "gsg.goldman.com" & @CRLF & _ "gspf.goldman.com" & @CRLF & _ "npm-new.nextcapital.com" & @CRLF & _ "npm.nextcapital.com" & @CRLF & _ "qa-billpay.goldman.com" & @CRLF & _ "repo.nextcapital.com" & @CRLF & _ "rubygems.nextcapital.com" & @CRLF & _ "Personal email" & @CRLF & _ "Please do not report issues concerning my personal email addresses unless the severity is very high." & @CRLF & _ "Personal machine" & @CRLF & _ "edoverflow.keybase.pub" & @CRLF & _ "https://keybase.io/edoverflow" & @CRLF & _ "https://keybase.pub/edoverflow/" & @CRLF & _ "https://twitter.com/edoverflow" & @CRLF & _ "Yoti liveness detection campaign" & @CRLF & _ "developers.yoti.com" & @CRLF & _ "Please DO NOT test this domain - it is a third party hosted documentation site for developers, and not of concern to us. The third-party service DO NOT want this site tested. Thank you!" & @CRLF & _ "www.yoti.com" & @CRLF & _ "Please DO NOT report items from this website, unless you deem them to be critical in nature. WPSCAN findings will not be accepted." & @CRLF & _ "list.valvesoftware.com" & @CRLF & _ "This site is run by a 3rd party." & @CRLF & _ "translation.steampowered.com" & @CRLF & _ "valvestore.forfansbyfans.com,store.valvesoftware.com" & @CRLF & _ "www.steamgames.com" & @CRLF & _ "Pending cleanup from engineering." & @CRLF & _ "www.steampowered.com" & @CRLF & _ "This subdomain is out of scope pending code cleanup" & @CRLF & _ "*.bandcamp.com" & @CRLF & _ "Bandcamp is no longer affiliated with Epic Games." & @CRLF & _ "*.bcbits.com" & @CRLF & _ "*.jellychat.com" & @CRLF & _ "*.popjam.com" & @CRLF & _ "*.rukkaz.com" & @CRLF & _ "Only Critical submissions are accepted" & @CRLF & _ "*.superawesome.com" & @CRLF & _ "*.superawesome.tv" & @CRLF & _ "*.superbeatsports.com" & @CRLF & _ "Adobe Flash related submissions" & @CRLF & _ "FortniteClient-Mac-Shipping.app" & @CRLF & _ "Popjam Android application" & @CRLF & _ "Rukkaz Android application" & @CRLF & _ "admin-dev.harmonixmusic.com" & @CRLF & _ "admin.harmonixmusic.com" & @CRLF & _ "answers.unrealengine.com" & @CRLF & _ "This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical. " & @CRLF & _ "Examples of severe findings:" & @CRLF & _ "- Personal Data Exposure" & @CRLF & _ "- Data Integrity Issues" & @CRLF & _ "- RCE" & @CRLF & _ "app.playwonderbox.com" & @CRLF & _ "artportal.epicgames.com" & @CRLF & _ "audica-live-admin.hmxwebservices.com" & @CRLF & _ "audica-prod-admin.hmxwebservices.com" & @CRLF & _ "audica-prod-api.hmxwebservices.com" & @CRLF & _ "autodiscover.harmonixmusic.com" & @CRLF & _ "azure-int-proxy.hmxservices.com" & @CRLF & _ "communities.unrealengine.com" & @CRLF & _ "This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical." & @CRLF & _ "* Personal Data Exposure" & @CRLF & _ "* Data Integrity Issues" & @CRLF & _ "* RCE" & @CRLF & _ "communityportal.epicgames.com" & @CRLF & _ "confluence.harmonixmusic.com" & @CRLF & _ "damascushelp.epicgames.com" & @CRLF & _ "dcvr-live-admin.hmxwebservices.com" & @CRLF & _ "dcvr-prod-admin.hmxwebservices.com" & @CRLF & _ "detroitlabs.epicgames.com" & @CRLF & _ "docs.superawesome.tv" & @CRLF & _ "docs.unrealengine.com" & @CRLF & _ "dropmix-dev-admin.hmxwebservices.com" & @CRLF & _ "dropmix-prod-admin.hmxwebservices.com" & @CRLF & _ "eoshelp.epicgames.com" & @CRLF & _ "epicsupport.force.com" & @CRLF & _ "epicswag.com" & @CRLF & _ "facebook.aquiris.com.br" & @CRLF & _ "forums.unrealengine.com" & @CRLF & _ "fuser-admin-dev-external.hmxservices.com" & @CRLF & _ "fuser-admin-live-external.hmxservices.com" & @CRLF & _ "http://brand.epicgames.com" & @CRLF & _ "http://superawesome.com/contact-us/" & @CRLF & _ "Contact form will be considered out of scope" & @CRLF & _ "hype-dev-admin.hmxwebservices.com" & @CRLF & _ "isitbandcampfriday.com" & @CRLF & _ "issues.unrealengine.com" & @CRLF & _ "jira.harmonixmusic.com" & @CRLF & _ "learn.unrealengine.com" & @CRLF & _ "locustus.harmonixmusic.com" & @CRLF & _ "login.epicgames.com" & @CRLF & _ "This is explicitly out of scope. " & @CRLF & _ "logstash-shipper-azure.hmxservices.com" & @CRLF & _ "looneytuneswom.com" & @CRLF & _ "maestro.io" & @CRLF & _ "mail.harmonixmusic.com" & @CRLF & _ "marketplacehelp.epicgames.com" & @CRLF & _ "mediaspace.unrealengine.com" & @CRLF & _ "merch.fortnite.com" & @CRLF & _ "mithrilhelp.epicgames.com" & @CRLF & _ "mon.hmxservices.com" & @CRLF & _ "msoid.harmonixmusic.com" & @CRLF & _ "msoid.hmxservices.com" & @CRLF & _ "news.capturingreality.com" & @CRLF & _ "public-web-swarm-cluster.hmxservices.com" & @CRLF & _ "rb4-admin.hmxservices.com" & @CRLF & _ "rb4ca-prod-admin.hmxwebservices.com" & @CRLF & _ "rb4ca-staging-admin.hmxwebservices.com" & @CRLF & _ "senior.aquiris.com.br" & @CRLF & _ "skookum.chat" & @CRLF & _ "sompmgr-admin.hmxservices.com" & @CRLF & _ "sompmgr-dev-proxy-aws.hmxservices.com" & @CRLF & _ "sompmgr-dev-proxy-azure.hmxservices.com" & @CRLF & _ "sompmgr-dev.hmxservices.com" & @CRLF & _ "sompmgr-frontend.hmxservices.com" & @CRLF & _ "sompmgr-int-dev.hmxservices.com" & @CRLF & _ "sompmgr-int.hmxservices.com" & @CRLF & _ "sompmgr-proxy-ext-dev.hmxservices.com" & @CRLF & _ "sompmgr-proxy-ext.hmxservices.com" & @CRLF & _ "sompmgr-proxy-int-dev.hmxservices.com" & @CRLF & _ "sompmgr-proxy-int.hmxservices.com" & @CRLF & _ "sompmgr.hmxservices.com" & @CRLF & _ "songsdb.harmonixmusic.com" & @CRLF & _ "stadiahelp.epicgames.com" & @CRLF & _ "support.capturingreality.com" & @CRLF & _ "support.harmonixmusic.com" & @CRLF & _ "swarm-monitoring-node-01.hmxservices.com" & @CRLF & _ "swarm.harmonixmusic.com" & @CRLF & _ "tableau.harmonixmusic.com" & @CRLF & _ "teamcity-external.harmonixmusic.com" & @CRLF & _ "teamcity.hmxservices.com" & @CRLF & _ "twinmotionhelp.epicgames.com" & @CRLF & _ "udn.unrealengine.com" & @CRLF & _ "vimeo.aquiris.com.br" & @CRLF & _ "watch.fortnite.com" & @CRLF & _ "web-admin.harmonixmusic.com" & @CRLF & _ "webinars.unrealengine.com" & @CRLF & _ "www-api.hmxservices.com" & @CRLF & _ "So-net (Sony Network Communications Inc.)" & @CRLF & _ "So-net is a Japanese internet service provider, operated by Sony Network Communications Inc., a wholly owned subsidiary of Sony. IPs and website domains that utilize So-net are Out-of-scope if the website domains owned, operated, or controlled also not directly owned by Sony." & @CRLF & _ "estore.malwarebytes.com" & @CRLF & _ "This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty. However, valid reports will still be addressed and reputation will possibly be awarded." & @CRLF & _ "pages.malwarebytes.com" & @CRLF & _ "store.malwarebytes.com" & @CRLF & _ "view.malwarebytes.com" & @CRLF & _ "Grammarly Editor for MacOS" & @CRLF & _ "[Download link](https://download-editor.grammarly.com/osx/Grammarly.dmg):" & @CRLF & _ "Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting." & @CRLF & _ "Grammarly Editor for Windows" & @CRLF & _ "[Download link](https://download-editor.grammarly.com/windows/GrammarlySetup.exe)" & @CRLF & _ "Grammarly for Developers Text Editor SDK" & @CRLF & _ "[Text editor SDK](https://developer.grammarly.com/) allows application developers to enhance their apps with writing assistant from Grammarly." & @CRLF & _ "- [Developer Documentation](https://developer.grammarly.com/docs/)" & @CRLF & _ "- [Getting Started](https://developer.grammarly.com/docs/quick-start)" & @CRLF & _ "- [Developer Console](https://developer.grammarly.com/apps)" & @CRLF & _ "[NPM packages](https://developer.grammarly.com/docs/api/):" & @CRLF & _ "- [@grammarly/editor-sdk](https://developer.grammarly.com/docs/api/editor-sdk/)" & @CRLF & _ "- [@grammarly/editor-sdk-react](https://developer.grammarly.com/docs/api/editor-sdk-react/)" & @CRLF & _ "- [@grammarly/editor-sdk-vue](https://developer.grammarly.com/docs/api/editor-sdk-vue/)" & @CRLF & _ "Notable features:" & @CRLF & _ "- **[Connected Accounts](https://developer.grammarly.com/docs/connected-accounts)**" & @CRLF & _ "- **[Trusted Authentication](https://developer.grammarly.com/docs/trusted-authentication)**" & @CRLF & _ "Grammarly for Developers and the Text Editor SDK were discontinued on January 10, 2024. The SDK will no longer work in applications." & @CRLF & _ "Third party external services" & @CRLF & _ "- `send.grammarly.com`" & @CRLF & _ "- `calendar.grammarly.com`" & @CRLF & _ "- `support.grammarly.com`" & @CRLF & _ "- `status.grammarly.com`" & @CRLF & _ "- `brand.grammarly.com`" & @CRLF & _ "- `partners.grammarly.com`" & @CRLF & _ "Any submissions on these domains and their subdomains are out of scope for bounty." & @CRLF & _ "chat.hyperledger.org" & @CRLF & _ "https://github.com/hyperledger/blockchain-explorer" & @CRLF & _ "https://github.com/hyperledger/cello" & @CRLF & _ "https://github.com/hyperledger/cello-analytics" & @CRLF & _ "https://github.com/hyperledger/cello-k8s-operator" & @CRLF & _ "https://github.com/hyperledger/composer" & @CRLF & _ "https://github.com/hyperledger/composer-atom-plugin" & @CRLF & _ "https://github.com/hyperledger/composer-sample-applications" & @CRLF & _ "https://github.com/hyperledger/composer-sample-networks" & @CRLF & _ "https://github.com/hyperledger/composer-tools" & @CRLF & _ "https://github.com/hyperledger/composer-vscode-plugin" & @CRLF & _ "https://github.com/hyperledger/education" & @CRLF & _ "https://github.com/hyperledger/fabric-docs" & @CRLF & _ "https://github.com/hyperledger/fabric-docs-i18n" & @CRLF & _ "https://github.com/hyperledger/fabric-rfcs" & @CRLF & _ "https://github.com/hyperledger/fabric-test" & @CRLF & _ "https://github.com/hyperledger/fabric-test-resources" & @CRLF & _ "https://github.com/hyperledger/hyperledger" & @CRLF & _ "https://github.com/hyperledger/hyperledger.github.io" & @CRLF & _ "https://github.com/hyperledger/hyperledgerwp" & @CRLF & _ "https://github.com/hyperledger/indy-anoncreds" & @CRLF & _ "https://github.com/hyperledger/indy-crypto" & @CRLF & _ "https://github.com/hyperledger/indy-node" & @CRLF & _ "https://github.com/hyperledger/indy-plenum" & @CRLF & _ "https://github.com/hyperledger/indy-sdk" & @CRLF & _ "https://github.com/hyperledger/iroha" & @CRLF & _ "https://github.com/hyperledger/iroha-android" & @CRLF & _ "https://github.com/hyperledger/iroha-api" & @CRLF & _ "https://github.com/hyperledger/iroha-dotnet" & @CRLF & _ "https://github.com/hyperledger/iroha-ios" & @CRLF & _ "https://github.com/hyperledger/iroha-javascript" & @CRLF & _ "https://github.com/hyperledger/iroha-network-tools" & @CRLF & _ "https://github.com/hyperledger/iroha-python" & @CRLF & _ "https://github.com/hyperledger/iroha-scala" & @CRLF & _ "https://github.com/hyperledger/sawtooth-core" & @CRLF & _ "https://github.com/hyperledger/slack-archive" & @CRLF & _ "identity.linuxfoundation.org" & @CRLF & _ "jira.hyperledger.org" & @CRLF & _ "lists.hyperledger.org" & @CRLF & _ "www.hyperledger.org" & @CRLF & _ "www.linuxfoundation.org" & @CRLF & _ "*.teston.io" & @CRLF & _ "*.usertesting.com" & @CRLF & _ "help.usertesting.com" & @CRLF & _ "http://www.usertesting.com/blog" & @CRLF & _ "https://apps.apple.com/us/app/usertesting/id1485452102" & @CRLF & _ "https://chrome.google.com/webstore/detail/usertestingcom-screen-rec/onlhphabpmijgblopkcjmphbbmeliagn" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.usertesting.recorder.krsna" & @CRLF & _ "qa.usertesting.com" & @CRLF & _ "1660741163" & @CRLF & _ "blog.bumble.com" & @CRLF & _ "com.sgiggle.Mango" & @CRLF & _ "com.studio.projects.zodia" & @CRLF & _ "heyfiesta.com" & @CRLF & _ "honey.bumble.com" & @CRLF & _ "shop.bumble.com" & @CRLF & _ "thebeehive.bumble.com" & @CRLF & _ "zodia.studio" & @CRLF & _ "Findaway" & @CRLF & _ "Findaway was acquired by Spotify in June 2022. " & @CRLF & _ "No Findaway assets are currently in scope. Including:" & @CRLF & _ "```" & @CRLF & _ "findawayvoices.com" & @CRLF & _ "findaway.com" & @CRLF & _ "findawayworld.com" & @CRLF & _ "Preact" & @CRLF & _ "Preact was acquired by Spotify in 2016." & @CRLF & _ "preact.io is no longer owned by Spotify and is out of scope for this program" & @CRLF & _ "Soundtrap" & @CRLF & _ "Soundtrap was acquired by Spotify in 2017." & @CRLF & _ "Soundtrap is no longer owned by Spotify and is out of scope for this program." & @CRLF & _ "The Ringer" & @CRLF & _ "The Ringer was acquired by Spotify in February 2020 but has not been onboarded to its Bug Bounty Program." & @CRLF & _ "~~~" & @CRLF & _ "99music.theringer.com" & @CRLF & _ "besttv.theringer.com" & @CRLF & _ "fantasyfootball.theringer.com" & @CRLF & _ "fastfood.theringer.com" & @CRLF & _ "heists.theringer.com" & @CRLF & _ "inflight.theringer.com" & @CRLF & _ "nbadraft.theringer.com" & @CRLF & _ "nfldraft.theringer.com" & @CRLF & _ "superheroes.theringer.com" & @CRLF & _ "theringer.com" & @CRLF & _ "thrones.theringer.com" & @CRLF & _ "tradevalue.theringer.com" & @CRLF & _ "com.soundtrap.studioapp" & @CRLF & _ "Soundtrap " & @CRLF & _ "https://itunes.apple.com/us/app/soundtrap/id991031323" & @CRLF & _ "Soundtrap - Make Music Online" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.soundtrap.studioapp" & @CRLF & _ "everynoise.com" & @CRLF & _ "example.com" & @CRLF & _ "*.dynsystem.kr" & @CRLF & _ "*central.dyson.com" & @CRLF & _ "*dyson-demo.com" & @CRLF & _ "30secondbleeps.com" & @CRLF & _ "aio.shop.china-dyson.com" & @CRLF & _ "api.q.dyson.cn" & @CRLF & _ "auth.dysonrecall.com" & @CRLF & _ "bounce.dyson*" & @CRLF & _ "Asset out of scope as it is pending internal review. " & @CRLF & _ "careers.dyson.com" & @CRLF & _ "central-test.dyson.com" & @CRLF & _ "centraltest.dyson.com" & @CRLF & _ "comm.dyson*" & @CRLF & _ "This also includes:" & @CRLF & _ "* comms.* " & @CRLF & _ "community.dyson.com" & @CRLF & _ "dysontherapie.fr" & @CRLF & _ "fsc.dyson.com" & @CRLF & _ "jamesdysonfoundation.*" & @CRLF & _ "jobs.dyson.com" & @CRLF & _ "m.shop.dyson.cn" & @CRLF & _ "mail.register-dyson.co.kr" & @CRLF & _ "on.dyson.co.uk" & @CRLF & _ "q.dyson.cn" & @CRLF & _ "register-dyson.co.kr" & @CRLF & _ "reviews.dyson*" & @CRLF & _ "sakti3.com" & @CRLF & _ "shop.dyson.co.kr" & @CRLF & _ "shop.dyson.ru" & @CRLF & _ "sm2.dyson.com" & @CRLF & _ "sm3.dyson.com" & @CRLF & _ "svn.dyson.com" & @CRLF & _ "test.oepay.dyson.cn" & @CRLF & _ "view.dyson.com" & @CRLF & _ "www.dyson.ovh" & @CRLF & _ "github.com" & @CRLF & _ "The GitHub wiki is intentionally open to public." & @CRLF & _ "hg.weblate.org" & @CRLF & _ "This site has intentional setup this way to allow mercurial client to clone the repository." & @CRLF & _ "help.lyst.com" & @CRLF & _ "*._domainkey.kiwi.com" & @CRLF & _ "Out of scope, 3rd party assets that are under our domains." & @CRLF & _ "*.coupons.kiwi.com" & @CRLF & _ "Managed by third party." & @CRLF & _ "*_domainkey.skypicker.com" & @CRLF & _ "Out of scope: 3rd party asset that is linked under our domain." & @CRLF & _ "*cars.kiwi.com" & @CRLF & _ "**3rd-party target** - Operated by [rentalcars.com](https://rentalcars.com)." & @CRLF & _ "*citi-sign.kiwi.com" & @CRLF & _ "*code.kiwi.com" & @CRLF & _ "**3rd-party target** - Hosted on [medium.com](https://medium.com) (see [this help page](https://help.medium.com/hc/en-us/articles/213481308-Bug-Bounty-Disclosure-Program))." & @CRLF & _ "*experiences.kiwi.com" & @CRLF & _ "Out of scope, managed by a third party." & @CRLF & _ "*learn.kiwi.com" & @CRLF & _ "**3rd-party target** - Operated by [northpass.com](https://www.northpass.com)." & @CRLF & _ "*ov.kiwi.com" & @CRLF & _ "*parking.kiwi.com" & @CRLF & _ "**3rd-party target** - Operated by [travelcar.com](https://travelcar.com)." & @CRLF & _ "*sg.kiwi.com" & @CRLF & _ "email*kiwi.com" & @CRLF & _ "email*skypicker.com" & @CRLF & _ "kiwistore.kiwi.com" & @CRLF & _ "Out of scope, 3rd party asset hosted under our domain." & @CRLF & _ "link.kiwi.com" & @CRLF & _ "mail.skypicker.com" & @CRLF & _ "nyrujhhu3yuk.nest.skypicker.com" & @CRLF & _ "outbound.intercom.kiwi.com" & @CRLF & _ "packages.kiwi.com" & @CRLF & _ "retool.skypicker.com" & @CRLF & _ "**3rd-party target** - Operated by [retool.com](https://retool.com). Please contact retool directly on security@retool.com." & @CRLF & _ "rooms.kiwi.com" & @CRLF & _ "**3rd-party target** - Operated by [booking.com](https://booking.com) (see https://hackerone.com/bookingcom)." & @CRLF & _ "status.kiwi.com" & @CRLF & _ "**3rd-party target** - Hosted on [statuspage.io](https://statuspage.io) (see https://bugcrowd.com/statuspage)." & @CRLF & _ "vacation.kiwi.com" & @CRLF & _ "3rd party, out of scope." & @CRLF & _ "assets.enjin.io" & @CRLF & _ "This asset is out-of-scope as a third-party service is responsible for the running and maintenance of this website." & @CRLF & _ "cdn.enjin.io" & @CRLF & _ "cdn.nft.io" & @CRLF & _ "docs.enjin.io" & @CRLF & _ "This asset is out-of-scope as a third-party service (ReadMe) is responsible for the running and maintenance of this website." & @CRLF & _ "enj.in" & @CRLF & _ "enjin.io" & @CRLF & _ "This asset is out-of-scope as a third-party service (Webflow) is responsible for the running and maintenance of this website." & @CRLF & _ "faucet.canary.enjin.io" & @CRLF & _ "The Canary Faucet can be used to acquire cENJ that is used for testing on the Canary Blockchain." & @CRLF & _ "support.enjin.io" & @CRLF & _ "This asset is out-of-scope. Testing on this asset is strictly prohibited." & @CRLF & _ "support.nft.io" & @CRLF & _ "Nintendo 3DS System" & @CRLF & _ "Nintendo 3DS applications for which Nintendo is the publisher worldwide " & @CRLF & _ "advocates.semrush.com" & @CRLF & _ "email.semrush.com" & @CRLF & _ "com.linkbubble.playstore" & @CRLF & _ "LinkBubble is no longer in scope" & @CRLF & _ "https://github.com/brave/brave-ios" & @CRLF & _ "https://github.com/brave/browser-ios" & @CRLF & _ "https://github.com/brave/browser-laptop" & @CRLF & _ "Brave has moved from the Muon-based `browser-laptop` codebase to a Chromium-based `brave-browser` codebase. Muon-based Brave is no longer available for download from <brave.com> and everyone will be migrated to the Chromium-based Brave in a few weeks." & @CRLF & _ "https://github.com/brave/link-bubble" & @CRLF & _ "https://github.com/brave/muon" & @CRLF & _ "Since Brave is moving from Muon to Chromium, we will no longer be maintaining the Muon codebase." & @CRLF & _ "*.portswigger.net" & @CRLF & _ "Subdomains of portswigger.net that are not explicitly whitelisted are out of scope." & @CRLF & _ "*.web-security-academy.net" & @CRLF & _ "The Academy contains numerous intentional vulnerabilities, and is completely isolated from our other infrastructure." & @CRLF & _ "blog.rubygems.org" & @CRLF & _ "gem server command" & @CRLF & _ "`gem server` command has been deprecated since rubygems [3.2.0](https://github.com/rubygems/rubygems/blob/master/CHANGELOG.md#320--2020-12-07)" & @CRLF & _ "guide.rubygems.org" & @CRLF & _ "help.rubygems.org" & @CRLF & _ "http://rubygems.org/names" & @CRLF & _ "https://s3-us-west-2.amazonaws.com/rubygems-dumps" & @CRLF & _ "These database dumps are deliberately public." & @CRLF & _ "stats.rubygems.org" & @CRLF & _ "status.rubygems.org" & @CRLF & _ "support.rubygems.org" & @CRLF & _ "uptime.rubygems.org" & @CRLF & _ "developers.files.com" & @CRLF & _ "https://developers.files.com/ is a documentation site and is out of scope for the bounty program." & @CRLF & _ "mail.files.com" & @CRLF & _ "mail.files.com is an old domain and is out of scope for this program" & @CRLF & _ "status.files.com" & @CRLF & _ "https://status.files.com/ is a status site hosted by StatusPage and is out of scope for this bounty program." & @CRLF & _ "bamboo.scopely.io" & @CRLF & _ "confluence.scopely.io" & @CRLF & _ "jira.scopely.io" & @CRLF & _ "scopely.okta.com" & @CRLF & _ "*.wordpress.com" & @CRLF & _ "All WordPress.com vulnerabilities should be reported to [Automattic's HackerOne program](https://hackerone.com/automattic). " & @CRLF & _ "**WordPress.com vulnerabilities reported here will be marked as `Not Applicable`.**" & @CRLF & _ "335703880" & @CRLF & _ "**Please, report vulnerabilities for the WordPress mobile apps through the [Automattic HackerOne page](/automattic).**" & @CRLF & _ "Archived GitHub repositories" & @CRLF & _ "Archived code repositories (e.g. in GitHub) are out of scope, unless you have verified that code from it is imported and actively being used." & @CRLF & _ "Digital Ocean, AWS, etc" & @CRLF & _ "Unless otherwise noted, we own and operate dedicated servers, rather than using services like AWS, Digital Ocean, etc. Third-parties frequently create S3 buckets, droplets, etc that have security issues, and have "WordPress" in the name. These are not ours, and reports about them will be closed as `Not Applicable`." & @CRLF & _ "https://github.com/wordpress-mobile/" & @CRLF & _ "org.wordpress.android" & @CRLF & _ "status.wordpress.org,glotpress.blog,wordpress.tv" & @CRLF & _ "These are hosted on WordPress.com and we don't have access to modify the code, servers, etc. Check [Automattic's HackerOne program](https://hackerone.com/automattic) for details on reporting vulnerabilities with WordPress.com sites." & @CRLF & _ "*.gocd.org" & @CRLF & _ "Please do not raise issues regarding docs.gocd.org, www.gocd.org etc." & @CRLF & _ "cloud.nextcloud.com" & @CRLF & _ "[https://cloud.nextcloud.com](https://cloud.nextcloud.com "https://cloud.nextcloud.com") is our internal production Nextcloud instance. Please limit testing to your own testing instances." & @CRLF & _ "conf.nextcloud.com" & @CRLF & _ "This is a legacy system now redirecting to our [eventyay page](https://eventyay.com/e/de88e486/). Please report issues within eventyay directly to [the responsible contacts](https://eventyay.com/imprint/)." & @CRLF & _ "demo.nextcloud.com" & @CRLF & _ "[https://demo.nextcloud.com](https://demo.nextcloud.com "https://demo.nextcloud.com") is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting." & @CRLF & _ "drone.nextcloud.com" & @CRLF & _ "Our Drone server contains no sensitive data and we would ask you to not test against our development environments. If you discover a security issue in Drone please report this to [https://github.com/drone/drone](https://github.com/drone/drone "https://github.com/drone/drone") instead." & @CRLF & _ "https://nextcloud.atlassian.net/jira/dashboard" & @CRLF & _ "⛔ Please note that the JIRA instance running at https://nextcloud.atlassian.net/jira/dashboard is not ours." & @CRLF & _ "It is not operated on our infrastructure, we do not own/host the domain nor are we in any way related to the JIRA instance." & @CRLF & _ "🔒 Any reports regarding this will be closed as N/A!" & @CRLF & _ "sentry.nextcloud.com" & @CRLF & _ "We would ask you to not test against our development environments. If you discover a security issue in Sentry please report this to https://sentry.io/security/ instead." & @CRLF & _ "try.nextcloud.com" & @CRLF & _ "https://try.nextcloud.com is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting." & @CRLF & _ "*.ruby-lang.org" & @CRLF & _ "anomotion.com" & @CRLF & _ "any-invalid-domains.rockstargames.com" & @CRLF & _ "Any subdomain that does NOT contain its own valid content and instead redirects to 'rockstargames.com/?domain-check-failed', UNLESS you can demonstrate an impact to a valid domain or subdomain." & @CRLF & _ "bomgar.rockstargames.com" & @CRLF & _ "This subdomain is ineligible for bounty at this time." & @CRLF & _ "emailcontent.rockstargames.com" & @CRLF & _ "We do not have direct control over this subdomain and will not be accepting submissions for it." & @CRLF & _ "faspex.rockstargames.com" & @CRLF & _ "lifeinvader.com" & @CRLF & _ "*.github.io" & @CRLF & _ "Individual sites which are hosted on GitHub Pages are out-of-scope." & @CRLF & _ "Atom" & @CRLF & _ "[https://atom.io](https://atom.io "https://atom.io")" & @CRLF & _ "Electron" & @CRLF & _ "Electron vulnerabilities which do not directly affect GitHub Desktop are out-of-scope and should be [reported](https://electronjs.org/community) to the Electron developers." & @CRLF & _ "GitHub Classroom Assistant " & @CRLF & _ "The [GitHub Classroom Assistant application](https://classroom.github.com/assistant) is currently out-of-scope." & @CRLF & _ "blog.github.com" & @CRLF & _ "The GitHub Blog is not in-scope and ineligible for rewards." & @CRLF & _ "community.github.com" & @CRLF & _ "The GitHub Community forum is not in-scope and ineligible for rewards." & @CRLF & _ "enterprise.github.com" & @CRLF & _ "`enterprise.github.com` is commonly confused with the [GitHub Enterprise Server product](https://github.com/enterprise) which is an on-premise instance of GitHub." & @CRLF & _ "git.io" & @CRLF & _ "The [git.io](https://git.io) URL shortener is out-of-scope." & @CRLF & _ "github.blog" & @CRLF & _ "[github.blog](https://github.blog) is out-of-scope." & @CRLF & _ "http://education.github.com/forum" & @CRLF & _ "The [GitHub Education Community forum](https://education.github.com/forum) is not in-scope and ineligible for rewards." & @CRLF & _ "shop.github.com" & @CRLF & _ "The GitHub Shop is not in-scope and ineligible for rewards." & @CRLF & _ "spectrum.chat" & @CRLF & _ "[Spectrum](https://spectrum.chat) is currently out-of-scope." & @CRLF & _ "help.wealthsimple.com" & @CRLF & _ "support.wealthsimple.com" & @CRLF & _ "tldr-archive.wealthsimple.com" & @CRLF & _ "work.wealthsimple.com" & @CRLF & _ "*.ali.zomans.com" & @CRLF & _ "*.bstro.io" & @CRLF & _ "*.zomatoportugal.com" & @CRLF & _ "blog.zomato.com" & @CRLF & _ "business-blog.zomato.com" & @CRLF & _ "com.application.zomato.ordering" & @CRLF & _ "community.zomato.com" & @CRLF & _ "dev.hyperpure.com" & @CRLF & _ "devapi.hyperpure.com" & @CRLF & _ "devpod.hyperpure.com" & @CRLF & _ "http://*.blinkit.support" & @CRLF & _ "send.zomato.com" & @CRLF & _ "staging*.runnr.in" & @CRLF & _ "Please don't test on staging/dev instances. Instead, we have created a dedicated environment `bugbounty.runnr.in` which is a replica of the same for testing." & @CRLF & _ "success.zomato.com" & @CRLF & _ "www.zomatobook.com" & @CRLF & _ "*.binary.*" & @CRLF & _ "We will only accept reports for the **.com** TLD, all other TLDs like **.sx**, **.me** etc. will be marked out of scope." & @CRLF & _ "Any 3rd party managed domain" & @CRLF & _ "besquare.deriv.com" & @CRLF & _ "com.binary.ticktrade" & @CRLF & _ "https://ticktrade.binary.com/download/ticktrade-app.apk" & @CRLF & _ "community.deriv.com" & @CRLF & _ "deriv.slack.com" & @CRLF & _ "http://admin.binary.com" & @CRLF & _ "http://community.deriv.com" & @CRLF & _ "https://deriv.atlassian.net/servicedesk/customer/user/signup" & @CRLF & _ "The asset is not owned by Deriv Ltd" & @CRLF & _ "trade.mql5.com" & @CRLF & _ "tradingview.deriv.com" & @CRLF & _ "guide.glassdoor.com" & @CRLF & _ "Note: This site is hosted on Wix. Unless you are able to show direct impact to Glassdoor via a Wix related vulnerability, we will be treating this out of scope." & @CRLF & _ "AppsFlyer Subdomains" & @CRLF & _ "The following assets are managed by AppsFlyer and are considered out of scope: " & @CRLF & _ "* party.tinder.com" & @CRLF & _ "* open.tinder.com" & @CRLF & _ "* matchmaker.tinder.com" & @CRLF & _ "* invite.tinder.com" & @CRLF & _ "* click.tinder.com" & @CRLF & _ "console.gotinder.com" & @CRLF & _ "This asset is not owned by us." & @CRLF & _ "dig console.gotinder.com" & @CRLF & _ "... CNAME app6.creatoriq.com." & @CRLF & _ "go.tinder.com" & @CRLF & _ "`go.tinder.com` is an asset belonging to Branch.io. - You can submit reports directly to Branch here: https://branch.io/security/" & @CRLF & _ "gotinder.imgix.net" & @CRLF & _ "www.help.tinder.com" & @CRLF & _ "`www.help.tinder.com` is an asset belonging to Zendesk - You can submit reports directly to Zendesk here: https://hackerone.com/zendesk" & @CRLF & _ "*.bitlove.co" & @CRLF & _ "For an issue to be classified as 'Low severity', it must be very significant and have risk implications that affects users across our primary domains" & @CRLF & _ "Requests to our ad endpoints (on any server): `/ads/serve`, `/ads/application_serve*`, and `/ads/click/*`" & @CRLF & _ "bitlove.co" & @CRLF & _ "co.bitlove.opensource.FetLife" & @CRLF & _ "com.bitlove.fetlife" & @CRLF & _ "Open-source FetLife Android App (https://github.com/fetlife/android)" & @CRLF & _ "fetlifemail.com" & @CRLF & _ "fetlifestatus.com" & @CRLF & _ "mail.fetlife.com" & @CRLF & _ "n2.fetlife.com" & @CRLF & _ "CNAME to 3rd Party email Vendor" & @CRLF & _ "status.fetlife.com" & @CRLF & _ "*.qms.grab.com" & @CRLF & _ "www.revive-adserver.com" & @CRLF & _ "about.udemy.com" & @CRLF & _ "affiliates.udemy.com" & @CRLF & _ "blog.udemy.com" & @CRLF & _ "business.udemy.com" & @CRLF & _ "coding-exercises.udemy.com" & @CRLF & _ "Powered by GitBook, a third-party vendor" & @CRLF & _ "community.udemy.com" & @CRLF & _ "copyright.udemy.com" & @CRLF & _ "design.udemy.com" & @CRLF & _ "government.udemy.com" & @CRLF & _ "helpdesk.udemy.com" & @CRLF & _ "keeplearning.udemy.com" & @CRLF & _ "legalteam.udemy.com" & @CRLF & _ "mi.udemy.com" & @CRLF & _ "people-innovators.udemy.com" & @CRLF & _ "research.udemy.com" & @CRLF & _ "support.udemy.com" & @CRLF & _ "teach.udemy.com" & @CRLF & _ "theupskillingimperative.com" & @CRLF & _ "translate.udemy.com" & @CRLF & _ "ufbsupport.udemy.com" & @CRLF & _ "affiliates.kayak.com" & @CRLF & _ "https://*.kayakairplanemode.com" & @CRLF & _ "kayak.com/guides/*" & @CRLF & _ "Anything related to /guides/ on any domain is ineligible for submission since this feature will be removed soon." & @CRLF & _ "kayak.com/hotelowner/*" & @CRLF & _ "Including local versions " & @CRLF & _ "kayak.com/moira/ehoe/*" & @CRLF & _ "including local versions" & @CRLF & _ "klassereise.checkfelix.com" & @CRLF & _ "*.basecamphq.com" & @CRLF & _ "Basecamp Classic" & @CRLF & _ "*.highrisehq.com" & @CRLF & _ "Highrise" & @CRLF & _ "basecamp.com" & @CRLF & _ "Basecamp 2" & @CRLF & _ "*.email.shopify.com" & @CRLF & _ "Operated by a third party." & @CRLF & _ "Other" & @CRLF & _ "academy.shopify.com" & @CRLF & _ "cdn.shopify.com" & @CRLF & _ "Shopify allows merchants to upload any file they want on our content delivery network. Being able to upload a file is not a vulnerability, this is the intended functionality." & @CRLF & _ "community.shopify.com" & @CRLF & _ "community.shopify.com is a third party service and not in scope of our bug bounty program. Please do not test this subdomain." & @CRLF & _ "community.shopify.dev" & @CRLF & _ "community.shopify.dev is a third party service and not in scope of our bug bounty program. Please do not test this subdomain." & @CRLF & _ "investors.shopify.com" & @CRLF & _ "livechat.shopify.com" & @CRLF & _ "Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed." & @CRLF & _ "supplier-portal.shopifycloud.com" & @CRLF & _ "Includes invoices.shopify.io, factures.shopify.io, invoices.shopify.cn, invoices.shopify.de, invoices.shopify.fr, invoices.shopify.jp" & @CRLF & _ "Submissions on out-of-scope assets listed below will be closed as N/A " & @CRLF & _ "- `status.mapbox.com` - please instead report to the [StatusPage.io bug bounty program](https://bugcrowd.com/statuspage)" & @CRLF & _ "- `email.mapbox.com`" & @CRLF & _ "- [Mapbox Studio Classic](https://docs.mapbox.com/help/glossary/mapbox-studio-classic/)" & @CRLF & _ "- [Tilemill](https://www.mapbox.com/tilemill/)" & @CRLF & _ "- [Legacy iOS SDK](https://github.com/mapbox/mapbox-ios-sdk-legacy)" & @CRLF & _ "- [Legacy Android SDK](https://github.com/mapbox/mapbox-android-sdk-legacy)" & @CRLF & _ "- [decrypt-kms-env](https://github.com/mapbox/decrypt-kms-env) - not actively maintained" & @CRLF & _ "- [tilelive](https://github.com/mapbox/tilelive) - not actively maintained" & @CRLF & _ "- [osm-navigation-map](https://github.com/mapbox/osm-navigation-map)(deprecated)" & @CRLF & _ "geojson.io" & @CRLF & _ "Geojson.io is considered deprecated and no longer maintained. The original developer has forked the code and maintains <https://geojson.net> . As such, Mapbox considers <https://geojson.io> to be out of scope for our security program." & @CRLF & _ "admin.demo.urbandoor.com" & @CRLF & _ "demo.urbandoor.com" & @CRLF & _ "luckey.app" & @CRLF & _ "luckey.fr" & @CRLF & _ "luckey.in" & @CRLF & _ "luckey.partners" & @CRLF & _ "luckeyhomes.com" & @CRLF & _ "provider.demo.urbandoor.com" & @CRLF & _ "business.booking.com/" & @CRLF & _ "*.business.booking.com is out of scope until further notice. " & @CRLF & _ "reports submitted prior to 06/11/2024 will still be accepted" & @CRLF & _ "desk-demo-api.fareharbor.engineering" & @CRLF & _ "desk-demo.fareharbor.engineering" & @CRLF & _ "https://fareharbor.com/demo/" & @CRLF & _ "https://secure.booking.com/companyjoin.html" & @CRLF & _ "https://secure.booking.com/enterprise/signon.en-gb.html" & @CRLF & _ "https://ugcupload.booking.com/upload_bbtool_company_logo" & @CRLF & _ "https://www.booking.com/bbm.html" & @CRLF & _ "jobs.booking.com" & @CRLF & _ "partnerfeedback.booking.com" & @CRLF & _ "recruitmentsurveys.booking.com" & @CRLF & _ "secure.booking.com/company/*" & @CRLF & _ "secure.booking.com/orgnode/*" & @CRLF & _ "spadmin.booking.com/" & @CRLF & _ "www.booking.com/bbmanage/*" & @CRLF & _ "www.booking.com/bbmanage/data/*" & @CRLF & _ "Airtable Windows app" & @CRLF & _ "The Airtable Windows app is available for download at: https://staging.airtable.com/downloads" & @CRLF & _ "Airtable macOS app" & @CRLF & _ "The Airtable macOS app is available for download at: https://staging.airtable.com/downloads" & @CRLF & _ "airtable.com" & @CRLF & _ "This is production environment. All testing should be performed against staging.airtable.com." & @CRLF & _ "blog.airtable.com" & @CRLF & _ "com.FormaGrid.Hyperbase" & @CRLF & _ "Airtable's iOS is not in-scope for bounties." & @CRLF & _ "com.formagrid.airtable" & @CRLF & _ "community.airtable.com" & @CRLF & _ "dl.airtable.com" & @CRLF & _ "dl.getforma.com" & @CRLF & _ "guide.airtable.com" & @CRLF & _ "support.airtable.com" & @CRLF & _ "Magento 1 Enterprise (Commerce) and Community (Open Source) Editions" & @CRLF & _ "Support for Magento 1 software ended on June 30, 2020, and it is no longer eligible for bounty. " & @CRLF & _ "*.formassembly.com" & @CRLF & _ "*.tfaforms.com" & @CRLF & _ "*.tfaforms.net" & @CRLF & _ "*.veerwest.com" & @CRLF & _ "blog.blockchain.com" & @CRLF & _ "email-clicks.blockchain.com" & @CRLF & _ "institutional.blockchain.com" & @CRLF & _ "partners.blockchain.com" & @CRLF & _ "support.blockchain.com" & @CRLF & _ "track.blockchain.com" & @CRLF & _ "why.blockchain.com" & @CRLF & _ "*.go.ubnt.com" & @CRLF & _ "AirControl" & @CRLF & _ "UniFi Talk Conference Speaker - UT-Conference " & @CRLF & _ "UniFi Video" & @CRLF & _ "UniFi Video Cloud" & @CRLF & _ "UniFi Video Server" & @CRLF & _ "UniFi Voip" & @CRLF & _ "com.ubnt.mpower" & @CRLF & _ "com.ubnt.unifi.edu" & @CRLF & _ "com.ubnt.unifivideo" & @CRLF & _ "forum-es.ui.com" & @CRLF & _ "forum-pt.ui.com" & @CRLF & _ "mFi" & @CRLF & _ "security.community.ui.com" & @CRLF & _ "Spectacles" & @CRLF & _ "Spectacles charging case" & @CRLF & _ "dev.playcanv.as" & @CRLF & _ "http://dev*.playcanvas.com" & @CRLF & _ "returns.spectacles.com" & @CRLF & _ "returns.spectacles.com application is owned and managed by Netsuite. Please consider reporting vulnerabilities directly to them." & @CRLF & _ "support.snapchat.com" & @CRLF & _ "Static support website" & @CRLF & _ "*.roomvaluesteam.com" & @CRLF & _ "Everything under roomvaluesteam.com is current not in scope. Please do not test anything in or under this domain." & @CRLF & _ "*.testaroom.cloud" & @CRLF & _ "Everything under testaroom.cloud is current not in scope. Please do not test anything in or under this domain." & @CRLF & _ "*.testaroom.com" & @CRLF & _ "Everything under testaroom.com is current not in scope. Please do not test anything in or under this domain." & @CRLF & _ "1psb.priceline.com" & @CRLF & _ "ace-qa.corp.priceline.com" & @CRLF & _ "api-gnae1-poc.priceline.com" & @CRLF & _ "api-guse4-poc.priceline.com" & @CRLF & _ "availability.getaroom.com" & @CRLF & _ "booking.priceline.com" & @CRLF & _ "breadcrumb.getaroom.com" & @CRLF & _ "careers.priceline.com" & @CRLF & _ "customerservice-ccp.priceline.com" & @CRLF & _ "dashboard.corp.priceline.com" & @CRLF & _ "dev.customerservice-ccp.priceline.com" & @CRLF & _ "dev.sales-ccp.priceline.com" & @CRLF & _ "employeedeals.flightdeals.priceline.com" & @CRLF & _ "experiences.priceline.com" & @CRLF & _ "extranet.getaroom.com" & @CRLF & _ "google.corp.priceline.com" & @CRLF & _ "groupdeals.priceline.com" & @CRLF & _ "guse4-rc-qa.priceline.com" & @CRLF & _ "help.corp.priceline.com" & @CRLF & _ "ids-dev.priceline.com" & @CRLF & _ "ids-too.priceline.com" & @CRLF & _ "img1.priceline.com" & @CRLF & _ "itsupport.corp.priceline.com" & @CRLF & _ "jira.corp.priceline.com" & @CRLF & _ "links.deals.priceline.com" & @CRLF & _ "localdealsemail.priceline.com" & @CRLF & _ "mail.corp.priceline.com" & @CRLF & _ "offers.priceline.com" & @CRLF & _ "qaa.booking.priceline.com" & @CRLF & _ "remotecontrol.corp.priceline.com" & @CRLF & _ "stockroom.production.getaroom.com" & @CRLF & _ "supply.getaroom.com" & @CRLF & _ "tools-qaa.corp.priceline.com" & @CRLF & _ "tools.corp.priceline.com" & @CRLF & _ "url5932.travel.priceline.com" & @CRLF & _ "weatherstatus.priceline.com" & @CRLF & _ "www.airportrentalcars.com" & @CRLF & _ "Airportrentalcars.com is current *not* in scope. Please do not test it. " & @CRLF & _ "www.priceline.com/vp-web/* " & @CRLF & _ "Path www.priceline.com/vp-web/* will be decommissioned soon so it is not eligible for bounty" & @CRLF & _ "*.ubercarshare.com" & @CRLF & _ "*.uberscoot.us" & @CRLF & _ "This asset is not eligible for Uber bounty programs." & @CRLF & _ "*.ubertransit.io" & @CRLF & _ "Fraud Reports" & @CRLF & _ "Fraud reports are out of scope and ineligible for bounties. This includes reports detailing the ability to take free rides and evade payment." & @CRLF & _ "bizblog.uber.com" & @CRLF & _ "drive.uber.com" & @CRLF & _ "eng.uber.com" & @CRLF & _ "et.uber.com" & @CRLF & _ "https://assets.uber.com" & @CRLF & _ "https://brand.uber.com" & @CRLF & _ "love.uber.com" & @CRLF & _ "newsroom.uber.com" & @CRLF & _ "people.uber.com" & @CRLF & _ "uber.com.cn" & @CRLF & _ "Any asset under *.uber.com.cn is not eligible for Uber bounty programs. This and any other asset related to Uber in China belongs to Didi Chuxing." & @CRLF & _ "uber.onelogin.com" & @CRLF & _ "blog.yelp.com" & @CRLF & _ "cloud.e.yelp-business.com" & @CRLF & _ "This is a product provided by Salesforce. Please report bugs to the Salesforce Security Team" & @CRLF & _ "https://www.salesforce.com/company/disclosure/" & @CRLF & _ "engineeringblog.yelp.com" & @CRLF & _ "www.yelp-ir.com" & @CRLF & _ "yelp-press.com" & @CRLF & _ "yelp.careers" & @CRLF & _ "*.boost.livestream.com,boost.livestream.com" & @CRLF & _ "This is a 3rd party (AMP.LIVE)." & @CRLF & _ "*.cdn.magisto.com" & @CRLF & _ "This domain is out-of-scope for testing and bounty effective 6/26/2020 11:30 EDT" & @CRLF & _ "*.dev.magisto.com" & @CRLF & _ "*.email.vimeo.com" & @CRLF & _ "*.test.magisto.com" & @CRLF & _ "*.wibbitz.com" & @CRLF & _ "Do not perform any testing on these assets." & @CRLF & _ "*.wirewax.app" & @CRLF & _ "*.wirewax.com" & @CRLF & _ "935740658" & @CRLF & _ "The base VHX app is no longer in scope as of 3/15/2019. Please test on branded apps." & @CRLF & _ "All" & @CRLF & _ "No MS versions will be accepted." & @CRLF & _ "Any previously owned/sold hardware" & @CRLF & _ "The hardware side of Livestream has been sold to a non-Vimeo company. Even though we have integrations with much of it still, we can not take reports for it." & @CRLF & _ "applause2.magisto.com" & @CRLF & _ "delta.magisto.com" & @CRLF & _ "epsilon.magisto.com" & @CRLF & _ "eta.magisto.com" & @CRLF & _ "gamma.magisto.com" & @CRLF & _ "help.livestream.com" & @CRLF & _ "This is Zendesk, 3rd party." & @CRLF & _ "http://www.magisto.com/blog" & @CRLF & _ "int001.vimeo.magisto.com" & @CRLF & _ "int002.vimeo.magisto.com" & @CRLF & _ "int003.vimeo.magisto.com" & @CRLF & _ "int004.vimeo.magisto.com" & @CRLF & _ "int005vimeo.magisto.com" & @CRLF & _ "livestream.com/blog, *.livestream.com/blog, blog.livestream.com" & @CRLF & _ "WPEngine requires a different contract if you include it on a bug bounty program" & @CRLF & _ "livestreamapis.com" & @CRLF & _ "omega.magisto.com" & @CRLF & _ "publishing-api.livestream.com" & @CRLF & _ "Even though its a Livestream name, and goes to Livestream Fastly, the backend is a 3rd party vendor." & @CRLF & _ "s3://static.intercast-livestream.com" & @CRLF & _ "Its a 3rd party owned bucket, AMP.LIVE, publicly available. The content in there is made to be publicly available." & @CRLF & _ "status.livestream.com" & @CRLF & _ "store.livestream.com" & @CRLF & _ "This is 3rd party/Shopify." & @CRLF & _ "tv.vhx" & @CRLF & _ "This is out of scope effective 3/15/2019. Please use branded apps for testing." & @CRLF & _ "vimeo.atlassian.net" & @CRLF & _ "Although it has the name VIMEO, this is not our instance." & @CRLF & _ "community.greenhouse.io" & @CRLF & _ "resources.greenhouse.io" & @CRLF & _ "store.greenhouse.io" & @CRLF & _ "*.gitlab.cn" & @CRLF & _ "`gitlab.cn` and the JiHu-specific GitLab distribution which are property of GitLab Information Technology (Hubei) Co., Ltd. (JiHu), security issues in those products should be reported to `security@gitlab.cn`" & @CRLF & _ "*.runway.gitlab.net" & @CRLF & _ "*.service-now.com" & @CRLF & _ "alerts.gitlab.com" & @CRLF & _ "aptly.gitlab.com" & @CRLF & _ "dashboards.gitlab.com" & @CRLF & _ "federal-support.gitlab.com" & @CRLF & _ "forum.gitlab.com" & @CRLF & _ "gitlab.biterg.io" & @CRLF & _ "This is a third-party website that aggregates public data from GitLab.com. It is out of scope and the data hosted there is not meant to be confidential. https://contributors.gitlab.com/ redirects to this website." & @CRLF & _ "gitlabdemo.cloud" & @CRLF & _ "gitlabsandbox.net" & @CRLF & _ "gitlabtraining.cloud" & @CRLF & _ "https://gitlab.com/gitlab-org/cli/" & @CRLF & _ "This is a community project that is [now officially maintained by GitLab](https://about.gitlab.com/blog/2022/12/07/introducing-the-gitlab-cli/). It will be in scope at a later time but it is not ready yet." & @CRLF & _ "https://gitlab.com/gitlab-org/opstrace/opstrace-ui" & @CRLF & _ "ir.gitlab.com" & @CRLF & _ "levelup.gitlab.com" & @CRLF & _ "packages.gitlab.com" & @CRLF & _ "partners.gitlab.com" & @CRLF & _ "shop.gitlab.com" & @CRLF & _ "status.gitlab.com" & @CRLF & _ "support.gitlab.com" & @CRLF & _ "translate.gitlab.com" & @CRLF & _ "us-federal-gitlab.com" & @CRLF & _ "status.twitter.com" & @CRLF & _ "This is hosted by a third party, status.io." & @CRLF & _ "iandunn.name" & @CRLF & _ "172.65.0.0/16 " & @CRLF & _ "These are customer applications protected by Cloudflare Spectrum, hence out of scope" & @CRLF & _ "community.cloudflare.com" & @CRLF & _ "events.www.cloudflare.com" & @CRLF & _ "support.cloudflare.com" & @CRLF & _ "This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @Zendesk" & @CRLF & _ "support.cloudflarewarp.com" & @CRLF & _ "This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @zendesk." & @CRLF & _ "*.crowdsignal.net" & @CRLF & _ "This cookieless domain contains user generated content. While we might decide to fix XSS issues, reports for this domain will not be eligible for a bounty." & @CRLF & _ "*.poll.fm" & @CRLF & _ "*.survey.fm" & @CRLF & _ "*.txmblr.com" & @CRLF & _ "*/xmlrpc.php" & @CRLF & _ "The sole presence of `xmlrpc.php` in `wordpress.com` and all the domains hosted under our platform doesn't constitute a vulnerability. If you report an issue related to this file, please make sure to provide a working proof of concept that clearly shows the impact." & @CRLF & _ "afterthedeadline.com,*.afterthedeadline.com" & @CRLF & _ "atavist.com" & @CRLF & _ "happy.tools" & @CRLF & _ "learnboost.com,*.learnboost.com" & @CRLF & _ "polishmywriting.com,*.polishmywriting.com" & @CRLF & _ "scrollkit.com,*.scrollkit.com" & @CRLF & _ "try.pressable.com" & @CRLF & _ "This is only a demo site. Security issues that don't affect the integrity of `my.pressable.com` or `pressable.com` will most likely be closed as `N/A`." & @CRLF & _ "*.blockspring.com" & @CRLF & _ "N/A - Not Coinbase owned or operated" & @CRLF & _ "This asset labelling is used to signal to a reporter that the asset in question is not owned or operated by Coinbase in any capacity." & @CRLF & _ "blog.coinbase.com" & @CRLF & _ "com.coinbase.pro" & @CRLF & _ "developers.coinbase.com" & @CRLF & _ "engineering.coinbase.com" & @CRLF & _ "paradex.io" & @CRLF & _ "status.coinbase.com" & @CRLF & _ "support.coinbase.com" & @CRLF & _ "support.pro.coinbase.com" & @CRLF & _ "tagomi.com" & @CRLF & _ "*.concrete5.org" & @CRLF & _ "Please send reports of issues with concrete5.org the website to `security@concrete5.org`." & @CRLF & _ "*.concretecms.com" & @CRLF & _ "Please send reports of issues with concretecms.com the website to `security@concrete5.org`." & @CRLF & _ "*.concretecms.org" & @CRLF & _ "Please send reports of issues with concretecms.org the website to `security@concrete5.org`." & @CRLF & _ "*.glitchthegame.com" & @CRLF & _ "This domain was part of a prior company. " & @CRLF & _ "3rd Party Quip Apps" & @CRLF & _ "3rd Party Quip App are not eligible for bug bounty program." & @CRLF & _ "com.Slack.intune" & @CRLF & _ "com.slack.slackintune" & @CRLF & _ "slackhq.com" & @CRLF & _ "This site runs on WordPress, so if you find vulnerabilities in the WordPress service, please see [WordPress bounty program](https://hackerone.com/wordpress) for reporting details" & @CRLF & _ "status.slack.com" & @CRLF & _ "The Slack status site" & @CRLF & _ "*.rubyonrails.org" & @CRLF & _ "go.hacker.one" & @CRLF & _ "This asset is hosted by Marketo, and as such these reports should be submitted to them directly." & @CRLF & _ "h1.community" & @CRLF & _ "info.hacker.one" & @CRLF & _ "This asset is hosted by Unbounce, and as such these reports should be submitted to them via https://unbounce.com/security/." & @CRLF & _ "ma.hacker.one" & @CRLF & _ "support.hackerone.com" & @CRLF & _ "This asset is hosted by Freshdesk (as of 2023-04-28), and as such these reports should be submitted to the appropriate program: https://hackerone.com/freshworks" & @CRLF & _ "www.h1.community" & @CRLF & _ "www.hackeronestatus.com" & @CRLF & _ "This asset is hosted by Atlassian, and as such these reports should be submitted to their program instead via https://bugcrowd.com/statuspage. " & @CRLF & _ "Hardware" & @CRLF & _ "Firmware" & @CRLF & _ "Software" & @CRLF & _ "app.aikido.dev" & @CRLF & _ "myaccount.ad.nl" & @CRLF & _ "webwinkel.ad.nl" & @CRLF & _ "www.ad.nl" & @CRLF & _ "www.ad.nl/abonnementen" & @CRLF & _ "*.ad.nl" & @CRLF & _ "*.allegro.cz.allegrosandbox.pl" & @CRLF & _ "*.allegro.pl.allegrosandbox.pl" & @CRLF & _ "*.allegro.sk.allegrosandbox.pl" & @CRLF & _ "FPGA Solution Development Tools and Utilities" & @CRLF & _ "*.bild.de" & @CRLF & _ "*.bild.tv" & @CRLF & _ "*.computerbild.de" & @CRLF & _ "*.welt.de" & @CRLF & _ "https://dealer.prod.ps.axelspringer.de/api/v1/partners/{partnerId}/activation" & @CRLF & _ "https://dealer.prod.ps.axelspringer.de/purchases/004/bild/*" & @CRLF & _ "https://dealer.prod.ps.axelspringer.de/purchases/004/welt/*" & @CRLF & _ "https://secure.mypass.de/" & @CRLF & _ "*.autobild.de" & @CRLF & _ "*.bz-berlin.de" & @CRLF & _ "*.spring-media.de" & @CRLF & _ "*.springtools.de" & @CRLF & _ "*.ein-herz-fuer-kinder.de" & @CRLF & _ "*.fitbook.de" & @CRLF & _ "*.myhomebook.de" & @CRLF & _ "*.petbook-magazine.com/" & @CRLF & _ "*.petbook.de" & @CRLF & _ "*.stylebook.de" & @CRLF & _ "*.techbook.de" & @CRLF & _ "*.travelbook.de" & @CRLF & _ "*.wissen-sie-mehr.de" & @CRLF & _ "*.bmc.nl" & @CRLF & _ "www.bmw-motorrad.de" & @CRLF & _ "www.bmw.de" & @CRLF & _ "www.mini.de" & @CRLF & _ "configure.bmw.de" & @CRLF & _ "configure.mini.de" & @CRLF & _ "konfigurator.bmw-motorrad.de" & @CRLF & _ "de.bmw.connected.mobile20.row" & @CRLF & _ "1519034860" & @CRLF & _ "Functions dealing with vehicle access and immobilizer" & @CRLF & _ "Remaining functions" & @CRLF & _ "imove.bpost.cloud" & @CRLF & _ "login.cm.com" & @CRLF & _ "*.ticketing.cm.com" & @CRLF & _ "api.cm.com" & @CRLF & _ "api.cmtelecom.com" & @CRLF & _ "cm.com/[locale]/app/*" & @CRLF & _ "cm.com/[locale]/register" & @CRLF & _ "cm.com/app/messagingtrial/" & @CRLF & _ "www.cm.com" & @CRLF & _ "appmiral.com" & @CRLF & _ "building-blocks.com" & @CRLF & _ "cmcom.atlassian.net" & @CRLF & _ "payment.backend-capital.com" & @CRLF & _ "*.backend-capital.com" & @CRLF & _ "capital.com/*" & @CRLF & _ "com.capital.trading" & @CRLF & _ "open-api.capital.com" & @CRLF & _ "*.capital.com" & @CRLF & _ "*.itcapital.io" & @CRLF & _ "*.cloudways.com" & @CRLF & _ "api.cloudways.com" & @CRLF & _ "developers.cloudways.com" & @CRLF & _ "platform.cloudways.com" & @CRLF & _ "unified.cloudways.com" & @CRLF & _ "www.cloudways.com" & @CRLF & _ "css-tricks.com" & @CRLF & _ "https://justonweb.be/fines/" & @CRLF & _ "*.dpgmedia.be" & @CRLF & _ "*.dpgmedia.nl" & @CRLF & _ "Any related DPG media domain" & @CRLF & _ "assessment-api.datacamp.com" & @CRLF & _ "app.datacamp.com/certification" & @CRLF & _ "app.datacamp.com/groups" & @CRLF & _ "app.datacamp.com/learn" & @CRLF & _ "assessment-v2.datacamp.com " & @CRLF & _ "assessment.datacamp.com" & @CRLF & _ "campus.datacamp.com" & @CRLF & _ "com.datacamp" & @CRLF & _ "https://apps.apple.com/au/app/datacamp-learn-data-science/id1263413087" & @CRLF & _ "practice.datacamp.com" & @CRLF & _ "projects.datacamp.com" & @CRLF & _ "www.datacamp.com" & @CRLF & _ "www.datacamp.com/datalab" & @CRLF & _ "*.datacamp.com" & @CRLF & _ "myaccount.demorgen.be" & @CRLF & _ "shop.demorgen.be" & @CRLF & _ "www.demorgen.be" & @CRLF & _ "www.demorgen.be/abonnementen" & @CRLF & _ "*.demorgen.be" & @CRLF & _ "myaccount.volkskrant.nl" & @CRLF & _ "shop.volkskrant.nl" & @CRLF & _ "webwinkel.volkskrant.nl" & @CRLF & _ "www.volkskrant.nl" & @CRLF & _ "www.volkskrant.nl/abonnementen" & @CRLF & _ "*.volkskrant.nl" & @CRLF & _ "www.delen.bank" & @CRLF & _ "api.digital.delen.be " & @CRLF & _ "api.digital.delen.lu " & @CRLF & _ "app.delen.be " & @CRLF & _ "app.delen.ch " & @CRLF & _ "app.delen.lu " & @CRLF & _ "auth.digital.delen.be " & @CRLF & _ "auth.digital.delen.lu " & @CRLF & _ "be.delen.digital" & @CRLF & _ "delen/id1064839588" & @CRLF & _ "login.delen.be " & @CRLF & _ "login.delen.ch " & @CRLF & _ "login.delen.lu " & @CRLF & _ "login.oyens.com" & @CRLF & _ "status.delen.be " & @CRLF & _ "sts.delen.be " & @CRLF & _ "www.cadelam.be " & @CRLF & _ "www.cadelux.lu/en " & @CRLF & _ "www.delen.be/en " & @CRLF & _ "*.vlaanderen.be" & @CRLF & _ "*.digitalocean.com" & @CRLF & _ "169.254.169.254" & @CRLF & _ "api.digitalocean.com" & @CRLF & _ "cloud.digitalocean.com" & @CRLF & _ "https://github.com/digitalocean/do-agent" & @CRLF & _ "https://github.com/digitalocean/doctl" & @CRLF & _ "https://github.com/digitalocean/droplet-agent" & @CRLF & _ "https://github.com/digitalocean/go-nbd" & @CRLF & _ "https://github.com/digitalocean/terraform-provider-digitalocean" & @CRLF & _ "marketplace.digitalocean.com" & @CRLF & _ "snapshooter.com" & @CRLF & _ "www.digitalocean.com" & @CRLF & _ "digitaloceanmirrors.com" & @CRLF & _ "digitaloceanpartners.com" & @CRLF & _ "digitaloceanstatus.com" & @CRLF & _ "digitaloceantest.com" & @CRLF & _ "do.co" & @CRLF & _ "hackathon-tracker.digitalocean.com" & @CRLF & _ "hacktoberfest.com" & @CRLF & _ "https://github.com/digitalocean/do-markdownit" & @CRLF & _ "https://apps.apple.com/us/app/donorbox-live/id1668808097" & @CRLF & _ "https://donorbox.org/admin" & @CRLF & _ "https://play.google.com/store/apps/details?id=org.donorbox.cardreader&hl=en&gl=US" & @CRLF & _ "https://donorbox.org" & @CRLF & _ "https://donorbox.org/embed/potato" & @CRLF & _ "https://donorbox.org/org_admin" & @CRLF & _ "https://donorbox.org/potato" & @CRLF & _ "my.eurid.eu" & @CRLF & _ "*.das.eu" & @CRLF & _ "*.dns.eu" & @CRLF & _ "*.eurid.eu" & @CRLF & _ "*.nic.eu" & @CRLF & _ "*.registry.eu" & @CRLF & _ "*.whois.eu" & @CRLF & _ "*.yadifa.eu" & @CRLF & _ "YADIFA authoritative name server" & @CRLF & _ "service.fing.com" & @CRLF & _ "app.fing.com" & @CRLF & _ "Fing desktop" & @CRLF & _ "Grafana Loki" & @CRLF & _ "Grafana Mimir" & @CRLF & _ "Grafana OSS" & @CRLF & _ "Grafana Pyroscope" & @CRLF & _ "Grafana Tempo" & @CRLF & _ "https://github.com/grafana/*" & @CRLF & _ "*.account.api.here.com" & @CRLF & _ "*.account.here.com" & @CRLF & _ "*.mobilitygraph.hereapi.com" & @CRLF & _ "*.router.hereapi.com" & @CRLF & _ "*.scbe.api.here.com" & @CRLF & _ "*.subp-router.hereapi.com" & @CRLF & _ "955837609" & @CRLF & _ "com.here.app.maps" & @CRLF & _ "https://jaguar.here.com" & @CRLF & _ "https://landrover.here.com" & @CRLF & _ "Leaked/compromised employee accounts *.here.com" & @CRLF & _ "*.here.com" & @CRLF & _ "*.hereapi.com" & @CRLF & _ "* hln.be/inloggen" & @CRLF & _ "* hln.be/login" & @CRLF & _ "* hln.be/registreren" & @CRLF & _ "hln.be" & @CRLF & _ "myaccount.hln.be" & @CRLF & _ "www.hln.be" & @CRLF & _ "*.hln.be" & @CRLF & _ "myaccount.parool.nl" & @CRLF & _ "shop.parool.nl" & @CRLF & _ "webwinkel.parool.nl" & @CRLF & _ "www.parool.nl" & @CRLF & _ "www.parool.nl/abonnementen" & @CRLF & _ "*.parool.nl" & @CRLF & _ "https://www.kuleuven.be/sapredir/huisvesting" & @CRLF & _ "* humo.be/registreren" & @CRLF & _ "myaccount.humo.be" & @CRLF & _ "shop.humo.be" & @CRLF & _ "www.humo.be" & @CRLF & _ "www.humo.be/abonnementen" & @CRLF & _ "*.humo.be" & @CRLF & _ "949829216" & @CRLF & _ "950680989" & @CRLF & _ "950693949" & @CRLF & _ "be.gamma.app.android" & @CRLF & _ "kassa.gamma.be/*" & @CRLF & _ "kassa.gamma.nl/*" & @CRLF & _ "kassa.karwei.nl/*" & @CRLF & _ "mijn.gamma.be/*" & @CRLF & _ "mijn.gamma.nl/*" & @CRLF & _ "mijn.karwei.nl/*" & @CRLF & _ "nl.gamma.app.android" & @CRLF & _ "nl.karwei.app.android" & @CRLF & _ "www.gamma.be/*" & @CRLF & _ "www.gamma.nl/*" & @CRLF & _ "www.karwei.nl/*" & @CRLF & _ "*.gamma.be/*" & @CRLF & _ "*.gamma.nl/*" & @CRLF & _ "*.intergamma.cloud" & @CRLF & _ "*.intergamma.nl/*" & @CRLF & _ "*.karwei.nl/*" & @CRLF & _ "*.restintergamma.nl" & @CRLF & _ "1558129454" & @CRLF & _ "*.intergamma-test.nl" & @CRLF & _ "*.werkenbijgamma.be" & @CRLF & _ "*.werkenbijgamma.nl" & @CRLF & _ "*.werkenbijkarwei.nl" & @CRLF & _ "*.klubcinema.fr" & @CRLF & _ "*.megatix.be " & @CRLF & _ "booking.mjrtheatres.com" & @CRLF & _ "extras.landmarkcinemas.com" & @CRLF & _ "identityserver.landmarkcinemas.com" & @CRLF & _ "kinepolis.megatix.be" & @CRLF & _ "luxfilmfestfilms.megatix.be" & @CRLF & _ "luxfilmfestproducts.megatix.be" & @CRLF & _ "luxfilmfesttickets.megatix.be" & @CRLF & _ "movieapi.kinepolis.megatix.be" & @CRLF & _ "tickets.kinepolis.be" & @CRLF & _ "tickets.kinepolis.ch" & @CRLF & _ "tickets.kinepolis.es" & @CRLF & _ "tickets.kinepolis.fr" & @CRLF & _ "tickets.kinepolis.lu" & @CRLF & _ "tickets.kinepolis.nl" & @CRLF & _ "userprofile-ui.landmarkcinemas.com" & @CRLF & _ "www.kinepolis.be " & @CRLF & _ "www.kinepolis.ch " & @CRLF & _ "www.kinepolis.com " & @CRLF & _ "www.kinepolis.es " & @CRLF & _ "www.kinepolis.fr " & @CRLF & _ "www.kinepolis.lu " & @CRLF & _ "www.kinepolis.nl " & @CRLF & _ "www.landmarkcinemas.com" & @CRLF & _ "www.mjrtheatres.com" & @CRLF & _ "business.kinepolis.be" & @CRLF & _ "business.kinepolis.lu" & @CRLF & _ "business.kinepolis.nl" & @CRLF & _ "com.inthepocket.kinepolis" & @CRLF & _ "extras-acc.landmarkcinemas.com" & @CRLF & _ "https://movieclub-int.kinepolis.com" & @CRLF & _ "https://movienow-int.kinepolis.be/admin" & @CRLF & _ "https://shop-acc.kinepolis.be/" & @CRLF & _ "identityserver-acc.landmarkcinemas.com" & @CRLF & _ "kinepolis-studio.be" & @CRLF & _ "kinepolis/id368204284" & @CRLF & _ "nz.co.vista.android.movie.mjrtheatres" & @CRLF & _ "stage.landmarkcinemas.com" & @CRLF & _ "userprofile-acc.landmarkcinemas.com" & @CRLF & _ "www.kinepolis.biz" & @CRLF & _ "*.kinepolis.be" & @CRLF & _ "*.kinepolis.ch" & @CRLF & _ "*.kinepolis.com" & @CRLF & _ "*.kinepolis.fr" & @CRLF & _ "*.kinepolis.lu" & @CRLF & _ "*.kinepolis.nl" & @CRLF & _ "*.landmarkcinemas.com" & @CRLF & _ "*.mjrtheatres.com" & @CRLF & _ "522089287" & @CRLF & _ "edge.lansweeper.com" & @CRLF & _ "api.lansweeper.com" & @CRLF & _ "app.lansweeper.com" & @CRLF & _ "backoffice.lansweeper.com" & @CRLF & _ "https://lsagentrelay.lansweeper.com/" & @CRLF & _ "app.lansweeper.com/trial" & @CRLF & _ "autoupdateapi.lansweeper.com" & @CRLF & _ "docs.lansweeper.com" & @CRLF & _ "login.lansweeper.com" & @CRLF & _ "Modernized Discovery" & @CRLF & _ "on-premises software" & @CRLF & _ "www.lansweeper.com" & @CRLF & _ "www.libelle.nl" & @CRLF & _ "*.libelle.nl" & @CRLF & _ "mobilevikings.be" & @CRLF & _ "api.unleashed.be" & @CRLF & _ "jimmobile.be" & @CRLF & _ "mgm.mobilevikings.be" & @CRLF & _ "uwa.mobilevikings.be" & @CRLF & _ "vpn.mobilevikings.be" & @CRLF & _ "*.mas.mobilevikings.be" & @CRLF & _ "*.mobilevikings.be" & @CRLF & _ "*.prd-pub.mobilevikings.be" & @CRLF & _ "*.prd.mobilevikings.be" & @CRLF & _ "vikingco.be" & @CRLF & _ "vikingdeals.be" & @CRLF & _ "*.monzo.com" & @CRLF & _ "*.monzo.me" & @CRLF & _ "*.prod-ffs.io" & @CRLF & _ "1052238659" & @CRLF & _ "co.uk.getmondo" & @CRLF & _ "134.58.179.82" & @CRLF & _ "be.nexuzhealth.mobile.cpv" & @CRLF & _ "be.nexuzhealth.mobile.kws" & @CRLF & _ "be.nexuzhealth.mobile.mynexuz" & @CRLF & _ "forms.nexuzhealth.be" & @CRLF & _ "idp-mobile.nexuzhealth.be" & @CRLF & _ "kws-companion/id1342124012" & @CRLF & _ "mobile.nexuzhealth.be" & @CRLF & _ "mynexuz.be" & @CRLF & _ "mynexuz.be/myUZ/" & @CRLF & _ "mynexuzhealth/id1459856321" & @CRLF & _ " idp-contact.nexuzhealth.be" & @CRLF & _ "media.nexuzhealth.be/patient/ " & @CRLF & _ "1079537578" & @CRLF & _ "https://oda.com" & @CRLF & _ "no.kolonial.tienda" & @CRLF & _ "*.oda.com" & @CRLF & _ "*.prod.nube.tech" & @CRLF & _ "1076840480" & @CRLF & _ "https://mathem.se" & @CRLF & _ "se.mathem.mathem" & @CRLF & _ "https://associatie.kuleuven.be/inschrijvingen/oli_login_50000050" & @CRLF & _ "https://webwsp.aps.kuleuven.be/sap/bc/ui5_ui5/sap/zc_oi_appl/" & @CRLF & _ "https://a.simplemdm.com/" & @CRLF & _ "https://auth2.pdq.tools/ " & @CRLF & _ "https://library-staging.pdq.tools/ " & @CRLF & _ "https://houston-staging.pdq.tools" & @CRLF & _ "https://portal-staging.pdq.tools/ " & @CRLF & _ "https://*.personiowhistleblowing.com" & @CRLF & _ "*.personio-internal.de" & @CRLF & _ "*.personio.tools" & @CRLF & _ "https://*.personio.de" & @CRLF & _ "https://hug.personio.com" & @CRLF & _ "https://sec-test-<intigriti handle>-<nn>.personio.de" & @CRLF & _ "https://www.personio.com/free-trial/" & @CRLF & _ "https://www.personio.de/kostenlos-testen/" & @CRLF & _ "Other assets owned by Personio" & @CRLF & _ "*.c-point.be" & @CRLF & _ "188.118.8.0/25" & @CRLF & _ "94.107.237.192/26" & @CRLF & _ "api-accpt.portofantwerp.com" & @CRLF & _ "api-accpt.portofantwerpbruges.com" & @CRLF & _ "api.portofantwerp.com" & @CRLF & _ "api.portofantwerpbruges.com" & @CRLF & _ "apps-accpt.portofantwerp.com" & @CRLF & _ "apps-accpt.portofantwerpbruges.com" & @CRLF & _ "apps.portofantwerp.com" & @CRLF & _ "apps.portofantwerpbruges.com" & @CRLF & _ "as2-accpt.portofantwerp.com" & @CRLF & _ "as2-accpt.portofantwerpbruges.com" & @CRLF & _ "as2.portofantwerp.com" & @CRLF & _ "as2.portofantwerpbruges.com" & @CRLF & _ "digitalspecs.portofantwerpbruges.com" & @CRLF & _ "login-accpt.portofantwerpbruges.com" & @CRLF & _ "login-test.portofantwerpbruges.com/poam/XUI/" & @CRLF & _ "login.portofantwerpbruges.com" & @CRLF & _ "maximo-accpt.portofantwerp.com" & @CRLF & _ "maximo-accpt.portofantwerpbruges.com" & @CRLF & _ "maximo.portofantwerp.com" & @CRLF & _ "maximo.portofantwerpbruges.com" & @CRLF & _ "my-accpt.portofantwerp.com" & @CRLF & _ "my-accpt.portofantwerpbruges.com" & @CRLF & _ "my.portofantwerp.com" & @CRLF & _ "my.portofantwerpbruges.com" & @CRLF & _ "notula-accpt.portofantwerpbruges.com" & @CRLF & _ "oprc.portofantwerpbruges.com" & @CRLF & _ "register-accpt.portofantwerp.com" & @CRLF & _ "register-accpt.portofantwerpbruges.com" & @CRLF & _ "servicedesk-accpt.portofantwerp.com" & @CRLF & _ "servicedesk-accpt.portofantwerpbruges.com" & @CRLF & _ "servicedesk.portofantwerp.com" & @CRLF & _ "servicedesk.portofantwerpbruges.com" & @CRLF & _ "share-accpt.portofantwerp.com" & @CRLF & _ "share-accpt.portofantwerpbruges.com" & @CRLF & _ "share.portofantwerp.com" & @CRLF & _ "share.portofantwerpbruges.com" & @CRLF & _ "webapps-accpt.portofantwerp.com" & @CRLF & _ "webapps-accpt.portofantwerpbruges.com" & @CRLF & _ "webapps-test.portofantwerpbruges.com/xui" & @CRLF & _ "webapps.portofantwerp.com" & @CRLF & _ "webapps.portofantwerpbruges.com" & @CRLF & _ "wiki-accpt.portofantwerp.com" & @CRLF & _ "wiki-accpt.portofantwerpbruges.com" & @CRLF & _ "wiki.portofantwerp.com" & @CRLF & _ "wiki.portofantwerpbruges.com" & @CRLF & _ "www.oursustainableport.com" & @CRLF & _ "www.portofantwerpbruges.com" & @CRLF & _ "erpx.unit4cloud.com/u4erx_pab_acp1" & @CRLF & _ "erpx.unit4cloud.com/u4erx_pab_prev" & @CRLF & _ "erpx.unit4cloud.com/u4erx_pab_prod" & @CRLF & _ "access.ripe.net" & @CRLF & _ "https://github.com/RIPE-NCC/rpki-commons" & @CRLF & _ "https://github.com/RIPE-NCC/rpki-core" & @CRLF & _ "https://github.com/RIPE-NCC/whois" & @CRLF & _ "lirportal.ripe.net" & @CRLF & _ "*.ripe.net" & @CRLF & _ "193.0.0.0/19 and 2001:67c:2e8::/48" & @CRLF & _ "https://github.com/RIPE-NCC/rpki-monitoring" & @CRLF & _ "https://github.com/RIPE-NCC/rpki-publication-server" & @CRLF & _ "https://github.com/RIPE-NCC/rpki-ta-0" & @CRLF & _ "https://github.com/RIPE-NCC/rsyncit" & @CRLF & _ "*.randstad.*" & @CRLF & _ "*.randstadrisesmart.*" & @CRLF & _ "*.risesmart.*" & @CRLF & _ "Any related Randstad domain" & @CRLF & _ "*.rhinternal.net" & @CRLF & _ "*.robinhood.com" & @CRLF & _ "*.robinhood.net" & @CRLF & _ "1634080733" & @CRLF & _ "6462308655" & @CRLF & _ "938003185" & @CRLF & _ "com.robinhood.android" & @CRLF & _ "com.robinhood.gateway" & @CRLF & _ "com.robinhood.money" & @CRLF & _ " Mobile Apps" & @CRLF & _ "*.swisspass.ch" & @CRLF & _ "www.sbb.ch" & @CRLF & _ "*.sbb.ch" & @CRLF & _ "Mobile Apps" & @CRLF & _ "www.elvetino.ch" & @CRLF & _ "www.sbbcargo.com" & @CRLF & _ "www.transsicura.ch" & @CRLF & _ "All other Web and mobile APPs owned by SBB " & @CRLF & _ "https://*.say.rocks" & @CRLF & _ "https://*.saytechnologies.com" & @CRLF & _ "SimScale API" & @CRLF & _ "SimScale Platform" & @CRLF & _ "SimScale Forum" & @CRLF & _ "SimScale Website" & @CRLF & _ "1632202810" & @CRLF & _ "cz.skodaauto.myskoda" & @CRLF & _ "910898851" & @CRLF & _ "app.nl.socialdeal" & @CRLF & _ "http://socialdeal.nl/inspirations/bluemonday/" & @CRLF & _ "http://www.whynot.com/" & @CRLF & _ "https://www.socialdeal.nl/orderlist/5e834ae0bed5c/63d772e2ed277/" & @CRLF & _ "www.socialdeal.nl" & @CRLF & _ "1114799709" & @CRLF & _ "1114800186" & @CRLF & _ "api.soundtrackyourbrand.com" & @CRLF & _ "billing.api.soundtrackyourbrand.com" & @CRLF & _ "builds.soundtrackyourbrand.com" & @CRLF & _ "business.soundtrackyourbrand.com" & @CRLF & _ "com.soundtrackyourbrand.soundtrack.player" & @CRLF & _ "https://auth.api.soundtrackyourbrand.com/" & @CRLF & _ "https://builds.soundtrackyourbrand.com/download/WIN32SOUNDTRACK/latest" & @CRLF & _ "https://radio.api.soundtrackyourbrand.com/" & @CRLF & _ "https://www.soundtrackyourbrand.com" & @CRLF & _ "macOS app" & @CRLF & _ "*.sqills.com" & @CRLF & _ "*.sqills.team" & @CRLF & _ " aweb.suivo.com" & @CRLF & _ "asupport.suivo.com" & @CRLF & _ "*.tempo-team.*" & @CRLF & _ "Any related Tempo-Team domain" & @CRLF & _ "www.tempo-team.be" & @CRLF & _ "www.tempo-team.com" & @CRLF & _ "www.tempo-team.nl" & @CRLF & _ "Brand Sites" & @CRLF & _ "Corporate Sites" & @CRLF & _ "Hindustan Coca-Cola Beverages" & @CRLF & _ "Mobile Applications" & @CRLF & _ "Publicly Facing Assets Related to The Coca-Cola Company" & @CRLF & _ "*.weareone.world" & @CRLF & _ "*.stag.weareone.world" & @CRLF & _ "artists.tomorrowland.com/production-website/33117" & @CRLF & _ "belgium.tomorrowland.com" & @CRLF & _ "brasil.tomorrowland.com" & @CRLF & _ "com.tomorrowland.oneworldradio" & @CRLF & _ "globaljourney.tomorrowland.com" & @CRLF & _ "my.tomorrowland.com" & @CRLF & _ "one-world-radio-tomorrowland/id1485778856" & @CRLF & _ "oneworldradio.tomorrowland.com" & @CRLF & _ "sp1y1tpaf1.execute-api.eu-west-1.amazonaws.com" & @CRLF & _ "tlbe.prod.tomorrowland.com" & @CRLF & _ "tlbr.prod.tomorrowland.com" & @CRLF & _ "tlfr.prod.tomorrowland.com" & @CRLF & _ "winter.tomorrowland.com" & @CRLF & _ "winterpackages.tomorrowland.com" & @CRLF & _ "www.tomorrowland.com" & @CRLF & _ "*.stag.tomorrowland.com" & @CRLF & _ "*.tomorrowland.com" & @CRLF & _ "components.stag.tomorrowland.com" & @CRLF & _ "components.tomorrowland.com" & @CRLF & _ "winkels.torfs.be" & @CRLF & _ "www.schoenentorfs.be" & @CRLF & _ "www.schoenentorfs.nl " & @CRLF & _ "www.torfs.be" & @CRLF & _ "www.torfs.nl" & @CRLF & _ "www.samenfittorfs.be" & @CRLF & _ "myaccount.trouw.nl" & @CRLF & _ "shop.trouw.nl" & @CRLF & _ "webwinkel.trouw.nl" & @CRLF & _ "www.trouw.nl" & @CRLF & _ "www.trouw.nl/abonnementen" & @CRLF & _ "*.trouw.nl" & @CRLF & _ "api.truelayer[-sandbox].com" & @CRLF & _ "auth.truelayer[-sandbox].com" & @CRLF & _ "login-api.truelayer[-sandbox].com" & @CRLF & _ "login.truelayer[-sandbox].com" & @CRLF & _ "onboarding-api.truelayer.com" & @CRLF & _ "pay-api.truelayer[-sandbox].com" & @CRLF & _ "pay.truelayer[-sandbox].com" & @CRLF & _ "paydirect.truelayer[-sandbox].com" & @CRLF & _ "payment.truelayer[-sandbox].com" & @CRLF & _ "payouts.truelayer[-sandbox].com" & @CRLF & _ "users-api.truelayer.com" & @CRLF & _ "C# SDK" & @CRLF & _ "console-backend.truelayer[-sandbox].com" & @CRLF & _ "console.truelayer[-sandbox].com" & @CRLF & _ "hpp.truelayer[-sandbox].com" & @CRLF & _ "Java SDK" & @CRLF & _ "PHP SDK" & @CRLF & _ "TrueLayer for Magento (Magento plugin)" & @CRLF & _ "TrueLayer for WooCommerce (WordPress plugin)" & @CRLF & _ "truelayer-signing" & @CRLF & _ "webhooks.truelayer[-sandbox].com" & @CRLF & _ "*.truelayer.cloud" & @CRLF & _ "*.truelayer.com" & @CRLF & _ "*.truelayer.io" & @CRLF & _ "iOS SDK" & @CRLF & _ "React Native SDK" & @CRLF & _ "Web SDK" & @CRLF & _ "*.itprojects.talent-community.com" & @CRLF & _ "*.tweakblogs.net" & @CRLF & _ "*.tweakers.net" & @CRLF & _ "*.tweakimg.net" & @CRLF & _ "134.58.179.102-103" & @CRLF & _ "autodiscover.uzleuven.be" & @CRLF & _ "ecrf.uzleuven.be" & @CRLF & _ "extranet-asa.uzleuven.be" & @CRLF & _ "extranet.uzleuven.be" & @CRLF & _ "liquidfiles.uzleuven.be" & @CRLF & _ "mx1.uzleuven.be" & @CRLF & _ "mx2.uzleuven.be" & @CRLF & _ "pcrstudioruzb.uzleuven.be" & @CRLF & _ "prddsplunkhf.uzleuven.be" & @CRLF & _ "sts.uzleuven.be" & @CRLF & _ "www.uzleuven.be" & @CRLF & _ "dns1.uzleuven.be" & @CRLF & _ "dns2.uzleuven.be" & @CRLF & _ "liquidfilestest.uzleuven.be" & @CRLF & _ "random.uzleuven.be/random/" & @CRLF & _ "teststs.uzleuven.be" & @CRLF & _ "uzlcm12cmg1.uzleuven.be" & @CRLF & _ "w1.uzleuven.be" & @CRLF & _ "*.kwsdose.be" & @CRLF & _ "*.playuzleuven.be" & @CRLF & _ "*.uzleuven.*" & @CRLF & _ "Ubisoft" & @CRLF & _ "1101145849" & @CRLF & _ "6444005221" & @CRLF & _ "api.uphold.com" & @CRLF & _ "com.uphold.labs.uphodl.android" & @CRLF & _ "com.uphold.wallet" & @CRLF & _ "graphql.topperpay.com/graphql" & @CRLF & _ "wallet.uphold.com" & @CRLF & _ "api-sandbox.uphold.com" & @CRLF & _ "api.sandbox.topperpay.com" & @CRLF & _ "api.topperpay.com" & @CRLF & _ "graphql.sandbox.topperpay.com/graphql" & @CRLF & _ "wallet-sandbox.uphold.com" & @CRLF & _ "www.uphold.com" & @CRLF & _ "*.uphold.com" & @CRLF & _ "API's" & @CRLF & _ "cds.vrt.radio" & @CRLF & _ "player.vrt.be" & @CRLF & _ "profiel.vrt.be" & @CRLF & _ "sporza.be" & @CRLF & _ "vrt.be/vrtmax" & @CRLF & _ "vrt.be/vrtnws" & @CRLF & _ "myaccount.vtm.be" & @CRLF & _ "vtm.be/vtmgo" & @CRLF & _ "vtmgo.be" & @CRLF & _ "*.vtm.be" & @CRLF & _ "*.vtmgo.be" & @CRLF & _ "api-wallet.venly.io" & @CRLF & _ "api.arkane.network" & @CRLF & _ "connect.arkane.network " & @CRLF & _ "connect.venly.io" & @CRLF & _ "login.arkane.network" & @CRLF & _ "login.venly.io" & @CRLF & _ "wallet.venly.io" & @CRLF & _ "api-wallet-sandbox.venly.io" & @CRLF & _ "564141518" & @CRLF & _ "accountsettings.connect.identity.stagaws.visma.com" & @CRLF & _ "admin.stage.vismaonline.com" & @CRLF & _ "ai-testing.maventa.com" & @CRLF & _ "aiassistant.stage.vismaonline.com" & @CRLF & _ "api.workbox.dk" & @CRLF & _ "app.workbox.dk" & @CRLF & _ "authz.workbox.dk" & @CRLF & _ "autointerface.stag.visma.net" & @CRLF & _ "ax-stage.maventa.com" & @CRLF & _ "com.visma.blue" & @CRLF & _ "connect.identity.stagaws.visma.com" & @CRLF & _ "eaccounting.stage.vismaonline.com" & @CRLF & _ "eaccountingprinting.stage.vismaonline.com" & @CRLF & _ "identity.stage.vismaonline.com" & @CRLF & _ "myservices-api.stage.vismaonline.com" & @CRLF & _ "myservices.stage.vismaonline.com" & @CRLF & _ "oauth.developers.stagaws.visma.com" & @CRLF & _ "testing.maventa.com" & @CRLF & _ "1395921017" & @CRLF & _ "https://api.voiapp.io/" & @CRLF & _ "io.voiapp.voi" & @CRLF & _ "mds.voiapp.io" & @CRLF & _ "*.voiscooters.com" & @CRLF & _ "report.voi.com" & @CRLF & _ "voi.com" & @CRLF & _ "www.voiscooters.com" & @CRLF & _ "https://desktop.water-link.be/" & @CRLF & _ "https://pit.water-link.be/" & @CRLF & _ "*.water-link.be/" & @CRLF & _ "https://www.water-link-jaarverslag.be" & @CRLF & _ "https://www.water-link.be" & @CRLF & _ "https://www.waterstoring.be/" & @CRLF & _ "authentication.wolt.com" & @CRLF & _ "wolt.com" & @CRLF & _ "corporate.wolt.com" & @CRLF & _ "drive.wolt.com" & @CRLF & _ "merchant.wolt.com" & @CRLF & _ "ops.wolt.com" & @CRLF & _ "restaurant-api.wolt.com" & @CRLF & _ "*.wolt.com" & @CRLF & _ "1477299281" & @CRLF & _ "943905271" & @CRLF & _ "com.wolt.android" & @CRLF & _ "com.wolt.courierapp" & @CRLF & _ "*.yacht.nl" & @CRLF & _ "*ensemble*.yahoo.com" & @CRLF & _ "*omega*.yahoo.com" & @CRLF & _ "7 News" & @CRLF & _ "AOL (misc)" & @CRLF & _ "AOL Help" & @CRLF & _ "AOL Homepage" & @CRLF & _ "AOL Mail" & @CRLF & _ "AOL Search" & @CRLF & _ "apis.mail.yahoo.com" & @CRLF & _ "data.mail.yahoo.com" & @CRLF & _ "Engadget" & @CRLF & _ "Gemini" & @CRLF & _ "Low Cost Access" & @CRLF & _ "Membership" & @CRLF & _ "onepush.query.yahoo.com" & @CRLF & _ "Online Marketplace" & @CRLF & _ "Other (Misc)" & @CRLF & _ "proddata.xobni.yahoo.com" & @CRLF & _ "Social Media Accounts" & @CRLF & _ "Techcrunch" & @CRLF & _ "TW eCommerce: Auctions" & @CRLF & _ "TW eCommerce: Shopping" & @CRLF & _ "TW eCommerce: Used Car" & @CRLF & _ "TW Media: Front Page" & @CRLF & _ "TW Media: News" & @CRLF & _ "TW Media: Stock" & @CRLF & _ "Yahoo Calendar" & @CRLF & _ "Yahoo Finance" & @CRLF & _ "Yahoo HK News" & @CRLF & _ "Yahoo Mail" & @CRLF & _ "Yahoo News" & @CRLF & _ "Yahoo Open Source Projects" & @CRLF & _ "Yahoo Search" & @CRLF & _ "Yahoo Sports: Best Ball" & @CRLF & _ "Yahoo Sports: Daily Fantasy" & @CRLF & _ "Yahoo Sports: Editorial" & @CRLF & _ "Yahoo Sports: Fantasy Games" & @CRLF & _ "Yahoo Sports: Fantasy Slate/PicknWin" & @CRLF & _ "Yahoo Sports: Fantasy Sports" & @CRLF & _ "Yahoo Sports: Fantasy Wallet" & @CRLF & _ "Yahoo Sports: Mobile" & @CRLF & _ "Yahoo Sports: Rivals" & @CRLF & _ "Yahoo Sports: Rivals Forums" & @CRLF & _ "Yahoo Video" & @CRLF & _ "Yahoo Weather" & @CRLF & _ "Yahoo! (Misc)" & @CRLF & _ "yimg.com" & @CRLF & _ "hub.vznkul.be/* " & @CRLF & _ "hub.vznkul.be/services/interhub/InterHubService" & @CRLF & _ "hub.vznkul.be/services/intrahub/IntraHubService" & @CRLF & _ "hubacc.vznkul.be/*" & @CRLF & _ "hubacc.vznkul.be/services/acceptance/interhub/InterHubService" & @CRLF & _ "hubacc.vznkul.be/services/acceptance/intrahub/IntraHubService" & @CRLF & _ "*pwn.intigriti.rocks" & @CRLF & _ "www.intigriti.com" & @CRLF & _ "api.vidaxl.com" & @CRLF & _ "ar.vidaxl.sa.com" & @CRLF & _ "b2b.vidaxl.com" & @CRLF & _ "cms.woger-cdn.com" & @CRLF & _ "customer-services.vidaxl.org" & @CRLF & _ "en.vidaxl.ae" & @CRLF & _ "en.vidaxl.ca" & @CRLF & _ "fps-extr-services.vidaxl.org" & @CRLF & _ "fr.vidaxl.ch" & @CRLF & _ "is.vidaxl.is" & @CRLF & _ "nexus.vidaxl.org" & @CRLF & _ "nl.vidaxl.be" & @CRLF & _ "serviceportal.vidaxl.com" & @CRLF & _ "shops-services.vidaxl.org" & @CRLF & _ "tracking.vidaxl.com" & @CRLF & _ "uk.vidaxl.com.ua" & @CRLF & _ "vidaxl.zendesk.com" & @CRLF & _ "www.dropshippingxl.com" & @CRLF & _ "www.vidaxl.<TLD>" & @CRLF & _ "apigateway.vidaxl.io" & @CRLF & _ "app.vidaxl.io" & @CRLF & _ "corporate.vidaxl.com" & @CRLF & _ "drone.vidaxl.io" & @CRLF & _ "qa-db.vidaxl.io" & @CRLF & _ "qa.vidaxl.io" & @CRLF & _ "qa1-apigateway.vidaxl.io" & @CRLF & _ "staging-apigateway.vidaxl.io" & @CRLF & _ "staging-db.vidaxl.io" & @CRLF & _ "staging.vidaxl.io" & @CRLF & _ "*.9altitudes.*" & @CRLF & _ "*.adultimagroup.*" & @CRLF & _ "*.birds.bi" & @CRLF & _ "*.birds.com" & @CRLF & _ "*.dynamics.com" & @CRLF & _ "*.jobmanager.dk" & @CRLF & _ "Out of Scope" & @CRLF & _ "*.aikido.dev" & @CRLF & _ "*.allegro.sk" & @CRLF & _ "*.allegro.cz" & @CRLF & _ "*.allegro.pl" & @CRLF & _ "*.allegrogroup.com" & @CRLF & _ "Any production website owned by Allegro not listed in Domains" & @CRLF & _ "technik.autobild.de" & @CRLF & _ "technik.beta.autobild.de" & @CRLF & _ "Automotive Security" & @CRLF & _ "Domains from independent BMW Dealers, Resellers or Fanclubs" & @CRLF & _ "*.info.buhlergroup.com" & @CRLF & _ "*.virtualworld.buhlergroup.com" & @CRLF & _ "*.virtualworld-portal.buhlergroup.com" & @CRLF & _ "imap.buhlergroup.cn" & @CRLF & _ "pop.buhlergroup.cn" & @CRLF & _ "smtp.buhlergroup.cn" & @CRLF & _ "channel.buhlergroup.com" & @CRLF & _ "bestbuy.buhlergroup.com" & @CRLF & _ "*.webinars.buhlergroup.com" & @CRLF & _ "*.learnhub.buhlergroup.com" & @CRLF & _ "*/scripts/cgiip.exe/*" & @CRLF & _ "help.capital.com" & @CRLF & _ "*affiliates.backend-capital.com" & @CRLF & _ "*eduapp.backend-capital.com" & @CRLF & _ "*education.backend-capital.com" & @CRLF & _ "31.31.132.0/24" & @CRLF & _ "31.31.141.0/26" & @CRLF & _ "*.citymesh.recruitee.com" & @CRLF & _ "*.digi-mobile.be" & @CRLF & _ "*.insky.be" & @CRLF & _ "31.31.128.128/26" & @CRLF & _ "31.31.128.192/27" & @CRLF & _ "31.31.128.64/26" & @CRLF & _ "31.31.130.0/23" & @CRLF & _ "31.31.134.0/23" & @CRLF & _ "31.31.139.0/24" & @CRLF & _ "31.31.140.0-87" & @CRLF & _ "31.31.140.92-254" & @CRLF & _ "31.31.143.0-71" & @CRLF & _ "*.it.datacamp.com" & @CRLF & _ "app.datacamp.com/recruit" & @CRLF & _ "ast-viewer.datacamp.com" & @CRLF & _ "confluence.datacamp.com" & @CRLF & _ "intranet.datacamp.com" & @CRLF & _ "jira.datacamp.com" & @CRLF & _ "links.datacamp.com" & @CRLF & _ "rdocumentation.datacamp.com" & @CRLF & _ "signature.datacamp.com" & @CRLF & _ "status.datacamp.com" & @CRLF & _ "support.datacamp.com" & @CRLF & _ "talent-jobs-api.datacamp.com" & @CRLF & _ "abonnement.demorgen.be" & @CRLF & _ "* demorgen.be/service" & @CRLF & _ "* demorgen.be/inloggen" & @CRLF & _ "* demorgen.be/login" & @CRLF & _ "* demorgen.be/registreren" & @CRLF & _ "https://www.vlaanderen.be/vlaamse-overheid/contact/stuur-een-e-mail" & @CRLF & _ "https://www.vlaanderen.be/aanmelden/help/mail.html" & @CRLF & _ "https://www.vlaanderen.be/aanmelden/help/mail.html?*" & @CRLF & _ "bibis*.vlaanderen.be" & @CRLF & _ "cdn.vlaanderen.be" & @CRLF & _ "codex.opendata.api.vlaanderen.be" & @CRLF & _ "ets*.omgeving.vlaanderen.be" & @CRLF & _ "natura2000.vlaanderen.be" & @CRLF & _ "opibus*.onderwijs*.vlaanderen.be" & @CRLF & _ "*.db.ondigitalocean.com" & @CRLF & _ "*.digitaloceanspaces.com" & @CRLF & _ "*.doserverless.co" & @CRLF & _ "*.k8s.ondigitalocean.com" & @CRLF & _ "*.ondigitalocean.app" & @CRLF & _ "Assets created by other DigitalOcean customers" & @CRLF & _ "Marketplace Apps and Add-Ons" & @CRLF & _ "Other DigitalOcean open source projects not listed" & @CRLF & _ "registry.digitalocean.com/*" & @CRLF & _ "www.driessen.nl/contact" & @CRLF & _ "www.driessen.nl/mijn/solliciteren/" & @CRLF & _ "*.grafana.com" & @CRLF & _ "*.grafana.net" & @CRLF & _ "https://hotelservice.hrs.com/" & @CRLF & _ "https://jobs.hrs.com/" & @CRLF & _ "https://www.hrs.com/deals/" & @CRLF & _ "* hln.be/service" & @CRLF & _ "abonnement.parool.nl" & @CRLF & _ "* parool.nl/service" & @CRLF & _ "* parool.nl/inloggen" & @CRLF & _ "* parool.nl/login" & @CRLF & _ "* parool.nl/registreren" & @CRLF & _ "*.swop.com/*" & @CRLF & _ "houseofhr.com/contact-us" & @CRLF & _ "houseofhr.com/your-career/jobs" & @CRLF & _ "rebel.houseofhr.com" & @CRLF & _ "abonnement.humo.be" & @CRLF & _ "* humo.be/service" & @CRLF & _ "* humo.be/inloggen" & @CRLF & _ "* humo.be/login" & @CRLF & _ "Everything related to configurators, both on primary as other domains" & @CRLF & _ "*.configuratoren.nl/*" & @CRLF & _ "afspraakmaken.gamma.nl" & @CRLF & _ "api.afspraakmaken.gamma.be" & @CRLF & _ "api.afspraakmaken.gamma.nl" & @CRLF & _ "api.maakafspraak.karwei.nl" & @CRLF & _ "horrenconfigurator-fr.gamma.be" & @CRLF & _ "horrenconfigurator-nl.gamma.be" & @CRLF & _ "horrenconfigurator.karwei.nl" & @CRLF & _ "karwei-2018.hetmooistegordijn.nl" & @CRLF & _ "maakafspraak.karwei.nl" & @CRLF & _ "mail.gamma.be" & @CRLF & _ "mail.gamma.nl" & @CRLF & _ "mail.karwei.nl" & @CRLF & _ "www.trismegistos.org" & @CRLF & _ "shop.kinepolis.be " & @CRLF & _ "shop.kinepolis.es" & @CRLF & _ "shop.kinepolis.fr " & @CRLF & _ "shop.kinepolis.lu" & @CRLF & _ "*.cineramabios.nl" & @CRLF & _ "dev.kinepolis.com" & @CRLF & _ "jobs.kinepolis.com" & @CRLF & _ "l.kinepolis.com" & @CRLF & _ "openx.kinepolis.com" & @CRLF & _ "https://careers.kiwa.com/" & @CRLF & _ "https://qr.kiwa.com/" & @CRLF & _ "https://www.kiwa.com/en/contact/" & @CRLF & _ " lsrunase2.0 and lsencrypt2.0 " & @CRLF & _ "careers.lansweeper.com" & @CRLF & _ "www.lansweeper.com/forum" & @CRLF & _ "* libelle.nl/service" & @CRLF & _ "* libelle.nl/inloggen" & @CRLF & _ "* libelle.nl/login" & @CRLF & _ "* libelle.nl/registreren" & @CRLF & _ "login.internal.monzo.com" & @CRLF & _ "community.monzo.com" & @CRLF & _ "academy.moralis.io" & @CRLF & _ "docs.moralis.io" & @CRLF & _ "forum.moralis.io" & @CRLF & _ "merch.moralis.io" & @CRLF & _ "roadmap.moralis.io" & @CRLF & _ "status.moralis.io" & @CRLF & _ "studygroup.moralis.io" & @CRLF & _ "talent.moralis.io" & @CRLF & _ "https://www.nexuzhealth.com/nl/mynexuzhealthpro" & @CRLF & _ "ovo.itgcanopy.com" & @CRLF & _ "*.oisl.gg" & @CRLF & _ "appsfwd.ovoenergy.com" & @CRLF & _ "askovo.net" & @CRLF & _ "auth-retail.ovoenergy.com" & @CRLF & _ "auth-www.ovoenergy.com" & @CRLF & _ "cctv-mgr.ovoenergy.com" & @CRLF & _ "cev.ovoenergy.com" & @CRLF & _ "documentum.ovoenergy.com" & @CRLF & _ "ecomms.ovoenergy.com" & @CRLF & _ "fortivpn.ovoenergy.com" & @CRLF & _ "forum.ovoenergy.com" & @CRLF & _ "greeninstaller.co.uk" & @CRLF & _ "hackable-lenny.com" & @CRLF & _ "hackable-sarge.com" & @CRLF & _ "hackable-slink.com" & @CRLF & _ "hackable-woody.com" & @CRLF & _ "learn.ovo.com" & @CRLF & _ "lightning.ovoenergy.com" & @CRLF & _ "ovo-comms-uat.co.uk" & @CRLF & _ "ovo-comms.co.uk" & @CRLF & _ "ovobyus.com" & @CRLF & _ "ovocards.com" & @CRLF & _ "ovocommunity.com" & @CRLF & _ "ovofoundation.org.uk" & @CRLF & _ "ovomyrewards.com" & @CRLF & _ "paybylink.ovoenergy.com" & @CRLF & _ "pma.ovoenergy.com" & @CRLF & _ "survey.ovoenergy.com" & @CRLF & _ "tech.ovoenergy.com" & @CRLF & _ "testrailapp.ovoenergy.com" & @CRLF & _ "thirdpartyassurance.ovoenergy.com" & @CRLF & _ "tracking.ovo.com" & @CRLF & _ "*.vectus.in" & @CRLF & _ "https://*.pdq.com/" & @CRLF & _ "https://*.simplemdm.com/ " & @CRLF & _ "https://*.smartdeploy.com/ " & @CRLF & _ "https://detect.pdq.tools/ " & @CRLF & _ " www.personio.de" & @CRLF & _ "personio.slack.com" & @CRLF & _ "statuspage.personio.de" & @CRLF & _ "support.personio.de" & @CRLF & _ "www.personio.com" & @CRLF & _ "www.personio.es" & @CRLF & _ "future.portofantwerp.com" & @CRLF & _ "future.portofantwerpbruges.com" & @CRLF & _ "jobs.portofantwerp.com" & @CRLF & _ "jobs.portofantwerpbruges.com" & @CRLF & _ "media.portofantwerp.com" & @CRLF & _ "media.portofantwerpbruges.com" & @CRLF & _ "register.portofantwerp.com" & @CRLF & _ "register.portofantwerpbruges.com" & @CRLF & _ "*.brightplus.be" & @CRLF & _ "*.career.be" & @CRLF & _ "*.entrili.com" & @CRLF & _ "*.expressmedical.be" & @CRLF & _ "*.jobinson.be" & @CRLF & _ "*.public-sourcing.be" & @CRLF & _ "*.rgfstaffing.be" & @CRLF & _ "*.solvus.be" & @CRLF & _ "*.startpeople.be" & @CRLF & _ "*.unique.be" & @CRLF & _ "*.uniqueselect.be" & @CRLF & _ "*.usgprofessionals.be" & @CRLF & _ "https://pen-app.entrili.com" & @CRLF & _ "*.probes.atlas.ripe.net" & @CRLF & _ "*.anchors.atlas.ripe.net" & @CRLF & _ "RIPE Meeting network (2001:67c:64::/48 and 193.0.24.0/21)" & @CRLF & _ "Any of the beta/dev environments" & @CRLF & _ "Any *.ripe.net host that is located outside of the in-scope IP ranges " & @CRLF & _ "193.0.0.160/27" & @CRLF & _ "2001:67c:2e8:3::/64" & @CRLF & _ "ripe(1to87).ripe.net" & @CRLF & _ "exams.ripe.net" & @CRLF & _ "workplace.randstad.in" & @CRLF & _ "apps.randstad.in" & @CRLF & _ "cz.randstad.com" & @CRLF & _ "*.newyorkredbulls.com" & @CRLF & _ "shop.robinhood.com" & @CRLF & _ "https://www.saytechnologies.com/contact/sales" & @CRLF & _ "https://www.simscale.com/api/v1/projects/*" & @CRLF & _ "www.simscale.com/forum/users/*.json" & @CRLF & _ "https://sixt-leasing" & @CRLF & _ "https://siemens.smc.sixt.com/" & @CRLF & _ "https://s004-px01.s004.smc.sixt.com/" & @CRLF & _ "https://s004-px02.s004.smc.sixt.com/" & @CRLF & _ "https://p001-slweb-px.p001.slweb.smc.sixt.com" & @CRLF & _ "s003-lb-siemens-stage.s003.smc.sixt.com" & @CRLF & _ "s002-lb-siemens-test.s002.smc.sixt.com" & @CRLF & _ "s004-lb-siemens.s004.smc.sixt.com" & @CRLF & _ "app.rental-images.sixt.com" & @CRLF & _ "b2cleasing.typo3.sixt.de" & @CRLF & _ "corporate.typo3.sixt.de" & @CRLF & _ "domainparking.sixt.com" & @CRLF & _ "fleetcheck.sixt.com" & @CRLF & _ "intranet.sixt.com" & @CRLF & _ "lacb2c.typo3.sixt.de" & @CRLF & _ "lkw.sixt.com" & @CRLF & _ "lkw.sixt.de" & @CRLF & _ "logistics.sixt.com" & @CRLF & _ "partner.sixt.de" & @CRLF & _ "partner.typo3.sixt.de" & @CRLF & _ "promo.sixt.com" & @CRLF & _ "promo.typo3.sixt.de" & @CRLF & _ "reporting.sixt.de" & @CRLF & _ "rproxy-firenze1.sixt.de" & @CRLF & _ "rproxy-firenze2.sixt.de" & @CRLF & _ "sixtbook.sixt.com" & @CRLF & _ "webservices.sixt.com" & @CRLF & _ "drying-little-tears.org" & @CRLF & _ "185.97.224.12" & @CRLF & _ "185.97.224.13" & @CRLF & _ "booking.*.sqills.com" & @CRLF & _ "booking.*.cloud.sqills.com" & @CRLF & _ "careers.sqills.com" & @CRLF & _ "*.red.sqills.team" & @CRLF & _ "Assets that allow end user input (other than login)" & @CRLF & _ "Stravito branded sites provided by partners or service providers" & @CRLF & _ "*.tempo-team.de" & @CRLF & _ "All Coke Stores" & @CRLF & _ "Assets Related to China" & @CRLF & _ "Coke One North America (CONA)" & @CRLF & _ "Food and Beverage Dispensing Devices" & @CRLF & _ "abonnement.trouw.nl" & @CRLF & _ "* trouw.nl/service" & @CRLF & _ "* trouw.nl/inloggen" & @CRLF & _ "* trouw.nl/login" & @CRLF & _ "* trouw.nl/registreren" & @CRLF & _ "ok.truelayer.com" & @CRLF & _ "banks.truelayer.com" & @CRLF & _ "careers.truelayer.com" & @CRLF & _ "docs.truelayer.com" & @CRLF & _ "https://truelayer.com/contact/" & @CRLF & _ "index.truelayer.com" & @CRLF & _ "info.truelayer.com" & @CRLF & _ "signin.truelayer.com" & @CRLF & _ "statuspage.truelayer.com" & @CRLF & _ "support.truelayer.com" & @CRLF & _ "truelayer.zendesk.com" & @CRLF & _ "elect.tweakers.net" & @CRLF & _ "uzleuven.atlassian.net" & @CRLF & _ "jobs.uzleuven.be" & @CRLF & _ "vacatures.uzleuven.be" & @CRLF & _ "suppliers-ivalua.ubisoft.com" & @CRLF & _ "ivalua.ubisoft.com" & @CRLF & _ "innovatie.vrt.be" & @CRLF & _ "shop.*.be" & @CRLF & _ "shop.vtm.be" & @CRLF & _ "* vtmgo.be/service" & @CRLF & _ "* vtmgo.be/inloggen" & @CRLF & _ "* vtmgo.be/login" & @CRLF & _ "* vtmgo.be/registreren" & @CRLF & _ "https://enterprise.vlerick.com" & @CRLF & _ "https://enterprise2.vlerick.com" & @CRLF & _ "https://mastersblog.vlerick.com/" & @CRLF & _ "https://repository.vlerick.com" & @CRLF & _ "https://spoc.myshopify.com/" & @CRLF & _ "https://vlerick.myshopify.com/" & @CRLF & _ "https://webform.vlerick.com" & @CRLF & _ " https://getflywheel.com/schedule-a-demo/" & @CRLF & _ "https://wpengine.com/contact/" & @CRLF & _ "aquawardsspatial.water-link.be" & @CRLF & _ "gisacc(*).water-link.be" & @CRLF & _ "https://aquawardsoperate.water-link.be/" & @CRLF & _ "https://aquawardsoperateacc.water-link.be" & @CRLF & _ "https://feedback.water-link.be" & @CRLF & _ "https://gis.water-link.be" & @CRLF & _ "https://gis1.water-link.be" & @CRLF & _ "https://gis2.water-link.be" & @CRLF & _ "https://jobs.water-link.be" & @CRLF & _ "https://wl_acc.water-link.be/" & @CRLF & _ "https://wl_dev.water-link.be/" & @CRLF & _ "blog.wolt.com" & @CRLF & _ "gettest.wolt.com" & @CRLF & _ "press.wolt.com" & @CRLF & _ "wolt.atlassian.net" & @CRLF & _ "Flurry" & @CRLF & _ "TW eCommerce: Store" & @CRLF & _ "www.vznkul.be" & @CRLF & _ "*.intigriti.io" & @CRLF & _ "*.intigriti.me" & @CRLF & _ "*.intigriti.net" & @CRLF & _ "any intigriti CTF or challenge" & @CRLF & _ "api.intercom.io" & @CRLF & _ "autodiscover.intigriti.com" & @CRLF & _ "blog.intigriti.com" & @CRLF & _ "careers.intigriti.com" & @CRLF & _ "click.intigriti.com" & @CRLF & _ "go.intigriti.com" & @CRLF & _ "kb.intigriti.com" & @CRLF & _ "mail.intigriti.com" & @CRLF & _ "newsletter.intigriti.com" & @CRLF & _ "our hubspot pages (/hs-fs/, /hubfs/, /hs/, /_hcms/, landing/, report/, webinar/, /datasheet, /customer/, /video/...)" & @CRLF & _ "status.intigriti.com" & @CRLF & _ "swag.intigriti.com" & @CRLF & _ "t.intigriti.com" & @CRLF & _ "trust.intigriti.com" & @CRLF & _ "welcome.intigriti.com" & @CRLF & _ "partners.vidaxl.com" & @CRLF & _ "https://cockpit-eu-west-2.outscale.com/" & @CRLF & _ "https://fcu.eu-west-2.outscale.com" & @CRLF & _ "https://lbu.eu-west-2.outscale.com" & @CRLF & _ "https://osu.eu-west-2.outscale.com" & @CRLF & _ "https://eim.eu-west-2.outscale.com" & @CRLF & _ "https://icu.eu-west-2.outscale.com" & @CRLF & _ "https://directlink.eu-west-2.outscale.com" & @CRLF & _ "Any resource created or accessed with the Outscale Cloud, on all regions" & @CRLF & _ "*.atg.se" & @CRLF & _ "www.atg.se" & @CRLF & _ "api.atg.se" & @CRLF & _ "iam.atg.se" & @CRLF & _ "https://apps.apple.com/se/app/atg/id1434660322" & @CRLF & _ "https://apps.apple.com/se/app/atg-live/id1608156355" & @CRLF & _ "https://play.google.com/store/apps/details?id=se.atg.live&hl=en&gl=SE" & @CRLF & _ "app.alasco.de" & @CRLF & _ "api.alasco.de" & @CRLF & _ "*.alasco.de" & @CRLF & _ "*.alasco.rocks" & @CRLF & _ "In-Scope Applications can be found here: https://mysrc.group/project_detail?id=11" & @CRLF & _ "Log4j 2.x" & @CRLF & _ "Log4j API for Kotlin" & @CRLF & _ "Log4j API for Scala" & @CRLF & _ "Log4cxx" & @CRLF & _ "Log4net" & @CRLF & _ "Agora for Android (see dowload link for APK file and mobile app GitHub repository in description)" & @CRLF & _ "Agora for iOS (see dowload link for IPA file and mobile app GitHub repository in description)" & @CRLF & _ "https://app.sandbox.agora.incubateur.net" & @CRLF & _ "https://api.sandbox.agora.incubateur.net (source code available on GitHub, see description)" & @CRLF & _ "https://content.agora.beta.gouv.fr" & @CRLF & _ "https://www.bookbeat.com" & @CRLF & _ "https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua))" & @CRLF & _ "https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)" & @CRLF & _ "https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)" & @CRLF & _ "https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.comuto&hl=en" & @CRLF & _ "https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8" & @CRLF & _ "https://api.blablalines.com" & @CRLF & _ "https://daily.blablacar.fr" & @CRLF & _ "https://blablacardaily.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.blablalines" & @CRLF & _ "https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288" & @CRLF & _ "https://www.sncf-connect.com" & @CRLF & _ "https://sncf-connect.com" & @CRLF & _ "https//monidentifiant.sncf" & @CRLF & _ "https://www.sncf-connect.com/bff" & @CRLF & _ "*.coindcx.com" & @CRLF & _ "api.coindcx.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.coindcx.btc" & @CRLF & _ "https://apps.apple.com/in/app/coindcx-trade-bitcoin-crypto/id1517787269" & @CRLF & _ "*.contentsquare.com" & @CRLF & _ "https://mobile-production.content-square.net/" & @CRLF & _ "https://m.csqtrk.net" & @CRLF & _ "https://s.contentsquare.net" & @CRLF & _ "Contentsquare SDK (cf : Program Description)" & @CRLF & _ "https://bounty.cryptobox.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.ercom.cryptobox.release&hl=fr" & @CRLF & _ "https://apps.apple.com/fr/app/cryptobox/id972602802" & @CRLF & _ "https://pprd.cybermalveillance.gouv.fr" & @CRLF & _ "cyclonedx-bom" & @CRLF & _ "cargo-cyclonedx" & @CRLF & _ "https://play.google.com/store/apps/details?id=id.dana&hl=en" & @CRLF & _ "https://apps.apple.com/id/app/dana/id1437123008" & @CRLF & _ "https://appgallery.huawei.com/#/app/C100570215" & @CRLF & _ "mgs-gw.m.dana.id" & @CRLF & _ "api-saas.dana.id" & @CRLF & _ "sec.m.dana.id" & @CRLF & _ "m.dana.id" & @CRLF & _ "https://www.demarches-simplifiees.fr" & @CRLF & _ "https://www.demarches-simplifiees.fr/graphql" & @CRLF & _ "https://www.demarches-simplifiees.fr/api/v2/graphql" & @CRLF & _ "https://static.demarches-simplifiees.fr" & @CRLF & _ "DS proxy (see https://github.com/demarches-simplifiees/ds_proxy)" & @CRLF & _ "Specific scenarios (see program description)" & @CRLF & _ "AgentConnect (see program description for github link)" & @CRLF & _ "FranceConnect+ (see program description for github link)" & @CRLF & _ "FranceConnect (see program description for github link)" & @CRLF & _ "eIDAS Bridge (see program description for github link)" & @CRLF & _ "User Dashboard (see program description for github link)" & @CRLF & _ "https://www.tchap.gouv.fr" & @CRLF & _ "https://matrix.agent.tchap.gouv.fr" & @CRLF & _ "https://matrix.agent.*.tchap.gouv.fr" & @CRLF & _ "https://github.com/tchapgouv" & @CRLF & _ "https://play.google.com/store/apps/details?id=fr.gouv.tchap.a&hl=fr" & @CRLF & _ "https://apps.apple.com/fr/app/tchap/id1446253779" & @CRLF & _ "https://www.beta.tchap.gouv.fr" & @CRLF & _ "https://matrix.i.tchap.gouv.fr" & @CRLF & _ "https://matrix.e.tchap.gouv.fr" & @CRLF & _ "https://bounty-cloud.dracoon.app/api" & @CRLF & _ "https://bounty-cloud.dracoon.app/oauth" & @CRLF & _ "https://0-2744452194.s3.nbg01.de.dracoon.io" & @CRLF & _ "https://bounty-cloud.dracoon.app/mediaserver" & @CRLF & _ "https://bounty-cloud.dracoon.app/reporting/api" & @CRLF & _ "https://bounty-cloud.dracoon.app/webdav" & @CRLF & _ "https://bounty-cloud.dracoon.app/" & @CRLF & _ "https://bounty-server.dracoon.app/api" & @CRLF & _ "https://bounty-server.dracoon.app/oauth" & @CRLF & _ "https://bounty-server.dracoon.app/reporting/api" & @CRLF & _ "https://bounty-server.dracoon.app/webdav" & @CRLF & _ "https://bounty-server.dracoon.app/" & @CRLF & _ "*.dailymotion.com" & @CRLF & _ "*.api.dailymotion.com" & @CRLF & _ "developer.dailymotion.com" & @CRLF & _ "*.dmcdn.net" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.dailymotion.dailymotion&hl=fr&gl=US" & @CRLF & _ "https://apps.apple.com/fr/app/dailymotion/id336978041" & @CRLF & _ "ifttt-adaptor.pub.kube.dm.gg" & @CRLF & _ "AS41690" & @CRLF & _ "dmxleo.com" & @CRLF & _ "*.dm.gg" & @CRLF & _ "Google Cloud Plateform Instances" & @CRLF & _ "https://bounty-nodejs.datashield.co" & @CRLF & _ "https://bounty-fastly.datashield.co" & @CRLF & _ "https://bounty-nginx.datashield.co" & @CRLF & _ "*.captcha-delivery.com" & @CRLF & _ "js.datadome.co" & @CRLF & _ "api-js.datadome.co" & @CRLF & _ "https://app.datadome.co" & @CRLF & _ "https://customer-api.datadome.co" & @CRLF & _ "https://api.datadome.co" & @CRLF & _ "https://api-js.datadome.co" & @CRLF & _ "https://*.captcha-delivery.com" & @CRLF & _ "https://auth.datadome.co" & @CRLF & _ "https://datadome.co" & @CRLF & _ "https://bot-tester.datadome.co/" & @CRLF & _ "www.deezer.com" & @CRLF & _ "connect.deezer.com" & @CRLF & _ "api.deezer.com" & @CRLF & _ "payment.deezer.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=deezer.android.app" & @CRLF & _ "https://apps.apple.com/fr/app/deezer-musique-podcast/id292738169" & @CRLF & _ "zen.deezer.com" & @CRLF & _ "wellbeing.deezer.com" & @CRLF & _ "wellbeing.dzcdn.net" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.deezer.zen" & @CRLF & _ "https://apps.apple.com/be/app/zen-by-deezer-m%C3%A9ditation/id1597326355" & @CRLF & _ "account.deezer.com" & @CRLF & _ "pipe.deezer.com" & @CRLF & _ "www.doctolib.(fr|de|it)" & @CRLF & _ "pro.doctolib.(fr|de|it) (see "Free features for healthcare professionals"))" & @CRLF & _ "Special scenarios (see description)" & @CRLF & _ "*.doctolib.(fr|de|it|com|net)" & @CRLF & _ "https://apps.apple.com/fr/app/doctolib/id925339063" & @CRLF & _ "http://play.google.com/store/apps/details?id=fr.doctolib.www" & @CRLF & _ "*.siilo.com" & @CRLF & _ "https://apps.apple.com/ie/app/doctolib-siilo/id1083002150" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.siilo.android&hl=en" & @CRLF & _ "Dovecot IMAP Server and Pigeonhole SIEVE (see "Software packages" and "Source code")" & @CRLF & _ "Hardware found on https://www.ezviz.com/category/security-wifi-cameras" & @CRLF & _ "Hardware found on https://www.ezviz.com/category/smart-home" & @CRLF & _ "i.ys7.com" & @CRLF & _ "open.ys7.com" & @CRLF & _ "auth.ys7.com" & @CRLF & _ "api.ys7.com" & @CRLF & _ "api.ezvizlife.com" & @CRLF & _ "usauth.ezvizlife.com" & @CRLF & _ "ius.ezvizlife.com" & @CRLF & _ "*.ys7.com" & @CRLF & _ "GLib" & @CRLF & _ "glib-networking" & @CRLF & _ "libsoup" & @CRLF & _ "*.gov.sg" & @CRLF & _ "Domains where GovTech is the registrar" & @CRLF & _ "*.jbl.com" & @CRLF & _ "*.harmanaudio.com" & @CRLF & _ "*.harmankardon.com" & @CRLF & _ "*.support.jbl.com" & @CRLF & _ "*.jbl.nl" & @CRLF & _ "*.jbl.ru" & @CRLF & _ "*.uk.jbl.com" & @CRLF & _ "*.uk.harmanaudio.com" & @CRLF & _ "*.de.jbl.com" & @CRLF & _ "*.in.jbl.com" & @CRLF & _ "*.jp.jbl.com" & @CRLF & _ "*.jbl.com.br" & @CRLF & _ "Device: JBL Bar 300" & @CRLF & _ "Device: JBL Bar 500" & @CRLF & _ "Device: JBL Bar 700" & @CRLF & _ "Device: JBL Bar 800" & @CRLF & _ "Device: JBL Bar 1000" & @CRLF & _ "Device: JBL Bar 1300" & @CRLF & _ "a1ttqkupgmaxeg-ats.iot.us-east-1.amazonaws.com" & @CRLF & _ "a1ttqkupgmaxeg-ats.iot.ap-east-1.amazonaws.com" & @CRLF & _ "lsaconsumerevents2.onecloud.harman.com" & @CRLF & _ "lsaconsumerevents3.onecloud.harman.com" & @CRLF & _ "lsaconsumerevents1.onecloud.harman.com" & @CRLF & _ "events.onecloud.harman.com" & @CRLF & _ "ota-staging.onecloud.harman.com" & @CRLF & _ "ota.onecloud.harman.com" & @CRLF & _ "apis.onecloud.harman.com" & @CRLF & _ "edgeapis.onecloud.harman.com" & @CRLF & _ "things.onecloud.harman.com" & @CRLF & _ "JBL Authentics 200" & @CRLF & _ "JBL Authentics 300" & @CRLF & _ "JBL Authentics 500" & @CRLF & _ "JBL Boombox 3 Wi-Fi" & @CRLF & _ "JBL Charge 5 Wi-Fi" & @CRLF & _ "JBL PartyBox Ultimate" & @CRLF & _ "https://apps.apple.com/fr/app/jbl-one/id1610239857" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.jbl.oneapp&hl=fr&gl=US" & @CRLF & _ "JBL Flip 6" & @CRLF & _ "JBL Charge 5" & @CRLF & _ "*.kdrive.infomaniak.com" & @CRLF & _ "api.infomaniak.com" & @CRLF & _ "login.infomaniak.com" & @CRLF & _ "manager.infomaniak.com/v3/*" & @CRLF & _ "shop.infomaniak.com" & @CRLF & _ "*.kchat.infomaniak.com" & @CRLF & _ "calendar.infomaniak.com" & @CRLF & _ "contacts.infomaniak.com" & @CRLF & _ "etickets.infomaniak.com" & @CRLF & _ "mail.infomaniak.com" & @CRLF & _ "swiss-backup*.infomaniak.com" & @CRLF & _ "vod.infomaniak.com" & @CRLF & _ "*.vod2.infomaniak.com" & @CRLF & _ "player-radio.infomaniak.com" & @CRLF & _ "welcome.infomaniak.com" & @CRLF & _ "www.swisstransfer.com" & @CRLF & _ "www.infomaniak.com" & @CRLF & _ "chk.infomaniak.com" & @CRLF & _ "ai-tools.infomaniak.com" & @CRLF & _ "kmeet.infomaniak.com" & @CRLF & _ "kpaste.infomaniak.com" & @CRLF & _ "sync.infomaniak.com" & @CRLF & _ "storage*.infomaniak.com" & @CRLF & _ "ix2smbdyjt.infomaniak.site" & @CRLF & _ "5k8vrbdyje.infomaniak.site" & @CRLF & _ "fv3lfbdyjh.infomaniak.site" & @CRLF & _ "l75pvbdyjo.infomaniak.site" & @CRLF & _ "infomaniak.events" & @CRLF & _ "sms.infomaniak.com" & @CRLF & _ "developer.infomaniak.com" & @CRLF & _ "invitation.infomaniak.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.infomaniak.drive" & @CRLF & _ "https://apps.apple.com/app/infomaniak-kdrive/id1482778676" & @CRLF & _ "https://github.com/Infomaniak/desktop-kDrive" & @CRLF & _ "https://apps.apple.com/fr/app/infomaniak-mail/id1622596573" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US" & @CRLF & _ "https://www.hpr.kiwai-normandie.fr/" & @CRLF & _ "https://www.api.hpr.kiwai-normandie.fr/" & @CRLF & _ "https://www.ppr.kiwai-enr.fr/" & @CRLF & _ "https://www.kiwai-enr.fr/" & @CRLF & _ "https://www.api.kiwai-normandie.fr" & @CRLF & _ "https://www.kiwai-normandie.fr/" & @CRLF & _ "https://bounty.legapass.com" & @CRLF & _ "hack1.mtrx.ovh" & @CRLF & _ "https://hackme.matrixreq.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.paymaya" & @CRLF & _ "https://apps.apple.com/am/app/maya-your-all-in-one-money-app/id991673877" & @CRLF & _ "https://appgallery.huawei.com/app/C101186357" & @CRLF & _ "https://api.paymaya.com/" & @CRLF & _ "https://pg.paymaya.com" & @CRLF & _ "https://payoutapi.maya.ph/" & @CRLF & _ "https://op.paymaya.com/" & @CRLF & _ "https://connect.paymaya.com/" & @CRLF & _ "https://paymayabiller-prod.paymaya.com/" & @CRLF & _ "www.monespacesante.fr" & @CRLF & _ "admincms.monespacesante.fr" & @CRLF & _ "adminstore.monespacesante.fr" & @CRLF & _ "api.monespacesante.fr" & @CRLF & _ "auth.monespacesante.fr" & @CRLF & _ "cms.monespacesante.fr" & @CRLF & _ "editeur.api.monespacesante.fr" & @CRLF & _ "editeurs.monespacesante.fr" & @CRLF & _ "knowage.monespacesante.fr" & @CRLF & _ "support.monespacesante.fr" & @CRLF & _ "api.editeur.preprod.monespacesante.fr" & @CRLF & _ "api.preprod.monespacesante.fr" & @CRLF & _ "auth.preprod.monespacesante.fr" & @CRLF & _ "preprod.api.monespacesante.fr" & @CRLF & _ "preprod.auth.monespacesante.fr" & @CRLF & _ "preprod.editeur.api.monespacesante.fr" & @CRLF & _ "preprod.monespacesante.fr" & @CRLF & _ "preprod1.monespacesante.fr" & @CRLF & _ "preprod2.monespacesante.fr" & @CRLF & _ "securite.monespacesante.fr" & @CRLF & _ "am.monespacesante.fr" & @CRLF & _ "editeur.am.monespacesante.fr" & @CRLF & _ "am.editeur.preprod.monespacesante.fr" & @CRLF & _ "am.preprod.monespacesante.fr" & @CRLF & _ "preprod.am.monespacesante.fr" & @CRLF & _ "preprod.editeur.am.monespacesante.fr" & @CRLF & _ "www.preprod.monespacesante.fr" & @CRLF & _ "www.preprod1.monespacesante.fr" & @CRLF & _ "www.preprod2.monespacesante.fr" & @CRLF & _ "www.am.monespacesante.fr" & @CRLF & _ "www.editeur.am.monespacesante.fr" & @CRLF & _ "www.editeur.api.monespacesante.fr" & @CRLF & _ "apps.apple.com/fr/app/mon-espace-sant%C3%A9/id1589255019 (iOS)" & @CRLF & _ "play.google.com/store/apps/details?id=fr.assurancemaladie.monespacesante&showAllReviews=true (Android)" & @CRLF & _ "https://api.moneyboxapp.com/" & @CRLF & _ "https://admin.moneyboxapp.org/" & @CRLF & _ "https://admin-roundups.moneyboxapp.org/" & @CRLF & _ "https://apps.apple.com/gb/app/moneybox-save-and-invest/id1049797239" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.moneyboxapp" & @CRLF & _ "https://sycamore.moneyboxapp.org/" & @CRLF & _ "https://www.otto.de" & @CRLF & _ "https://www.otto.de/jobs" & @CRLF & _ "https://play.google.com/store/apps/details?id=de.cellular.ottohybrid&hl=de" & @CRLF & _ "https://apps.apple.com/de/app/otto-shopping-m%C3%B6bel/id404844644" & @CRLF & _ "https://www.lascana.de/" & @CRLF & _ "https://teleoptiprd.otto.de" & @CRLF & _ "https://mmp.otto.de" & @CRLF & _ "https://partnerprogramm.otto.de" & @CRLF & _ "https://orbidder.otto.de" & @CRLF & _ "https://supplier-connect.otto.de" & @CRLF & _ "https://retail-api.otto.de" & @CRLF & _ "api.ovh.com" & @CRLF & _ "www.ovh.com/manager" & @CRLF & _ "www.ovh.com" & @CRLF & _ "https://sandbox.open-xchange.com" & @CRLF & _ "GitLab and GitHub repos listed on this page" & @CRLF & _ "https://apps.apple.com/in/app/okto-wallet/id6450688229" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.coindcx.okto" & @CRLF & _ "*.okto.tech" & @CRLF & _ "https://www.ooredoo.qa" & @CRLF & _ "https://mobile.ooredoo.qa" & @CRLF & _ "https://play.google.com/store/apps/details?id=qa.ooredoo.android&hl=en&gl=US" & @CRLF & _ "https://apps.apple.com/qa/app/ooredoo-qatar/id619828745" & @CRLF & _ "Security Vulnerability in OpenPGP.js's high-level API" & @CRLF & _ "Security Vulnerability in the OpenPGP Standard" & @CRLF & _ "Interoperability Issue in OpenPGP.js" & @CRLF & _ "https://billingserver.pinelabs.com/" & @CRLF & _ "dashboard.pluralonline.com" & @CRLF & _ "https://lounge.pinelabs.com/loungeui/login" & @CRLF & _ "https://pinepgconsole.in:9099" & @CRLF & _ "https://paymentoptimizerdashboard.pinepg.in/" & @CRLF & _ "analytics.pinelabs.com" & @CRLF & _ "corporate.pineperks.in" & @CRLF & _ "www.pineperks.in" & @CRLF & _ "https://myplutus.pinelabs.my/" & @CRLF & _ "trm.pinepaymentsolutions.com" & @CRLF & _ "https://trm.pinelabs.ae" & @CRLF & _ "https://www.pinelabs.ae/" & @CRLF & _ "https://www.letspaylater.ph/" & @CRLF & _ "https://apps.apple.com/in/app/pineperks/id908644471" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.pinegift" & @CRLF & _ "https://credit.pinelabs.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.pinelabs.pinelabsone" & @CRLF & _ "https://apps.apple.com/in/app/pine-labs-one/id6444654068" & @CRLF & _ "https://one.pinelabs.com/" & @CRLF & _ "https://plmcixt.pinelabs.com/" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.pinelabs.emicatalogue.pinelabs&hl=uz" & @CRLF & _ "https://emistores.pinelabs.com/" & @CRLF & _ "PowerDNS authoritative server, recursor and DNSdist (see "Software packages" and "Source-code")" & @CRLF & _ "https://reptox.cnesst.gouv.qc.ca" & @CRLF & _ "https://profile.pentest.clicsante.ca" & @CRLF & _ "https://clients3.pentest.clicsante.ca" & @CRLF & _ "https://portal3.pentest.clicsante.ca" & @CRLF & _ "https://api3.pentest.clicsante.ca" & @CRLF & _ "https://admin3.pentest.clicsante.ca" & @CRLF & _ "https://poc-op-ywh.it.authentification.si.gouv.qc.ca" & @CRLF & _ "https://auth-ywh.it.authentification.si.gouv.qc.ca" & @CRLF & _ "https://www.cyber.gouv.qc.ca" & @CRLF & _ "https://pab.donneesquebec.ca" & @CRLF & _ "https://gap.citizenportal-test.bugbounty.akinox.dev" & @CRLF & _ "https://test.m4sv.bugbounty.akinox.dev" & @CRLF & _ "https://pbgq.upac.gouv.qc.ca/" & @CRLF & _ "https://pbgq-pes.upac.gouv.qc.ca/denonciation/" & @CRLF & _ "https://pbgq-pes.upac.gouv.qc.ca/nous-joindre/" & @CRLF & _ "https:/pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-acces-info/" & @CRLF & _ "https://pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-revision/" & @CRLF & _ "https://pbgq-pes.deontologie-policiere.gouv.qc.ca/reponses-questions/" & @CRLF & _ "www.qwant.com" & @CRLF & _ "api.qwant.com" & @CRLF & _ "s.qwant.com" & @CRLF & _ "s1.qwant.com" & @CRLF & _ "s2.qwant.com" & @CRLF & _ "qwantjunior.com" & @CRLF & _ "https://my.salt.ch" & @CRLF & _ "https://eshop.salt.ch" & @CRLF & _ "https://login.salt.ch" & @CRLF & _ "buffered-reader" & @CRLF & _ "nettle-sys" & @CRLF & _ "nettle-rs" & @CRLF & _ "SHA1-CD" & @CRLF & _ "sequoia-openpgp" & @CRLF & _ "sequoia-autocrypt" & @CRLF & _ "sequoia-ipc" & @CRLF & _ "sequoia-net" & @CRLF & _ "Shared OpenPGP Certificate Directory" & @CRLF & _ "sequoia-cert-store" & @CRLF & _ "sequoia-wot" & @CRLF & _ "sequoia-policy-config" & @CRLF & _ "rpm-sequoia" & @CRLF & _ "sqv" & @CRLF & _ "sq" & @CRLF & _ "sqop" & @CRLF & _ "octopus" & @CRLF & _ "sequoia-git" & @CRLF & _ "OpenPGP Cert Directory Specification" & @CRLF & _ "Web of Trust Specification" & @CRLF & _ "Sequoia git Specification" & @CRLF & _ "https://my.sogexia.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=io.gonative.android.xjndrq&hl=fr" & @CRLF & _ "itmss://apps.apple.com/us/app/id1510360750?ign-mscache=1" & @CRLF & _ "https://spacelift.dev/" & @CRLF & _ "https://*.app.spacelift.dev" & @CRLF & _ "Native K8S workers and operator" & @CRLF & _ "OIDC-based API keys" & @CRLF & _ "MFA" & @CRLF & _ "api.swapcard.com" & @CRLF & _ "chat-api.swapcard.com/graphql" & @CRLF & _ "developer.swapcard.com/event-admin/graphql" & @CRLF & _ "login.swapcard.com" & @CRLF & _ "studio-api.swapcard.com" & @CRLF & _ "app.swapcard.com" & @CRLF & _ "studio.swapcard.com" & @CRLF & _ "team.swapcard.com" & @CRLF & _ "https://apps.apple.com/fr/app/swapcard/id879488719" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.swapcard.apps.android&hl=fr" & @CRLF & _ "img.swapcard.com" & @CRLF & _ "t.swapcard.com" & @CRLF & _ "(*.post.ch:80|*.post.ch:443) AND 194.41.128.0/17" & @CRLF & _ "https://account.post.ch" & @CRLF & _ "https://shop.post.ch/shop" & @CRLF & _ "https://service.post.ch/ekp-web/" & @CRLF & _ "https://service.post.ch/zopa/app/" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.nth.swisspost&hl=de_CH&gl=US" & @CRLF & _ "https://apps.apple.com/ch/app/die-post/id378676700" & @CRLF & _ "https://billingonline.post.ch/OnlinePayment/Web/v1/BOI" & @CRLF & _ "https://service.post.ch/ele-klp/ele/" & @CRLF & _ "Source Code" & @CRLF & _ "System Specification" & @CRLF & _ "Scenarios with Special Bounties" & @CRLF & _ "Protocol of the Swiss Post Voting System" & @CRLF & _ "https://www.teamviewer.com/en/products/teamviewer/" & @CRLF & _ "https://web.teamviewer.com" & @CRLF & _ "https://account.teamviewer.com" & @CRLF & _ "https://login.teamviewer.com" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.teamviewer.teamviewer.market.mobile&hl=en&gl=US" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.teamviewer.quicksupport.market&hl=en&gl=US" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.teamviewer.host.market&hl=en&gl=US" & @CRLF & _ "https://apps.apple.com/de/app/teamviewer-remote-control/id692035811" & @CRLF & _ "https://apps.apple.com/de/app/teamviewer-quicksupport/id661649585" & @CRLF & _ "*.telenor.se" & @CRLF & _ "*.bredbandsbolaget.se" & @CRLF & _ "*.europolitan.se" & @CRLF & _ "*.ownit.se" & @CRLF & _ "*.vimla.se" & @CRLF & _ "*.vimla.work" & @CRLF & _ "*.vimla.io" & @CRLF & _ "In-Scope Products (for the full list please visit https://en.security.tencent.com/index.php/policy)" & @CRLF & _ "https://thueringer-foerderportal.eu" & @CRLF & _ "https://ecohesion.aufbaubank.de" & @CRLF & _ "https://login.aufbaubank.de" & @CRLF & _ "*.vfsglobal.(com|co.uk|ca)" & @CRLF & _ "*.vfsevisa.com" & @CRLF & _ "*.onevasco.com" & @CRLF & _ "*.vascoworldwide.net" & @CRLF & _ "www.vfsvisaonline.com" & @CRLF & _ "www.dvpc.net" & @CRLF & _ "www.vfsvisaservicesrussia.com" & @CRLF & _ "*.directverify.in" & @CRLF & _ "*.docswallet.com" & @CRLF & _ "biometservices.com" & @CRLF & _ "agents.tasheer.com" & @CRLF & _ "https://gaadmin.vfsglobal.com/GlobalAdmin/" & @CRLF & _ "https://gaadmin.vfsglobal.com/Global-Admin/" & @CRLF & _ "https://rusadminappt.vfsglobal.com/Global-Admin/" & @CRLF & _ "https://gaadmin.vfsglobal.com/AustraliaApptAdmin/" & @CRLF & _ "https://gaadmin.vfsglobal.com/GAR1Ph1ApptAdmin/" & @CRLF & _ "https://onlinena.vfsglobal.dz/AppointmentAdmin/" & @CRLF & _ "https://gaadmin.vfsglobal.com/DHAAppointmentAdmin" & @CRLF & _ "https://equatorialguinea-evisa.com" & @CRLF & _ "https://online.srilankaevisa.lk/lka/en/login" & @CRLF & _ "https://online.mustaqel.qa/qat/en/login" & @CRLF & _ "https://appointment.vfsglobal.com.dz/forms/FRDZ/" & @CRLF & _ "https://vfs.mioot.com/" & @CRLF & _ "https://vfseu.mioot.com/" & @CRLF & _ "https://www.vfsvisaservice.com/" & @CRLF & _ "https://indonesiavoa.vfsevisa.id/" & @CRLF & _ "https://www.vfsglobalservices-germany.com/Global-Appointment/" & @CRLF & _ "https://www.vfsvisaservice.com/IHC-SouthKorea-Appointment" & @CRLF & _ "https://vc.tasheer.com/" & @CRLF & _ "*.vfsglobal.by" & @CRLF & _ "*. vfsevisa.id" & @CRLF & _ "www.vinci.com" & @CRLF & _ "leonard.vinci.com" & @CRLF & _ "castor.vinci.com" & @CRLF & _ "survey.vinci.com" & @CRLF & _ "www.fondation-vinci.com" & @CRLF & _ "www.lafabriquedelacite.com" & @CRLF & _ "www.lab-recherche-environnement.org" & @CRLF & _ "vœux.vinci.com" & @CRLF & _ "www.vinci-vie.fr" & @CRLF & _ "www.trajeoh.com" & @CRLF & _ "actionnaires.vinci.com" & @CRLF & _ "emag.vinci.com" & @CRLF & _ "boost.vinci.com" & @CRLF & _ "vinci-groupe.profils.org" & @CRLF & _ "jobs.vinci.com" & @CRLF & _ "solutions-environnement.vinci.com" & @CRLF & _ "essentiel.vinci.com" & @CRLF & _ "essentials.vinci.com" & @CRLF & _ "www.chaire-arpenter.fr" & @CRLF & _ "https://wbsapi.withings.net" & @CRLF & _ "https://healthmate.withings.com" & @CRLF & _ "https://account.withings.com" & @CRLF & _ "https://app.withings.com" & @CRLF & _ "https://developer.withings.com/dashboard/" & @CRLF & _ "https://scalews.withings.com" & @CRLF & _ "Body Scan scale" & @CRLF & _ "Body Comp scale" & @CRLF & _ "Scanwatch Light" & @CRLF & _ "Scanwatch 2" & @CRLF & _ "Scanwatch Nova" & @CRLF & _ "Scanwatch" & @CRLF & _ "https://yeswehack.com" & @CRLF & _ "https://api.yeswehack.com" & @CRLF & _ "https://apps.yeswehack.com" & @CRLF & _ "https://www.yeswehack.com" & @CRLF & _ "https://dojo-yeswehack.com/challenge-of-the-month/dojo-38" & @CRLF & _ "serveur12.notebleue.com" & @CRLF & _ "ywh.comptage.zecible.fr" & @CRLF & _ "ywh.static.zecible.fr" & @CRLF & _ "ywh.fichiers.zecible.fr" & @CRLF & _ "ywh.mydata.zecible.fr" & @CRLF & _ "ywh.admin.zecible.fr" & @CRLF & _ "ywh.api.zecible.fr" & @CRLF & _ "ywh.dev.zecible.fr" & @CRLF & _ "ywh.crons.zecible.fr" & @CRLF & _ "ywh.routage.zecible.fr" & @CRLF & _ "ywh.update.zecible.fr" & @CRLF & _ "odoo14.notebleue.pro" & @CRLF & _ "registre.notebleue.pro" & @CRLF & _ "svn.notebleue.pro" & @CRLF & _ "todo.notebleue.pro" & @CRLF & _ "webtoolbox.notebleue.pro" & @CRLF & _ "cam.notebleue.pro" & @CRLF & _ "https://github.com/pendulum-project/ntpd-rs" & @CRLF & _ "https://github.com/pendulum-project/timestamped-socket" & @CRLF & _ "https://github.com/pendulum-project/clock-steering" & @CRLF & _ "https://owncloud.org/install/#install-clients" & @CRLF & _ "https://play.google.com/store/apps/details?id=com.owncloud.android" & @CRLF & _ "https://apps.apple.com/app/id1359583808" & @CRLF & _ "https://github.com/owncloud/customgroups" & @CRLF & _ "https://github.com/owncloud/guests" & @CRLF & _ "https://github.com/owncloud/richdocuments" & @CRLF & _ "https://github.com/owncloud/notifications" & @CRLF & _ "https://github.com/owncloud/client" & @CRLF & _ "https://github.com/owncloud/core" & @CRLF & _ "https://github.com/owncloud/gallery" & @CRLF & _ "https://github.com/owncloud/ocis" & @CRLF & _ "https://github.com/owncloud/web" & @CRLF & _ "https://github.com/owncloud/web-extensions" & @CRLF & _ "https://github.com/owncloud/user_ldap" & @CRLF & _ "https://github.com/owncloud/oauth2" & @CRLF & _ "https://github.com/owncloud/openidconnect" & @CRLF & _ "https://github.com/owncloud/activity" & @CRLF & _ "https://github.com/owncloud/impersonate" & @CRLF & _ "https://github.com/owncloud/updater" & @CRLF & _ "https://github.com/owncloud/core/tree/master/apps/files" & @CRLF & _ "https://github.com/owncloud/android" & @CRLF & _ "https://github.com/owncloud/ios-app" & @CRLF & _ "systemd (the manager itself)" & @CRLF & _ "systemd-boot" & @CRLF & _ "systemd-stub" & @CRLF & _ "systemd-udev" & @CRLF & _ "systemd-journald" & @CRLF & _ "systemd-logind" & @CRLF & _ "systemd-networkd" & @CRLF & _ "libsystemd" & @CRLF & _ "systemd-timesyncd" & @CRLF & _ "systemd-hostnamed" & @CRLF & _ "systemd-resolved" & @CRLF & _ "systemd-cryptenroll" & @CRLF & _ "systemd-cryptsetup" & @CRLF & _ "systemd-veritysetup" & @CRLF & _ "systemd-fstab-generator" & @CRLF & _ "systemd-gpt-auto-generator" & @CRLF & _ "systemd-ask-password" & @CRLF & _ "https://toom.de" & @CRLF & _ "https://api.toom.de" & @CRLF & _ "Other subdomains on outscale.com (wiki.outscale.net, fr.outscale.com, en.outscale.com... )" & @CRLF & _ "Social engineering of Outscale employees and contractors" & @CRLF & _ "Attack against Outscale offices (malware, backdoor, DoS, etc.)" & @CRLF & _ "Denial of service attacks" & @CRLF & _ "Vulnerabilities on products or services other than Cockpit or APIs" & @CRLF & _ "Issues in our DNS and NTP" & @CRLF & _ "Issues not leading to confidentiality, traceability or integrity problems. You can report it to support@outscale.com." & @CRLF & _ "Same behavior as Amazon Web Services" & @CRLF & _ "E-mail server configuration (DKIM/SPF/DMARC)" & @CRLF & _ "Dataleaks or 3DS OUTSCALE-related vulnerabilities outside the scope of the IaaS Cloud Service." & @CRLF & _ "fraga.atg.se (external supplier)" & @CRLF & _ "hittabutik.atg.se (external supplier)" & @CRLF & _ "kundo.atg.se (external supplier)" & @CRLF & _ "shop.atg.se (external supplier)" & @CRLF & _ "r124.news.atg.se (external supplier)" & @CRLF & _ "r123.news.atg.se (external supplier)" & @CRLF & _ "r122.news.atg.se (external supplier)" & @CRLF & _ "r121.news.atg.se (external supplier)" & @CRLF & _ "webbshop.atg.se (external supplier)" & @CRLF & _ "All other domains or subdomains not listed in the above list of 'Scopes'." & @CRLF & _ "explore.alasco.com" & @CRLF & _ "explore.alasco.de" & @CRLF & _ "www.alasco.de" & @CRLF & _ "alasco.de" & @CRLF & _ "Please note that all non-authenticated areas of our systems are in scope for this program. This means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward." & @CRLF & _ "However, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program." & @CRLF & _ "Alasco will not provide access credentials to any system, not for testing and also not for issue validation." & @CRLF & _ "All domains or subdomains not listed in the above list of 'Scopes'." & @CRLF & _ "Third-party applications and websites" & @CRLF & _ "Not Belonging to Ant Group’s Products or Systems." & @CRLF & _ "https://logging.apache.org" & @CRLF & _ "Anything related to mailing lists or other ASF infrastructure topics." & @CRLF & _ "Cassandra Appender" & @CRLF & _ "Kafka Appender" & @CRLF & _ "CouchDB components" & @CRLF & _ "JSP Tag library" & @CRLF & _ "Everything which is excluded on this page is also out-of-scope: https://logging.apache.org/security.html" & @CRLF & _ "All assets not listed as in scope must be considered as out of the scope of this program" & @CRLF & _ "Production environments are out of the scope of this program" & @CRLF & _ "agora.beta.gouv.fr" & @CRLF & _ "Web application's Github repository (https://github.com/agora-gouv/agora-webapp), you may refer to the mobile app's repository" & @CRLF & _ "All domains not listed In-Scope" & @CRLF & _ "Please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope." & @CRLF & _ "Any website that is not listed explicitly in the scope." & @CRLF & _ "However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty." & @CRLF & _ "Finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. Therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. However, a fraud activity enabled by a CSRF exploit for example is valid." & @CRLF & _ "Please note sncf-connect.com doesn't own the SNCF.com domains." & @CRLF & _ "Anything that is not listed as part of the scope, example :" & @CRLF & _ "- https://www.sncf.com/" & @CRLF & _ "- https://tgvinoui.sncf/" & @CRLF & _ "- https://www.sncf-voyageurs.com/" & @CRLF & _ "- https://www.maxjeune-tgvinoui.sncf/" & @CRLF & _ "- https://www.malocationavis.sncf-connect.com/" & @CRLF & _ "The SNCF Connect mobile applications (Android and Apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff')." & @CRLF & _ "All domains or subdomains not listed in the above list of 'Scopes'" & @CRLF & _ "Zendesk and other third parties" & @CRLF & _ "CMS websites own by Coindcx (Anything related to Wordpress etc)" & @CRLF & _ "coindcx.com/blog" & @CRLF & _ "info.coindcx.com" & @CRLF & _ "otcdesk.coindcx.com" & @CRLF & _ "careers.coindcx.com" & @CRLF & _ "partnerportal.contentsquare.com" & @CRLF & _ "uxawards.contentsquare.com" & @CRLF & _ "www.contentsquare.com" & @CRLF & _ "community.contentsquare.com" & @CRLF & _ "brand.contentsquare.com" & @CRLF & _ "blog.contentsquare.com" & @CRLF & _ "csquad.contentsquare.com" & @CRLF & _ "csd-*.contentsquare.com" & @CRLF & _ "go.contentsquare.com" & @CRLF & _ "hackathon.contentsquare.com" & @CRLF & _ "security.contentsquare.com" & @CRLF & _ "support.contentsquare.com" & @CRLF & _ "learn.contentsquare.com" & @CRLF & _ "university.contentsquare.com" & @CRLF & _ "foundation.contentsquare.com" & @CRLF & _ "content.contentsquare.com" & @CRLF & _ "partners.contentsquare.com" & @CRLF & _ "incident.contentsquare.com" & @CRLF & _ "*.wwko*.contentsquare.com" & @CRLF & _ "explore.contentsquare.com" & @CRLF & _ "get.contentsquare.com" & @CRLF & _ "trust.contentsquare.com" & @CRLF & _ "loyalty.contentsquare.com" & @CRLF & _ "Testing any other system than https://bounty.cryptobox.com, in particular *.cryptobox.com or *.ercom.fr." & @CRLF & _ "https://www.cybermalveillance.gouv.fr" & @CRLF & _ "Anything that is not explicitely listed in scope section" & @CRLF & _ "webdev.dana.id" & @CRLF & _ "wp.dana.id" & @CRLF & _ "fiat.dana.id" & @CRLF & _ "cmsdev.dana.id" & @CRLF & _ "techops.dana.id" & @CRLF & _ "dm.dana.id" & @CRLF & _ "encrypt.dana.id" & @CRLF & _ "All domains or subdomains not listed in the above list of "Scopes" are considered out of scope" & @CRLF & _ "https://doc.demarches-simplifiees.fr" & @CRLF & _ "https://beta.gouv.fr/startups/demarches-simplifiees.fr" & @CRLF & _ "'démarches' other than the two provided for the prupose of your tests" & @CRLF & _ "AgentConnect/FranceConnect authentication feature" & @CRLF & _ "All partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope)." & @CRLF & _ "The local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify)." & @CRLF & _ "The production environment (*.gouv.fr) is out of scope." & @CRLF & _ "https://fcp.integ01.dev-franceconnect.fr" & @CRLF & _ "https://tableaudebord.integ01.dev-franceconnect.fr" & @CRLF & _ "Everything that not listed as in scope is to be considered as out of scope of this program" & @CRLF & _ "Please note that Tchap is hosted by a third party and thus vulnerabilities related to the host are out of the scope" & @CRLF & _ "Any other host, tenant or service than the ones explicitly stated." & @CRLF & _ "www.dracoon.com" & @CRLF & _ "*.dracoon.com" & @CRLF & _ "*.dracoon.net" & @CRLF & _ "*.dracoon.team" & @CRLF & _ "*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)" & @CRLF & _ "*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)" & @CRLF & _ "*.fp-sign.com" & @CRLF & _ "*.usersnap.com" & @CRLF & _ "*.gdata.com" & @CRLF & _ "*.retarus.com" & @CRLF & _ "Anything not specifically listed as in-scope is out-of-scope." & @CRLF & _ "Distributed attacks (scraping must be done using only 1 IP at a time)." & @CRLF & _ "Third-party widgets on www.datadome.co and app.datadome.co" & @CRLF & _ "developers.deezer.com" & @CRLF & _ "partners.deezer.com" & @CRLF & _ "cdn-files.deezer.com" & @CRLF & _ "cdn-content.deezer.com" & @CRLF & _ "support.deezer.com" & @CRLF & _ "deezercommunity.com" & @CRLF & _ "deezer-blog.com" & @CRLF & _ "deezer-brandsolutions.com" & @CRLF & _ "deezerjobs.com" & @CRLF & _ "desktop apps (electron)" & @CRLF & _ "Note: should you discover a critical issue within an asset that falls outside the program's scope, we would appreciate it and may choose to offer a reward at our discretion." & @CRLF & _ "community.doctolib.com|.fr|.de|.it" & @CRLF & _ "doctocommit.doctolib.fr" & @CRLF & _ "doctolib.atlassian.net" & @CRLF & _ "doctolib.zendesk.com" & @CRLF & _ "store.doctolib.com" & @CRLF & _ "share.doctolib.net" & @CRLF & _ "All content which is not listed as "Scopes", especially any production system operated by customers" & @CRLF & _ ""Scopes" in this program refer to the binary packages and source-code provided there, the systems providing those artefacts are out of scope" & @CRLF & _ "Everything that is not directly related to the application or source-code in scope (e.g. GitHub, domain settings)" & @CRLF & _ "scc-chat.ys7.com" & @CRLF & _ "Test environment (for example: test.ys7.com)" & @CRLF & _ "Pre-release environment (for example: pb.ys7.com)" & @CRLF & _ "Only the list of modules in the description is in scope. We may add more modules in the future such as" & @CRLF & _ "json-glib" & @CRLF & _ "libxml2" & @CRLF & _ "libxslt" & @CRLF & _ "gdk-pixbuf" & @CRLF & _ "librsvg" & @CRLF & _ "vte" & @CRLF & _ "gtk" & @CRLF & _ "flatpak" & @CRLF & _ "xdg-desktop-portal" & @CRLF & _ "xdg-desktop-portal-gnome" & @CRLF & _ "GNOME Shell (particularly lock screen)" & @CRLF & _ "gdm" & @CRLF & _ "tracker-miners" & @CRLF & _ "libsecret" & @CRLF & _ "oo7" & @CRLF & _ "Anything apart from valid subdomains or otherwise explicitly listed entries in the Scope section is Out-Of-Scope." & @CRLF & _ "cloud.cloud2.harmanaudio.com" & @CRLF & _ "cloud.cloud1.harmanaudio.com" & @CRLF & _ "cloud.cloud3.harmanaudio.com" & @CRLF & _ "https://secondchance.jbl.com/module/stripe_official/createIntent" & @CRLF & _ "Anything not explicitly listed in the Scope section is Out-Of-Scope. For example, our e-commerce websites are out of scope in this program." & @CRLF & _ "Assets not listed in the in scope section are to be considered as out of the scope of this program and won't be eligible for reward" & @CRLF & _ "https://api.pub1.infomaniak.cloud" & @CRLF & _ "We do not manage Open Stack dashboard which is therefore out of scope" & @CRLF & _ "newsletter.infomaniak.com" & @CRLF & _ "ov-XX.infomaniak.ch and od-XX.infomaniak.ch sub domains" & @CRLF & _ "This domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. This is only office application, an external app to open MS office documents." & @CRLF & _ "FTP credentials from our customers, like *.ftp.infomaniak.com" & @CRLF & _ "VPS instances from our customers, like *.vps.infomaniak.com" & @CRLF & _ "MySQL credentials from our customers, like *.myd.infomaniak.com" & @CRLF & _ "Jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com" & @CRLF & _ "User email verification" & @CRLF & _ "Any security issue on Yousign & mangopay not related with Kiwai" & @CRLF & _ "https://legapass.com" & @CRLF & _ "app.legapass.com" & @CRLF & _ "mailing.legapass.com" & @CRLF & _ "url1490.legapass.com" & @CRLF & _ "29544328.legapass.com" & @CRLF & _ "mato.legapass.com" & @CRLF & _ "https://matrixreq.com" & @CRLF & _ "https://demo.matrixreq.com" & @CRLF & _ "Any domain not explicitely listed in scope" & @CRLF & _ "Other subdomain of paymaya.com that has no direct integration/part of the mobile application" & @CRLF & _ "Non-Production environments (test, dev, staging, or sandbox)" & @CRLF & _ "Anything that is not explicitely listed as part of the Scope" & @CRLF & _ "The Moneybox public website https://www.moneyboxapp.com/ and other moneyboxapp.com / moneyboxapp.org domains not listed are out of scope." & @CRLF & _ "Content served by the Cloudflare Access service (https://moneyboxapp.cloudflareaccess.com/*) is out of scope. These pages intentionally do not set a CORS Allow-Origin policy. We have seen this reported several times as a vulnerability, but it is intended behaviour and is considered out of scope." & @CRLF & _ "Security concerns originating from https://moneyboxapp.onelogin.com/ are typically considered out of scope. These pages and their content are served by OneLogin, and any issues should be reported to them directly. However, if an exploit explicitly enables bypassing OneLogin to access Moneybox systems or leaking Moneybox sensitive data, it is crucial to raise the concerns to both OneLogin and Moneybox." & @CRLF & _ "Out-Of-Scope are also other applications hosted under the www.otto.de domain but have a different path, that is not part of our core online shop itself (you will notice, since the design of the page is completely different)" & @CRLF & _ "Those include but are not limited to (if unsure, contact us before executing the tests):" & @CRLF & _ "https://www.otto.de/reblog" & @CRLF & _ "https://www.otto.de/roombeez" & @CRLF & _ "https://www.otto.de/twoforfashion" & @CRLF & _ "https://www.otto.de/soulfully" & @CRLF & _ "https://www.otto.de/updated" & @CRLF & _ "https://www.otto.de/newsroom" & @CRLF & _ "https://www.otto.de/kundenchat" & @CRLF & _ "https://www.otto.de/clara" & @CRLF & _ "https://www.otto.de/user/sendcallbackrequest" & @CRLF & _ "https://www.otto.de/user/contactFormSubmit" & @CRLF & _ "https://keycloak.apps.otto.de" & @CRLF & _ "/apps-messenger (the chatbot in general is out of scope)" & @CRLF & _ "/tracking" & @CRLF & _ "Please let us know if you have any questions regarding the scope." & @CRLF & _ "Vulnerabilities reported on other services or applications are not allowed." & @CRLF & _ "Vulnerabilities reported on client services" & @CRLF & _ "*.osp.ovh.com" & @CRLF & _ "All domains which are not listed as "Scopes", especially any production system operated by customers" & @CRLF & _ "Antivirus and anti-spam filtering on the sandbox environment, this has been disabled to avoid research disruption" & @CRLF & _ "The components "imageconverter", "documentconverter", "spellchecker" and "cacheservice" are temporarily out of scope." & @CRLF & _ "CMS websites own by Okto (Anything related to Wordpress etc)" & @CRLF & _ "Customer support form (https://help-okto.sprinklr.com/help/)" & @CRLF & _ "All other third parties" & @CRLF & _ "Security Vulnerabilities that can only be caused by using OpenPGP.js's low-level API, or by using OpenPGP.js's high-level API in an incorrect or unintended way" & @CRLF & _ "Security Vulnerabilities in the OpenPGP Standard that are not possible to fix or work around in OpenPGP.js (without causing interoperability issues)" & @CRLF & _ "Interoperability Issues that are caused by other OpenPGP implementations' non-compliance with the OpenPGP Standard" & @CRLF & _ "All other Pine Labs assets that are not listed above are to be treated as out of scope" & @CRLF & _ "All domains not listed In-Scope." & @CRLF & _ "chameleon: https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg" & @CRLF & _ "Anything related to https://sequoia-pgp.org" & @CRLF & _ "all domains not listed in scopes, noteworthy:" & @CRLF & _ "www.sogexia.com" & @CRLF & _ "support.sogexia.com" & @CRLF & _ "www.sogexiaclub.com" & @CRLF & _ "Social media accounts" & @CRLF & _ "Session keeps using old user group permissions if user group permissions are changed during a given session's lifespan" & @CRLF & _ "Contact form (especially HubSpot ones)" & @CRLF & _ "Any other Spacelift assets not specifically listed as in-scope." & @CRLF & _ "Any communication with Spacelift colleagues." & @CRLF & _ "Attacks against any account other than the specified target accounts." & @CRLF & _ "Data breaches or credential dumps." & @CRLF & _ "Third-party companies that perform business transactions for Spacelift" & @CRLF & _ "By default all the endpoints that are not listed in the allowed scopes are out of scope of the program." & @CRLF & _ "*dev.swapcard.com" & @CRLF & _ "page.swapcard.com" & @CRLF & _ "blog.swapcard.com (Hubspot)" & @CRLF & _ "aide.swapcard.com (Zoho)" & @CRLF & _ "help.swapcard.com (Zoho)" & @CRLF & _ "books.swapcard.com (Zoho)" & @CRLF & _ "l.swapcard.com" & @CRLF & _ "c.swapcard.com" & @CRLF & _ "sentry.swapcard.com (Except if you notice a miss-configuration)" & @CRLF & _ "survey.swapcard.com" & @CRLF & _ "www.swapcard.com (static corporate website)" & @CRLF & _ "Anything that has not been described as in scope in the previous section is automatically out of scope." & @CRLF & _ "Attacks on administrative and surrounding systems that are not used for the in-scope services are not permitted (this includes DNS, NTP, routers, systems of the ISP, etc.)." & @CRLF & _ "The alternative login (https://login.swissid.ch) is out of scope. It also leads to the in-scope service, (https://account.post.ch) but we have designated it as out of scope." & @CRLF & _ "Any services related to Incamail (for example https://incamail-dev.post.ch (194.41.248.224) and https://incamail-test.post.ch (194.41.248.58))" & @CRLF & _ "Please note that some of the applications may contain links or redirect you away from the URIs described in the scope section. This means you are leaving the scope if you follow these links / redirects." & @CRLF & _ "Anything that is not explicitely listed in the ‘Scope’ section." & @CRLF & _ "*.bbcust.telenor.se" & @CRLF & _ "*.cust.telenor.se" & @CRLF & _ "*.sme.telenor.se" & @CRLF & _ "*.cust.bredbandsbolaget.se" & @CRLF & _ "*.customers.ownit.se" & @CRLF & _ "*.cust.ownit.se" & @CRLF & _ "stage-vimla-se.vimla.io" & @CRLF & _ "Any domain that looks like it's owned by a third party or customer due customer's privacy" & @CRLF & _ "Mobile services and devices provided by Telenor Sweden and subsidiaries not reachable from Internet" & @CRLF & _ "Connect ID - Hosted by Telenor Group" & @CRLF & _ "Other business units of the Telenor Group - including *.telenor.com" & @CRLF & _ "Please note that the vulnerabilities reported for the following assets will not be eligible for bounties." & @CRLF & _ "*.qzoneapp.com" & @CRLF & _ "*. myqcloud.com" & @CRLF & _ "*Notes about Tencent Cloud (cloud.tencent.com as included in *.tencent.com)" & @CRLF & _ "Only vulnerabilities affecting the platform itself and IP owned by Tencent will be accepted. If an IP belongs to Tencent Cloud external customer, it is not considered in scope." & @CRLF & _ "All 3rd parties are out of scope" & @CRLF & _ "All other VFS assets that are not listed above as in scope are automatically out of scope" & @CRLF & _ "https://india-usa.vfsglobal.com" & @CRLF & _ "https://vire.vfsglobal.com" & @CRLF & _ "vfsglobal.com.ru" & @CRLF & _ "myeasydocs.co.il" & @CRLF & _ "nssr-7.vfsglobal.com" & @CRLF & _ "https://uat-lift.vfsglobal.com/_angular/main.8dbd1aa97c38b188.js?v=6.0.29" & @CRLF & _ "https://liftassets.vfsglobal.com/_nuxt/46217fc777819548fddb.js" & @CRLF & _ "https://ukvitest.vfsglobal.com/_angular/main.3ca04c44a2718f71.js?v=1.0.22" & @CRLF & _ "https://online.vfsevisa.com/main-es2015.521ef2e1d9f68fd1bb90.js" & @CRLF & _ "https://online.vfsevisa.com/main-es5.521ef2e1d9f68fd1bb90.js?v=3.1.6" & @CRLF & _ "https://portal.vfsevisa.com/main-es2015.987b1b526aa8041bfdee.js" & @CRLF & _ "https://portal.vfsevisa.com/main-es5.987b1b526aa8041bfdee.js?v=3.1.6" & @CRLF & _ "https://uat-lift.vfsglobal.com/_angular/main.c05c54e8703c3a9f.js?v=6.0.36" & @CRLF & _ "https://online.vfsevisa.com/main-es2015.6d514e86ec7c6492aafc.js?v=3.1.2" & @CRLF & _ "https://portal.vfsevisa.com/main-es2015.7857657af609ca5e4bc5.js?v=3.1.4" & @CRLF & _ "https://egonline.vfsevisa.com/main-es2015.c7bb991442356b23f23e.js?v=3.1.3" & @CRLF & _ "!! Links pointing to other FQDNs are always out of scope !!" & @CRLF & _ "only exception: wishes.vinci.com (english version of voeux.vinci.com) is included in the scope" & @CRLF & _ "All PDF documents published or served on castor.vinci.com are public, thank you for not reporting any bug linked to the accessibility of these documents." & @CRLF & _ "All domains, devices and mobile Apps not listed In-Scope." & @CRLF & _ "Any issues with Wallet or KYC features (There are third party services)" & @CRLF & _ "Everything that's out of the scope root URL" & @CRLF & _ "Anything that is not listed explicitly in the scope." & @CRLF & _ "Known protocol limitations related to the NTP protocol" & @CRLF & _ "Anything related to the NTPv5 and/or NTS Pool KE features (both disabled by default), unless it impacts other parts of the software" & @CRLF & _ "Anything related to *.ntpd-rs.pendulum-project.org" & @CRLF & _ "Anything related to the CI pipeline or GitHub related hosting" & @CRLF & _ "*.owncloud.org" & @CRLF & _ "*.owncloud.com" & @CRLF & _ "journal sealing in systemd-journald: there are known issue that need to be solved first, before this feature can be included in the program" & @CRLF & _ "Anything related to https://systemd.io" & @CRLF & _ "" Local $aArray = StringRegExp($sString, $sRegex, $STR_REGEXPARRAYGLOBALFULLMATCH) Local $aFullArray[0] For $i = 0 To UBound($aArray) -1 _ArrayConcatenate($aFullArray, $aArray[$i]) Next $aArray = $aFullArray ; Present the entire match result _ArrayDisplay($aArray, "Result")

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for AutoIt, please visit: https://www.autoitscript.com/autoit3/docs/functions/StringRegExp.htm