$re = '/(\*-[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|\*\.?[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|[a-zA-Z0-9]+([.-][a-zA-Z0-9]+)*\.[a-zA-Z]{2,}|[a-zA-Z0-9]+(\.\*)?\.[a-zA-Z0-9]+(\.[a-zA-Z]{2,}))/m';
$str = 'https://acorns.com/
*.acorns.com/
https://apps.apple.com/us/app/acorns-invest-spare-change/id883324671
Acorns for iOS
https://graphql.acorns.com
https://play.google.com/store/apps/details?id=com.acorns.android&hl=en_US&gl=US
Acorns for Android
https://www.gohenry.com/
https://www.pixpay.fr/
https://apps.apple.com/au/app/afterpay-shop-now-pay-later/id1230286588
Afterpay iOS App
https://play.google.com/store/apps/details?id=com.afterpaymobile.us&hl=en_US&gl=US
Afterpay Android App
https://portal.afterpay.com
portal.afterpay.com
https://afterpay.com
*.afterpay.com
https://mobileapi.afterpay.com
mobileapi.afterpay.com
https://portalapi.us.afterpay.com
portalapi.*.afterpay.com
https://developers.afterpay.com
developers.afterpay.com
https://apps.apple.com/gb/app/clearpay-buy-now-pay-later/id1474022186
Clearpay iOS App
https://play.google.com/store/apps/details?id=com.afterpaymobile.uk
Clearpay Android App
https://clearpay.co.uk
clearpay.co.uk
https://clearpay.com
clearpay.com
https://portal.clearpay.com
portal.clearpay.com
https://portal.clearpay.co.uk
portal.clearpay.co.uk
https://mobileapi.clearpay.com
mobileapi.clearpay.com
https://portalapi.eu.clearpay.co.uk
portalapi.eu.clearpay.co.uk
https://api.clearpay.com
api.clearpay.com
Aiven for Clickhouse
Aiven for Dragonfly
Aiven for Metrics
Aiven for Valkey
Aiven for Apache Cassandra
Aiven for AlloyDB Omni
Aiven for OpenSearch
Aiven for Grafana
Aiven for Apache Kafka
Aiven for M3
Aiven for PostgreSQL
Aiven for Caching
Aiven for MySQL
Aiven for Apache Flink
https://aiven.io/
aiven.io
https://console.aiven.io/login
console.aiven.io
https://api.aiven.io/login
api.aiven.io
https://github.com/Aiven-Open
github.com/Aiven-Open
https://github.com/Aiven
github.com/Aiven
http://falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com/
falcon-bug-bounty-flag-pgsql-dev-sandbox.aivencloud.com
https://ampol.com.au/
Ampol Website
https://apps.apple.com/au/app/caltex-australia/id1314768594
Ampol iOS mobile app
https://play.google.com/store/apps/details?id=au.com.ampol.flagship&hl=en_AU&gl=US
Ampol Android mobile app
https://ampcharge.ampol.com.au/
Ampcharge
https://ampolenergy.com.au
Ampol Energy
https://play.google.com/store/apps/details?id=au.com.ampol.teamapp
Work@ampol
https://my.ampol.com.au/
My Ampol
https://carbonneutral.ampol.com.au/
Carbon Neutral Fuel
https://cards.ampol.com.au
Ampol Card
Arlo Safe Android App
Arlo Safe iOS App
Arlo Secure Android App
null
Arlo Secure iOS App
Arlo
Arlo All-In-One Sensor (Home Security System)
Arlo Baby
Arlo Base Station
Arlo Bridge
Arlo Cellular & Battery Backup (Home Security System)
Arlo Chime / Chime 2
Arlo Essential
Arlo Floodlight
Arlo Go / Go 2
Arlo Home Security System
Arlo Pro
Arlo Pro 2
Arlo Pro 3
Arlo Pro 4
Arlo Pro 5S
Arlo Q / Q+
Arlo Safe Button
Arlo Security Light
Arlo Ultra
Arlo Video Doorbell
Arlo Wireless Video Doorbell
Arlo Wire-Free Outdoor Siren (Home Security System)
*.arlo.com
*.arloxcld.com
https://*-prod.arlo.com
https://arlo-device.messaging.netgear.com
https://beta.arlo.com
https://community.arlo.com
https://downloads.arlo.com
https://mcs.arlo.com
https://my.arlo.com
https://myapi.arlo.com
https://www.arlo.com
https://updates.arlo.com
Aruba Wireless – ArubaOS and Aruba Instant
Aruba ClearPass Policy Manager
ArubaOS-CX Wired Switches
Aruba EdgeConnect Enterprise Orchestrator
Aruba EdgeConnect Enterprise
Aruba InstantOn APs and supporting backend infrastructure
Aruba Fabric Composer
Aruba NetEdit
*.central.arubanetworks.com
Aruba InstantOn Switches
Aruba AirWave AMP
https://www.arubanetworks.com/products/networking/analytics-and-assurance/user-experience-insight-sensors/
Aruba User Experience Insight Sensors
asp-stg-develop.eks-stg-use1.getaws.arubanetworks.com
lms-stg-develop.eks-stg-use1.getaws.arubanetworks.com
www.arubanetworks.com
www.arubainstanton.com
mspshowcase.arubanetworks.com
ase.arubanetworks.com
blogs.arubanetworks.com
aed.arubanetworks.com
connect.arubanetworks.com
devhub.arubanetworks.com
https://app.asana.com
app.asana.com
https://asana.com
asana.com
https://asana.com/apps?category=made-by-asana
*.asana.plus
*.asana.biz
https://asana.com/download
Asana Desktop App
https://apps.apple.com/us/app/asana-mobile/id489969512
Asana iOS app
https://play.google.com/store/apps/details?id=com.asana.app&hl=en
Asana Android app
https://form.asana.com
form.asana.com
*.app.asana.com
https://admin.atlassian.com/atlassian-access
Atlassian Access (https://admin.atlassian.com/atlassian-access)
https://admin.atlassian.com/
Atlassian Admin (https://admin.atlassian.com/)
https://id.atlassian.com/login
Atlassian Identity (https://id.atlassian.com/login)
https://start.atlassian.com
Atlassian Start (https://start.atlassian.com)
https://bitbucket.org
Bitbucket Cloud including Bitbucket Pipelines (https://bitbucket.org)
https://www.atlassian.com/software/confluence
Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
https://www.atlassian.com/software/confluence/premium
Confluence Cloud Premium (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
https://play.google.com/store/apps/details?id=com.atlassian.android.confluence.core&hl=en_US&gl=US
Confluence Cloud Mobile App for Android
https://apps.apple.com/us/app/confluence-cloud/id1006971684
Confluence Cloud Mobile App for iOS
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&hl=en_US&gl=US
Jira Cloud Mobile App for Android
https://apps.apple.com/us/app/jira-cloud-by-atlassian/id1006972087
Jira Cloud Mobile App for iOS
https://www.atlassian.com/software/jira/service-management
Jira Service Management Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
https://www.atlassian.com/software/jira
Jira Software Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
https://www.atlassian.com/software/jira/work-management
Jira Work Management Cloud formerly Jira Core (bugbounty-test-<bugcrowd-name>.atlassian.net)
Any associated *.atlassian.com or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance
https://www.atlassian.com/software/rovo
Rovo
https://www.atlassian.com/software/compass
Atlassian Compass
https://marketplace.atlassian.com
Atlassian Marketplace (https://marketplace.atlassian.com)
https://www.atlassian.com/software/atlas
Atlassian Atlas
https://www.atlassian.com/enterprise/data-center/bitbucket
Bitbucket Data Center
https://www.atlassian.com/enterprise/data-center/confluence
Confluence Data Center
https://www.atlassian.com/enterprise/data-center/crowd
Crowd
https://www.atlassian.com/enterprise/data-center/jira
Jira Core Data Center
https://www.atlassian.com/enterprise/data-center/jira/service-management
Jira Service Management Data Center
Jira Software Data Center
https://*.atlastunnel.com
*.atlastunnel.com
Any other *.atlassian.com or *.atl-paas.net domain that cannot be exploited directly from a *.atlassian.net instance
https://www.atlassian.com/software/bamboo
Bamboo
https://confluence.atlassian.com/doc/install-atlassian-companion-992678880.html
Confluence Companion App for macOS and Windows
https://play.google.com/store/apps/details?id=com.atlassian.confluence.server
Confluence Data Center Mobile App for Android
https://apps.apple.com/us/app/confluence-server/id1288365159
Confluence Data Center Mobile App for iOS
https://www.atlassian.com/software/crucible
Crucible
https://www.atlassian.com/software/fisheye
FishEye
https://play.google.com/store/apps/details?id=com.atlassian.jira.server&hl=en_US&gl=US
Jira Data Center Mobile App for Android
https://apps.apple.com/us/app/jira-server/id1405353949
Jira Data Center Mobile App for iOS
https://www.sourcetreeapp.com/
Sourcetree for macOS and Windows (https://www.sourcetreeapp.com/)
Other - (all other Atlassian targets)
https://www.atlassian.com/software/jira/product-discovery
Jira Product Discovery
Forge Platform
GraphQL API (bugbounty-test-<bugcrowd-name>.atlassian.net/gateway/api/graphql)
https://www.npmjs.com/package/@forge/cli
https://www.npmjs.com/package/@forge/cli
https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud
Jira Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216625/jira-trello-power-up?hosting=cloud
https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud
Jira Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1215948/jira-cloud-for-slack?hosting=cloud
https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud
Jira Service Management Widget - Cloud - https://marketplace.atlassian.com/apps/1217230/jira-service-management-widget?hosting=cloud
https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud
Embedded Marketplace for Jira - Cloud - https://marketplace.atlassian.com/apps/1218864/embedded-marketplace-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud
Statuspage for Jira - Cloud - https://marketplace.atlassian.com/apps/1219451/statuspage-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud
Spreadsheets for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1220711/spreadsheets-for-jira-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud
Opsgenie - Cloud - https://marketplace.atlassian.com/apps/1222147/opsgenie?hosting=cloud
https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud
Confluence Trello Power-Up - Cloud - https://marketplace.atlassian.com/apps/1216623/confluence-trello-power-up?hosting=cloud
https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud
Confluence Cloud for Slack - Cloud - https://marketplace.atlassian.com/apps/1219498/confluence-cloud-for-slack?hosting=cloud
https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud
Embedded Marketplace for Confluence - Cloud - https://marketplace.atlassian.com/apps/1218875/embedded-marketplace-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud
Analytics for Confluence - Cloud - https://marketplace.atlassian.com/apps/1215795/analytics-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud
Automation for Jira - Cloud - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-server?hosting=cloud
https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud
Opsgenie Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1221251/opsgenie-incident-timeline?hosting=cloud
https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud
Opsgenie Incident Timeline EU - Cloud - https://marketplace.atlassian.com/apps/1221312/opsgenie-incident-timeline-eu?hosting=cloud
https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud
Jira Cloud for Outlook (Official) - Cloud - https://marketplace.atlassian.com/apps/1220666/jira-cloud-for-outlook-official?hosting=cloud
https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server
Project transfer for Crucible - Server - https://marketplace.atlassian.com/apps/1221227/project-transfer-for-crucible?hosting=server
https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server
Reconcile unknown attachments - Server - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=server
https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud
Training for Jira - Cloud - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter
Training for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server
Training for Jira - Server - https://marketplace.atlassian.com/apps/1217110/training-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter
Reconcile unknown attachments - Data Center - https://marketplace.atlassian.com/apps/1225406/reconcile-unknown-attachments?hosting=datacenter
https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server
Change Management Workflow for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=server
https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud
Admin Kit for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1225689/admin-kit-for-jira-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud
Form macro builder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1225664/form-macro-builder-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud
Admin Kit for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1225691/admin-kit-for-confluence-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud
GitHub for Jira - Cloud - https://marketplace.atlassian.com/apps/1219592/github-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloudhttps://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams?hosting=cloud
Confluence Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226127/confluence-cloud-for-microsoft-teams-official?hosting=cloud
https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter
Bitbucket Server Protect Unmerged Hook - Data Center - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=datacenter
https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter
Change Management Workflow for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1215175/change-management-workflow-for-jira-service-management?hosting=datacenter
https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud
Confluence recent edits overview - Cloud - https://marketplace.atlassian.com/apps/1224758/confluence-recent-edits-overview?hosting=cloud
https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server
Bitbucket Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=server
https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams?hosting=cloud
Jira Cloud for Microsoft Teams - Cloud - https://marketplace.atlassian.com/apps/1226478/jira-cloud-for-microsoft-teams-official?hosting=cloud
https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter
Cloud Compatibility for Jira - DataCenter - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud
Decisions Helper for Confluence - Cloud - https://marketplace.atlassian.com/apps/1226380/decisions-helper-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server
Jira Enterprise Scale Assessment Tool - Server - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=server
https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter
Troubleshooting and Support - Bamboo - Data Center - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=datacenter
https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter
Bitbucket Cloud Migration Assistant - Data Center - https://marketplace.atlassian.com/apps/1226610/bitbucket-cloud-migration-assistant?hosting=datacenter
https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud
Hackathon Workflow Alan - Cloud - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=cloud
https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter
Hackathon Workflow Alan - Data Center - https://marketplace.atlassian.com/apps/1227949/hackathon-workflow-alan?hosting=datacenter
https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server
Application tunnels - Server - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=server
https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter
Application tunnels - DataCenter - https://marketplace.atlassian.com/apps/1227901/application-tunnels?hosting=datacenter
https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud
Comms Dashboard - Cloud - https://marketplace.atlassian.com/apps/1228153/comms-dashboard?hosting=cloud
https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud
Ipython Notebook Viewer - Cloud - https://marketplace.atlassian.com/apps/1218117/ipython-notebook-viewer?hosting=cloud
https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview
Atlas for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1228937/atlas-for-jira-cloud?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview
Jira Enterprise Scale Assessment Tool - DataCenter - https://marketplace.atlassian.com/apps/1227744/jira-enterprise-scale-assessment-tool?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud
Add watchers at issue creation - Cloud - https://marketplace.atlassian.com/apps/1229183/add-watchers-at-issue-creation?hosting=cloud
https://marketplace.atlassian.com/apps/1212137/assets?hosting=server
Assets - Server - https://marketplace.atlassian.com/apps/1212137/assets?hosting=server
https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud
Developer Assistant for Confluence - Cloud - https://marketplace.atlassian.com/apps/1229446/developer-assistant-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud
Developer Assistant for Jira - Cloud - https://marketplace.atlassian.com/apps/1229343/developer-assistant-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud
Cloud Migration Planner - Cloud - https://marketplace.atlassian.com/apps/1229704/cloud-migration-planner?hosting=cloud
https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud
Team Calendars for Confluence - Cloud - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=datacenter
Automation for Jira - DataCenter - https://marketplace.atlassian.com/apps/1215460/automation-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server
Automation for Jira - Data Center and Server - Server - https://marketplace.atlassian.com/apps/1215460/automation-for-jira-data-center-and-server?hosting=server
https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter
Team Calendars for Confluence - DataCenter - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server
Team Calendars for Confluence - Server - https://marketplace.atlassian.com/apps/72307/team-calendars-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter
Advanced Roadmaps (formerly Portfolio) - DataCenter - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=datacenter
https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server
Advanced Roadmaps (formerly Portfolio) - Server - https://marketplace.atlassian.com/apps/1212136/advanced-roadmaps-formerly-portfolio?hosting=server
https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server
Atlassian Universal Plugin Manager - Server - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=server
https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter
Atlassian Universal Plugin Manager - DataCenter - https://marketplace.atlassian.com/apps/23915/atlassian-universal-plugin-manager?hosting=datacenter
https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter
Questions for Confluence - DataCenter - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server
Questions for Confluence - Server - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud
Questions for Confluence - Cloud - https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter
Troubleshooting and Support - Jira - DataCenter - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server
Troubleshooting and Support - Jira - Server - https://marketplace.atlassian.com/apps/1217696/troubleshooting-and-support-jira?hosting=server
https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter
Troubleshooting and Support - Confluence - DataCenter - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server
Troubleshooting and Support - Confluence - Server - https://marketplace.atlassian.com/apps/1217697/troubleshooting-and-support-confluence?hosting=server
https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter
Confluence Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=datacenter
https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server
Confluence Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1219672/confluence-cloud-migration-assistant?hosting=server
https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter
SSO for Atlassian Server and Data Center - DataCenter - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=datacenter
https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server
SSO for Atlassian Server and Data Center - Server - https://marketplace.atlassian.com/apps/1216096/sso-for-atlassian-server-and-data-center?hosting=server
https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server
Jira Calendar Plugin - Server - https://marketplace.atlassian.com/apps/293/jira-calendar-plugin?hosting=server
https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server
Automation for Jira - Server Lite - Server - https://marketplace.atlassian.com/apps/1211836/automation-for-jira-server-lite?hosting=server
https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter
Jira Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=datacenter
https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server
Jira Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220099/jira-server-for-slack-official?hosting=server
https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud
Google Drive for Confluence (Official) - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1213092/google-drive-for-confluence-official-legacy-editor-only?hosting=cloud
https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter
Auto Unapprove for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server
Auto Unapprove for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211449/auto-unapprove-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server
Troubleshooting and Support - Bamboo - Server - https://marketplace.atlassian.com/apps/1217745/troubleshooting-and-support-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server
Web Post Hooks for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211539/web-post-hooks-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server
Look and Feel for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server
Icons for Jira - Server - https://marketplace.atlassian.com/apps/1214988/icons-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server
Troubleshooting and Support - FeCru - Server - https://marketplace.atlassian.com/apps/1217747/troubleshooting-and-support-fecru?hosting=server
https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud
Jira Cloud for CRM (Official) - Cloud - https://marketplace.atlassian.com/apps/1217661/jira-cloud-for-crm-official?hosting=cloud
https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server
Trello Connector for Jira Server - Server - https://marketplace.atlassian.com/apps/1218011/trello-connector-for-jira-server?hosting=server
https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter
Confluence Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=datacenter
https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server
Confluence Server for Slack (Official) - Sever - https://marketplace.atlassian.com/apps/1220186/confluence-server-for-slack-official?hosting=server
https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server
Statuspage for Jira Service Management - Server - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=server
https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter
Statuspage for Jira Service Management - DataCenter - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=datacenter
https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud
Statuspage for Jira Service Management - Cloud - https://marketplace.atlassian.com/apps/1216079/statuspage-for-jira-service-management?hosting=cloud
https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server
Reviewer Suggester for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211619/reviewer-suggester-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server
Mobile Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=server
https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server
Jira Cloud Migration Assistant - Server - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=server
https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter
Bitbucket Server for Slack (Official) - DataCenter - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=datacenter
https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server
Bitbucket Server for Slack (Official) - Server - https://marketplace.atlassian.com/apps/1220729/bitbucket-server-for-slack-official?hosting=server
https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server
Bitbucket Server Protect Unmerged Hook - Server - https://marketplace.atlassian.com/apps/1211203/bitbucket-server-protect-unmerged-hook?hosting=server
https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server
Advanced Roadmaps for Jira in Confluence - Server - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=server
https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter
Advanced Roadmaps for Jira in Confluence - DataCenter - https://marketplace.atlassian.com/apps/1221237/advanced-roadmaps-for-jira-in-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud
Microsoft OneDrive for Business - Legacy Editor Only - Cloud - https://marketplace.atlassian.com/apps/1221882/microsoft-onedrive-for-business-legacy-editor-only?hosting=cloud
https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server
Centralized license visibility - Server - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=server
https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter
Centralized license visibility - DataCenter - https://marketplace.atlassian.com/apps/1220745/centralized-license-visibility?hosting=datacenter
https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server
Atlassian Team Playbook blueprints - Server - https://marketplace.atlassian.com/apps/1216357/atlassian-team-playbook-blueprints?hosting=server
https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server
Troubleshooting and Support - Crowd - Server - https://marketplace.atlassian.com/apps/1221430/troubleshooting-and-support-crowd?hosting=server
https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server
Jet by Jira Align - Server - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=server
https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter
Jet by Jira Align - DataCenter - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=datacenter
https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud
Jet by Jira Align - Cloud - https://marketplace.atlassian.com/apps/1221602/jet-by-jira-align?hosting=cloud
https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server
Pre-Post Build Command Runner - Server - https://marketplace.atlassian.com/apps/5581/pre-post-build-command-runner?hosting=server
https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter
Permission Lockdown for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server
Permission Lockdown for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217941/permission-lockdown-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server
Directory Scanning Plugin - Server - https://marketplace.atlassian.com/apps/30318/directory-scanning-plugin?hosting=server
https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud
AWS Service Catalog for JSM Cloud - Cloud - https://marketplace.atlassian.com/apps/1221551/aws-service-catalog-for-jsm-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server
VFS for Git for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1217957/vfs-for-git-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server
Delegated Directory Pruning for Crowd - Server - https://marketplace.atlassian.com/apps/1218630/delegated-directory-pruning-for-crowd?hosting=server
https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server
Cloud Compatibility for Jira - Server - https://marketplace.atlassian.com/apps/1221117/cloud-compatibility-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server
Xcode for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1219105/xcode-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview
Jira Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1216863/jira-cloud-for-slack-official?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud
Confluence Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1219518/confluence-cloud-for-slack-official?hosting=cloud
https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server
Jenkins integration for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1222132/jenkins-integration-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server
Atlassian Plugin SDK - Mac OS X - Server - https://marketplace.atlassian.com/apps/1210951/atlassian-plugin-sdk-mac-os-x?hosting=server
https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server
Atlassian Plugin SDK - TGZ - Server - https://marketplace.atlassian.com/apps/1210993/atlassian-plugin-sdk-tgz?hosting=server
https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud
Jira Cloud Power-Up for Trello - Cloud - https://marketplace.atlassian.com/apps/1216850/jira-cloud-power-up-for-trello?hosting=cloud
https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud
Jira Cloud for Google Sheets (Official) - Cloud - https://marketplace.atlassian.com/apps/1220382/jira-cloud-for-google-sheets-official?hosting=cloud
https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server
Atlassian Plugin SDK - Windows - Server - https://marketplace.atlassian.com/apps/1210950/atlassian-plugin-sdk-windows?hosting=server
https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud
Bitbucket Cloud for Slack (Official) - Cloud - https://marketplace.atlassian.com/apps/1218781/bitbucket-cloud-for-slack-official?hosting=cloud
https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server
Atlassian Plugin SDK - RPM - Server - https://marketplace.atlassian.com/apps/1210991/atlassian-plugin-sdk-rpm?hosting=server
https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server
Atlassian Plugin SDK - DEB - Server - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=server
https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud
Atlassian Plugin SDK - DEB - Cloud - https://marketplace.atlassian.com/apps/1210992/atlassian-plugin-sdk-deb?hosting=cloud
https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server
Bitbucket Server Backup Client - Server - https://marketplace.atlassian.com/apps/1211500/bitbucket-server-backup-client?hosting=server
https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud
Jira Cloud for Excel (official) - Cloud - https://marketplace.atlassian.com/apps/1221301/jira-cloud-for-excel-official?hosting=cloud
https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud
Jenkins for Jira (official) - Cloud - https://marketplace.atlassian.com/apps/1227791/jenkins-for-jira-official?hosting=cloud
https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud
Atlassian Cloud for Gmail - Cloud - https://marketplace.atlassian.com/apps/1219311/atlassian-cloud-for-gmail?hosting=cloud
https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud
Bitbucket Pipelines for Jira - Cloud - https://marketplace.atlassian.com/apps/1220820/bitbucket-pipelines-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter
Mobile Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1220151/mobile-plugin-for-jira-data-center-and-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server
Confluence Source Editor - Server - https://marketplace.atlassian.com/apps/1210722/confluence-source-editor?hosting=server
https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server
AutoLink Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=server
Assets Tempo Integration - Server - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=server
https://marketplace.atlassian.com/apps/1217751/insight-tempo-integration?hosting=datacenter
Assets - Tempo Integration - DataCenter - https://marketplace.atlassian.com/apps/1217751/assets-tempo-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=server
Assets - Jamf Integration - Server - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=server
https://marketplace.atlassian.com/apps/1219908/insight-jamf-integration?hosting=datacenter
Assets - Jamf Integration - DataCenter - https://marketplace.atlassian.com/apps/1219908/assets-jamf-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server
JMeter Aggregator for Bamboo - Server - https://marketplace.atlassian.com/apps/5902/jmeter-aggregator-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=server
Assets - Device42 Integration - Server - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=server
https://marketplace.atlassian.com/apps/1219632/insight-device42-integration?hosting=datacenter
Assets - Device42 Integration - DataCenter - https://marketplace.atlassian.com/apps/1219632/assets-device42-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1212137/insight-asset-management?hosting=datacenter
Assets - DataCenter - https://marketplace.atlassian.com/apps/1212137/assets?hosting=datacenter
https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=server
Assets - AWS Integration - Server - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=server
https://marketplace.atlassian.com/apps/1218757/insight-aws-integration?hosting=datacenter
Assets - AWS Integration - DataCenter - https://marketplace.atlassian.com/apps/1218757/assets-aws-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=datacenter
Assets - Google Cloud Integration - DataCenter - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219212/insight-google-cloud-integration?hosting=server
Assets - Google Cloud Integration - Server - https://marketplace.atlassian.com/apps/1219212/assets-google-cloud-integration?hosting=server
https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=datacenter
Assets - NVD Integration - DataCenter - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1220353/insight-nvd-integration?hosting=server
Assets - NVD Integration - Server - https://marketplace.atlassian.com/apps/1220353/assets-nvd-integration?hosting=server
https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server
Variable tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1212549/variable-tasks-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server
Change Management for JSM - Server - https://marketplace.atlassian.com/apps/1215175/change-management-for-jsm?hosting=server
https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server
Microsoft Teams for Jira - Server - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter
Microsoft Teams for Jira - DataCenter - https://marketplace.atlassian.com/apps/1217836/microsoft-teams-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server
Disable Referer for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=datacenter
Assets Discovery - DataCenter - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter
https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server
Jira to Jira Issue Copy - Server - https://marketplace.atlassian.com/apps/678725/jira-to-jira-issue-copy?hosting=server
https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud
JavaScript Charts for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1214527/javascript-charts-for-jira-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud
Entity Property Tool for Jira - Cloud - https://marketplace.atlassian.com/apps/1214509/entity-property-tool-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server
Confluence Issue Tab Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1211312/confluence-issue-tab-plugin-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud
My Reminders for Jira - Cloud - https://marketplace.atlassian.com/apps/1212778/my-reminders-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server
Code Coverage for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218271/code-coverage-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server
Agent Usage Visualization for Bamboo - Server - https://marketplace.atlassian.com/apps/1215924/agent-usage-visualization-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=server
Assets - ServiceNow Integration - Server - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=server
https://marketplace.atlassian.com/apps/1219561/insight-servicenow-integration?hosting=datacenter
Assets - ServiceNow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219561/assets-servicenow-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server
Asana Importer Plugin for Jira - Server - https://marketplace.atlassian.com/apps/1213440/asana-importer-plugin-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server
Announcement Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1217289/announcement-plugin-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server
GitHub webhooks for Fisheye - Server - https://marketplace.atlassian.com/apps/1223584/github-webhooks-for-fisheye?hosting=server
https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server
Assign Reviewer Groups - Server - https://marketplace.atlassian.com/apps/1220798/assign-reviewer-groups?hosting=server
https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server
Mandatory Reviewers for Crucible - Server - https://marketplace.atlassian.com/apps/1219472/mandatory-reviewers-for-crucible?hosting=server
https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server
Release Report for Fisheye - Server - https://marketplace.atlassian.com/apps/772972/release-report-for-fisheye?hosting=server
https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server
Archive Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211094/archive-plugin-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud
Rich Text Gadget for Jira - Cloud - https://marketplace.atlassian.com/apps/1214632/rich-text-gadget-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server
Continuous Plugin Deployment for Bamboo - Server - https://marketplace.atlassian.com/apps/602870/continuous-plugin-deployment-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud
Previous/next navigation - Cloud - https://marketplace.atlassian.com/apps/1223382/previous-next-navigation?hosting=cloud
https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud
Hackathon for Jira - Cloud - https://marketplace.atlassian.com/apps/1214757/hackathon-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud
Who\'s Looking for Jira Cloud - Cloud - https://marketplace.atlassian.com/apps/1211596/whos-looking-for-jira-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server
Predator Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1212736/predator-plugin-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server
SBT Task Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1214713/sbt-task-plugin-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server
Dependency Graph Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1215979/dependency-graph-plugin-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server
Agent Notifications for Bamboo - Server - https://marketplace.atlassian.com/apps/1216177/agent-notifications-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server
Conditional tasks for Bamboo - Server - https://marketplace.atlassian.com/apps/1219706/conditional-tasks-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server
Build Times for Bamboo 5.10+ - Server - https://marketplace.atlassian.com/apps/1215965/build-times-for-bamboo-5-10?hosting=server
https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server
Fail Build Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1215235/fail-build-trigger-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server
After Deployment Trigger for Bamboo - Server - https://marketplace.atlassian.com/apps/1216136/after-deployment-trigger-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server
Queue Priority Plugin for Bamboo - Server - https://marketplace.atlassian.com/apps/1216287/queue-priority-plugin-for-bamboo?hosting=server
https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=server
Assets - Confluence Macro - Server - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=server
https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=datacenter
Assets - Azure Integration - DataCenter - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=server
Assets - SCCM Integration - Server - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=server
https://marketplace.atlassian.com/apps/1219094/insight-sccm-integration?hosting=datacenter
Assets - SCCM Integration - DataCenter - https://marketplace.atlassian.com/apps/1219094/assets-sccm-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=datacenter
Assets - Snow Integration - DataCenter - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=datacenter
Assets - Jira & Bitbucket Integration - DataCenter - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=datacenter
https://marketplace.atlassian.com/apps/1219298/insight-snow-integration?hosting=server
Assets - Snow Integration - Server - https://marketplace.atlassian.com/apps/1219298/assets-snow-integration?hosting=server
https://marketplace.atlassian.com/apps/1216074/insight-macro-for-confluence?hosting=datacenter
Assets - Confluence Macro - DataCenter - https://marketplace.atlassian.com/apps/1216074/assets-confluence-macro?hosting=datacenter
https://marketplace.atlassian.com/apps/1218974/insight-azure-integration?hosting=server
Assets - Azure Integration - Server - https://marketplace.atlassian.com/apps/1218974/assets-azure-integration?hosting=server
https://marketplace.atlassian.com/apps/1217750/insight-jira-bitbucket-integration?hosting=server
Assets - Jira & Bitbucket Integration - Server - https://marketplace.atlassian.com/apps/1217750/assets-jira-bitbucket-integration?hosting=server
https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server
Mobile Plugin for Confluence Data Center and Server - Server - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=server
https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter
Mobile Plugin for Confluence Data Center and Server - Data Center - https://marketplace.atlassian.com/apps/1218250/mobile-plugin-for-confluence-data-center-and-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server
Inbox Hook for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1211715/inbox-hook-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server
Release Plugin for Bitbucket Server - Server - https://marketplace.atlassian.com/apps/1218118/release-plugin-for-bitbucket-server?hosting=server
https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server
Image Paste for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1215192/image-paste-for-fisheye-crucible?hosting=server
https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server
Copy Source for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1215624/copy-source-for-fisheye-and-crucible?hosting=server
https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server
Look and Feel for Fisheye and Crucible - Server - https://marketplace.atlassian.com/apps/1216128/look-and-feel-for-fisheye-and-crucible?hosting=server
https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server
Repository QuickAdd for Fisheye/Crucible - Server - https://marketplace.atlassian.com/apps/1212100/repository-quickadd-for-fisheye-crucible?hosting=server
https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server
Review Creator for Fisheye - Server - https://marketplace.atlassian.com/apps/14896/review-creator-for-fisheye?hosting=server
https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server
Bulk delete review files for Crucible - Server - https://marketplace.atlassian.com/apps/1215089/bulk-delete-review-files-for-crucible?hosting=server
https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server
File Tagging Plugin for Crucible - Server - https://marketplace.atlassian.com/apps/1211738/file-tagging-plugin-for-crucible?hosting=server
https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server
Copy Space for Confluence - Server - https://marketplace.atlassian.com/apps/212/copy-space-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server
Favorites Dialog for Confluence - Server - https://marketplace.atlassian.com/apps/1214046/favorites-dialog-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server
Jira Charting Plugin - Server - https://marketplace.atlassian.com/apps/288/jira-charting-plugin?hosting=server
https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server
Workflow Screenshot for Jira - Server - https://marketplace.atlassian.com/apps/1215704/workflow-screenshot-for-jira?hosting=server
https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server
Toolkit Plugin for Jira - Server - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=server
https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server
Mobile Connect Plugin for Jira - Server - https://marketplace.atlassian.com/apps/322837/mobile-connect-plugin-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server
SSL for Jira - Server - https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server
Data Generator for Jira - Server - https://marketplace.atlassian.com/apps/1210725/data-generator-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter
Jira Cloud Migration Assistant - DataCenter - https://marketplace.atlassian.com/apps/1222010/jira-cloud-migration-assistant?hosting=datacenter
https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server
Thready - Give Tomcat threads a name - Server - https://marketplace.atlassian.com/apps/1214899/thready-give-tomcat-threads-a-name?hosting=server
https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server
Atlassian REST API Browser - Server - https://marketplace.atlassian.com/apps/1211542/atlassian-rest-api-browser?hosting=server
https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server
Issue Edit Notifications for Jira - Server - https://marketplace.atlassian.com/apps/1211504/issue-edit-notifications-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud
Sticker Printer for Jira - Cloud - https://marketplace.atlassian.com/apps/1222124/sticker-printer-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud
Better Code Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1214912/better-code-macro-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud
Microsoft Teams for Bitbucket Cloud - Cloud - https://marketplace.atlassian.com/apps/1218941/microsoft-teams-for-bitbucket-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud
Microsoft Teams for Confluence Cloud - Cloud - https://marketplace.atlassian.com/apps/1219516/microsoft-teams-for-confluence-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter
Disable Referer for Bitbucket Server - DataCenter - https://marketplace.atlassian.com/apps/1214351/disable-referer-for-bitbucket-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server
opsgenie-bamboo-plugin - Server - https://marketplace.atlassian.com/apps/1224300/opsgenie-bamboo-plugin?hosting=server
https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter
Look and Feel for Bitbucket Server - Datacenter - https://marketplace.atlassian.com/apps/1212632/look-and-feel-for-bitbucket-server?hosting=datacenter
https://marketplace.atlassian.com/apps/1214668/insight-discovery?hosting=cloud
Assets Discovery - Cloud - https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=cloud
https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server
Bamboo build status notifier - Server - https://marketplace.atlassian.com/apps/1224729/bamboo-build-status-notifier?hosting=server
https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server
Crucible build status - Server - https://marketplace.atlassian.com/apps/1224728/crucible-build-status?hosting=server
https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server
ProForma Lite: Forms & Checklists - Server - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=server
https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server
ProForma: Forms & Checklist for Jira - Server - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter
ProForma: Forms & Checklist for Jira - Datacenter - https://marketplace.atlassian.com/apps/1215833/proforma-forms-checklist-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter
ProForma Lite: Forms & Checklists - Datacenter - https://marketplace.atlassian.com/apps/1219499/proforma-lite-forms-checklists?hosting=datacenter
https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud
JSM Assets - Microsoft Entra ID (Azure AD) Beta Integration - Cloud - https://marketplace.atlassian.com/apps/1232506/jsm-assets-microsoft-entra-id-azure-ad-beta-integration?hosting=cloud
https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud
Mermaid diagrams viewer-Cloud-https://marketplace.atlassian.com/apps/1232887/mermaid-diagrams-viewer?hosting=cloud
https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud
Extension Point Finder for Jira - Cloud - https://marketplace.atlassian.com/apps/1230672/extension-point-finder-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud
Extension Point Finder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1230671/extension-point-finder-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud
Issue Status Helper - Cloud - https://marketplace.atlassian.com/apps/1231916/issue-status-helper?hosting=cloud
https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud
Databricks Visualization - Cloud - https://marketplace.atlassian.com/apps/1230032/databricks-visualization?hosting=cloud
https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud
Audio Recorder for Confluence - Cloud - https://marketplace.atlassian.com/apps/1233346/audio-recorder-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud
Localised Date Macro for Confluence - Cloud - https://marketplace.atlassian.com/apps/1231985/localised-date-macro-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter
Bump Build Number - DataCenter - https://marketplace.atlassian.com/apps/1232254/bump-build-number?hosting=datacenter
https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud
Event Sign-up for Confluence - Cloud - https://marketplace.atlassian.com/apps/1235122/event-sign-up-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud
Data Manager Clients for JSM Assets - Cloud - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=cloud
https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter
Data Manager Clients for JSM Assets - DataCenter - https://marketplace.atlassian.com/apps/1234690/data-manager-clients-for-jsm-assets?hosting=datacenter
https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter
App Usage for Jira - DatCenter - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server
App Usage for Jira - Server - https://marketplace.atlassian.com/apps/1230311/app-usage-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud
Azure DevOps for Jira (Official) - Cloud - https://marketplace.atlassian.com/apps/1232793/azure-devops-for-jira-official?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud
JSM Incident Timeline - Cloud - https://marketplace.atlassian.com/apps/1234673/jsm-incident-timeline?hosting=cloud
https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud
Sentry for Compass - Cloud - https://marketplace.atlassian.com/apps/1233977/sentry-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud
GitHub for Compass - Cloud - https://marketplace.atlassian.com/apps/1234027/github-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud
GitLab for Compass - Cloud - https://marketplace.atlassian.com/apps/1233993/gitlab-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud
Bitbucket for Compass - Cloud - https://marketplace.atlassian.com/apps/1234004/bitbucket-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud
Snyk for Compass - Cloud - https://marketplace.atlassian.com/apps/1233931/snyk-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud
Slack for Compass - Cloud - https://marketplace.atlassian.com/apps/1233986/slack-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud
Opsgenie for Compass - Cloud - https://marketplace.atlassian.com/apps/1233988/opsgenie-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud
Statuspage for Compass - Cloud - https://marketplace.atlassian.com/apps/1233987/statuspage-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud
New Relic for Compass - Cloud - https://marketplace.atlassian.com/apps/1233979/new-relic-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud
CircleCI for Compass - Cloud - https://marketplace.atlassian.com/apps/1233943/circleci-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud
Swagger UI for Compass - Cloud -https://marketplace.atlassian.com/apps/1233990/swagger-ui-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud
PagerDuty for Compass - Cloud - https://marketplace.atlassian.com/apps/1233942/pagerduty-for-compass?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud
Jira & Confluence Smart Chips for Google Docs Slides Sheets - Cloud - https://marketplace.atlassian.com/apps/1232285/jira-confluence-smart-chips-for-google-docs-slides-sheets?tab=overview&hosting=cloud
https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter
Confluence Mail Archiving Plugin - DataCenter - https://marketplace.atlassian.com/apps/1229906/confluence-mail-archiving-plugin?tab=overview&hosting=datacenter
https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter
AutoLink Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/1211246/autolink-plugin-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud
Confluence Widget for Figma (Beta) - Cloud - https://marketplace.atlassian.com/apps/1235488/confluence-widget-for-figma-beta?hosting=cloud
https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud
Jira Board Buddy - Cloud - https://marketplace.atlassian.com/apps/1235496/jira-board-buddy?hosting=cloud
https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter
Toolkit Plugin for Jira - DataCenter - https://marketplace.atlassian.com/apps/5142/toolkit-plugin-for-jira?hosting=datacenter
https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud
Bitbucket Cloud - https://trello.com/power-ups/588a331cc86ffbe08f5d2c67/bitbucket-cloud
https://trello.com/power-ups/55a5d915446f517774210001/box
Box - https://trello.com/power-ups/55a5d915446f517774210001/box
https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater
Card Repeater - https://trello.com/power-ups/57b47fb862d25a30298459b1/card-repeater
https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze
Card Snooze - https://trello.com/power-ups/58dd18bdccfca7af8311792e/card-snooze
https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud
Confluence Cloud - https://trello.com/power-ups/586be37142f94dc0871fbcbb/confluence-cloud
https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields
Custom Fields - https://trello.com/power-ups/56d5e249a98895a9797bebb9/custom-fields
https://trello.com/power-ups/55a5d915446f517774210003/evernote
Evernote - https://trello.com/power-ups/55a5d915446f517774210003/evernote
https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy
Giphy - https://trello.com/power-ups/568c1415eeaeb62f5a43aa01/giphy
https://trello.com/power-ups/55a5d916446f517774210004/github
GitHub - https://trello.com/power-ups/55a5d916446f517774210004/github
https://trello.com/power-ups/55a5d916446f517774210006/google-drive
Google Drive - https://trello.com/power-ups/55a5d916446f517774210006/google-drive
https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts
Google Hangouts - https://trello.com/power-ups/55a5d916446f517774210007/google-hangouts
https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align-
Jira Align - https://trello.com/power-ups/5e3886cd2ae34410748d0d5b/jira-align-
https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp
MailChimp - https://trello.com/power-ups/55a5d917446f51777421000c/mailchimp
https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive
OneDrive - https://trello.com/power-ups/5940440775fbe327abd3329f/onedrive
https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker
Package Tracker - https://trello.com/power-ups/55a5d917446f51777421000d/package-tracker
https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me
Read Me - https://trello.com/power-ups/5a2de0c41ae4a1537bb0055d/read-me
https://trello.com/power-ups/55a5d917446f517774210009/salesforce
Salesforce - https://trello.com/power-ups/55a5d917446f517774210009/salesforce
https://trello.com/power-ups/55a5d917446f51777421000a/slack
Slack - https://trello.com/power-ups/55a5d917446f51777421000a/slack
https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey
SurveyMonkey - https://trello.com/power-ups/568c143d95adcd7308cbc3fb/surveymonkey
https://trello.com/power-ups/55a5d917446f51777421000b/twitter
Twitter - https://trello.com/power-ups/55a5d917446f51777421000b/twitter
https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk
Zendesk - https://trello.com/power-ups/56940ede94fd60cf95f7ce6a/zendesk
https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards
Dashcards - https://trello.com/power-ups/6048e897c73d032a983e2a7c/dashcards
https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira
Jira - https://trello.com/power-ups/586be36326cc4c7e9f70beb3/jira
Third Party Marketplace Apps
https://app.aurory.io
https://store.epicgames.com/en-US/p/seekers-of-tokane-a5986d
Seekers of Tokane
https://play.google.com/store/apps/details?id=io.aurory.seekersoftokane&hl=en_CA
Android Mobile - Testing
https://testflight.apple.com/join/FuaxsScP
IOS Mobile - Testing
https://www.australiansuper.com/
www.australiansuper.com
https://portal.australiansuper.com/
portal.australiansuper.com
https://business.australiansuper.com/
business.australiansuper.com
https://adviser.australiansuper.com/
adviser.australiansuper.com
https://apis.australiansuper.com/
apis.australiansuper.com
https://apis-v5.australiansuper.com/
apis-v5.australiansuper.com
config.cic-bug-bounty.auth0app.com
https://manage.cic-bug-bounty.auth0app.com/
manage.cic-bug-bounty.auth0app.com (Management Dashboard)
*.cic-bug-bounty.auth0app.com
https://play.google.com/store/apps/details?id=com.auth0.guardian&hl=en_US&gl=US
Auth0 Guardian Android
https://apps.apple.com/us/app/auth0-guardian/id1093447833
Auth0 Guardian IoS
https://marketplace.auth0.com
marketplace.auth0.com (Auth0 Marketplace)
MFA Integrations
https://github.com/auth0/auth0.js
https://github.com/auth0/auth0.js (Auth0 SDK for Web)
https://github.com/auth0/lock
https://github.com/auth0/lock (Lock for Web)
https://github.com/auth0/auth0-spa-js
https://github.com/auth0/auth0-spa-js (Auth0 Single Page App SDK)
https://github.com/auth0/Auth0.Net
https://github.com/auth0/Auth0.Net (.NET SDK)
https://github.com/auth0/nextjs-auth0
https://github.com/auth0/nextjs-auth0 (Next.js SDK)
https://github.com/auth0/auth0-java
https://github.com/auth0/auth0-java (Java SDK)
https://github.com/auth0/react-native-auth0
https://github.com/auth0/react-native-auth0 (react-native SDK)
https://github.com/auth0/auth0-php
https://github.com/auth0/auth0-php (PHP SDK)
https://dashboard.fga.dev/
https://api.us1.fga.dev/
https://customers.us1.fga.dev/
https://play.fga.dev/
auth0.com
samltool.io
webauthn.me
openidconnect.net
jwt.io
auth0.net
https://195.60.68.241
Bounty Cam1
https://195.60.68.242
Bounty Cam2
https://195.60.68.243
Bounty Cam3
https://195.60.68.244
Bounty Cam4
https://195.60.68.245
Bounty Cam5
https://195.60.68.246
Bounty Cam6
https://195.60.68.247
Bounty Cam7
https://195.60.68.248
Bounty Cam8
https://195.60.68.249
Bounty Cam9
https://195.60.68.250
Bounty Cam10
https://www.pornhub.com/
https://mobile.pornhub.com/
https://api.pornhub.com/
https://www.pornhubpremium.com/
https://www.redtube.com/
https://www.redtubepremium.com/
https://www.youporn.com/
https://www.youpornpremium.com/
https://pornhub.mainhub.com
https://*.tube8.com
*. tube8.com
https://www.thumbzilla.com/
https://*.trafficjunky.com
*.trafficjunky.com
https://*.adultforce.com
*.adultforce.com
https://play.google.com/store/apps/details?id=com.backblaze.android&hl=en_US&gl=US
Backblaze Android mobile application
https://apps.apple.com/us/app/backblaze/id628638330
Backblaze iOS mobile application
Mac Personal Backup Clients
Windows Personal Backup Clients
Mac Restore Downloaders
Windows Restore Downloaders
Git Repositories (b2-sdk-java & B2 Command Line Tool)
https://*.backblazeb2.com
B2 APIs (*.backblazeb2.com)
https://backblaze.com
Backblaze Website (*.backblaze.com)
Balsamiq Cloud
Balsamiq Wireframes for Desktop
https://marketplace.atlassian.com/apps/1213404/balsamiq-wireframes-for-confluence-cloud?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1212796/balsamiq-wireframes-for-jira-cloud?hosting=cloud&tab=overview
https://balsamiq.com
https://marketplace.atlassian.com/apps/5161/balsamiq-wireframes-for-jira?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/256/balsamiq-wireframes-for-confluence?hosting=datacenter&tab=overview
https://www.barracuda.com/products/messagearchiver
Barracuda Message Archiver
https://www.barracuda.com/products/websecuritygateway
Barracuda Web Security Gateway
https://www.barracuda.com/products/loadbalancer?utm_source=google&utm_medium=search_cpc&utm_campaign=387189501&utm_adgroup=116181947964&utm_term=&utm_position=&utm_matchtype=b&utm_device=c&utm_content=484352050459&_bt=484352050459&_bk=&_bm=b&_bn=g&_bg=116181947964&gclid=Cj0KCQjwvr6EBhDOARIsAPpqUPFtfKELYb2ysp1O29NyBMwStaYpYAxq1oso9BaXpcPo9yrcy13uuc0aAtQDEALw_wcB
Barracuda ADC
https://www.barracuda.com/products/webapplicationfirewall
Barracuda Web Application Firewall
https://www.barracuda.com/products/emailsecuritygateway
Barracuda Email Security Gateway
https://www.barracuda.com/products/cloudgenfirewall
Barracuda CloudGen Firewall
https://*.<researcher-store>.mybigcommerce.com
https://www.bigcommerce.com
*.bigcommerce.com
login.bigcommerce.com
https://apps.apple.com/au/app/bigcommerce/id1418570678
BigCommerce iOS
https://play.google.com/store/apps/details?id=com.bigcommerce.mobile
BigCommerce Android
https://github.com/bigcommerce/
BigCommerce\'s Open Source Code
https://bigcommerce.com/make-it-big
https://bigcommerce.com/blog
https://*.bigcommerce.net
api.coinmarketcap.com
pro-api.coinmarketcap.com
https://www.binance.com/
*.binance.com
Binance Desktop Application
Binance Mobile Application for Android
Binance Mobile Application for iOS
api.binance.com
Binance macOS Application
pro.coinmarketcap.com
CoinMarketCap Android app
Trustwallet Android App
Trustwallet iOS App
https://github.com/trustwallet/wallet-core/
CoinMarketCap iOS app
portal-api.coinmarketcap.com
coinmarketcap.com
3rdparty-apis.coinmarketcap.com
https://www.binance.us/
*.binance.us
https://binance.tr
binance.tr
Trustwallet Chrome Extension
Bitdefender Total Security
*.bitdefender.net
Bitdefender Antimalware Engines
*.bitdefender.com
https://www.bitdefender.com/business/smb-products/business-security.html?cid=ppc|b|google|smb&s_kwcid=AL!6076!3!514235572261!p!!g!!bitdefender%20business&utm_term=bitdefender%20business&utm_campaign=USA+SMB+Branded+30&utm_source=adwords&utm_medium=ppc&hsa_acc=8155205354&hsa_cam=7848657822&hsa_grp=124745713150&hsa_ad=514235572261&hsa_src=g&hsa_tgt=kwd-308396066873&hsa_kw=bitdefender%20business&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwqIiFBhAHEiwANg9szk-Rr3iSn4mrwsvAUOn-pzrO12ufWDmyCLopWigaLQW0t_xtlBE65RoCr6kQAvD_BwE
Bitdefender GravityZone Business Security
Bitdefender BOX v2
https://www.bitgo.com
*.bitgo.com
https://app.bitgo.com
app.bitgo.com
https://app.bitgo-test.com
app.bitgo-test.com
https://web.bitpanda.com
https://www.bitpanda.com/
https://www.bitpanda.com
https://api.bitpanda.com
wss://socket.bitpanda.com
All the Blockchain Infrastructure
https://account.bitpanda.com
https://play.google.com/store/apps/details?id=com.bitpanda.bitpanda
Bitpanda Broker Android App
https://apps.apple.com/app/bitpanda-buy-bitcoin-crypto/id1449018960
Bitpanda Broker iOS App
https://blog.bitpanda.com/en
https://blog.bitpanda.com
https://www.bitpanda.com/academy/en/
https://www.bitpanda.com/academy/
https://www.bitstamp.net/
www.bitstamp.net - Bitstamp Application & API
*.bitstamp.net - Bitstamp Supporting Services
https://apps.apple.com/us/app/bitstamp/id1406825640
Bitstamp Mobile Application for iOS
https://play.google.com/store/apps/details?id=net.bitstamp.app
Bitstamp Pro Mobile Application for Android
https://play.google.com/store/apps/details?id=net.bitstamp.appgo
Bitstamp Mobile Application For Android
https://bug-bounty-api.k8s.tools-001.d-use-1.braze-dev.com
https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com
https://bug-bounty-dashboard.k8s.tools-001.d-use-1.braze-dev.com/
https://docs.bugcrowd.com/
docs.bugcrowd.com
https://bugcrowd.com/programs
bugcrowd.com
https://tracker.bugcrowd.com
Crowdcontrol
https://api.bugcrowd.com
api.bugcrowd.com
https://identity.bugcrowd.com/
https://identity.bugcrowd.com/
*.bugcrowd.com/auth/*
https://bullish.com/
https://investor.bullish.com/
https://investor.bullish.com
https://simnext.bullish-test.com
https://api.simnext.bullish-test.com
████████████████████████
████████████████████████████
███████████████████████████
███████████████████████
████████████
███████████████████
█████████████████████████████
██████████████████████████
*.canva.cn
Canva (Android)
Canva (Chrome Extension)
Canva (iOS)
*.canva.com
*.canva-apps.com
*.canva-apps.cn
https://canva.com/developers
Canva Developer Platform
https://*.canva.tech
*.canva.tech
Canva Desktop (macOS / Windows)
https://itunes.apple.com/app/carrefour-uae/id626805470
Carrefour UAE iOS
https://play.google.com/store/apps/details?id=com.aswat.carrefouruae
Carrefour UAE Android
https://www.carrefouruae.com/
carrefouruae.com
https://api-prod.retailsso.com
https://itunes.apple.com/us/app/cash-app/id711923939?mt=8
Cash App Mobile Application for iOS
https://play.google.com/store/apps/details?id=com.squareup.cash
Cash App Mobile Application for Android
https://cash.app
*.cash.app
*.cashstaging.app
https://www.foreignaffairs.com/
https://www.cfr.org/
https://thinkglobalhealth.org
https://education.cfr.org/
*.meraki.com
*.ikarem.io
Cisco Meraki Systems Manager
Cisco Meraki Virtual Security Appliances
*.network-auth.com
Cisco Meraki Dashboard Mobile Application (iOS and Android)
Cisco Meraki MX Security Appliances
Cisco Meraki MS Switches
Cisco Meraki MR Access Points
Cisco Meraki MV Security Cameras
Cisco Meraki Z Series (Z1,Z3(C))
https://meraki.cisco.com
meraki.cisco.com
apps.meraki.io
https://apps.apple.com/us/app/classdojo/id552602056
IoS App
https://api.classdojo.com
https://play.google.com/store/apps/details?id=com.classdojo.android
Android App
https://teach.classdojo.com
https://student.classdojo.com
https://www.classdojo.com
https://home.classdojo.com
https://dev.tutoring.classdojo.com
https://ws.multiplayer.classdojo.com/
wss://ws.multiplayer.classdojo.com
https://ticket.multiplayer.classdojo.com
https://clients.multiplayer.classdojo.com/launcher/prod/latest
https://monster-customizer.classdojo.com/cf6dfa68-1a81-4c6d-bc0b-38f3666b37d6/index.html
*.classdojo.com
*.classdojo.co.uk
*.doj.io
*.dojo.me
https://clickhou.se/bugcrowd
ClickHouse Cloud environment hosted by ClickHouse
https://github.com/ClickHouse/ClickHouse
https://cloudinary.com/console
https://api.cloudinary.com
https://res.cloudinary.com
https://mediaflows.cloudinary.com/
mediaflows.cloudinary.com
https://dimensions.cloudinary.com
dimensions.cloudinary.com
https://marketplace.atlassian.com/apps/1218652/deep-clone-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1219514/merge-agent-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1220136/quick-filters-for-jira-dashboards?hosting=cloud
https://marketplace.atlassian.com/apps/1219476/comment-custom-fields-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1221733/external-data-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1219288/comment-history-log-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1215055/slack-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1219807/version-sync-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1218211/secure-google-calendar-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1219994/external-data-for-jira-fields?hosting=cloud
https://marketplace.atlassian.com/apps/1232630/external-data-for-jira-fields-extension?hosting=cloud
https://marketplace.atlassian.com/apps/1222978/dynamic-fields-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1223455/advanced-bulk-edit-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1226627/prime-custom-fields-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1230689/easy-confluence-gadget-for-jira-dashboards?hosting=cloud
https://adhoc-bugcrowd.cdn-code.org
adhoc-bugcrowd.cdn-code.org
https://adhoc-bugcrowd-studio.cdn-code.org
adhoc-bugcrowd-studio.cdn-code.org
staging.coindesk.com
staging.auth.coindesk.com
*.xfinity.com
*.comcast.com
*.xcal.tv
Staging, QA, Dev, and Test Environments
*.sys.comcast.net
https://business.comcast.com/account
TV - Xfinity hardware and services
Flex - Xfinity hardware and services
Voice - Hardware and service
https://www.xfinity.com/apps
Mobile Apps iOS and Android
https://www.contrastsecurity.com/
www.contrastsecurity.com
https://contrastsecurity.dev/
contrastsecurity.dev
https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?tab=overview&hosting=server
https://marketplace.atlassian.com/apps/1223249/mailto-wiki-email-for-confluence?hosting=datacenter&tab=overview
CyberGhost VPN servers
https://apps.apple.com/us/app/id583009522
CyberGhost iOS application
https://play.google.com/store/apps/details?id=de.mobileconcepts.cyberghost
CyberGhost Android application
https://www.cyberghostvpn.com/en_US/apps/linux-vpn
CyberGhost Linux application
https://www.cyberghostvpn.com/en_US/apps/macos-vpn
CyberGhost macOS application
https://www.cyberghostvpn.com/en_US/apps/windows-vpn
CyberGhost Windows application
https://addons.mozilla.org/en-US/firefox/addon/cyberghost-vpn-free-proxy/
CyberGhost Firefox extension
https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb
CyberGhost Chrome extension
CyberGhost APIs
CyberGhost PS3+PS4 apps
CyberGhost Xbox One + Xbox360 apps
https://cyberghost.com
cyberghost.com
*.cyberghost.com
cyberghost.app
https://www.cyberghostvpn.com/
*.cyberghostvpn.com
*.dell.com/*
*.delltechnologies.com/*
https://console.delltechnologies.com/nav/administration
https://console.delltechnologies.com/nav/invoice
https://console.delltechnologies.com/nav/billing
Any Verified Dell-Controlled Endpoint (domains/IP space/etc.)
Actively Supported, Bounty Eligible Dell Products
Actively Supported, Non-Reward Eligible Dell Products
app.sandbox.directly.com
*.sandbox.directly.com/
https://sandbox.directly.com/dashboard/index
api.dropboxapi.com
*.dropbox.com
*.hellosign.com
*.helloworks.com
*.hellofax.com
*.dropboxforum.com
*.docsend.com
*.dropboxer.net
https://www.dash.ai/
dash.ai
https://dropboxpartners.com
*.dropboxpartners.com
https://reclaim.ai
*.reclaim.ai
https://play.google.com/store/apps/details?id=com.dropbox.paper&hl=en_US&gl=US
Dropbox Paper Android App
https://apps.apple.com/us/app/dropbox-secure-cloud-storage/id327630330
Dropbox iOS app
https://apps.apple.com/us/app/paper-by-dropbox/id1126623662
Dropbox Paper iOS app
https://apps.apple.com/us/app/dropbox-emm/id1080074001
Dropbox EMM iOS
https://www.dropbox.com/desktop
Dropbox Desktop Application
https://www.dropbox.com/capture
Dropbox Capture Windows Desktop App
Dropbox Capture macOS Desktop App
https://play.google.com/store/apps/details?id=com.dropbox.android&hl=en_US&gl=US
Dropbox Android App
https://play.google.com/store/apps/details?id=com.dropbox.app.hellosign&hl=en_US&gl=US
Dropbox Sign (formerly HelloSign) Android App
https://www.dropbox.com/paper
Paper Desktop Application
https://dropbox.com/dash/download
Dropbox Dash App
https://app.reclaim.ai
Reclaim.ai App
https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=server
https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=datacenter
https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=datacenter
https://docs.eazybi.com/
docs.eazybi.com
https://my.electroneum.com/
https://electroneum.com/
https://api.electroneum.com/
https://play.google.com/store/apps/details?id=com.electroneum.mobile&hl=en_US
Electroneum Android App
https://apps.apple.com/us/app/electroneum/id1270774992
Electroneum iOS App
https://api.anytask.com/
https://www.anytask.com/
https://github.com/electroneum/electroneum-sc/
Smartchain Blockchain
https://blockexplorer.electroneum.com
Smartchain Block Explorer
https://my.thesecurityteam.rocks/
https://anytask.thesecurityteam.rocks/
https://elementor.com/
https://elementor.com/*
https://my.elementor.com/
https://go.elementor.com/
https://translate.elementor.com/
https://developers.elementor.com/
https://he.elementor.com/
https://code.elementor.com/
https://library.elementor.com/
https://app.strattic.com
app.strattic.com
https://casino.partycasino.com
https://casino.bwin.com
https://casino.sportingbet.com
https://www.ladbrokes.com/en/games
https://www.coral.co.uk/en/games
https://casino.*.betmgm.com/en/games (read "Find a Game to test on our targets")
https://www.partypoker.com
Partypoker Website (and all its subdomains)
https://www.ladbrokes.com
Ladbrokes Digital (and all its subdomains)
https://www.coral.co.uk
Coral Sports (and all its subdomains)
https://www.galabingo.com
Gala Bingo (and all its subdomains)
https://www.partycasino.com
Partycasino Website (and all its subdomains)
https://www.bwin.com
Bwin Website (and all its subdomains)
http://media.itsfogo.com/media/upload/mobile/android/apk/partycasino_com.apk
Partycasino APK
https://apps.apple.com/gb/app/bwin-poker-and-casino-games/id410242773
Bwin Poker-Casino iOS
https://apps.apple.com/gb/app/bwin-sports-betting/id393760245
Bwin Sports iOS
https://apps.apple.com/gb/app/partycasino-play-casino-games/id818432894
Partycasino iOS
https://apps.apple.com/gb/app/partypoker-texas-holdem-poker/id687740281
Partypoker iOS
https://www.galacasino.com
Gala Casino Website (and all its subdomains)
https://www.epam.com/
*.epam.com
https://projects.epam.com
*.projects.epam.com
https://lab.epam.com
*.lab.epam.com
https://opensource.epam.com
*.opensource.epam.com
*.emakina.nl
*.emakina.group
*.emakina.com
*.emakina.ch
*.emakina.fr
*.emakina.us
*.emakina.at
https://*.epam.com
Subdomain takeover
open redirect at *.epam.com
Open redirect at *.projects.epam.com, *.lab.epam.com, *.opensource.epam.com
In Scope - Points only
https://www.etsy.com
www.etsy.com
https://www.etsy.com/mobile
Etsy Mobile Application (Android)
Etsy Mobile Application (iPhone)
https://www.etsy.com/developers/documentation/getting_started/api_basics
Etsy API (see documentation below)
https://etsypayments.com
etsypayments.com
https://blog.etsy.com
blog.etsy.com
https://careers.etsy.com
careers.etsy.com
https://help.etsy.com
help.etsy.com
https://community.etsy.com
community.etsy.com
*.etsy.com
Virtualisation layer
https://sks-ch-gva-2.exo.io
SKS Clusters
https://portal.exoscale.com/
Web Portal
https://api-ch-gva-2.exoscale.com/v2
API
https://sos-ch-gva-2.exo.io/
Simple Object Storage (SOS)
https://internal.exoscale.ch
Internal Web services - https://*.internal.exoscale.ch
Managed Scalable Kubernetes Service (SKS)
Database as a Service (DBaaS)
VPN servers
ExpressVPN iOS application
ExpressVPN Android application
ExpressVPN Linux application
ExpressVPN macOS application
ExpressVPN Windows application
ExpressVPN Router
ExpressVPN Firefox extension
ExpressVPN Chrome extension
MediaStreamer DNS servers
ExpressVPN APIs
https://www.expressvpn.com
www.expressvpn.com
*.expressvpn.com
*.xvservice.net
*.xvtest.net
http://expressobutiolem.onion
expressobutiolem.onion
Google Play (com.expressvpn.vpn)
Apple App Store (886492891)
https://github.com/expressvpn/lightway-core
Lightway Core
ExpressVPN Keys Browser Extension
https://financialforce.com
*.financialforce.com
https://*.certinia.com
*.certinia.com
Any FIS asset is in scope
https://flo.uri.sh
flo.uri.sh
https://flourish.studio/
*.flourish.studio
https://xyzbmojn.net/
*.xyzbmojn.net
flourish-user-templates.com
flourish-user-preview.com
https://*.kiln.it
*.kiln.it
█████████████████████████████████████
███████████████████████████████████
████████████████████████████████
██████████████████████
█████████████████████████
█████████████████████
██████████████████████████████████████████████
██████████████████████████████████████████████████
*-bugcrowd.foxycart.com (read below for details)
https://admin.foxycart.com
admin.foxycart.com
https://admin.foxy.io/
admin.foxy.io
https://auth.foxy.io/
auth.foxy.io
https://foxycart-demo.foxycart.com/cart
foxycart-demo.foxycart.com
https://api.foxycart.com/
api.foxycart.com
https://github.com/freedomofpress/securedrop
https://github.com/freedomofpress/securedrop-log
https://github.com/freedomofpress/securedrop-proxy
https://github.com/freedomofpress/securedrop-sdk
https://github.com/freedomofpress/securedrop-workstation
https://github.com/freedomofpress/securedrop-client
https://github.com/freedomofpress/securedrop-export
https://github.com/freedomofpress/securedrop-debian-packaging
██████████████████
███████████
https://staging.gearset.com/
staging.gearset.com
staging-api.gearset.com
https://hipaa.staging.gearset.com/
hipaa.staging.gearset.com
https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1
Frontend portal: https://app.glean.com/login?qe=https://bug-bounty-be.glean.com&skip_to_sso=1
Backend endpoint: bug-bounty-be.glean.com
https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview
Scio Search Crawler for Confluence- https://marketplace.atlassian.com/apps/1222714/scio-search-crawler-for-confluence?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview
Scio Search Crawler for Jira- https://marketplace.atlassian.com/apps/1222715/scio-search-crawler-for-jira?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview
Glean Activity Plugin for Jira Cloud- https://marketplace.atlassian.com/apps/1229003/glean-activity-plugin-for-jira-cloud?hosting=cloud&tab=overview
https://www.hostgator.com.br/
hostgator.com.br/
https://financeiro.hostgator.com.br
https://bugcrowd.hotdoc.com.au
https://bugcrowd.hotdoc.com.au (Patients)
https://bugcrowd.hotdoc.com.au/api
https://bugcrowd.hotdoc.com.au/dashboard
https://bugcrowd.hotdoc.com.au/dashboard (Clinic Dashboard)
https://app.hubspot.com/
app.hubspot.com
https://app-eu1.hubspot.com
app-eu1.hubspot.com
https://api.hubspot.com/
api.hubspot.com
https://developers.hubspot.com/docs/api/overview
api.hubapi.com
https://chatspot.ai
chatspot.ai
https://connect.com
connect.com
*.hubspotemail.net
*.hs-sites(-eu1)?.com
*.hubspotpagebuilder.com
*.hubspotpagebuilder.eu
https://knowledge.hubspot.com/inbox/set-up-a-customer-portal
Customer Portal (1)
Customer connected domain (2)
https://play.google.com/store/apps/details?id=com.hubspot.android&hl=en_US&gl=US
HubSpot Android Mobile App
https://apps.apple.com/us/app/hubspot/id1107711722
HubSpot iOS Mobile App
https://knowledge.hubspot.com/connected-email/get-started-with-the-hubspot-sales-office-365-add-in
HubSpot Sales Office 365 add-in
Other HubSpot-owned (sub)domains not listed as Out of Scope . Please make sure to exercise due diligence before testing. You must include proof that the subdomain is registered to HubSpot to be eligible for a reward.
Special Conditions
https://www.ameliorate.com/
https://*.ameliorate.com/
https://www.beautyexpert.com/
https://*.beautyexpert.com/
https://www.cultbeauty.co.uk/
https://www.dermstore.com
https://*.dermstore.com
https://www.espaskincare.com/
https://*.espaskincare.com/
https://www.exantediet.com/
https://*.exantediet.com/
https://www.eyeko.com/
https://*.eyeko.com/
https://www.glossybox.com/
https://*.glossybox.com/
https://www.growgorgeous.com/
https://*.growgorgeous.com/
https://www.hqhair.com/
https://*.hqhair.com/
https://www.illamasqua.com/
https://*.illamasqua.com/
https://www.mioskincare.com/
https://*.mioskincare.com/
https://www.mankind.co.uk/
https://*.mankind.co.uk/
https://www.mybag.com/
https://*.mybag.com/
https://www.myvitamins.com/
https://*.myvitamins.com/
https://www.powerman.co.uk/
https://*.powerman.co.uk/
https://www.skinstore.com/
https://*.skinstore.com/
https://www.thehut.com/
https://*.thehut.com/
https://checkout.myvitamins.com
https://checkout.eyeko.com
https://checkout.glossybox.com
https://chrome.google.com/webstore/detail/ibotta-browser-extension/mfaedmjlefifhnhpgipjjiiekchaimpk?hl=en-US
Chrome Extension
http://market.android.com/details?id=com.ibotta.android
http://itunes.apple.com/us/app/ibotta/id559887125
https://content-server.ibotta.com/graphql
https://api.ibotta.com
https://api.ibops.net
https://api.int.ibops.net
https://api.int.ibops.net/customer-loyalty-service
https://api.ibops.net/ad-management
https://api.ibops.net/ad-management
Ibotta App Data & Memory
https://app.ibotta.com/sign-in
Web v2
http://ibotta.com
https://backend.ibotta.com/
https://www.ifood.com.br
https://*.movilepay.com
*.movilepay.com
https://*.movilepay.com.br
*.movilepay.com.br
https://shop.ifood.com.br
https://marketplace.ifood.com.br
https://wsloja.ifood.com.br
https://wslatam.ifood.com.br
https://static-images.ifood.com.br
https://gestordepedidos.ifood.com.br
Gestor de pedidos - Web ONLY
https://developer.ifood.com.br
https://api.fstr.rocks
https://rc.fstr.rocks
https://play.google.com/store/apps/details?id=br.com.brainweb.ifood&hl=pt_BR
iFood Customer Android Application
https://apps.apple.com/br/app/ifood-pedir-comida-e-mercado/id483017239
iFood Customer iOS Application
https://guildofguardians.com
guildofguardians.com
*.guildofguardians.com
https://passport.immutable.com/
passport.immutable.com - Passport web3 wallet
https://auth.immutable.com
auth.immutable.com - Passport authentication backend
https://github.com/immutable/ts-immutable-sdk/tree/main/packages/passport/
Passport SDK
https://hub.immutable.com/
hub.immutable.com - Developer Hub
https://api.immutable.com
https://api.x.immutable.com/
*.immutable.com
*.imtbl.com
testnet.immutable.com
*.testnet.immutable.com
https://link.x.immutable.com/
https://market.immutable.com/
https://docs.immutable.com/
imx.community
https://*.imperva.com
https://www.cloudvector.com/
https://*.cloudvector.com/
https://*.incapsula.com
PTaaS Reference
https://*.indeed.com
https://*.indeedflex.com
https://apis.indeed.com/graphql
https://play.google.com/store/apps/details?id=com.indeed.android.jobsearch
Indeed Job Search Android
https://apps.apple.com/us/app/indeed-job-search/id309735670
Indeed Job Search iOS
https://play.google.com/store/apps/details?id=com.syftapp.android
Android Indeed Flex App
https://apps.apple.com/gb/app/indeed-flex-job-search/id1013812731
iOS Indeed Flex App
https://*.indeed.tech
https://*.indeed.net
https://resume.com
https://wowjobs.ca
https://apps.apple.com/us/app/%E5%B1%A5%E6%AD%B4%E6%9B%B8%E4%BD%9C%E6%88%90-%E3%82%A4%E3%83%B3%E3%83%87%E3%82%A3%E3%83%BC%E3%83%89/id1484451230
履歴書作成 (Universal Resume) iOS
https://play.google.com/store/apps/details?id=com.indeed.resume
履歴書作成 (Universal Resume) Android
https://apps.apple.com/us/app/indeed-connect-for-employers/id6443822731
Indeed Connect for Employers
https://chromewebstore.google.com/detail/indeed-recruiter-extensio/kiodpphbmnmcmnfgpnmkkhmkllnlflef
Indeed Recruiter Extension (Chrome)
Any host/web property/mobile app verified to be owned by Indeed
https://developers.intercom.com/installing-intercom/docs/about-the-sdk-ios
iOS SDK
https://api.intercom.com
https://api.intercom.io
https://app.intercom.com
*.intercomassets.com / *.intercomcdn.com
https://app.intercom.io/
https://app.intercom.io
https://developers.intercom.com/installing-intercom/docs/about-the-sdk-android
Android SDK
https://www.intercom.com/
https://www.intercom.com
iRobot cloud-connected robot that you own (i.e. j7, s9, i7, 980, 960, 690, Braava, etc.)
https://play.google.com/store/apps/details?id=com.irobot.home
https://itunes.apple.com/us/app/irobot-home/id1012014442?mt=8
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/entitlements/{entitlement_id}
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/notifications/raas
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/users/{user_id}/entitlements
iRobot API Endpoint
https://w2ab2i60y4.execute-api.us-east-1.amazonaws.com/dev/v1/ecommerce/robots/{robot_id}/entitlements
*.jora.com
*.jora.xyz
https://apps.apple.com/us/app/jora-jobs-job-search-app/id917565665
https://play.google.com/store/apps/details?id=com.jora.android&hl=en_US
restaurant-api.takeaway.com
*.lieferando.at
*.yourdelivery.de
*.takeaway.com
*.scoober.com
*.citymeal.com
*.lieferando.de
*.thuisbezorgd.nl
https://itunes.apple.com/us/app/lieferando-de/id419724490?l=es&mt=8
https://play.google.com/store/apps/details?id=com.yopeso.lieferando&hl=en_US
https://takeawaypay.azurefd.net/en/takeawaypay/
*.bistro.sk
*.just-eat.fr
*.eat.ch
*.just-eat.no
*.just-eat.dk
*.pyszne.pl
https://www.justeattakeaway.com
*.justeattakeaway.com
https://www.justeat.it/rider
https://status-takeaway.com/status
https://status-takeaway.com/status.
*.10bis.co.il
https://www.takeaway.com/foodwiki/
www.takeaway.com/foodwiki/
https://www.takeaway.com/drivers
www.takeaway.com/drivers
https://www.takeaway.com/deals
www.takeaway.com/deals
https://www.thuisbezorgd.nl/aanmelden
www.thuisbezorgd.nl/aanmelden
https://shop.thuisbezorgd.nl
shop.thuisbezorgd.nl
https://tv.takeaway.com
tv.takeaway.com
static.thuisbezorgd.nl
dev.takeaway.com/html/
intranet.takeaway.com
atarkasher.co.il
https://brand.takeaway.com
brand.takeaway.com
https://careers.takeaway.com
careers.takeaway.com
https://newsletter.thuisbezorgd.nl
newsletter.thuisbezorgd.nl
https://www.status-takeaway.com/status
www.status-takeaway.com/status
https://www.lieferando.de/thetakeaway/
cloud.update.takeaway.com
cloud.connect.takeaway.com
cloud.connect.justeattakeaway.com
cloud.update.justeattakeaway.com
*.beta.scoober.com
*.just-data.io
https://api.justeat-int.com
*.justeat-int.com
https://www.just-eat.co.uk
*.just-eat.co.uk - UK food ordering
https://www.just-eat.ie
*.just-eat.ie - Ireland food ordering
https://menulog.co.nz
*.menulog.co.nz - New Zealand food ordering
https://menulog.com.au
*.menulog.com.au - Australia food ordering
*.just-eat.com
https://public.je-apis.com
*.je-apis.com - UK legacy API
https://just-eat.it
*.just-eat.it - Italy food ordering
https://just-eat.es
*.just-eat.es - Spain food ordering
https://skipthedishes.com
*.skipthedishes.com - Canada food ordering
https://just-eat.io/
*.just-eat.io
https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1217037/scroll-exporter-extensions?hosting=cloud
https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=cloud
https://marketplace.atlassian.com/apps/7019/scroll-pdf-exporter-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/24982/scroll-word-exporter-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1210818/scroll-versions-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1211616/scroll-translations-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/253/scroll-imagemap-for-confluence?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1215199/backbone-issue-sync-for-jira?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1217608/scroll-documents-for-confluence?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1226295/variants-for-scroll-documents?hosting=datacenter
https://marketplace.atlassian.com/apps/1211636/scroll-viewport-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=cloud
https://marketplace.atlassian.com/apps/1227238/translations-for-scroll-documents?hosting=datacenter
https://marketplace.atlassian.com/apps/420604/scroll-html-exporter-for-confluence?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence
https://marketplace.atlassian.com/apps/1224799/scroll-content-quality-for-confluence?hosting=cloud
https://www.remove.bg
*.remove.bg
https://www.designify.com
*.designify.com
https://www.kaleido.ai
*.kaleido.ai
https://www.unscreen.com
*.unscreen.com
https://www.keepersecurity.com/download.html
Keeper Browser Extension (Chrome, Safari, Firefox, Edge)
Keeper for iOS
https://www.microsoft.com/en-us/p/keeperchat/9pdqtcpn4kxn#activetab=pivot:overviewtab
KeeperChat for Windows
https://keepersecurity.com
Keeper Security Website
Keeper for Mac, PC, Linux
https://keepersecurity.com/vault
Keeper Web Vault (US, EU, AU, CA, JP, GovCloud)
https://docs.keeper.io/keeper-bridge/
Keeper AD / LDAP Bridge
https://apps.apple.com/app/id1216446440
KeeperChat for iOS
https://play.google.com/store/apps/details?id=com.keepersecurity.chat&hl=en_US&gl=US
KeeperChat for Android
https://apps.apple.com/us/app/keeperchat/id1273303729?mt=12
KeeperChat for Mac
https://play.google.com/store/apps/details?id=com.callpod.android_apps.keeper&hl=en_US&gl=US
Keeper for Android
https://docs.keeper.io/kcm
Keeper Connection Manager (KCM)
https://keepersecurity.com/console
Keeper Admin Console (US, EU, AU, CA, JP, GovCloud)
https://docs.keeper.io/en/v/secrets-manager
Keeper Secrets Manager and Keeper Commander APIs
https://docs.keeper.io/sso-connect-guide/
SSO Connect On-Prem
https://docs.keeper.io/sso-connect-cloud/
SSO Connect Cloud and Automator Service
██████████████████████████████████████████
██████████████████████████████████████████████████████████████
https://kw-bugcrowd-pub.bounty.kiteworks.dev/
Kohl’s entire public digital footprint that is not Out-Of-Scope(See list below)
https://www.kohls.com
www.kohls.com
https://www.kohls.com/feature/app.jsp
Kohl\'s Mobile Application for iOS
Kohl\'s Mobile Application for Android
https://kucoin.com
https://apps.apple.com/us/app/kucoin-buy-bitcoin-crypto/id1378956601?mt=8
Kucoin IOS App
https://play.google.com/store/apps/details?id=com.kubi.kucoin
Kucoin Android
https://lastpass.com
https://lastpass.com/misc_download2.php
LastPass browser extensions (Chrome / Safari / Edge / Firefox)
Local computer apps (UWP application / Windows installer (MSI) / MacOS)
https://support.lastpass.com
Workstation MFA (WMFA)
https://blog.lastpass.com
https://admin.lastpass.com
https://auth.lastpass.com
https://accounts.lastpass.com
https://www.lastpass.com
https://play.google.com/store/apps/details?id=com.lastpass.lpandroid
LastPass Password Manager (Android)
https://play.google.com/store/apps/details?id=com.lastpass.authenticator&hl=en_US&gl=US
LastPass Authenticator (Android)
https://apps.apple.com/us/app/lastpass-password-manager/id324613447
LastPass Password Manager (iOS)
https://apps.apple.com/us/app/lastpass-authenticator/id1079110004
LastPass Authenticator (iOS)
https://api.test.latitudefinancial.com
https://master.servicecentre.digitalservicing-np.lfscnp.com/
https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/
https://master.servicecentre-nz.digitalservicing-np.lfscnp.com/
https://28degreescard.com.au
*.28degreescard.com.au
https://buyersedge.co.nz
*.buyersedge.com.au
https://carecredit.com.au
*.carecredit.com.au
https://gemcreditline.co.nz
*.gemcreditline.co.nz
https://gemfinance.co.nz
*.gemfinance.co.nz
https://gemvisa.com.au
*.gemvisa.com.au
*.genoapay.co.nz
*.genoapay.com
https://gomastercard.com.au
*.gomastercard.com.au
https://interestfree.com.au
*.interestfree.com.au
*.latitudefinancial.co.nz
*.latitudefinancial.com
*.latitudefinancial.com.au
https://latitudeinfinity.com.au
*.latitudeinfinity.com.au
*.latitudepay.com.au
*.latitudepay.com
https://umiloans.com.au
*.umiloans.com.au
https://images.latitudepayapps.com/
images.latitudepayapps.com
https://app.latitudepayapps.com/
app.latitudepayapps.com
*.test.*.lfscnp.com
*.dev.*.lfscnp.com
*.sandbox.*.lfscnp.com
*.-np.*.lfscnp.com
https://manager.trial.lsk.lightspeed.app/
https://manager.trial.lsk.lightspeed.app/
https://hq.breadcrumb.com/hq/restaurants/bounty-cafe-2/
https://secure.vendhq.com
secure.vendhq.com
https://developers.vendhq.com/
developers.vendhq.com
https://payment-connectors.vendhq.com/
payment-connectors.vendhq.com
https://www.vendhq.com/
www.vendhq.com
https://store.retail.lightspeed.app
store.retail.lightspeed.app
https://apps.apple.com/us/app/ecwid-ecommerce/id626731456
https://play.google.com/store/apps/details?id=com.ecwid.android&pli=1
https://app.ecwid.com/api/v3/
proxy-production.lime.bike
web-message.lime.bike
web-message-high.lime.bike
https://apps.apple.com/ca/app/lime-supply/id1620058457
Supply iOS
web-production.lime.bike
external-api.lime.bike
Data.lime.bike
https://apps.apple.com/ca/app/lime-ridegreen/id1199780189
Rider iOS
https://play.google.com/store/apps/details?id=com.limebike
Rider Android
https://play.google.com/store/apps/details?id=com.lime.supply&hl=en_US
Supply Android
admintool.lime.bike
juicer.lime.bike
https://data.limeinternal.com
Data portal
help.lime.bike
https://admintool.lime.bike
Admintool
ops.lime.bike
https://lp.lime.bike/
LP dashboard
https://orchard.limeinternal.com
Inhouse deployment pipeline
https://www.li.me/
Lime website
https://gpt.lime.bike
Lime GPT
https://linktr.ee
*.linktr.ee
https://linktree.com
*.linktree.com
https://tr.ee
*.tr.ee
*.linktree-extensions.com
https://odesli.co
*.odesli.co
https://odesli.com
*.odesli.com
https://song.link
*.song.link
https://songlink.io
*.songlink.io
https://album.link
*.album.link
https://artist.link
*.artist.link
https://pods.link
*.pods.link
https://playlist.link
*.playlist.link
https://mylink.page
*.mylink.page
https://*.plannthat.com
plannthat.com
https://linktree.app.link/LinktreeWebsite?utm_medium=Linktree_Footer
Linktree iOS app
Linktree Android app
https://apps.apple.com/au/app/plann-preview-for-instagram/id1106201141
Plann iOS app
https://play.google.com/store/search?q=plann&c=apps
Plann Android app
███████████████
https://play.google.com/store/apps/details?hl=en&id=co.bitx.android.wallet
Luno Android Application
https://apps.apple.com/app/bitx-wallet/id927362479
Luno iOS Application
https://mobileapi.staging.luno.com/
https://staging.luno.com/
https://ajax.staging.luno.com/
https://api.staging.luno.com/
https://app.staging.luno.com/
https://www.crateandbarrel.me
www.crateandbarrel.me
https://api-prod.thatconceptstore.com/
https://apps.apple.com/app/id1503045795
THAT Concept Store iOS
https://play.google.com/store/apps/details?id=com.maf.thatandroid
THAT Concept Store Android
https://thatconceptstore.com
https://www.cb2.ae/en
https://www.allsaints.me/
https://www.lululemon.me
www.lululemon.me
https://lapi.yellowblocks.me
lapi.yellowblocks.me
https://www.shiseido.me/
lego.me
psychobunny.me
fashion4less.me
https://www.sharerewards.com/
https://apps.apple.com/us/app/share-rewards/id1465450657
Share Rewards Programme iOS App
https://play.google.com/store/apps/details?id=com.maf.share&hl=en_US&gl=US
Share Rewards Android App
https://www.vtcprodapi.maf.ae/svc/svcHifi.svc/SaveOCRReceipt
https://production.maf.auth0.com/api/v2/
https://production.maf.auth0.com
https://maf-holding-prod.apigee.net
https://www.malloftheemirates.com
https://play.google.com/store/apps/details?id=com.belongi.moe
https://apps.apple.com/app/mall-of-the-emirates-moe/id1449578693
https://api.mafshoppingmalls.com/
https://www.premogiftcards.com
https://www.premogiftcards.com/
https://identity.majidalfuttaim.com
https://www.simplify.com/commerce/
Simplify Commerce - www.simplify.com/commerce/
https://www.mastercard.us/en-us.html
MasterCard.us - www.mastercard.us/en-us.html
https://www.mastercard.ch/de-ch.html
MasterCard.ch - (German) - www.mastercard.ch/de-ch.html
https://www.mastercard.ch/fr-ch.html
MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html
https://www.mastercard.com.au/en-au.html
MasterCard.com.au - www.mastercard.com.au/en-au.html
https://www.mastercard.nl/nl-nl.html
MasterCard.nl - www.mastercard.nl/nl-nl.html
https://developer.mastercard.com
https://donate.mastercard.com
donate.mastercard.com
https://demo.priceless.com/
Core Priceless.com - demo.priceless.com
https://europe.priceless.com/shb
https://priceless.com/golf/
https://pricelesssurprises.com/
https://priceless.com/aa/
https://priceless.com/aviator/
https://priceless.com/citiaadvantage/
https://performancemarketing.mastercard.com/portal/
https://src.mastercard.com/profile/enroll
https://src.mastercard.com/*
SRC integration on https://masterpassteststore.com/. Only the Masterpass checkout functionality is in scope
Finicity Connect
Finicity- Data Services
Finicity Decisioning
https://www.finicity.com
https://consumer.finicityreports.com
Finicity- Open Banking Payment History application
Finicity - OBB (Open Banking Business Service)
Public Others Target
https://play.google.com/store/search?q=mattermost&c=apps
Mattermost Mobile Android
https://apps.apple.com/us/app/mattermost/id1257222717
Mattermost Mobile iOS
https://mattermost.com/apps/
Mattermost Desktop Apps
https://bugcrowd-*your-own-instance*.cloud.mattermost.com/
https://github.com/mattermost/mattermost-plugin-jira
Mattermost Jira Plugin
https://github.com/mattermost/mattermost-plugin-zoom
Mattermost Zoom Plugin
https://github.com/mattermost/mattermost-plugin-github
Mattermost Github Plugin
https://github.com/mattermost/mattermost-plugin-gitlab
Mattermost Gitlab Plugin
https://github.com/mattermost/mattermost-plugin-calls
Mattermost Calls Plugin
https://github.com/mattermost/mattermost-plugin-playbooks
Mattermost Playbooks Plugin
https://github.com/mattermost/mattermost-plugin-boards
Mattermost Boards Plugin
https://github.com/mattermost/mattermost-plugin-ai
Mattermost Copilot Plugin
https://github.com/mattermost/mattermost-plugin-mscalendar
Mattermost Microsoft Calendar Plugin
https://github.com/mattermost/mattermost-plugin-msteams-meetings
Mattermost Plugin for Microsoft Teams Meetings
██████████████████████████████
██████████████████████████████████
https://identity.monash.edu/
identity.monash.edu
mix.monash.edu
https://connect.monash.edu
connect.monash.edu
https://identity.monash.edu
identity.monash.edu
https://www.monash.edu
monash.edu
https://staff.monash
Staff.monash
http://apps.connect.monash.edu/
apps.connect.monash.edu/
VPN: vpn.monash.edu
eassessment.monash.edu
https://fileshare.ze.monash.edu
fileshare.ze.monash.edu
https://cms.mobile.monash/
cms.mobile.monash
https://mobile.monash/
mobile.monash
https://status.mobile.monash/
status.mobile.monash
https://monashcollege.edu.au
https://online.monash.edu/
https://apps.apple.com/us/app/monash-study/id1462126829
Monash Study iOS App
https://play.google.com/store/apps/details?id=edu.monash.monashmobile
Monash Study Android app
https://myapp.monash.edu/
https://alumni-friends.monash.edu
https://agent.apps.monash.edu/
https://compulsoryunits.monash.edu/
https://monash.app.nutrip.com
monash.app.nutrip.com
https://studentplacements.monash.edu
studentplacements.monash.edu
https://unihub.monash.edu/
unihub.monash.edu
https://interviews.monash.edu/
interviews.monash.edu
https://shop.monash.edu/
shop.monash.edu
https://mlivetickets.monash.edu
mlivetickets.monash.edu
alumni-friends.monash.edu
https://partner.apps.monash.edu
partner.apps.monash.edu
https://play.google.com/store/apps/details?id=com.scu.bsafe
bSafe Android App
https://apps.apple.com/au/app/monash-bsafe/id1462241951
bSafe iPhone App
https://forms.apps.monash.edu/
forms.apps.monash.edu
https://formative.eassessment.monash.edu/
formative.eassessment.monas.edu
https://www.monashprofessional.edu.au/
monashprofessional.edu.au
https://account-registration.monash.edu/
account-registration.monash.edu
http://pay.monashcollege.edu.au/
pay.monashcollege.edu.au
https://evigilation.monash.edu
Monash e-Vigilation
https://student.monash
student.monash
https://mids.monash.edu/
mids.monash.edu
https://ims.monash.edu
ims.monash.edu
https://research.monash.edu/
research.monash.edu
https://researchmgt.monash.edu/
researchmgt.monash.edu
https://move.monash.edu/
move.monash.edu
mix-qat.monash.edu/*
mix-dev.monash.edu/*
https://apps.apple.com/vc/app/moneytree-finance-made-easy/id586847189
Moneytree iOS Mobile Application (production; see below)
https://wwws-staging.moneytree.jp/link/
https://vault-staging.getmoneytree.com
https://redash-staging.getmoneytree.com/
https://app-staging.getmoneytree.com
https://wwws-staging.moneytree.jp/link/mobile/
https://wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh
https://myaccount-staging.getmoneytree.com
https://jp-api-staging.getmoneytree.com
https://jp-api-staging.getmoneytree.com
https://business-staging.getmoneytree.com/
https://play.google.com/store/apps/details?id=jp.moneytree.moneytree&hl=en_AU&gl=US
Moneytree staging Android Mobile Application (see below)
All Motorola Devices running Android 13 and above.
https://staging-prime.navan.com
https://secure.neogov.com
https://login.neogov.com
https://performance.neogov.com
https://learn.neogov.com
https://api.neogov.com
https://onboard.neogov.com
https://unified.neogov.com
https://eforms.neogov.com
https://cdn.neogov.com
https://www.governmentjobs.com
https://analytics.neogov.com
https://powerdms.com/
https://secure.cuehit.net
https://secure.cuehit.net/
https://app.agency360.com
https://app.agency360.com/
https://securesignin.neogov.com
https://securesignin.neogov.com/
https://securesignin.powerdms.com/
https://hr.neogov.com
Nighthawk Pro Gaming Switch
Nighthawk Router
Nighthawk Switch
Nighthawk iOS App
Nighthawk Android App
Orbi
Orbi iOS App
Orbi Android App
Insight Managed Smart Cloud Wireless Access Point
https://api.netgear.com
Insight iOS App
Insight Android App
CHP Cloud Portal
Meural
https://one.newrelic.com
https://play.google.com/store/apps/details?id=com.newrelic.rpm
New Relic Android Application
https://apps.apple.com/ie/app/new-relic/id594038638
New Relic iOS Application
*.nr-data.net
*.nr-ops.net
https://docs.newrelic.com/
https://newrelic.com/
https://newrelic.com/*
https://newrelic.com/blog
https://support.newrelic.com/
https://forum.newrelic.com
https://knowledge.newrelic.com/
https://learn.newrelic.com/
https://developer.newrelic.com/
████████████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Anything Owned by Northwestern Mutual on the Public Internet Not Listed as Out of Scope
216.20.176.0/20
https://northwesternmutual.com
*.northwesternmutual.com
https://*.nml.com
*.nml.com
https://*.nmfn.com
*.nmfn.com
https://play.google.com/store/apps/details?id=com.nm.nm&hl=en_US&gl=US
NM Android Mobile App
https://apps.apple.com/us/app/northwestern-mutual/id1132579006
NM iOS Mobile App
Anything that Clearly Affects Northwestern Mutual But is Not Own by Northwestern Mutual
https://play.google.com/store/apps/details?id=com.nu.production&hl=pt_BR&gl=US&pli=1
Nubank Android: Playstore
https://apps.apple.com/br/app/nubank-conta-e-cart%C3%A3o/id814456780
Nubank iOS App
prod-*.nubank.com.br
prod-*.nu.com.mx
prod-*.nu.com.co
https://nubank.com.br/
*nubank.com.br
https://nubank.com.mx
*nu.com.mx
https://nubank.com.co
*nu.com.co
https://www.nuinvest.com.br/
*.nuinvest.com.br
https://octopus.com/downloads
Octopus Tentacle
Octopus Server
*.octopus.com
https://github.com/OctopusDeploy
Octopus Deploy Git Repo
https://octopus.com
octopus.com
bugcrowd-pam-###.oktapreview.com
bugcrowd-pam-###.pam.oktapreview.com
https://bugcrowd-oie-%username%-1.workflows.oktapreview.com
https://bugcrowd-oie-%username%-2.workflows.oktapreview.com
https://bugcrowd-pam-###.workflows.oktapreview.com
Desktop MFA for Windows
Desktop MFA for macOS
Password Sync for macOS
https://support.okta.com
support.okta.com
bugcrowd-oie-%username%-1.at.oktapreview.com
bugcrowd-oie-%username%-2.at.oktapreview.com
https://bugcrowd-pam-###.at.oktapreview.com
bugcrowd-oie-%username%-1.oktapreview.com
bugcrowd-oie-%username%-2.oktapreview.com
https://bugcrowd-pam-###.oktapreview.com
https://www.okta.com/fastpass/
Okta Verify Fastpass
bugcrowd-oie-%username%-1-admin.oktapreview.com
bugcrowd-oie-%username%-2-admin.oktapreview.com
https://www.okta.com/products/advanced-server-access/
Advanced Server Access (ASA) / (ScaleFT)
http://app.scaleft.com/
https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm
Advanced Server Access Client / Agents
https://apps.apple.com/us/app/okta-verify/id490179405
Okta Verify (iOS)
https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US
Okta Verify (Android)
Okta Verify (Mac OS)
Okta Verify (Windows)
Okta On-Prem Agents ( AD, LDAP, RDP, IWA )
https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm
Okta Agent Windows
https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm
Okta Browser Plugin (IE / Firefox / Chrome)
https://pentest-app.onetrust.com/
https://api.openai.com
api.openai.com
https://chat.openai.com
ChatGPT
ChatGPT Plugins
Third Party Targets
OpenAI API Keys
https://*.openai.org
https://openai.org
*.openai.org
https://openai.com/
openai.com
*.openai.com
https://platform.openai.com/playground
Developer Platform Playground
Other
https://opensea.io/
opensea.io
https://pro.opensea.io/
pro.opensea.io
http://wallets.opensea.io/
https://play.google.com/store/apps/details?id=io.opensea&hl=en_US&gl=US
io.opensea - Android App
https://apps.apple.com/us/app/opensea-nft-marketplace/id1582861796
io.opensea - iOS App
https://github.com/ProjectOpenSea/seaport#deployments
https://etherscan.io/address/0x0000a26b00c1F0DF003000390027140000fAa719
https://etherscan.io/address/0x00005EA00Ac477B1030CE78506496e8C2dE24bf5
Broken Link
https://auth.opera.com
auth.opera.com
https://accounts.opera.com
accounts.opera.com
https://flow.opera.com
flow.opera.com
https://autoupdate.geo.opera.com
autoupdate.geo.opera.com
https://net.geo.opera.com
net.geo.opera.com
https://download.opera.com
download.opera.com
https://speeddials.opera.com
speeddials.opera.com
https://browser-notifications.opera.com
browser-notifications.opera.com
https://www.opera.com/
www.opera.com
https://www.opera.com/computer/thanks?ni=stable&os=windows
Opera PC
https://www.opera.com/computer/thanks?ni=eapgx&os=windows
Opera GX
https://get.geo.opera.com
get.geo.opera.com
https://play.google.com/store/apps/details?id=com.opera.browser
Opera for Android
https://play.google.com/store/apps/details?id=com.opera.app.news
Opera News
https://play.google.com/store/apps/details?id=com.opera.gx
Opera GX for Android
https://play.google.com/store/apps/details?id=com.opera.mini.native
Opera Mini
https://play.google.com/store/apps/details?id=com.opera.app.sports
Apex Football
https://cryptowallet.opera-api.com
cryptowallet.opera-api.com
https://suggestions.opera-api.com
suggestions.opera-api.com
*.opera.software
weather.opera-api.com
push.opera.com
*.osp.opera.software
https://bugs.opera.com/
bugs.opera.com
*.opera.technology
https://gx.games
https://create.gx.games
Loomi.tv
https://features.opera-api.com
features.opera-api.com
https://cdn-store.opera-api.com
cdn-store.opera-api.com
*.sec-tunnel.com
*.opera.com
exchange.opera.com
merchandise.opera-api.com
blocklist.opera-api.com
https://gx.opera-api.com
gx.opera-api.com
37.228.104.0/21
77.111.244.0/22
82.145.208.0/20
91.203.96.0/22
102.23.96.0/22
103.83.120.0/22
107.167.96.0/19
141.0.8.0/21
185.26.180.0/22
195.189.143.0/24
203.89.100.0/22
marketplace.gamemaker.io
*.opera-mini.net
*.opera.news
*.operanewsapp.com
GameMaker Studio 2
*.yoyogames.com
https://www.gamemaker.io
www.gamemaker.io
https://cashback.opera.com/
cashback.opera.com
*.apex-football.com
*.operafootball.com
*.feednews.com
*.dailyadvent.com
api.gx.games/gxc
api.gx.games/dc
api.gx.games/dev
api.gx.games/profile
api.gx.games/session
https://app.opsgenie.com
app.opsgenie.com
https://mobileapp.opsgenie.com
mobileapp.opsgenie.com
*.opsgenie.com
Opsgenie (IoS)
Opsgenie (Android)
https://app.optimizely.com/
https://cdn.optimizely.com/
https://cdn-pci.optimizely.com/
https://optimizely-edge.com
https://api.optimizely.com/
https://dxc.episerver.net/
https://paasportal.episerver.net/
https://paasportal.episerver.net/api/v1.0/
https://app.welcomesoftware.com/
https://accounts.welcomesoftware.com/
https://api.welcomesoftware.com/
https://api.welcomesoftware.com/
https://cdn-app.welcomesoftware.com/
https://analytics.welcomesoftware.com/
https://flags.expeng.optimizely.com
https://accounts.cmp.optimizely.com/
https://orderly.network/
https://api.orderly.org/
https://api-evm.orderly.org/
https://www.originenergy.com.au/
*.origindigital-pac.com.au
*.odcdn.com.au
https://dataportal.originenergy.com.au
dataportal.originenergy.com.au
*.support.originenergy.com.au
*.api.originenergy.com.au
*.download.originenergy.com.au
https://api.rx.originenergy.com.au/v1/gateway/schema/graphql
https://api.rx.originenergy.com.au/v1/gateway/schema/kraken/graphql
https://api.rx.originenergy.com.au/v1/lpg/graphql
https://www.winconnect.com.au/moving-out/
https://www.winconnect.com.au/get-connected/
https://customerportal.winconnect.com.au/login
signup.myconnect.com.au
portal.myconnect.com.au
myconnect.com.au
portal.myconnect.com.au/new-connection
ssu.myconnect.com.au/signup/get-connected
hub.myconnect.com.au
https://dashboard.pantheon.io
https://devstaging.pcapcloud.com/*
https://www.pexels.com/
*.pexels.com
██████████████
api.pinterest.com
*.pinterest.com Web Apps
https://apps.apple.com/us/app/pinterest/id429047995
Pinterest iOS Mobile Application
https://play.google.com/store/apps/details?id=com.pinterest&hl=en_US&gl=US
Pinterest Android Mobile Application
https://play.google.com/store/apps/details?id=com.pinterest.twa&hl=en_US&gl=US
Pinterest Lite Android Mobile Application
https://microsoftedge.microsoft.com/addons/detail/pinterest-save-button/bkgoflemacdadndiohhdnphcmdhacabg
Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b )
https://chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en
Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en)
https://addons.mozilla.org/en-US/firefox/addon/pinterest/
Firefox extension (download at: https://addons.mozilla.org/firefox/addon/pinterest/)
https://github.com/pinterest/
Open source projects(non-forked) listed at github.com/pinterest/
https://pixabay.com/
*.pixabay.com/
https://my.planethoster.com
my.planethoster.com
https://api.planethoster.net
api.planethoster.net
https://world.planethoster.net
world.planethoster.net
https://mg.n0c.com/
https://www.planethoster.com
www.planethoster.com
https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud&tab=overview
https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=cloud
https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/4832/enterprise-mail-handler-for-jira-jemh?hosting=datacenter
*.points.com
PIA VPN servers
https://apps.apple.com/us/app/private-internet-access-anonymous/id955626407
PIA iOS application
https://play.google.com/store/apps/details?id=com.privateinternetaccess.android&hl=en
PIA Android application
https://www.privateinternetaccess.com/download/linux-vpn
PIA Linux application
https://www.privateinternetaccess.com/download/mac-vpn
PIA macOS application
https://www.privateinternetaccess.com/download/windows-vpn
PIA Windows application
https://addons.mozilla.org/en-US/firefox/addon/private-internet-access-ext/
PIA Firefox extension
https://chrome.google.com/webstore/detail/private-internet-access/jplnlifepflhkbkgonidnobkakhmpnmh
PIA Chrome extension
https://addons.opera.com/en/extensions/details/private-internet-access-extension/
PIA Opera extension
PIA APIs
https://www.privateinternetaccess.com/
privateinternetaccess.com
*.privateinternetaccess.com
piaservers.com
https://dealflow.prosus.com
dealflow.prosus.com
https://dealflowapi.prosus.com
dealflowapi.prosus.com
https://analytics-admin.prosus.com
analytics-admin.prosus.com
http://analytics.prosus.com
analytics.prosus.com
https://data.prosus.com/
data.prosus.com
https://hr.prosus.com/
hr.prosus.com
https://tracker.naspers.com/
tracker.naspers.com
https://cfc.naspers.com/
cfc.naspers.com
https://peopleview.naspers.com
peopleview.naspers.com
http://nav.naspers.com/
nav.naspers.com
https://*.quizlet.com
https://itunes.apple.com/us/app/quizlet-flashcards/id546473125
IoS
https://play.google.com/store/apps/details?id=com.quizlet.quizletandroid
Android
3.0 API
api.rapyd.net
https://dashboard.rapyd.net/
dashboard.rapyd.net
verify.rapyd.net
checkout.rapyd.net
*.rapyd.net
*.neatcommerce.com
*.korta.is
*.neattest.com
https://jointhemoment.net/
jointhemoment.net
*.rapyd.com
*.rapyd.org
*.neat.com.hk
*.kortathjonustan.is
*.neat.hk
*.neat.wtf
████████████████
█████████████████
████████████████████
https://rec.net/download
Rec Room PC Standalone App
https://store.steampowered.com/app/471710/Rec_Room/
Steam: PC Game for Windows
https://www.oculus.com/experiences/quest/2173678582678296
Oculus Quest: All-in-one gaming system for VR
https://www.oculus.com/experiences/rift/1257029974329451
Oculus Rift: VR headset
https://www.nintendo.com/us/store/products/rec-room-switch/
Nintendo Switch
https://apps.apple.com/app/id1450306065
iOS
https://play.google.com/store/apps/details?id=com.AgainstGravity.RecRoom
https://store.playstation.com/en-us/product/UP2662-PPSA05532_00-6681199027107223
PlayStation 5
https://store.playstation.com/en-us/product/UP2662-CUSA08481_00-RECROOM000000001
PlayStation 4
https://www.xbox.com/en-us/games/store/rec-room/9pgpqk0xthrz
Xbox
https://recroom.com/studio
Rec Room Studio
https://rec.net/
https://*.rec.net/*
https://api.rec.net
https://api.rec.net/
https://devportal.rec.net/
SAP SuccessFactors
SAP S/4HANA Cloud Public Edition
SAP S/4HANA Cloud Private Edition
SAP Integrated Business Planning for Supply Chain
SAP Cloud ALM
SAP Customer Data Cloud portfolio from Gigya
SAP S/4HANA migration cockpit
SAP Risk and Assurance Management
SAP Order Management for Sourcing and Availability
SAP Continuous Integration and Delivery
SAP Business Network for Logistics
SAP Order Management foundation
SAP Signavio
SAP Revenue Growth Optimization
SAP Enable Now
SAP Omnichannel Promotion Pricing
https://api.thesecurityteam.rocks
api.thesecurityteam.rocks
https://api.anytask.thesecurityteam.rocks
api.anytask.thesecurityteam.rocks
https://anytask.thesecurityteam.rocks
anytask.thesecurityteam.rocks
https://my.thesecurityteam.rocks
my.thesecurityteam.rocks
https://github.com/electroneum/electroneum/
Legacy Blockchain
https://legacy-blockexplorer.electroneum.com
Legacy Block Explorer
https://public.thesecurityteam.rocks/resources/app/android/etnapp-5.2.2-staging.apk
Staging Electroneum Android App
*.seek.com.au
https://seekcdn.com
https://apps.apple.com/au/app/seek-jobs-job-search/id520400855
SEEK mobile app for iOS
https://play.google.com/store/apps/details?id=au.com.seek&hl=en_AU&gl=US
SEEK mobile app for Android
*.skinfra.xyz
*.outfra.xyz
*.sol-data.com
*.jobapi.net
*.seekpass.co
*.seekpass-staging.com
*.aips-internal.com
*.certsy.com
*.certsynonprod.com
https://apps.apple.com/au/app/certsy/id1617796159
SEEK Pass Mobile App for iOS
https://play.google.com/store/apps/details?id=com.certsy.app
SEEK Pass Mobile App for Android
https://graphql.seek.com
graphql.seek.com
https://auth.seek.com
auth.seek.com
https://dashboard.sendbird.com/
https://dashboard.sendbird.com
https://gate.sendbird.com
https://api-{app-id}.sendbird.com
https://ws-{app-id}.sendbird.com
https://desk-api-{region}.sendbird.com
https://ws-{app-id}.calls.sendbird.com
https://api-{app-id}.calls.sendbird.com
https://api-{app-id}.notifications.sendbird.com
https://sendbird.com/docs
https://sendbird.com
https://1shoppingcart.com
1shoppingcart.com
https://mcssl.com
mcssl.com
*.mcssl.com
https://www.skroutz.gr/
Skyscanner iOS App
Skyscanner Android App
gateway.skyscanner.net/*
skyscanner.net/hotels/book/*
skyscanner.net/*
partnerportal.skyscanner.net/*
*.skyscanner.net
Skyscanner Android app
Skyscanner iOS app
AWS Infrastructure
https://smartmockups.com/
*.smartmockups.com/
https://snapnames.com/
https://www.namejet.com/
https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial
Intercept X Endpoint (Windows) - Zero-click RCE
https://central.sophos.com/
Sophos Central (Production) - Special Target
Sophos Firewall (XG/XGS, SFOS) - Pre-auth RCE
https://central.sophos.com
Sophos Central (Production)
https://www.sophos.com/en-us/products/next-gen-firewall
Sophos Firewall (XG/XGS, SFOS)
https://www.sophos.com/en-us/products/endpoint-antivirus/free-trial
Intercept X Endpoint (Windows)
Intercept X Endpoint (MacOS)
Intercept X Endpoint (Linux)
https://www.sophos.com/en-us/products/mobile-control/free-trial
Intercept X Mobile (iOS)
Intercept X Mobile (Android)
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/Integrations/Sophos/NDR/index.html
Sophos NDR Appliances (NDR, Investigation Console)
https://www.sophos.com/en-us/products
Other Sophos Appliances (RED, Switch, Access Points, ...)
https://www.sophos.com/
Sophos-owned IT infrastructure (*.sophos.com)
3rd party services hosted at *.sophos.com
Sophos IT Infrastructure (all other Sophos domains)
Any Other Sophos Product or Service
https://play.google.com/store/apps/details?id=com.soundcloud.android&hl=en&gl=US
SoundCloud Android app
https://soundcloud.com
soundcloud.com
*.soundcloud.org
*.s-cloud.net
https://apps.apple.com/us/app/soundcloud-music-audio/id336353151
SoundCloud iOS app
https://connect.soundcloud.com
*.soundcloud.com
*.services.repostnetwork.com
api-*.soundcloud.com
http://artists.soundcloud.com/
artists.soundcloud.com
https://soundcloud.org
soundcloud.org
SpaceX and Starlink assets (target information and rewards detailed above on the brief)
*.square.com
*.squareup.com
https://square.online
square.online
https://www.weebly.com/
weebly.com
https://play.google.com/store/apps/details?id=com.squareup&hl=en_US&gl=US
Square Point of Sale Mobile Application for Android
https://apps.apple.com/us/app/square-point-of-sale-pos/id335393788
Square Point of Sale Mobile Application for iOS
Square Register
Square Terminal
███████████████████████████████████████
█████████████████████████████████
████████████████████████████████████
███████████████████████████████
https://manage.statuspage.io
manage.statuspage.io
*.statuspage.io
Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against
https://www.driveuconnect.com
www.driveuconnect.com
https://www.driveuconnect.eu
www.driveuconnect.eu
https://play.google.com/store/apps/details?id=com.acn.uc&hl=en
https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect
https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8
https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8
https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8
https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1214110/courses-and-quizzes-lms-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=cloud
https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=server
https://marketplace.atlassian.com/apps/1210934/awesome-graphs-for-bitbucket?hosting=datacenter
https://marketplace.atlassian.com/apps/1222084/spreadsheet-issue-field-editor?hosting=cloud
https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=datacenter
https://marketplace.atlassian.com/apps/27447/table-filter-and-charts-for-confluence?hosting=server
https://marketplace.atlassian.com/apps/1212507/smart-attachments-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1212531/customer-case-jira-support-feedback?hosting=cloud
https://marketplace.atlassian.com/apps/1210766/teamcity-integration-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1214971/handy-macros-for-confluence?hosting=cloud
https://marketplace.atlassian.com/apps/1222102/webhook-manager-for-confluence-cloud?hosting=cloud
https://marketplace.atlassian.com/apps/1222001/employee-performance-ratings?hosting=cloud
https://marketplace.atlassian.com/apps/1224994/poll-maker-for-confluence?hosting=cloud
Self Register Account on T-Mobile Microsoft Entra ID
Cellular Network Auth Bypass via Web/Mobile App
T&P Servers
Internal Server via Internet Network
https://portal.lrs.t-mobile.com
portal.lrs.t-mobile.com
https://account.t-mobile.com
account.t-mobile.com
https://metrobyt-mobile.com
metrobyt-mobile.com
https://sprint.com
sprint.com
https://t-mobile.com
t-mobile.com
https://api.t-mobile.com
*.api.t-mobile.com
https://tfb.t-mobile.com
tfb.t-mobile.com
https://devedge.t-mobile.com
devedge.t-mobile.com
https://tess.service-now.com
tess.service-now.com
https://digits.t-mobile.com
digits.t-mobile.com
*.t-mobile.com
*.metrobyt-mobile.com
*.sprint.com
Assets labeled as in-scope
https://apps.apple.com/us/app/t-mobile/id561625752
T-Mobile - iOS
https://play.google.com/store/apps/details?id=com.tmobile.pr.mytmobile
T-Mobile - Android
https://apps.apple.com/us/app/syncup-drive/id1576574297
SyncUP DRIVE - iOS
https://play.google.com/store/apps/details?id=com.tmobile.drive
SyncUP DRIVE - Android
https://apps.apple.com/us/app/syncup-kids/id1503394062
SyncUP KIDS - iOS
https://play.google.com/store/apps/details?id=com.tmobile.kids
SyncUP KIDS - Android
https://apps.apple.com/us/app/syncup-tracker/id1526380335
SyncUP TRACKER - iOS
https://play.google.com/store/apps/details?id=com.tmobile.syncuptag
SyncUP TRACKER - Android
https://digits.t-mobile.com/
DIGITS - Mobile & Desktop
https://apps.apple.com/us/app/t-life-t-mobile-tuesdays/id1111876388
T-Life - iOS
https://play.google.com/store/apps/details?id=com.tmobile.tuesdays&hl=en_US&gl=US
T-Life - Android
https://biocorellc.com
https://tempus-ex.com
https://infiniteathlete.ai
https://platform.infiniteathlete.ai
https://docs.tempus-ex.com
https://github.com/tempus-ex
*.tesla.cn
*.tesla.services
https://apps.apple.com/us/app/tesla/id582007913
Official Tesla iOS apps
*.tesla.com
*.teslamotors.com
Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.)
*.solarcity.com
*.teslainsuranceservices.com
https://play.google.com/store/apps/details?id=com.teslamotors.tesla&hl=en_US&gl=US
Official Tesla Android apps
Tesla Energy hardware you own
Tesla vehicle hardware that you own
https://www.thefork.com/
https://m.thefork.com
https://blog.thefork.com/
https://api.thefork.com
https://api.lafourchette.com
https://review-api.lafourchette.com
https://google-reserve-api.thefork.io
https://google-reserve-api.thefork.io
https://m-api.lafourchette.com
https://play.google.com/store/apps/details?id=com.lafourchette.lafourchette
The Fork Android App
https://apps.apple.com/app/thefork-restaurants-bookings/id424850908
The Fork iOS App
https://*.tools.thefork.tech
*.tools.thefork.tech
https://www.restaurant-information.com
www.restaurant-information.com
https://widget.thefork.com
widget.thefork.com
https://api.thousandeyes.com/
https://app.thousandeyes.com/
https://www.thousandeyes.com/
ThousandEyes Enterprise Agent
ThousandEyes Endpoint Agent
https://tidal.com/
*.tidal.com
*.wimpmusic.com
*.tidalhifi.com
api.tidal.com
*tidalhi.fi
*.tdl.sh
Tidal Client for iOS
Tidal Client for Android
https://offer.tidal.com/download
Tidal Desktop Client
Tidal Official Clients (e.g. Sonos integration, Tesla integration, etc.)
trello.com
api.trello.com
*.trello.services
Trello Desktop Client
Trello Mobile App for Android
Trello Mobile App for iOS
https://butlerfortrello.com/
Butler for Trello
https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up
Calendar Power-Up
https://trello.com/power-ups/55a5d917446f517774210012/card-aging
Card Aging Power-Up
https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits
List Limits Power-Up
https://trello.com/power-ups/55a5d917446f517774210013/voting
Voting Power-Up
https://trello.com/power-ups/6052d130068a8c0de7b022b4
Microsoft Teams Integration
Trello Third Party Powerups
https://api.production.cde.tamg.cloud
api.production.cde.tamg.cloud
https://partnerapi.tapayments.com
partnerapi.tapayments.com
https://partnerapi1.tapayments.com
partnerapi1.tapayments.com
https://partnerapi2.tapayments.com
partnerapi2.tapayments.com
https://walletproxy.tapayments.com
walletproxy.tapayments.com
https://walletproxy1.tapayments.com
walletproxy1.tapayments.com
https://walletproxy2.tapayments.com
walletproxy2.tapayments.com
https://www.tripadvisor.com
www.tripadvisor.com
Localized versions of www.tripadvisor.com available from the site\'s header or footer
https://api.tripadvisor.com
api.tripadvisor.com
https://service.platform.tripadvisor.com
service.platform.tripadvisor.com
https://gwapi.tripadvisor.com
gwapi.tripadvisor.com
https://gwapi1.tripadvisor.com
gwapi1.tripadvisor.com
https://gwapi2.tripadvisor.com
gwapi2.tripadvisor.com
Any publicly accessible Tripadvisor web asset or host (domains, ip space, etc) - except for assets listed as Out-of-Scope below.
Tripadvisor Android App
Tripadvisor iOS App
https://rentals.tripadvisor.com
rentals.tripadvisor.com
https://*.vacationhomerentals.com
*.vacationhomerentals.com
https://*.holidaylettings.com
*.holidaylettings.com
https://*.flipkey.com
*.flipkey.com
https://*.niumba.com
*.niumba.com
https://*.housetrip.com
*.housetrip.com
https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8
Tripadvisor Owner APP (https://itunes.apple.com/us/app/vacation-rentals-owner-app-by-tripadvisor/id1045663228?mt=8)
http://marlo.ext.tripadvisor.com
marlo.ext.tripadvisor.com
https://*.bokundemo.com
*.bokundemo.com
https://*.bokuntest.com
*.bokuntest.com
https://www.20min.ch
https://coral.20min.ch/
https://cm.20min.ch/
https://api.20min.ch/
https://videoplayer.20min.ch
https://partner-feeds.20min.ch
https://screenplayer.20min.ch
https://audio.20min.ch/
https://audio.20min.ch
https://api.twilio.com
api.twilio.com
Twilio APIs
https://tsock.us1.twilio.com
tsock.us1.twilio.com
*.sip.*.twilio.com
https://www.twilio.com/blog/get-started-webrtc
Twilio WebRTC Client
https://www.twilio.com/wireless
Twilio Wireless
https://www.twilio.com/docs/libraries
Twilio SDKs
https://www.twilio.com/console
Twilio Console
Twilio Helper Libraries
Twilio CDNs (static*.twilio.com)
https://twilio.com/blog
twilio.com/blog
https://build.twilio.com/s/
https://sendgrid.com
https://app.sendgrid.com/
https://signup.sendgrid.com/
https://api.sendgrid.com
api.sendgrid.com
https://mc.sendgrid.com/
smtp.sendgrid.net
https://authy.com/download/
Authy iOS app
Authy Android App
Authy Desktop app
https://www.twilio.com/authy
Twilio Authy - https://api.authy.com
https://www.twilio.com/docs/verify/api
Twilio Verify - https://verify.twilio.com
https://www.twilio.com/docs/authy/api
Twilio Authy API
https://www.twilio.com/docs/authy/api/dashboard
Twilio Authy Dashboard API
Any host/web property verified to be owned by Twilio
https://app.segment.com/
app.segment.com
https://api.segment.io/
api.segment.io
https://segment.com/docs/sources/
Source code of Website, Mobile, or Server Libraries (https://segment.com/docs/sources/)
Any host / web property verified to be owned by Segment (domains/IP space/etc.)
https://opendata-demo.test-socrata.com
https://opendata.test-socrata.com
https://opendata.test-socrata.com/admin/gateway
https://mintmobile.com
https://www.mintmobile.com
https://ultramobile.com
https://www.ultramobile.com
https://web-retailer-portal.ultramobile.com
Web Retailer Portal
https://www.underarmour.com
www.underarmour.com
https://www.underarmour.co.uk
www.underarmour.co.uk
https://apps.apple.com/us/app/under-armour/id1092704571
UA Shop iOS
https://play.google.com/store/apps/details?id=com.ua.shop&hl=en
UA Shop Android
https://api.shop.ua.com/graphql
https://www.underarmournext.co.uk/
https://underarmournext.com/
https://*.api.ua.com/
*.api.ua.com
https://consumer-sustainability.underarmour.com/en
https://apphouse.underarmour.com/
apphouse.underarmour.com
http://ourhouse.underarmour.com/
ourhouse.underarmour.com
https://transfer.underarmour.com/
transfer.underarmour.com
https://vpe-us.underarmour.com/
vpe-us.underarmour.com
https://snc.underarmour.com/
snc.underarmour.com
https://snctest-s.underarmour.com/
snctest-s.underarmour.com
https://snctest-c.underarmour.com/
snctest-c.underarmour.com
https://supplier.underarmour.com/
supplier.underarmour.com
https://vtxapp9p.underarmour.com/
vtxapp9p.underarmour.com
https://vtxapp9q.underarmour.com/
vtxapp9q.underarmour.com
https://vtxapp9d.underarmour.com/
vtxapp9d.underarmour.com
https://vtxappd.underarmour.com/
vtxappd.underarmour.com
204.29.196.0/23
3.223.149.182
3.230.219.249
34.237.130.2
34.239.5.227
52.220.158.49
52.76.174.107
52.67.69.35
52.44.176.187
52.86.17.52
54.83.32.16
13.58.121.166
3.133.230.28
3.19.172.158
https://id.unity.com
id.unity.com
https://api.unity.com
api.unity.com
https://cloud.unity.com
cloud.unity.com
https://store.unity.com
store.unity.com
https://pay.unity.com
pay.unity.com
https://syncsketch.dev
syncsketch.dev
player-login.unity.com
https://unity3d.com/get-unity/download/archive
Latest Supported LTS versions of the Unity Editor ( 2020.x / 2021.x / 2022.x )
https://unity3d.com/get-unity/download
Unity Hub
https://www.upwork.com
www.upwork.com
Upwork - Android Application
Upwork - iOS Application
Upwork Dash Messenger Desktop Version (www.upwork.com/downloads)
www.upwork.com/api
Direct Contracts
api.upwork.com/graphql
Upwork - Marketplace Portal
Upwork - Messages
Upwork - Mobile Application IOS
Upwork - Mobile Application Android
Upwork - api.upwork.com/graphql
https://www.usaa.com
usaa.com
https://mobile.usaa.com
mobile.usaa.com
https://api.usaa.com/
api.usaa.com
https://partners.usaa.com
partners.usaa.com
https://play.google.com/store/apps/details?id=com.usaa.mobile.android.usaa&hl=en
USAA Mobile Application for Android
https://apps.apple.com/us/app/usaa-mobile/id312325565
USAA Mobile Application for iOS
https://aemdam.usaa360.com/
aemdam.usaa360.com
https://api-a.usaa.com
api-a.usaa.com
https://authn.usaa.com/
authn.usaa.com
https://b2bapi-a.usaa.com
b2bapi-a.usaa.com
https://b2bapi.usaa.com
b2bapi.usaa.com
https://b2blsapi-a.usaa.com
b2blsapi-a.usaa.com
https://b2blsapi.usaa.com
b2blsapi.usaa.com
https://content.usaa.com
content.usaa.com
https://d1.utv.usaa.com
d1.utv.usaa.com
https://d2.utv.usaa.com
d2.utv.usaa.com
https://externalconnect.usaa.com/
externalconnect.usaa.com
https://guest.usaa.com/
guest.usaa.com
https://l.usaa.com/
l.usaa.com
https://liveassist.usaa.com/
liveassist.usaa.com
https://liveassist11.usaa.com/
liveassist11.usaa.com
https://liveassist12.usaa.com/
liveassist12.usaa.com
https://liveassist21.usaa.com/
liveassist21.usaa.com
https://liveassist22.usaa.com/
liveassist22.usaa.com
https://liveassist23.usaa.com
liveassist23.usaa.com
https://liveassist24.usaa.com
liveassist24.usaa.com
https://mapi-a.usaa.com
mapi-a.usaa.com
https://mapi.usaa.com/
mapi.usaa.com
https://mguest.usaa.com/
mguest.usaa.com
https://mobileapps.usaa.com/
mobileapps.usaa.com
https://mstatic.usaa.com
mstatic.usaa.com
https://mydesktop.usaa.com
mydesktop.usaa.com
https://myvpn.usaa.com
myvpn.usaa.com
https://nice.wfmusaa.com
nice.wfmusaa.com
https://nvoice.usaa.com/
nvoice.usaa.com
https://s.usaa.com/
s.usaa.com
https://s1.utv.usaa.com
s1.utv.usaa.com
https://s2.utv.usaa.com
s2.utv.usaa.com
https://securemail.usaa.com
securemail.usaa.com
https://static.usaa.com
static.usaa.com
https://www.usaainsurance.com/
usaainsurance.com
https://utv.usaa.com
utv.usaa.com
https://v.utv.usaa.com
v.utv.usaa.com
https://vendorss.usaa.com
vendorss.usaa.com
https://vlagg.usaa.com
vlagg.usaa.com
https://vlapi.usaa.com
vlapi.usaa.com
https://webmail.usaa.com
webmail.usaa.com
https://ws.usaa.com
ws.usaa.com
https://wsmbr.usaa.com/
wsmbr.usaa.com
epptool-ctld.verisign-grs.com (EPP service; DNS related)
a.root-servers.net (DNS service; DNS related)
j.root-servers.net (DNS service; DNS related)
*.gtld-servers.net (DNS service; DNS related)
https://www.verisign.com
www.verisign.com (Website; non-DNS related)
https://youcouldbe.com
*.youcouldbe.com
https://blog.verisign.com
blog.verisign.com (Website; non-DNS related)
https://namestudioforsocial.com/
*.namestudioforsocial.com
https://namestudio.com
*.namestudio.com
*.verisign.com
*.verisign-grs.com (DNS service; DNS related)
https://apps.apple.com/us/app/viator-tours-activities/id434832826
iOS Viator Tours & Activities App
https://play.google.com/store/apps/details?id=com.viator.mobile.android&hl=en_US&gl=US
Android Viator Tours & Activities App
https://supplier.viator.com/
https://viatorapi.viator.com/service/directory
https://www.toursgds.com/
https://www.toursgds.com/ToursGdsService?wsdl
https://www.toursgds.com/SupplierService?wsdl
https://partners.viator.com
https://travelagents.viator.com
travelagents.viator.com
https://help.supplier.viator.com/en
https://kiwi.partner.viator.com
kiwi.partner.viator.com
https://*.viatorinc.com
*.viatorinc.com
https://selector.viator.com
selector.viator.com
https://partnerhelp.viator.com/
partnerhelp.viator.com/
https://*.viator.com
*.viator.com
Vox Cinemas iOS
Vox Cinemas Android
https://uae.voxcinemas.com/
https://www.skidxb.com/
https://www.magicplanetmena.com/
https://www.web.com
www.web.com
http://www.register.com
www.register.com
https://www.networksolutions.com
www.networksolutions.com
https://uk.web.com
uk.web.com
https://www.bluehost.com/
https://www.hostgator.com/
██████████████████████████████████████
██████
█████████████████████████████████████████████████████████████████████████
https://transferwise.com
transferwise.com
*.transferwise.com
https://wise.com
wise.com
*.wise.com
https://apps.apple.com/us/app/wise-ex-transferwise/id612261027
Latest version of Wise iOS App
https://play.google.com/store/apps/details?id=com.transferwise.android&hl=en_US&gl=US
Latest version of Wise Android App
AWS infrastructure and services in use by Wise (eg: S3 buckets)
https://github.com/transferwise/*
github.com/transferwise/*
https://api.woox.io/
https://woox.io/
https://play.google.com/store/apps/details?id=network.woo.mobile&hl=en&gl=US&pli=1
WOO X: Buy Crypto & BTC (Android)
https://apps.apple.com/mt/app/woo-x-buy-crypto-btc/id1576648404
WOO X: Buy Crypto & BTC (IOS)
Any Worldpay asset is in scope
https://auth.wyze.com
https://my.wyze.com
https://api.wyzecam.com
Wyze Cam V3
https://home.xfinity.com
Home.xfinity.com (see below)
Internet.xfinity.com
*-cvr-aws-*.sys.comcast.net
*signalservice.comcast.net
*.dh-commerce.com
*.ssr.ccp.xcal.tv
orc-xfi.com
*.xfiplatform.com
https://apps.apple.com/us/app/xfinity/id1178765645
Xfinity Home iOS mobile app
Xfinity iOS mobile app
https://play.google.com/store/apps/details?id=com.xfinity.digitalhome&hl=en_US&gl=US
Xfinity Home Android mobile app
Xfinity Android mobile app
xhomeapi-*.codebig2.net
xhomeapi-*.cloud.comcast.net
Xfinity Home Hardware (items listed below in brief)
Xfinity Home cameras
speedtest.xfinity.com
siorc.xfinity.com
smartinet.xfinity.com
gw.api.dh.comcast.com
xFi Gateways (e.g., XB3, XB6, XB7)
xFi Pods
https://csp-prod.codebig2.net
csp-pci.prod.codebig2.net
aiq-prod.codebig2.net
*.xfinityhome.com
https://bc.yieldstreet.net
bc.yieldstreet.net
staging-app.bany.dev
share.acorns.com
grow.acorns.com
store.acorns.com
https://afterpaytechblog.com
afterpaytechblog.com
https://genderfree.afterpay.com
genderfree.afterpay.com
https://www.moneybyafterpay.com/
moneybyafterpay.com
aquarium.aiven.io
uptime.aiven.io
video.aiven.io
https://aiven.io/community
aiven.io/community
https://aiven.io/contact
aiven.io/contact
Customer services you did not create
*.aiven.fi
github.com/Aiven-Labs
*.avns.net
https://events.aiven.io
events.aiven.io
ideas.aiven.io
https://aivenhelp.zendesk.com
aivenhelp.zendesk.com
https://support.aiven.io
support.aiven.io
Creation of support tickets
https://regatta.aiven.io/
regatta.aiven.io
Microsoft Azure B2C
null
Commonwealth Bank - CommWeb
MasterCard MPGS
First Data xTP
SendGrid
Twilio
Diebold Nixdorf Services - *.dieboldnixdorf.com
*.arubanetworks.com not in scope above - see in scope
*.hpe.com
http://outdoorplanner.arubanetworks.com/
*.atl.arubanetworks.com
*.getaws.arubanetworks.com
asp-notifications.arubanetworks.com
quickconnect.arubanetworks.com
community.arubanetworks.com
https://*.iot.developer.arubanetworks.com
*.iot.developer.arubanetworks.com
innovate.arubanetworks.com
*.isb.arubanetworks.com
enews.arubanetworks.com
sirt.arubanetworks.com
*.arubademo.net
news.arubanetworks.com
demos.arubanetworks.com
supportcase.arubanetworks.com
https://community.arubainstanton.com/home
community.arubainstanton.com
action.arubainstanton.com
chat.arubainstanton.com
asp.arubanetworks.com
lms.arubanetworks.com
afp.arubanetworks.com
csaf.arubanetworks.com
Other subdomains of asana.com
Social engineering against Asana Support or Asana Employees
jira*.integrations.asana.plus
asana.okta.com
assets.asana.biz
Forms that you do not own
Any internal or development services.
https://bugcrowd.com/atlassianapps
First and third party apps and plugins from the marketplace are excluded from this bounty but may be in scope for https://bugcrowd.com/atlassianapps
https://shop.atlassian.com
shop.atlassian.com
bytebucket.org
*.bitbucket.io
https://blog.bitbucket.org
HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile)
Stride (inc. Stride Video, Stride Desktop, Stride Mobile)
https://support.atlassian.com
support.atlassian.com
Any customer instance. Do not test customer instances or affect customer data. Customer cloud instances may be in the form of <customer>.atlassian.net or <customer>.jira.com. Test only your own instances.
Any repository that you are not an owner of - do not impact Atlassian customers in any way.
https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud
Halp - Slack and Microsoft Teams Jira Integration - Cloud - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=cloud
https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud
Confluence Slack Automation Integration by Halp - Cloud - https://marketplace.atlassian.com/apps/1222365/halp-answers-for-confluence-in-slack?hosting=cloud
https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server
Halp - Slack and Microsoft Teams Jira Integration - Server - https://marketplace.atlassian.com/apps/1220442/halp-two-way-slack-integration-for-jira?hosting=server
https://trello.com/power-ups/55a5d917446f517774210011/calendar-power-up
Calendar Power-Up
https://trello.com/power-ups/5c2462c384ab8949b1724a20/list-limits
List Limits Power-Up
https://trello.com/power-ups/55a5d917446f517774210012/card-aging
Card Aging Power-Up
https://trello.com/power-ups/55a5d917446f517774210013/voting
Voting Power-Up
https://marketplace.atlassian.com (Website)
https://trello.com/power-ups/*
https://blog.aurory.io
https://docs.aurory.io/
australiansuper.atlassian.net
australiansuper.sharepoint.com
*.australiansuper.com
auth0.auth0.com
manage.auth0.com
accounts.auth0.com
webtask.io
phenix.rocks
Auth0 Docs (including quickstarts)
sharelock.io
goextend.io
https://support.auth0.com/tickets/new
support.auth0.com
community.auth0.com
https://www.youporn.com/information/#support
*.pornhub.com/live
*.pornhub.com/insights
*.pronstore.com
*.pornhub.com/jobs
*.pornhub.com/sex
*.redtube.com
*.redtubepremium.com
*.pornhub.com
*.pornhubpremium.com
cms.pornhub.com
cms.redtube.com
*.youporn.com
*.youpornpremium.com
http://*.pornmd.com
*.youporn.com/world
blog.tube8.com
http://www.tube8.com/contact.html
*.thumbzilla.com
*.pornhubapparel.com
*.pornhub.org
www.tube8vip.com
https://www.trafficjunky.com/blog/
https://www.adultforce.com/#/blog/
*.<not-researcher-store>.mybigcommerce.com
support.bigcommerce.com
partners.bigcommerce.com
start.bigcommerce.com
grc.bigcommerce.com
careers.bigcommerce.com
events.bigcommerce.com
security.bigcommerce.com
partnernews.bigcommerce.com
content.product.bigcommerce.com
dam.bigcommerce.com
jobs.coinmarketcap.com
support.binance.*
binance.sg
*.trustwallet.com
*.trustwalletapp.com
*.binance.org
blog.coinmarketcap.com
support.coinmarketcap.com
blockchain.coinmarketcap.com
*.coinmarketcap.com
partner-marketing.bitdefender.com/
businessinsights.bitdefender.com
businessemail.bitdefender.com
businessresources.bitdefender.com
oemhub.bitdefender.com
oemresources.bitdefender.com
community.bitdefender.com/
resellerportal.bitdefender.com/
brand.bitdefender.com/
stats.bitdefender.com/
sstats.bitdefender.com/
lsems.gravityzone.bitdefender.com/
ssems.gravityzone.bitdefender.com/
https://crp.bitdefender.com
crp.bitdefender.com
https://telcosuccess.bitdefender.com
telcosuccess.bitdefender.com
demo.bitdefender.com
Bitdefender Central (iOS App)
Bitdefender Central (Android App)
central.bitdefender.com
https://support.bitpanda.com
https://maintenance.bitpanda.com
https://beta.bitpanda.com
https://developers.bitpanda.com
http://partners.whitelabel.bitpanda.com/
http://status.bitpanda.com
https://requests.bitpanda.com
https://*.exchange.bitpanda.com
*.exchange.bitpanda.com
https://perps-test.bitstamp.net
https://*.appboy.com/
*.appboy.com
https://*.braze.eu/
*.braze.eu
https://*.braze.com/
*.braze.com
Any Braze Owned Host not listed as in Scope
bugcrowd*.freshdesk.com
https://www.bugcrowd.com
www.bugcrowd.com
blog.bugcrowd.com
researcherdocs.bugcrowd.com
pages.bugcrowd.com
forum.bugcrowd.com
email.bugcrowd.com
email.forum.bugcrowd.com
https://go.bugcrowd.com
go.bugcrowd.com
events.bugcrowd.com
https://assetinventory.bugcrowd.com
assetinventory.bugcrowd.com
https://community.bugcrowd.com
community.bugcrowd.com
trust.bugcrowd.com
https://*.bullish.com
*.bullish.com
https://simnext.bullish-test.com
*.bullish.com/
███████████████████████████
████████████████████████████████████████████████████
█████████████████████
*.0.canva.cn
*.0.canva-apps.cn
https://cwingsfe.mafrservices.com/login
https://subs.foreignaffairs.com
https://subscribe.foreignaffairs.com
https://world101.cfr.org/
https://modeldiplomacy.cfr.org
merakipartners.com
developers.meraki.com
smhelp.meraki.com
community.meraki.com
community-staging.meraki.com
*.cisco.com
meraki.cisco.com/form/contact
Customer API Keys
Meraki MC Phones
documentation.meraki.com
New support cases, Chat, Request new integration form
Share feedback form
Vulnerability scanners
https://learn.clickhouse.com/
learn.clickhouse.com
https://support.cloudinary.com
wiki.cloudinary.com
hourofcode.com
advocacy.code.org
https://www.coindesk.com/
coindesk.com
https://uat.coindesk.com/indices
CoinDesk Indices
https://uat.coindesk.com/events
CoinDesk Events
https://events.coindesk.com
Production CoinDesk Events
https://consensus2023.coindesk.com/
Consensus2023 Site
https://consensus2024.coindesk.com/
Consensus2024 Site
https://consensus2025.coindesk.com/
Consensus2025 Site
https://consensus-hongkong2025.coindesk.com/
Consensus HK Site
https://uat.coindesk.com/
uat.coindesk.com
https://uat.accounts.coindesk.com
uat.accounts.coindesk.com
*.hfc.comcastbusiness.net
*.hsd1.*.comcast.net
*business.comcast.com
10.0.0.0/8
50.128.0.0/12
50.152.0.0/13
96.201.0.0/16
96.202.128.0/17
96.203.0.0/16
172.26.128.0/18
184.112.0.0/13
184.122.0.0/15
NBC Universal
Sky
*.sys.comcast.net
admin.selectwifi.xfinity.com
https://www.comcastbiz.net/
Comcastbiz.net
*.contrast.ninja
Any Contrast Corporate Asset
runner.contrastsecurity.com
https://status.contrastsecurity.com
status.contrastsecurity.com
https://www.facebook.com/contrastsec/
Contrast Official Facebook Account
https://www.twitter.com/contrastsec/
Contrast Official Twitter Account
https://twitter.com/ContrastEMEA/
Contrast Official Twitter EMEA Account
https://www.twitter.com/ContrastSecHelp/
Contrast Official Twitter Help Account
https://www.youtube.com/channel/UColYZvBpgxXaLlqD2E4QC0g
Contrast Official Youtube Account
https://www.linkedin.com/company/contrast-security
Contrast Official Linkedin Account
https://www.instagram.com/contrast__security/
Contrast Official Instagram Account
Purposefully Vulnerable WebGoat Application
WebGoat with Contrast Agent
https://console.delltechnologies.com/
https://console.delltechnologies.com/nav/catalog
https://console.delltechnologies.com/nav/support
https://console.delltechnologies.com/nav/subscriptions
educate.dell.com
console.dell.com
console-test.dell.com
salesproductivity.dell.com
*.dell.com/*
*.delltechnologies.com/*
Virtual Appliance (vApp) Manager
Dell ObjectScale
Dell Digital Delivery
www.directly.com
resources.directly.com/*
*.sandbox.directly.com/schedule-a-demo/* OR /product/* OR /careers/* OR /about/* OR /legal/* OR /trust/*
https://ethics.epam.com/
ethics.epam.com
https://profile.epam.com
profile.epam.com
https://carbon.epam.com/
carbon.epam.com
https://www.infongen.com/
infongen.com
http://ebn.epam.com/
ebn.epam.com
https://solutionshub.epam.com/
solutionshub.epam.com
https://www.telescopeai.com/
telescopeai.com
https://wearecommunity.io/
wearecommunity.io
https://cami.lab.epam.com/
cami.lab.epam.com
https://ellie.lab.epam.com/
ellie.lab.epam.com
https://apex.lab.epam.com/
apex.lab.epam.com
https://investors.epam.com/
investors.epam.com
https://ecsd00300769.epam.com/
ecsd00300769.epam.com
https://display.epam.com/
display.epam.com
https://info.epam.com
info.epam.com
https://admin-ui.preship.gcp.gnrg-osdu.projects.epam.com
admin-ui.preship.gcp.gnrg-osdu.projects.epam.com
https://support.epam.com/
support.epam.com/
https://customersupport.epam.com/
customersupport.epam.com
https://supportnow.epam.com/
supportnow.epam.com
https://anywhere.epam.com/
anywhere.epam.com
icht.etsysecure.com
https://www.exoscale.com
Public Website
https://community.exoscale.com
Public Documentation Website
Marketplace products
https://academy.exoscale.com
Exoscale Academy
CDN service
https://jobs.exoscale.com
Job Board
https://changelog.exoscale.com
Changelog
https://openapi-v2.exoscale.com/
OpenAPI V2 Documentation
http://zammad.internal.exoscale.ch/
Zammad
https://exoscalestatus.com/
Runstatus
gslink.financialforce.com
CVE-2021-26086 Limited Remote File Read/Include on Jir
https://apuat-aaa.fisglobal.com
Reference above out of scope targets
https://training.flourish.studio
training.flourish.studio
████████████████
api.gearset.com
app.gearset.com
us.app.gearset.com
eu.app.gearset.com
ap.app.gearest.com
gearset.com
███████████████
Anything not explicitly listed as "In Scope".
Android App
IoS App
https://try.hotdoc.com.au/hotdoc-profiles
https://try.hotdoc.com.au/hotdoc-profiles
https://shop.hubspot.com
shop.hubspot.com
https://trust.hubspot.com
trust.hubspot.com
https://thespot.hubspot.com
thespot.hubspot.com
https://ir.hubspot.com
ir.hubspot.com
Out of Scope Vulnerabilities
https://www.cultbeauty.co.uk/matchme
https://matchme.cultbeauty.co.uk/
http://sampling.ibotta.com/
https://backend.ibotta.com/duplicate_receipt_moderation
https://ir.ibotta.com
https://trust.ibotta.com
legal.ibotta.com
*dev.ibotta.com
blog-empresas.ifood.com.br
blog-parceiros.ifood.com.br
*.ecomanda.com.br
*.ecomanda.app
*.allin.movilepay.com
*.starsoft.movilepay.com
Gestor de Pedidos - Desktop Client
*.godsunchained.com
*.gogbackend.com
gogbackend.com
godsunchained.com
Anything that does not belong to Immutable
Any data exposure bug that are classified as Public Data such as Ethereum Wallet Address, NFT Purchase activity, or other public blockchain activity.
*.dev.x.immutable.com, *.sandbox.x.immutable.com, *.dev.x.immutable.com, *.sandbox.imtbl.com, *.dev.imtbl.com, *.ropsten.x.immutable.com, ropsten.imx.community (see brief for exceptions)
http://docs.imperva.com/
http://docs-be.imperva.com/
https://www.irobot.com
https://homesupport.irobot.com
https://global.irobot.com/My%20Privacy
irobot.in
https://homesupport.irobot.com/app/chat/chat_launch
*.joralocal.com.au
https://www.lieferando.at/en/vouchercode/new-customer
https://www.lieferando.at/gutschein/neukunde
www.integration-takeaway.com
rain-of-gifts.10bis.co.il
treatmas.takeaway.com
orderandwin.takeaway.com
orderandwin.lieferando.de
orderandwin.thuisbezorgd.nl
wow-nachten.lieferando.at
december-surprises.takeaway.com
dekemvriiski-iznenadi.takeaway.com
wow-nachten.lieferando.de
december-cadeautjes.thuisbezorgd.nl
pyszne-prezenty.pyszne.pl
vianocne-prekvapenia.bistro.sk
so-schmeckt-der-sommer.lieferando.at
taste-the-summer.takeaway.com
so-schmeckt-der-sommer.lieferando.de
proef-de-zomer.thuisbezorgd.nl
smak-lata.pyszne.pl
schmeckt-wie-sommer.lieferando.at
schmeckt-wie-sommer.lieferando.de
orderandwin.pyszne.pl
orderandwin.bistro.sk
orderandwin.pizza.be
orderandwin.lieferando.at
*.takeawayriders.com/
Any other subdomains of k15t.com, including but not limited to www.k15t.com, www.k15t.de and help.k15t.com
https://marketplace.atlassian.com/*
████████████████████████████████████████████████████████
█████████████████████████████
https://bugcrowd-pub.bounty.kiteworks.dev
apply.kohls.com
*kohls.com/kohlscredit/prequal
*kohlsecommerce.com/kohlscredit/prequal
corporate.kohls.com
productchampions.kohls.com
link-preprod.kohls.com
developer.kohls.com
lclive.kohls.com
author-mykohls.kohls.com
mykohls-origin.kohls.com
origin-stage65-corporate.kohls.com
origin-stage65-mykohls.kohls.com
author-stage65-mykohls.kohls.com
stage65-corporate.kohls.com
stage65-mykohls.kohls.com
author-qa65-mykohls.kohls.com
mykohls.kohls.com
any domain with archaius.json endoint is out of scope
*kohls.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter
*kohls.com/checkout/prequal_inquiry.jsp#/preQualEligible
*kohlsecommerce.com/feature/pre-qual/prequal_inquiry.jsp?icid=prequalfooter
*kohlsecommerce.com/checkout/prequal_inquiry.jsp#/preQualEligible
vp-*.kohls.com
*qa*.kohls.com
wfh*.kohls.com
kconnect.kohls.com
connection.kohls.com
kohlsmerch.kohls.com/
support.kucoin.plus
store.kucoin.com
docs.kucoin.com
intro.kucoin.com
cert.kucoin.com
sandbox.kucoin.com
passport.kucoin.com
*-sdb.kucoin.com
*-sandbox.kucoin.com
https://identity.lastpass.com
Lastpass CLI tool
https://info.lastpass.com
https://forums.lastpass.com
https://investors.latitudefinancial.com.au
https://auth.latitudefinancial.com
https://auth.*.latitudefinancial.com
*.latitudefs.com
https://*.my.latitudepay.com/
https://*.sg.latitudepay.com/
https://my.latitudepay.com
https://sg.latitudepay.com
https://t.latitudefinancial.com/*
https://t.latitudefinancial.com
https://p.latitudefinancial.com
https://lightspeedhq.com/trial
lightspeedhq.com/trial
https://pos-admin.trial.lsk.lightspeed.app
pos-admin.trial.lsk.lightspeed.app
x-series-support.lightspeedhq.com
vendhq.force.com
vendimageuploadcdn.global.ssl.fastly.net
partners.vendhq.com
track.api.vendhq.com
your-store.vendecommerce.com
partnerportal.vendhq.com
https://support.ecwid.com/hc/en-us
https://www.ecwid.com/
community.li.me
https://help.li.me (zendesk)
*.limeinternal.com
*.lime.bike
https://li.me (hubspot)
https://filestack.com
*.filestack.com
https://freshdesk.com
*.freshdesk.com
https://blstr.xyz
*.blstr.xyz
https://blstr.co
*.blstr.co
https://community.linktr.ee
community.linktr.ee
██████████████
██████████████████████████
██████████████████████████████
████████████
███████████
www.americangirlmena.com
moneytree.jp
Any production asset of Moneytree KK (excepting the iOS app)
getmoneytree.com
Vulnerabilities related to web-app related issues
tripactions.com
https://status.newrelic.com
New Relic open source software repos in github.com not in the list of agents or on docs.newrelic.com; New Relic Example Code, New Relic Experimental and Archived repos are explicitly out of scope.
https://iopipe.com
northwesternmutual.com/find-a-financial-advisor/
northwesternmutual.com/financial/advisor/*
northwesternmutual.com/careers-apply/
northwesternmutual.com/report-a-death/
northwesternmutual.com/notice-of-long-term-care-form/
northwesternmutual.com/financial-professionals/?name=*
northwesternmutual.com/notice-of-disability-form/
northwesternmutual.com/notice-of-group-disability-form/
calculator.northwesternmutual.com
clientwise.com
cloud.em.northwesternmutual.com
events.nmfn.com
eventscloud.com
ftph1.northwesternmutual.com
gbpwealth.com
icims.com
ideas.northwesternmutual.com
m3.nml.com
metrics.northwesternmutual.com
metricssecure.northwesternmutual.com
mynmcu.com
nmcreative.space
nmis-stage.netxinvestor.com
nmresearchlibrary.nml.com
pugetsound.nmfn.com
sparks-financial.com
theandersonfinancialgroupnm.com
themint.org
nwm.benselect.com
*nuinternational.com
*nat-a.nubank.com.br
*.octopus.app
artifactorysample.octopus.com
bamboosample.octopus.com
jenkinssample.octopus.com
teamcitysample.octopus.com
nexussample.octopus.com
myget.octopus.com
partners.octopus.com
trust.octopus.com
bugcrowd-%username%-1.oktapreview.com
bugcrowd-%username%-2.oktapreview.com
*.okta.com
*.trexcloud.com
login.okta.com
pages.okta.com
developer.okta.com
trust.okta.com
www.okta.com (static site)
https://scaleft.com
https://app.scaleft.com/p/signup
https://github.com/oktadev
Backend Okta non-app infrastructure
Network layer issues
AtSpoke - Okta Workflows actions in access requests
AtSpoke - Entitlement bundles as a resource in access requests
Anything not explicitly called out above as in-scope
https://*.onetrust.com
https://store.onetrust.com
https://*.convercent.com
https://*.dataguidance.com
https://app.vendorpedia.com
https://*.preferencechoice.com
https://*.redacted.ai
https://*.sharedassessments.org
https://developer.onetrust.com
https://my.onetrust.com
https://*.vendorpedia.com
https://*.onetrustgrc.com
https://*.cookiepro.com
https://tv.onetrust.com/
https://*.cookielaw.org
https://*.onetrustpro.com
https://*.privacyconnect.com
https://*.onetrust.de
https://*.onetrust.se
https://*.onetrust.es
https://*.onetrust.fr
https://*.onetrust.it
https://*.privacytech.com
https://*.privacypedia.com
https://*.esgiq.com
https://*.trustweek2021.com
concurso.opera.com
investor.opera.com
help.yoyogames.com
bugs.yoyogames.com
admanager.opera.com
accountsstage.yoyogames.com
control.gx-servers.opera.com
help.gx-servers.opera.com
verizon-us-seattle.opera-mini.net
s2{1,2}-05-08-v09.opera-mini.net
verizon-us-lvs-seattle.opera-mini.net
107.167.127.4{0,1}
jobs.opera.com
verizon-us-lvs-ashburn.opera-mini.net
interstitial.opera-mini.net
certs.opera.com
checkout.opera.com
contest.opera.com
catch.opera.com
wallpaper.opera.com
tabfulness.opera.com
Opsgenie Production (billing systems, third parties)
https://www.optimizely.com/
https://www.originenergy.com.au/moving/
https://auth.api.originenergy.com.au/**
https://origin-energy.formstack.com/**
https://www.compareandconnect.com.au/
https://agent.compareandconnect.com.au/
https://fastconnect.co.nz
https://Yourporter.com.au
https://raywhitehomenow.com/
███████████████████
██████████████████
2.0 API
https://help.quizlet.com/hc/en-us
help.quizlet.com (zendesk)
community.rapyd.net
support.rapyd.net
docs.rapyd.net
sandbox.rapyd.net
3rd party services
ghost.rapyd.net
████████████████████
█████████████████
All submissions reported to this program will be marked as Not Applicable
*.1shoppingcart.com
Corporate Email (*@skyscanner.net)
community.sophos.com
Any Cyberoam Product or Service
sophos.atlassian.net (Public service desk)
SPF/DKIM/DMARC issues
blog.soundcloud.com
status.soundcloud.com
help.soundcloud.com
community.soundcloud.com
copyright.soundcloud.com
advertising.soundcloud.com
https://soundcloudmail.com
soundcloudmail.com
press.soundcloud.com
https://scdrops.soundcloud.com
scdrops.soundcloud.com
https://promote.soundcloud.com
promote.soundcloud.com
contest.soundcloud.com
playback.soundcloud.com
jobs.soundcloud.com
playerone.soundcloud.com
support.soundcloud.org
https://afterpay.com
*.afterpay.com
https://cash.me
*.cash.me
https://designers.weebly.com/
designers.weebly.com
https://tidal.com/
*.tidal.com
https://play.google.com/store/apps/details?id=com.squareup.cash
Cash App Mobile Application for Android
https://itunes.apple.com/us/app/cash-app/id711923939?mt=8
Cash App Mobile Application for iOS
Any vulnerabilities found in Third-party software
Any host/web property or products verified to be owned by Stellantis (domains/IP space/etc.) but not listed in Primary targets.
https://*.atlassian.com
*.atlassian.com
https://sprint.net
*.sprint.net
https://techapps.t-mobile.com
techapps.t-mobile.com
Any domain, property, product, protocol, or service of the app/hardware/software version not explicitly listed in the In-Scope section is out of scope; submissions are welcome but not guaranteed for the bounty/bonus.
████████████████████████████
███████████████████████████████
employeefeedback.tesla.com
energysupport.tesla.com (you can report vulnerabilities to bugbounty.zoho.com)
https://engage.tesla.com/
engage.tesla.com
*.engage.tesla.com
feedback.tesla.com
feedback.teslamotors.com
ir.tesla.com
ir.teslamotors.com
mkto.teslamotors.com
shop.eu.teslamotors.com
service.tesla.com/docs/*
service.tesla.cn/docs/*
Any domains from acquisitions, such as maxwell.com
Any other third-party websites hosted by non-Tesla entities
https://*.eltenedor.*
https://www.thefork.*
Customer semi-login / PartialLogin feature
https://module.thefork.com
module.thefork.com
https://www.lafourchette.com
https://blog.thousandeyes.com/
https://app.thousandeyes.com/sfdc/community
https://developer.tidal.com
developer.tidal.com
https://embed.tidal.com
embed.tidal.com
http://bugcrowd.com/atlassianapps
First party (made-by-trello) power-ups other than those inscope are excluded from this program but can be reported to http://bugcrowd.com/atlassianapps
e.trello.com
help.trello.com
trello-attachments.s3.amazonaws.com
ir.tripadvisor.com
*.tripadviser.at
*.tripadvisor.cn
www.tripadvisor.*/Trips
www.tripadvisor.*/Mobile*
www.tripadvisor.*/engineering
www.tripadvisor.*/WidgetEmbed-*
spotlight-dev.tripadvisor.com
spotlight.tripadvisor.*
careers.tripadvisor.com
*.tripadvisoradexpress.*
*.tripadvisorwifi.*
*.bokun.io
*.bokun.is
*.bokun.com
*.bokun.app
*.bokun.eu
*.bokun.team
*.bokun.tools
*.bokun.website
*.bokunmobile.website
*.experiences.zone
https://tgt.tamedia.ch
http://auth.20min.ch
https://cre-api.tamedia.ch
https://track.20min.ch
Social Media Links (older than 2 years)
Subdomain Takeover
DMARC, SPF, DKIM
https://*.connect.ringier.ch
*.onelog.ch
*.20min-tv.ch
*.newsnetz.tv
*.appuser.ch
*.iagentur.ch
*.streamboat.ch
*.streamboatserver.ch
Other Domains and Subdomains not specifically in scope
support.twilio.com
s.signal.twilio.com
ahoy-eloqua.twilio.com
Ytica and its assets
TwimlBins
store.twilio.com
Demo websites e.g. lab.authy.com
https://dashboard.authy.com
All Kurento domains
twiliotraining.com
www.twilio.com/labs
www.twilio.com/quest
surveys.twilio.com
support.sendgrid.com
status.sendgrid.com
Third-party services used by SendGrid
issues-sendgrid.dev.twilio.com
https://www.zipwhip.com/
zipwhip.com
All Twilio acquisitions until explicitly noted under the in-scope targets
community.segment.com
segment.com/contact
segment.com/jobs
http://twil.io/
twil.io
www.underarmour.<country>
www.underarmour.com/en-us/affiliate-home
www.uabiz.com,
investor.underarmour.com
productsafety.underarmour.com
uabusiness.force.com
www.underarmour.jobs
blog.underarmour.com
www.uateamcatalogs.com
www.uaretail.com
www.plankindustries.com
investor.underarmour.com
careers.underarmour.com
www.underarmour.<country>
www.uabiz.com
www.uaretail.com
uaallaccess.com
Social media hijacking
Any subdomain/domain/property not listed in the \'in scope\' section, is out of scope.
Any Third-party Services
support.upwork.com
community.stage.upwork.com
community.upwork.com
stage.upwork.com
e.upwork.com
status.upwork.com
signature.upwork.com
careers.upwork.com
tip.upwork.com
tip.upwork.com
pardot.upwork.com
*.rc.viator.com
*.sandbox.viator.com
*.partner.viator.com
https://agentcenter.viator.com
agentcenter.viator.com
https://operatorresources.viator.com
operatorresources.viator.com
https://partnerresources.viator.com
partnerresources.viator.com
partner.viator.com
http://www.theplaymania.com/
*.web.com
*.register.com
*.networksolutions.com
https://app.gator.com/
*.bluehost.com
*.hostgator.com
app.web.com
█████████████████████████
████████████████████████████████████████
█████████████████████████████████████
██████████████████████████████████
██████████████████████████████████████████████████████████
Wise Affiliate Program
Third party services not hosted by Wise
Any Github asset not under the “transferwise” organization
Third party authentication services (eg: Facebook and Google)
https://transferwise.com/help/contact
https://wise.com/help/contact
*.tw.com
*.tw.ee
Non-current version of the Android app
Non-current version of the iOS app
*.transferwise.tech
brand.wise.com
links.wise.com
widgets.transferwise.com
brand.transferwise.com
bootstrap.transferwise.com
links.transferwise.com
status.wise.com
status.transferwise.com
tech.transferwise.com
3rd Party Devices (known as Works with Xfinity)
oauth.xfinity.com
https://login.xfinity.com
login.xfinity.com
*.xerxessecure.com
*.cimcontent.net
*.identity.xfinity.com
\\*\\business.comcast.com
*.pulseinsights.com
*.wurfulcloud.com
*.appcenter.ms
*.kampyle.com
*.demdex.net
*.openx.net
*.criteo.net
*.webcontentassessor.com
*.amazon-adsystem.com
*.adobedtm.com
*.adnxs.com
*.fwmrm.net
https://app.ynab.com/
Any previous version of the desktop apps: YNAB 4, YNAB 3, YNAB Pro, YNAB Basic (Spreadsheet)
https://develop-app.ynab.com
https://support.ynab.com
██████████████████████████████████████
https://bugbounty-ctf.1password.com/
null
<Your own 1Password account> —> Latest stable, beta, or nightly Browser Extension (Chrome, Brave, Firefox, Edge, and Safari)
<Your own 1Password account> —> Latest stable, beta, or nightly Command Line Interface (CLI)
http://--your-own-1password-account--.1password.com
https://events.1password.com/
Arc on Mac
Arc on Window
arc.net
bcny.com
company.thebrowser.arc
id6472513080
thebrowser.company
https://*.granularinsurance.com/
https://*.onduo.com/
https://*.projectbaseline.com/
https://*.signalpath.com/
https://*.verily.com/
https://apps.apple.com/us/app/onduo/id1138490045
https://apps.apple.com/us/app/verily-me/id6448808133
https://play.google.com/store/apps/details?id=com.google.android.apps.diabetes
https://play.google.com/store/apps/details?id=com.verily.me
http://bumba.global
Starbucks Japan Android
Download the App:
https://play.google.com/store/apps/details?id=com.starbucks.jp
Starbucks Japan iOS
https://apps.apple.com/jp/app/%E3%82%B9%E3%82%BF%E3%83%BC%E3%83%90%E3%83%83%E3%82%AF%E3%82%B9-%E3%82%B8%E3%83%A3%E3%83%91%E3%83%B3%E5%85%AC%E5%BC%8F%E3%83%A2%E3%83%90%E3%82%A4%E3%83%AB%E3%82%A2%E3%83%97%E3%83%AA/id1113037275?l=en-US
cart.starbucks.co.jp
gift.starbucks.co.jp
login.starbucks.co.jp
www.cart.starbucks.co.jp/
Starbucks Japan
www.starbucks.co.jp
Starbucks Australia Android
https://play.google.com/store/apps/details?id=com.starbucks.au
Starbucks Australia iOS
https://apps.apple.com/au/app/starbucks-australia/id653757988
Starbucks Cambodia Android
https://play.google.com/store/apps/details?id=com.starbucks.kh
Starbucks Cambodia iOS
https://apps.apple.com/kh/app/starbucks-cambodia/id1456402324
Starbucks Hong Kong Android
https://play.google.com/store/apps/details?id=com.starbucks.hk
Starbucks Hong Kong iOS
https://apps.apple.com/hk/app/starbucks-hong-kong/id636266448
Starbucks India Android
https://play.google.com/store/apps/details?id=com.starbucks.in
Starbucks India iOS
https://apps.apple.com/in/app/starbucks-india/id1210203958
Starbucks Indonesia Android
https://play.google.com/store/apps/details?id=com.starbucks.id
Starbucks Indonesia iOS
https://apps.apple.com/id/app/starbucks-indonesia/id1126488844
Starbucks Korea Android
https://play.google.com/store/apps/details?id=com.starbucks.co
Starbucks Malaysia Android
https://play.google.com/store/apps/details?id=com.starbucks.my
Starbucks Malaysia iOS
https://apps.apple.com/my/app/starbucks-malaysia/id888509698
Starbucks New Zealand Android
https://play.google.com/store/apps/details?id=com.starbucks.nz
Starbucks New Zealand iOS
https://apps.apple.com/nz/app/starbucks-new-zealand/id1534351477
Starbucks Philippines Android
https://play.google.com/store/apps/details?id=com.starbucks.ph
Starbucks Philippines iOS
https://apps.apple.com/ph/app/starbucks-philippines/id1363216428
Starbucks Singapore Android
https://play.google.com/store/apps/details?id=com.starbucks.singapore
Starbucks Singapore iOS
https://apps.apple.com/sg/app/starbucks-singapore/id574621564
Starbucks Taiwan Android
https://play.google.com/store/apps/details?id=com.starbucks.tw
Starbucks Taiwan iOS
https://apps.apple.com/tw/app/starbucks-tw/id829317669
Starbucks Thailand Android
https://play.google.com/store/apps/details?id=com.starbucks.thailand
Starbucks Thailand iOS
https://apps.apple.com/th/app/starbucks-thailand/id898062370
Starbucks Vietnam Android
https://play.google.com/store/apps/details?id=com.starbucks.vn
Starbucks Vietnam iOS
https://apps.apple.com/vn/app/starbucks-vietnam/id1410451879
www.starbucks.co.id/
Starbucks Indonesia
www.starbucks.co.kr/
Starbucks Korea
www.starbucks.co.nz/
Starbucks New Zealand
www.starbucks.co.th/
Starbucks Thailand
www.starbucks.com.au/
Starbucks Australia
www.starbucks.com.bn/
Starbucks Brunei
www.starbucks.com.hk/
Starbucks Hong Kong
www.starbucks.com.kh/
Starbucks Cambodia
www.starbucks.com.my/
Starbucks Malaysia
www.starbucks.com.sg/
Starbucks Singapore
www.starbucks.com.tw/
Starbucks Taiwan
www.starbucks.in/
Starbucks India
www.starbucks.la/
Starbucks Laos
www.starbucks.ph/
Starbucks Philippines
www.starbucks.vn/
Starbucks Vietnam
Starbucks Austria Android App
Download the app here:
https://play.google.com/store/apps/details?id=com.starbucks.at
Starbucks Austria iOS
Download the app here:
https://apps.apple.com/at/app/starbucks-%C3%B6sterreich/id976355440
Starbucks Czech Republic
https://apps.apple.com/cz/app/starbucks-czechia/id6476321104
Starbucks Czech Republic
https://play.google.com/store/apps/details?id=com.starbucks.cz&hl
Starbucks France Android
https://play.google.com/store/apps/details?id=com.starbucks.fr
Starbucks France iOS
https://apps.apple.com/fr/app/starbucks-france/id943993603
Starbucks Germany Android
https://play.google.com/store/apps/details?id=com.starbucks.de
Starbucks Germany iOS
https://apps.apple.com/de/app/starbucks-deutschland/id948562829
Starbucks Ireland Android
https://play.google.com/store/apps/details?id=com.starbucks.ie
Starbucks Ireland iOS
https://apps.apple.com/ie/app/starbucks-ireland/id1532285370
Starbucks Poland iOS
https://apps.apple.com/pl/app/starbucks-cee/id1048524289
Starbucks Portugal Android
https://play.google.com/store/apps/details?id=com.starbucks.pt
Starbucks Portugal iOS
https://apps.apple.com/pt/app/starbucks-portugal/id6447920609
Starbucks Romania Android
https://play.google.com/store/apps/details?id=com.starbucks.ro
Starbucks Romania iOS
https://apps.apple.com/ro/app/starbucks-romania/id6472733341
Starbucks South Africa Android
https://play.google.com/store/apps/details?id=com.starbucks.za
Starbucks South Africa iOS
https://apps.apple.com/za/app/starbucks-south-africa/id1137700631
Starbucks Spain Android
https://play.google.com/store/apps/details?id=com.starbucks.es
Starbucks Spain iOS
https://apps.apple.com/es/app/starbucks-espa%C3%B1a/id6447769086
Starbucks Switzerland Android
https://play.google.com/store/apps/details?id=com.starbucks.ch&hl=en_US
Starbucks Switzerland iOS
https://apps.apple.com/ch/app/starbucks-switzerland/id976349872
Starbucks Turkey Android
https://play.google.com/store/apps/details?id=com.starbucks.tr
Starbucks Turkey iOS
https://apps.apple.com/tr/app/starbucks-t%C3%BCrkiye/id1100698915
Starbucks United Kingdom Android
https://play.google.com/store/apps/details?id=com.starbucks.uk&hl=en_US
Starbucks United Kingdom iOS
https://apps.apple.com/gb/app/starbucks-uk/id1499149941
card.starbucks.com.cy/
Starbucks Cyprus
card.starbucks.com.gr/
Starbucks Greece
https://www.starbucks.at
Starbucks Austria
www.roastery.starbucks.it
Starbucks Reserve™ Roastery Milano
www.starbucks.ae
Starbucks United Arab Emirates
www.starbucks.be
Starbucks Belgium
www.starbucks.bg
Starbucks Bulgaria
www.starbucks.ch
Starbucks Switzerland
www.starbucks.co.ma
Starbucks Morocco
www.starbucks.co.uk/
Starbucks United Kingdom
www.starbucks.co.za
Starbucks South Africa
www.starbucks.co.za/
www.starbucks.com.bh
Starbucks Bahrein
www.starbucks.com.jo
Starbucks Jordan
www.starbucks.com.kw
Starbucks Kuwait
www.starbucks.com.kz
Starbucks Kazakhstan
www.starbucks.com.lb
Starbucks Lebanon
www.starbucks.com.om
Starbucks Oman
www.starbucks.com.tr
Starbucks Turkey
www.starbucks.cz/
Starbucks Czech Republic
www.starbucks.de
Starbucks Germany
www.starbucks.eg
Starbucks Egypt
www.starbucks.es
Starbucks Spain
www.starbucks.fr/
Starbucks France
www.starbucks.hu
Starbucks Hungary
www.starbucks.ie/
Starbucks Ireland
www.starbucks.it/
Starbucks Italy
www.starbucks.mt
Starbucks Malta
www.starbucks.nl
Starbucks Netherlands
www.starbucks.no
Starbucks Norway
www.starbucks.pl
Starbucks Poland
www.starbucks.pt/
Starbucks Portugal
www.starbucks.qa
Starbucks Qatar
www.starbucks.ro
Starbucks Romania
www.starbucks.rs
Starbucks Serbia
www.starbucks.sa
Starbucks Saudi Arabia
www.starbucksslovakia.sk/
Starbucks Slovakia
Starbucks Argentina Android
https://play.google.com/store/apps/details?id=com.starbucks.ar
Starbucks Argentina iOS
https://apps.apple.com/ar/app/starbucks-argentina/id1209110211
Starbucks Chile Android
https://play.google.com/store/apps/details?id=com.starbucks.cl
Starbucks Chile iOS
Starbucks El Salvador Android
https://play.google.com/store/apps/details?id=com.starbucksrewards.sv
Starbucks El Salvador iOS
https://apps.apple.com/sv/app/starbucks-el-salvador/id6535501479
Starbucks Mexico Android
https://play.google.com/store/apps/details?id=com.starbucks.mx
Starbucks Mexico iOS
https://apps.apple.com/us/app/starbucks-m%C3%A9xico/id570779372
Starbucks Peru Android
https://play.google.com/store/apps/details?id=com.starbucks.peru
Starbucks Peru iOS
https://apps.apple.com/pe/app/starbucks-per%C3%BA/id1409811746
www.starbucks.cl
Starbucks Chile
www.starbucks.co.cr/
Starbucks Costa Rica
www.starbucks.com.ar/
Starbucks Argentina
www.starbucks.com.mx/
Starbucks Mexico
www.starbucks.com.py/
Starbucks Paraguay
www.starbucks.com.sv
Starbucks El Salvador
www.starbucks.com.uy
Starbucks Uruguay
www.starbucks.pa/
Starbucks Panama
www.starbucks.pe
Starbucks Peru
www.starbucks.tt
Starbucks Trinidad and Tobago
www.starbuckspr.com/
Starbucks Puerto Rico
Starbucks China Android
https://play.google.com/store/apps/details?id=com.starbucks.cn
Starbucks China iOS
https://apps.apple.com/us/app/%E6%98%9F%E5%B7%B4%E5%85%8B%E4%B8%AD%E5%9B%BD/id499819758
www.starbucks.com.cn/
Starbucks China
2kleague.nba.com
bal.nba.com
cdn-bal.nba.com
cdn.nba.com
cms.nba.com
com.nbaimd.gametime.nba2011
com.nbaimd.gametime.universal
content-api-nextgen-prod.nba.com
content-api-prod.nba.com
core-api.nba.com
corp-dev.nba.com
cweb-ott.nba.com
elm.nba.com
gleague.nba.com
id.nba.com
identity.nba.com
lockervision.nba.com
manage-teams.nba.com
manage.nba.com
mcd.nba.com
mcdalerts.nba.com
nbafedsvc.nba.com
stats-trafficcop-prod.nba.com
stats.2kleague.nba.com
stats.gleague.nba.com
stats.nba.com
stats.wnba.com
syndication.nba.com
teamportal.nba.com
vote.nba.com
www.nba.com
www.wnba.com
api.circle.com
Testing should be done on api-sandbox.circle.com.
app.circle.com
Testing should be done on app-sandbox.circle.com.
console.circle.com
Only the web2 portion of console.circle.com is in scope. Anything smart contract/smart contract platform or otherwise web3 related is not in scope.
Researchers should make it clear they\'re HackerOne researchers in their username and email domain, and must be using testnet.
http://github.com/circlefin/noble-cctp
https://github.com/circlefin/buidl-wallet-contracts
https://github.com/circlefin/evm-cctp-contracts
https://github.com/circlefin/noble-fiattokenfactory
https://github.com/circlefin/solana-cctp-contracts
https://github.com/circlefin/stablecoin-aptos
https://github.com/circlefin/stablecoin-evm
https://github.com/circlefin/stablecoin-sui
https://github.com/circlefin/sui-cctp
*.varonis.com
*.varonis.io
*.varonis.net
Merchant Portal
https://portal.playground.klarna.com
https://github.com/nimiq/core-rs-albatross
Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
Social engineering (e.g. phishing, vishing, smishing) is prohibited.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
## Exploring our repository:
- Blockchain: Manages the blockchain structure, block validation, and chain state.
- Consensus: Implements the consensus mechanism and synchronization.
- Validator: Contains logic for the validator role, including signing and verification processes.
- Primitives: Includes fundamental types and utilities used across other crates, such as data structures for accounts, blocks, transactions, and various cryptographic functions.
## Quick start:
- Prerequisites:
- Install the latest version of Rust by following the instructions on the [Rust website](https://www.rust-lang.org/learn/get-started#installing-rust).
- Installation:
- Clone the Repository: `git clone https://github.com/nimiq/core-rs-albatross.git`
- Move to the Repository: `cd core-rs-albatross`
- Build the project and start a basic full node: `cargo run --release --bin nimiq-
client`
For more details, check the repository [Reame file](https://github.com/nimiq/core-rs-albatross/blob/albatross/README.md).
api.vault.chiatest.net
Chia Cloud crypto wallet API
https://apps.apple.com/app/chia-signer/id6504493785
IOS cryptographic signing application
https://github.com/Chia-Network/chia-blockchain
Chia core
https://github.com/Chia-Network/chia-blockchain-gui
Chia desktop
https://github.com/Chia-Network/chia_rs
Chia RUST implementations
https://github.com/Chia-Network/chiapos
Chia Proof of Space plotter
https://github.com/Chia-Network/chiavdf
ChiaVDF (Verifiable Delay Function) for Timelords
https://github.com/Chia-Network/clvm_rs
https://vault.chiatest.net/
Chia Cloud crypto wallet
3CX Live chat WordPress plugin
This is a plugin that integrates 3CX Livechat into a WordPress site. A 3CX installation is required (On Premise or in the Cloud).
Link to the plugin: https://wordpress.org/plugins/wp-live-chat-support/
Link to the documentation: https://www.3cx.com/docs/manual/live-chat/
3CX Phone System
1. Register on www.3cx.com using your **hackerone email address**. Confirm your email and follow the wizard to select a deployment type. (Please refer to our documentation for more information about each deployment type https://www.3cx.com/docs/manual/install/)
2. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version and ensure it is still valid. On linux you can manually update by running `apt update && apt upgrade` in your server\'s terminal.**
3. For any additional technical documentation you can refer to our website.
3CX SBC
1. 3CX SBC requires an existing installation of 3CX Server.
2. Use the following ISO instead to deploy 3CX SBC on-premise: https://downloads-global.3cx.com/downloads/debian12iso/debian-amd64-netinst-3cx.iso .
3. In the 3CX Installer select 3CX SBC (not PBX)
4. During the Installation you will be asked to enter the PBX FQDN and SBC key.
5. **There might be new builds in the repository after you have installed it. If you find a vulnerability, before submitting it, make sure you update to the latest available version (both 3CX PBX and 3CX SBC) and ensure it is still valid. You can update by running `apt update && apt upgrade` in your server\'s terminal.**
6. For any additional technical documentation you can refer to our website.
https://apps.apple.com/us/app/3cx/id992045982
The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension\'s QR code.
User manual: https://www.3cx.com/user-manual/installation-iphone/
https://apps.microsoft.com/detail/3cx/9NW77489NGJ0
The 3CX softphone app for Windows allows you to make calls, view the status of colleagues, chat, schedule a video conference and check voicemail from your desktop
https://play.google.com/store/apps/details?id=com.tcx.sipphone14
The 3CX App allows you to make and receive calls, schedule conferences, video call and chat with your team and customers from anywhere. You install the app and provision it by scanning your extension\'s QR code.
User manual: https://www.3cx.com/user-manual/installation-android/
https://portal.3cx.com
This is the portal where customers and partners can manage their 3CX account/license keys.
https://etherscan.io/address/0x000000000000204327E6669f00901a57CE15aE15
Please refer to the contract at this address, not etherscan.io itself.
https://etherscan.io/address/0x000000000000a53f64b7bcf4cd59624943c43fc7
https://etherscan.io/address/0x0000003E0000a96de4058e1E02a62FaaeCf23d8d
Please refer to the contract at this address, not etherscan.io itself.
https://etherscan.io/address/0x000000e92d78d90000007f0082006fda09bd5f11
https://etherscan.io/address/0x0046000000000151008789797b54fdb500E2a61e
https://etherscan.io/address/0xcE0000007B008F50d762D155002600004cD6c647
https://github.com/alchemyplatform/modular-account
Alchemy\'s Modular Account is a maximally modular, upgradeable smart contract account that is compatible with ERC-4337 and ERC-6900.
auth.privy.io
dashboard.privy.io
https://www.npmjs.com/package/@privy-io/react-auth
*.nflxext.com
**Primary Target**
Static content is served over this domain
*.nflximg.net
*.nflxso.net
*.nflxvideo.net
*.prod.cloud.netflix.com
The primary Netflix experience is driven by microservices that are hosted and called through our API.
You may see the API referenced as `api*.netflix.com` as well as `www.netflix.com/api/*`
*.prod.dradis.netflix.com
The primary Netflix experience is driven by microservices that are hosted and called through our API.
You may see the API referenced as` api*.netflix.com` as well as `www.netflix.com/api/*`
*.prod.ftl.netflix.com
Content Authorization Targets
**Device & Content Authorization Findings**
High severity targets include methods of subverting content authorization or obtaining private keys. Medium severity targets include leaked private keys for content decryption. Submissions of hardware-backed private keys (i.e. from a TEE) & key exfiltration methods will have higher payouts than submissions of software-backed private keys & key exfiltration methods.
Corporate Assets
** Netflix.com Google G suite **
**For targets listed in the "Corporate Targets Overview" section, we only reward for the bugs that are critical or High based on the CVSS.**
- We do accept submissions of overly exposed Google documents (as described in Corporate Targets above), which start at Low severity.
- Submissions must meet other applicable requirements (e.g. not an Excluded Submission Type).
- Medium and Low severity reports will be accepted but will not be eligible for a bounty.
Microsites
## Secondary Target
Microsites are sites that Netflix typically publishes for promotion or in support of Netflix titles.
Not all microsites are hosted by Netflix. Some are hosted by vendors or partners. We cannot authorize you to test these sites as we do not own the computers that host them. It is critical that you confirm that Netflix is the owner of a particular microsite before testing. When in doubt, please reach out to the Netflix team to confirm.
Netflix Mobile Application for Android
## Mobile target
**App Id on play store - com.netflix.mediaclient**
We only accept Critical and High-level vulnerabilities in the apps
Netflix Mobile Application for iOS
**App ID on app store - 363590051**
Open Source - Atlas
## https://github.com/Netflix/atlas
**Secondary Target**
Open Source - Consoleme
https://github.com/netflix/consoleme
Open Source - Dispatch
https://github.com/Netflix/dispatch
Open Source - Spectator
## https://github.com/Netflix/spectator
Open Source - Weep
https://github.com/netflix/weep
Open Source - Zuul
## https://github.com/Netflix/zuul
Secondary Assets
api*.netflix.com
beacon.netflix.com
Beacon is a logging endpoint used to collect client information from member\'s browsers and streaming devices.
customerevents.netflix.com
`customerevents.netflix.com`, `nmtracking.netflix.com`, and `presentationtracking.netflix.com` are all alias of `beacon.netflix.com`.
Submissions containing variations of the URL will not be treated as unique.
help.netflix.com
Our help site provides a knowledge base and customer service chat
ichnaea.netflix.com
Ichanaea is a logging endpoint used to collect client information
meechum.netflix.com
Netflix partner page
nmtracking.netflix.com
presentationtracking.netflix.com
secure.netflix.com
Secure static assets are hosted on this domain
www.netflix.com
## Primary Target
The primary Netflix experience is hosted on this top level domain. The UI uses a combination of React JS and Node.
api.23andme.com
First API from original codebase, responsible for less services at the moment but still integrated into the product.
auth.23andme.com
Responsible for all authenticated services throughout the product.
blog.23andme.com
Official blog of 23andMe, sharing insightful articles, updates, and stories on genetics, health, and personal genomics.
education.23andme.com
23andMe\'s dedicated education site, offering resources and insights to enhance genetic literacy through informative content and educational materials
mediacenter.23andme.com
Media center for 23andMe, providing press releases, media assets, and comprehensive information for journalists and media professionals
medical.23andme.com
Medical and therapeutics site containing information about 23andMe\'s medical research.
research.23andme.com
research.23andMe.com is the official research domain of 23andMe
store.23andme.com
Online store for 23andMe products, offering DNA testing kits, genetic insights, and personalized merchandise.
therapeutics.23andme.com
23andMe\'s site exclusively dedicated to therapeutics to share and market what we\'ve done and what we have in the pipeline in regards to therapeutics.
you.23andme.com
you.23andme.com is our main consumer site which contains users DNA kit results, dna relatives, and more. Users can interact with relatives and perform profile related features such as downloading data.
1641486558
com.einnovation.temu
www.temu.com
http://api.lightspark.com
http://app.lightspark.com
https://link.uma.me
Login and signup for Lightspark Extend for UMA.
*.bybit.com
Web3 Smart Contract
https://apps.apple.com/us/app/bybit-app/id1488296980
https://play.google.com/store/apps/details?id=com.bybit.app&hl=en
*.cheaptickets.nl
Low priority Scope
*.trainpal.com,*.mytrainpal.com
*.travix.com
*.travix.io
*.trip.com
Except for the domain name of <local>. trip.com
<locale>.trip.com
Trip Main Sites
High priority Scope
com.trip.android
com.trip.ios
*.bykea.net
1351179184
The customer iOS app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services.
belaz.bykea.net
This microservice facilitates the pick-and-drop service and associated functionalities within our apps.
bykea.com
com.bykea.pk
The customer android app enables users to book rides, deliveries, and manage payments, offering a seamless experience for various services.
com.bykea.pk.partner
The driver app offers core features such as wallet management, invoicing, booking visibility, and acceptance, supporting seamless driver operations on the platform.
https://*test*.bykea.net
https://api.bykea.net
This core microservice handles booking creation and facilitates communication between critical microservices, powering both the apps and overall business operations.
https://geocode-beta.bykea.net
https://googleplace*.bykea.net
https://kronos*.bykea.net
This API-based microservice manages invoicing functionalities, playing a vital role in our platform’s financial operations.
https://leaflet-map.bykea.net
https://loadboard*.bykea.net/
This asset is an API-based microservice that allows drivers to view and accept customer bookings.
https://maps.bykea.net
https://nominatim.bykea.net
https://raptor*.bykea.net
This asset is an API-based microservice responsible for authentication processes.
e-Commerce
This scope covers Inditex\'s entire e-commerce platform, mainly made up of the following domains:
- www.zara.com
- www.bershka.com
- www.oysho.com
- www.stradivarius.com
- www.zarahome.com
- www.pullandbear.com
- www.massimodutti.com
- www.lefties.com
- www.zara.cn
- www.bershka.cn
- www.oysho.cn
- www.stradivarius.cn
- www.zarahome.cn
- www.pullandbear.cn
- www.massimodutti.cn
If the bug is in a service not explicitly named in the above list, but you are able to demonstrate that exploitation of the bug would affect directly and clearly to e-commerce operations, we will consider it to be in scope, (e.g. cache poisoning within static.zara.com will affect the operations of www.zara.com).
Because the e-commerce platform shares a common technological foundation, multiple reports describing the same vulnerability against multiple assets or endpoints where the root cause is the same will be treated as one report. Do not submit duplicate reports for the same issue across multiple sites, as the duplicates will be closed, and the issue will be treated as one report.
https://github.com/leather-wallet/extension
www.leather.io
com.secretkeylabs.xverse
https://chrome.google.com/webstore/detail/xverse-wallet/idnnbdplmphpflfnlkomgpfbpcgelopg
https://github.com/fireblocks/mpc-lib
aw.visa.com
bb.visa.com
bd.visa.com
bm.visa.com
bq.visa.com
console.tink.com
cw.visa.com
developer.authorize.net
developer.currencycloud.com
developer.cybersource.com
developer.visa.com
direct-demo.currencycloud.com
ebctest.cybersource.com
An account can be created via https://developer.cybersource.com/hello-world/sandbox.html
ht.visa.com
http://myvisainfinite.com/suntrust/en_us/home.html
http://www.myvisacardportal.com/welcome/enbd/product/#
sandbox.authorize.net
An account can be created via https://developer.authorize.net/hello_world/sandbox.html
sandbox.secure.checkout.visa.com
test.payworks.io
usa.visa.com
visa.co.cr
visa.co.ni
visa.co.za
visa.com.au
visa.com.jm
visa.com.ru
visa.com.ua
www.authorize.net
www.cardinalcommerce.com
www.currencycloud.com
www.cybersource.com
www.fraedom.com
www.practicalbusinessskills.org
www.practicalmoneyskills.com
www.practicalmoneyskills.org
www.tink.com
www.visa.co.ao
www.visa.co.id
www.visa.co.il
www.visa.co.in
www.visa.co.jp
www.visa.co.ke
www.visa.co.nz
www.visa.co.th
www.visa.co.uk
www.visa.co.ve
www.visa.com.az
www.visa.com.br
www.visa.com.cn
www.visa.com.cy
www.visa.com.ge
www.visa.com.hk
www.visa.com.hr
www.visa.com.kh
www.visa.com.kz
www.visa.com.lc
www.visa.com.lk
www.visa.com.ms
www.visa.com.mx
www.visa.com.my
www.visa.com.ng
www.visa.com.ph
www.visa.com.sg
www.visa.com.tr
www.visa.com.tw
www.visa.com.vn
www.visainfinite.ca
www.yellowpepper.com
*.consumer.worldcoin.org
**Secondary Asset**
World App backend. TFH-owned asset
*.toolsforhumanity.com
TFH-owned asset
*.worldcoin-distributors.com
Worldcoin Foundation-owned asset
*.worldcoin.dev
*.worldcoin.org
Primary Assets
bioid-management.app
developer.worldcoin.org
**Primary Asset**
getworldcoin.com
https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847
https://docs.world.org/world-chain/reference/address-book
Worldcoin Foundation-owned asset.
Smart contracts listed in this page are within scope for our program.
https://github.com/worldcoin
https://play.google.com/store/apps/details?id=com.worldcoin
World App for Android. TFH-owned asset
id.worldcoin.org
toolsforhumanity.com
worldcoin.org
com.nicehash.metallum
com.nicehash.mobile
https://api-test.nicehash.com
https://test.nicehash.com/shop/
For NiceHash Shop, you can try following discount codes:
**BB-ACTIVE** is the valid code for 50% discount, you should be able to use it.
**BB-EXPIRED** is the expired code for 25% discount, you should not be able to use it.
test.nicehash.com
You can self register by using a valid email, Google or Apple account.
Web client uses JavaScript to get a data from the NiceHash API and present it to the user or to get data from the user and send it to the NiceHash API.
This is the test environment (copy of the production environment) where testnet blockchains are used , that you can acquire for free from internet faucet sites, so you can freely try to manipulate any financial transaction (deposit, withdrawal, purchase...).
To get free test coins to your NiceHash account, after registration and login first find your NiceHash deposit address (https://test.nicehash.com/my/wallets/).
Then do internet search for "BTC testnet faucet", open found site and enter your NiceHash deposit address - you should receive deposit of test coins from a testnet faucet to your NiceHash account in couple of hours.
https://github.com/AleoHQ/snarkOS/
https://github.com/AleoHQ/snarkVM/
1013961111
1218902777
https://apps.apple.com/us/app/id1218902777
926252661
Blink Indoor
ASIN: B086DL32QX
Blink Mini
ASIN: B07X27VK3D
Blink Outdoor
ASIN: B086DKMSSM
Blink Sync Module 2
ASIN: B084RQ6MHJ
Blink Video Doorbell
https://www.amazon.com/dp/B08SG2MS3V
Chime
Gen 2 and 2 Pro, ASIN: B07WML2XTD, B07WML1QM4
Indoor Cam
ASIN: B07Q9VBYV8
Peephole Cam
ASIN: B07WHMQNPC
Ring Alarm
Gen 2, ASIN: B07ZPMCW64
Ring Smart Lighting Bridge
Gen 1
Stickup Cam
Gen 3, ASIN: B07Q3T177V
Video Doorbell
2nd Gen, 3 & 3 Plus, ASINs: B0849J7W5X, B08N5NQ869, B07WLP395R
com.immediasemi.android.blink
com.ring.neighborhoods
com.ringapp
https://*.blinkforhome.com/*
https://*.immedia-semi.com/*
https://admin.ring.com/*
https://api.ring.com/*
https://app.ring.com/*
https://billing.ring.com/*
https://fw.ring.com/*
https://nw.ring.com/*
https://oauth.ring.com/*
https://ring.com/*
prd-ring-web-us.prd.rings.solutions
153.46.96.0/20
193.110.154.0/24
https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB
https://apps.apple.com/mx/app/debix/id1581440132
https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871
https://apps.apple.com/mx/app/six-id/id1620496931
https://apps.apple.com/us/app/bme-conecta/id6443938949
https://play.google.com/store/apps/details?id=com.sixgroup.debixplus
https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1
https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta
https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps
https://web3.sdx.com
https://www.sdx.com/
www.bolsasymercados.es
www.six-group.com
com.anker.AnkerMake
The App for AnkerMake 3D Printer
com.eufylife.EufyHome
The eufy Clean/eufy Home App for roboVac
com.oceanwing.FDMPrint
The Android App for AnkerMake 3D Printer
com.oceanwing.battery.cam
Most features shall use the eufy Security hardware devices.
com.oceanwing.care.cam
This is the Android version App works for eufy baby monitor, mainly working offline.
com.security.BatteryCam
The major features shall connect with the hardware devices of eufy Security.
com.security.care
This is the iOS version App works for eufy baby monitor, mainly working offline.
https://us.eufy.com/products/e8213181
S330 Video Doorbell-Battery
https://us.eufy.com/products/t8410121
S220 Indoor Cam
https://us.eufy.com/products/t88511d1
eufyCam 2 Pro
https://us.eufy.com/products/t88711w1
https://www.ankermake.com/products/m5?variant=42744298373269
This is the hardware of AnkerMake M5. It is the FDM (fused deposition modeling) tech 3D printer.
1023499075
com.eero.android
eero (2nd Generation)
eero 6 (3rd Generation)
eero 6 Extender (3rd Generation)
eero 6 Pro
eero 6+ (4th Gen)
eero 6E Pro (4th Gen)
eero Beacon (2nd Generation)
eero Pro (2nd Generation)
https://api-user.e2ro.com/*
https://node.e2ro.com/*
Mozilla Ad Routing Service
** Critical Site **
Mozilla Ad Routing Service (MARS) under the below domains:
- ads.mozilla.org (mars.prod.ads.prod.webservices.mozgcp.net)
- ads.allizom.org (mars.stage.ads.nonprod.webservices.mozgcp.net)
- mars.qa.ads.nonprod.webservices.mozgcp.net
- ads-img.mozilla.org
- ads-img.allizom.org
- contile.services.mozilla.com
- spocs.getpocket.com
- spocs.getpocket.dev
- spocs.mozilla.net
- spocs.allizom.net
Testing to be done on the staging instance:
- ads.allizom.org
Source Code: https://github.com/mozilla-services/mars
Mozilla VPN Clients
** Critical Site**
Mozilla VPN iOS, Android, Desktop Clients.
Note that Mozilla VPN subscriptions are only open in [these countries](https://support.mozilla.org/en-US/kb/mozilla-vpn-countries-available-subscribe).
Source Code: https://github.com/mozilla-mobile/mozilla-vpn-client
Product Delivery
**Do not run automated scans on those domains**
Firefox Downloads which include the below sites:
- archive.mozilla.org
- download.mozilla.org
- download-installer.cdn.mozilla.net
- treeherder.mozilla.org
Note that content on these assets is intentionally public.
Source Code: https://github.com/mozilla/treeherder
accounts.firefox.com
Mozilla Accounts (previously known as Firefox Accounts)
Additional domains in scope for Firefox Accounts:
* api.accounts.firefox.com
* oauth.accounts.firefox.com
* profile.accounts.firefox.com
* verifier.accounts.firefox.com
* subscriptions.firefox.com
Source Code: https://github.com/mozilla/fxa
addons.allizom.org
This is the staging server for Firefox Addons. Testing should be restricted to this instance without any testing on production.
Additional domains for Addons:
- services.addons.allizom.org
- versioncheck-bg.addons.allizom.org
- versioncheck.addons.allizom.org
Source Code: https://github.com/mozilla/addons-server
api.profiler.firefox.com
**Core Site**
API server for Firefox Profiler
Source Code: https://github.com/firefox-devtools/profiler
aus5.mozilla.org
Backend update system for Mozilla products.
No disruptive testing or scanning tools to be run on production.
Source Code: https://github.com/mozilla-releng/balrog
bugzilla.mozilla.org
Mozilla owned Bugzilla instance.
Please do not use automated scanners, create, or modify bugs when testing Bugzilla. Instead, testing should be only done on the development instance, bugzilla-dev.allizom.org.
Source Code: https://github.com/mozilla-bteam/bmo
community-tc.services.mozilla.com
Community instance of TaskCluster CI/CD tool.
Source Code: https://github.com/taskcluster/taskcluster
crash-reports.allizom.org
Endpoint for sending Firefox crash reports.
Testing to be done on staging instance: https://crash-reports.allizom.org/
Source Code: https://github.com/mozilla-services/socorro
crash-stats.allizom.org
Analytics site for Firefox crash reports data.
Testing to be done on staging instance only: https://crash-stats.allizom.org/
developer.mozilla.org
Please use the staging instance for intrusive tests or for tests which change the content: https://developer.allizom.org
Source Code: https://github.com/mdn/mdn
firefox-ci-tc.services.mozilla.com
TaskCluster CI/CD tool instance used for Firefox builds.
firefox.settings.services.mozilla.com
Additional domains for Remote Settings:
- firefox-settings-attachments.cdn.mozilla.net
Testing to be performed on staging instance only: https://firefox.settings.services.allizom.org/v1/
hg.mozilla.org
The website used for source code and version control hosting for Firefox.
Web vulnerabilities that affect the website itself and not the source code will be considered as vulnerabilities in a **Core Site**.
Vulnerabilities that affect the source code itself will be considered as vulnerabilities in a **Critical Site**.
Source Code: https://github.com/mozilla/version-control-tools
lando.services.mozilla.com
Tool used to land Firefox code into Mercurial.
Additional Domain: api.lando.services.mozilla.com
Testing to be done on staging or development instances only:
- ui.dev.lando.nonprod.cloudops.mozgcp.net
- ui.stage.lando.nonprod.cloudops.mozgcp.net
- api.dev.lando.nonprod.cloudops.mozgcp.net
- api.stage.lando.nonprod.cloudops.mozgcp.net
Source Code:
- https://github.com/mozilla-conduit/lando
- https://github.com/mozilla-conduit/lando-api
- https://github.com/mozilla-conduit/lando-ui
merino.services.mozilla.com
Firefox Suggest
Testing to be performed on staging instance only: https://stage.merino.nonprod.cloudops.mozgcp.net/api/v1/suggest
Source Code: https://github.com/mozilla-services/merino-py
monitor.mozilla.org
Mozilla Monitor
Testing to be done on the staging instance: https://stage.firefoxmonitor.nonprod.cloudops.mozgcp.net/
Source Code: https://github.com/mozilla/blurts-server
mozilla-pontoon-staging.herokuapp.com
Staging instance for Mozilla Localization Service.
Testing is to be done on this instance only, testing on production is not acceptable.
Source Code: https://github.com/mozilla/pontoon
phabricator.allizom.org
Testing to be done **only** on the development instance (phabricator-dev.allizom.org) or the staging instance (phabricator.allizom.org)
Source Code: https://github.com/mozilla-conduit/phabricator
profiler.firefox.com
Web application for Firefox Profiler
push.services.mozilla.com
Firefox Push Service.
Additional domain in scope: updates.push.services.mozilla.com
Testing to be done on below staging instances:
- wss://autopush.stage.mozaws.net
- https://updates-autopush.stage.mozaws.net
Source Code: https://github.com/mozilla-services/autopush-rs
relay.firefox.com
Testing to be done on the staging instance only: https://stage.fxprivaterelay.nonprod.cloudops.mozgcp.net.
The team would like testing to be focused on the APIs listed here: https://dev.fxprivaterelay.nonprod.cloudops.mozgcp.net/api/v1/docs/
Source Code: https://github.com/mozilla/fx-private-relay
shavar.services.mozilla.com
Anti-tracking protection service in Firefox.
Additional domain: shavar.prod.mozaws.net.
Please do not run automated scans or denial of service testing on this service.
Source Code: https://github.com/mozilla-services/shavar
stage.taskcluster.nonprod.cloudops.mozgcp.net
Staging instance for TaskCluster CI/CD tool.
support.mozilla.org
Support platform for all of Mozilla Products.
**Testing to be done on staging instance only to avoid disrupting users: support.allizom.org**
Source Code: https://github.com/mozilla/kitsune
sync.services.mozilla.com
Firefox Sync Domains:
- *.sync.services.mozilla.com
- token.services.mozilla.com
- https://github.com/mozilla-services/syncstorage-rs
- https://github.com/mozilla-services/tokenlib/
vpn.mozilla.org
This is the backend server behind Mozilla VPN.
www.mozilla.org
Mozilla Marketing Website aka Bedrock.
Please use our staging instance, www.allizom.org, for testing to avoid site disruption.
Source Code: https://github.com/mozilla/bedrock
10x.redoxengine.com
api.gamma.redoxstage.com
app.gamma.redoxstage.com
blob.gamma.redoxstage.com
clientcert.gamma.redoxstage.com
dashboard.gamma.redoxstage.com
docs.redoxengine.com
eets-sftp-listener.gamma.redoxstage.com
eets.gamma.redoxstage.com
evening-earth.gamma.redoxstage.com
explore.redoxengine.com
This is a marketing site with all public information. Findings here have lesser security implication than our application
fhir.redoxengine.com
gamma.redoxstage.com
help.redoxengine.com
launch.gamma.redoxstage.com
sftp.gamma.redoxstage.com
test*.redoxengine.com
testapi.redoxengine.com
testapp.redoxengine.com
webhooks.gamma.redoxstage.com
www.redoxengine.com
This is our wordpress marketing site. Findings here have lesser security implication than our application
*.oklink.com
*.okx.com
Mac OS Executable
https://www.okx.com/download
OKT Chain
https://github.com/okx/exchain
OKX Android APK
https://play.google.com/store/apps/details?id=com.okinc.okex.gp
OKX Wallet Chrome Extension
https://chromewebstore.google.com/detail/okx-wallet/mcohilncbfahbmgdjkbpemcciiolgcge
OKX Wallet Edge Add-ons
https://microsoftedge.microsoft.com/addons/detail/okx-wallet/pbpjkcldjiffchgbbndmhojiacbgflha
OKX Wallet Safari Extension
https://apps.apple.com/us/app/okx-wallet/id6463797825
OKX iOS APP
https://apps.apple.com/us/app/okx-buy-bitcoin-btc-crypto/id1327268470
Web3 DEX Open Source
https://github.com/okx/WEB3-DEX-OPENSOURCE
https://github.com/okx/WEB3-DEX-SOLANA-OPENSOURCE
Windows OS Executable
api.wisdomtreeprimeapp.com
com.wisdomtree.wtprime
www.analvids.com
www.ddfcontent.com
www.pornbox.com
www.pornworld.com
https://github.com/tronprotocol/java-tron
*.luckydays.ca
we have a lot of 3rd party\'s such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.
*.luckydays.com
*.magicjackpot.ro
You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.
*.napoleoncasino.be
You need a real/fake Belgium ID to register an account on the main casino/sport app.
You can generate a fake ID here - http://rsolution.be/rijksregister-nummer-generator.RSolution
*.napoleondice.be
*.napoleongames.be
*.napoleonsports.be
*.spinaway.com
we have a lot of 3rd party\'s such as cpanels/etc which will are OOS so if you are in doubt, contact security@superbet.com.
*.superbet.com
*.superbet.pl
*.superbet.ro
For our main application ```superbet.ro``` You can use a Romanian fake CNP generator in order to create an account, such as - https://isj.educv.ro/cnp/ in order to create an account. Make sure you are using a Romanian VPN as the portal works only for Romanian IP’s.
Or use a test account from this list( some of them might not work so try multiple ones):
synack1 - rNc7pGnzxaWRaK
synack2 - tQWdwGX4B5agoe
synack3 - 2hZHsnFhZPTT3D
synack4 - 6qE8ZG8JQgSWCU
synack5 - yfjzvoWLYZn4GM
synack6 - JUKzSYr626V7zZ
synack7 - VMs8C4txt3hNzQ
synack8 - LyEb8vuuRRgiXd
synack9 - KZkfiVXrHZ3JxX
synack10 - 6sphJVv3PFp8mB
● Please add the following User-Agent header when you are using any automated tools or scripts - User-agent: hackerone -. Requests that will not contain this cookie header might get blocked by our tools/SOC team.
*.superbet.rs
This is our new betting platform, available only in serbia. We only allow connection from Serbian Ip\'s, so please use a VPN.
ro.superbet.games
Make sure you change your google play country to Romania so you can access the app.
https://play.google.com/store/apps/details?id=ro.superbet.games&hl=ro&gl=RO
ro.superbet.sport
Make sure you set the location to your google play account to Romania so you can access the app
https://play.google.com/store/apps/details?id=ro.superbet.sport&hl=ro&gl=RO
*.magiceden.dev
Cryptocurrency = Solana
*.magiceden.io
*.magiceden.workers.dev
Magic Eden Wallet (Chrome Extension)
magiceden.io
1431768824
563291345
Any other subdomains under this domain are not in scope and ineligible for submission
965180355
api.avtoelon.uz
api.kolesa.kz
api.krisha.kz
app.avtoelon.uz
app.kolesa.kz
app.krisha.kz
avtoelon.uz
id.avtoelon.uz
id.kolesa.kz
kolesa.kz
krisha.kz
kz.kolesa
kz.krisha
m.avtoelon.uz
m.kolesa.kz
m.krisha.kz
uz.avtoelon
*.boozt.com
*.booztlet.com
com.boozt
com.boozt.app
com.boozt.booztlet
com.booztlet
kronor.io
We are interested in reports covering the following endpoints only:
1. https://kronor.io/v1/graphql
2. https://payment-gateway.kronor.io
3. https://kronor.io/cde/gql
my.sheer.com
www.sheer.com
1589071345
App name: My Vodafone Oman
apix.vodafone.om
om.vodafone.mva
vfo01.vodafone.om
vfo02.vodafone.om
vfo03.vodafone.om
www.vodafone.om
api.au.frontegg.com
portal.au.frontegg.com
*.indrive.com
*.indriver.com
*.indriverapp.com
ab-platform-api.eu-east-1.indriverapp.com
argocd.indrive.dev
auth.indrive.tech
auth2.indrive.tech
aws.indrive.tech
cargo.indrive.com
ci.indrive.dev
debug.clairvoyance.indrive.tech
external.indrive.dev
file-storage-front.eu-east-1.indriverapp.com
https://*.indriver.io
https://*.indriverjob.com
ingest.clairvoyance.indrive.tech
injob.indriver.com
intercity-*.eu-east-1.indriverapp.com
messenger.eu-east-1.indriverapp.com
new-order.eu-east-1.indriverapp.com
priority.eu-east-1.indriverapp.com
profile-api.eu-east-1.indriverapp.com
super-services.indriverapp.com
terra-*.indriverapp.com
truck-api.eu-east-1.indriverapp.com
volans.tech
watchdocs.indriverapp.com
wga.volans.tech
1671793296
zerobounce.net
1324809509
https://apps.apple.com/us/app/id1324809509
1528364633
https://apps.apple.com/us/app/luna-controller/id1528364633
302584613
https://apps.apple.com/us/app/id302584613
621574163
https://apps.apple.com/us/app/amazon-photos/id621574163
944011620
https://apps.apple.com/us/app/id944011620
947984433
https://apps.apple.com/us/app/id947984433
Echo Family Devices
Echo (Gen 4),
Echo Dot (Gen 4)
Echo Dot with Clock (Gen 4)
Echo Show 10
Echo Flex
Echo Buds
Echo Frames
Echo Auto
FireTV
Fire TV Stick (Gen 3)
Amazon Fire TV Cube (Gen 2)
Fire TV Stick Lite
Fire TV Blaster
Kindle E-Reader
Kindle Oasis (Gen 10)
Kindle (Gen 10)
Luna
Luna Controller
Tablets
Fire HD 8 (Gen 10)
Fire 7" (Gen 9)
Fire HD 10 (Gen 9)
a4k.amazon.com
alexa.amazon.com
alexaanswers.amazon.com
amazon.com/hz/mycd/*
api.amazonalexa.com/*
blueprints.amazon.com
com.amazon.clouddrive.photos
https://play.google.com/store/apps/details?id=com.amazon.clouddrive.photos
com.amazon.dee.alexaonwearos
com.amazon.dee.app
https://play.google.com/store/apps/details?id=com.amazon.dee.app
com.amazon.kindle
https://play.google.com/store/apps/details?id=com.amazon.kindle
com.amazon.storm.lightning.client.aosp
https://play.google.com/store/apps/details?id=com.amazon.storm.lightning.client.aosp
com.amazon.tahoe.freetime
https://play.google.com/store/apps/details?id=com.amazon.tahoe.freetime
com.amazon.tails
https://play.google.com/store/apps/details?id=com.amazon.tails
creator.amazon.com
developer.amazon.com/alexa/*
developer.amazon.com/apps-and-games/*
https://luna.amazon.com/*
https://www.amazon.com/luna/*
read.amazon.com
skills-store.amazon.com
www.amazon.com/photos/*
Android & iOS App for REI Customers
To download the app, please visit https://www.rei.com/mobile
What it does?
REI customers can place orders through the app on their smartphone
Any public cloud resource or infrastructure operated and managed by REI.
* Public cloud storage accounts. (e.g. AWS S3 buckets)
* Public cloud computer server. (e.g. AWS EC2 instances)
http://collaboration.rei.com
http://rei.com/adventures
http://rei.com/events
http://rei.com/lists
http://www.rei.com/learn/expert-advice
rei.com
api.mergify.com
dashboard.mergify.com
https://www.zabbix.com/download_sources
You can download any supported versions of Zabbix distributive for testing purposes (including pre-release versions).
com.coinhako
Get the app here: https://play.google.com/store/apps/details?id=com.coinhako
com.coinhako.app
Get the app here: https://apps.apple.com/app/coinhako-bitcoin-wallet-asia/id1137855704
www.coinhako.com
cdn.arkoselabs.com
client-api.arkoselabs.com
customer-sessions.arkoselabs.com
demo.arkoselabs.com
This web app is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties.
iframe.arkoselabs.com
portal.arkoselabs.com
verify.arkoselabs.com
www.arkoselabs.com
This website is mainly a Marketing based site. Vulnerabilities on this asset will be awarded with lower bounties.
checksw.com
1- Check if you can pass the two authentications provided by Secure Gateway mobile APP, Try any possible way to login without receiving the code, or try brute force the code or pass the rate limit.
2- Check if you can pass upload prevention system, try any file extension out of the list (jpg,jpeg,png,gif,jfif,mp4,doc,docx,pdf,xls,xlsx,ppsx,ppt,pptx,flv,rar,zip,htm,html) And the file you uploaded should function in a browser when visiting the file.
3- Check whether you can pass the Secure Gateway upload detector system, for example upload \'.jpg\' file It has the word [php_uname] in the file content (not in file name).
Instructions
For 2FA, you need to install \'Secure Gateway\' APP on your phone to get onetime a code. Secure Gateway APP can be downloaded by clicking on the link below.
For Apple Devices
https://apps.apple.com/us/app/secure-gateway/id1633721151
For Android Devices
https://play.google.com/store/apps/details?id=com.alscotoday.SecureGateway
Then contact us to provide you with a test account to login to Secure Gateway APP.
Guidelines:
1-Only full hack scenario will be accepted, e.g., edit the index page, or download the database.
2-Upload html file contain JavaScript are not considered as vulnerability, Unless you can change an index page, database or file on our system.
3-A recorded video must be included with every report submitted.
4- If you don\'t follow these guidelines we will not award a bounty for the report.
5-Business logic errors and misconfigurations are out of scope, but you are welcome to submit reports.
Required Reporting Format
Affected target, feature, or URL:
Description of problem:
Impact of the issue:
Steps to reproduce:
Proof of Concept:
Is knowledge of this issue currently public?
Only complete hacking scenarios will be accepted; otherwise, the report will be closed.
Any report that does not follow these guidelines will be rejected and closed.
royal.checksw.com
Check [Royal CMS] Against Common Injection include [XSS Injection , SQL Injection ,SQLi Injection , OS Injection ,Command Injection, URL Injection , Remote Code Execution, and privilege escalation] that could cause hack CMS and change major files in back-end server.
app.dynamic-preprod.xyz
app.dynamic.xyz
Because we are still beta, if you provide us with a wallet public address we can whitelist your wallet.
Open a report with your address. Additionally, we\'ll close as informative to avoid any negative impacts.
Alternatively, you can email security@dynamic.xyz with your wallet address and H1 username. Anonymous emails are allowed.
demo.dynamic.xyz
While demo.dynamic.xyz is set to low severity, do note that we consider reports where using demo.dynamic.xyz to expose an issue with the backend api (https://app.dynamic.xyz and https://app.dynamicauth.com) to be critical.
For example, any issues that are specific to demo only are considered low.
*.boredapeyachtclub.com
*.cryptopunks.app
*.mdvmm.xyz
*.meebits.app
*.otherside.xyz
*.yuga.com
*.yugalabs.io
329381334701178885
CryptoPunks Discord Server
Canary Channel ID: 999377510355718245
831287358355275877
Bored Ape Yacht Club Discord Server
Canary Channel ID: 999376248943943813
937011954453721119
Meebits Discord Server
Canary Channel ID: 999376585037713568
961114489414094898
Otherside Discord Server
Canary Channel ID: 999375944731082923
app.moderntreasury.com
cdn.moderntreasury.com
http://sandbox-api.fireblocks.io
http://sb-console-api.fireblocks.io
http://sb-mobile-api.fireblocks.io
sandbox.fireblocks.io
Access to the sandbox (https://sandbox.fireblocks.io/) is provided after submitting this form https://info.fireblocks.com/fireblocks-developer-account, with the proton email provided by HackerOne credential management.
https://developers.fireblocks.com/docs/sandbox-quickstart
https://developers.fireblocks.com/docs/postman-guide
Authentication component
The Authentication component is used to provide MetaMask users services that require to be logged in and/or identified.
It is comprised of an Authentication API at: https://authentication.api.cx.metamask.io/ and an ORY Hydra OAuth server at: https://oidc.api.cx.metamask.io.
Documentation can be found in this [Doc]( https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub)
Message signing snap
This snap is pre-installed on MetaMask and can be tested via RPC calls.
- **Github source code**: https://github.com/MetaMask/message-signing-snap
- **Main documentation**: https://github.com/MetaMask/message-signing-snap/blob/main/docs/testing.md
- **Testing video tutorial**: https://www.loom.com/share/93ce2929c2584cf89af87d76f61be978
MetaMask Browser Extension
Chrome Installation Link: https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn
Firefox Installation Link: https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/
Supporting Documentation
- https://docs.metamask.io/guide/
- https://github.com/MetaMask/metamask-extension
MetaMask SDK
The MetaMask SDK allows for third party developers to remotely connect with their user\'s MetaMask wallets after performing an authorization flow.
Javascript SDK Installation Guide:
* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-js/
Mobile SDK Installation Guide:
* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-mobile.html
Unity SDK Installation Guide:
* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-unity.html
Architecture documentation:
* https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer
Snaps
Snaps is a feature that allows third party developers to add new functionality to MetaMask. A snap is a JavaScript program that runs in an isolated environment and customizes the wallet experience. Snaps have access to a limited set of capabilities, determined by the [permissions](https://docs.metamask.io/snaps/how-to/request-permissions/) the user granted them during installation.
Visit our [quickstart guide](https://docs.metamask.io/snaps/get-started/quickstart/) to learn how to build your own snap, or visit [snaps.metamask.io](http://snaps.metamask.io) to see the possibilities that snaps now offer.
Please note that for the duration of the open beta, custom made snaps can only be installed on experimental [MetaMask Flask](https://metamask.io/flask/). While that asset is out of scope, vulnerabilities concerning the snaps feature are eligible for submission if they affect the main extension as well.
**Supporting Documentation:**
- https://github.com/MetaMask/snaps/tree/main
- https://docs.metamask.io/snaps/
**Architecture Documentation**
- https://github.com/MetaMask/snaps/tree/main/docs/internals
**Packages included in this scope:**
- [rpc-methods](https://github.com/MetaMask/snaps/tree/main/packages/rpc-methods)
- [snaps-controllers](https://github.com/MetaMask/snaps/tree/main/packages/snaps-controllers)
- [snaps-execution-environments](https://github.com/MetaMask/snaps/tree/main/packages/snaps-execution-environments)
- [snaps-utils](https://github.com/MetaMask/snaps/tree/main/packages/snaps-utils)
- [snaps-ui](https://github.com/MetaMask/snaps/tree/main/packages/snaps-ui)
As snaps is a first party feature integrated into MetaMask, vulnerabilities will be scored relative to the impact demonstrated against the MetaMask Extension without a change in scope.
Snaps Development Packages
The Snaps development tools consist of a series of unrelated packages that can assist in the development of a snap. These tools are eligible for a bounty in cases where a victim can be impacted by exploiting one of the following tools (ex: achieving remote code execution by having a developer build your snap with snaps-cli).
These tools are as follows:
- [create-snap](https://github.com/MetaMask/snaps/tree/main/packages/create-snap)
- [snaps-browserify-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-browserify-plugin)
- [snaps-cli](https://github.com/MetaMask/snaps/tree/main/packages/snaps-cli)
- [snaps-rollup-plugin](https://github.com/MetaMask/snaps/tree/main/packages/snaps-rollup-plugin)
- [snaps-simulator](https://github.com/MetaMask/snaps/tree/main/packages/snaps-simulator)
- [snaps-webpack-plugins](https://github.com/MetaMask/snaps/tree/main/packages/snaps-webpack-plugins)
https://*.metamask.io
**Please ensure you are not reporting a subdomain that is explicitly listed as being out of scope.**
Bounty eligibility is determined based on the impact that can be demonstrated by exploiting the affected asset.
https://metamask.github.io/phishing-warning/<vX.Y.Z>
The phishing warning page is a security control that warns users when they attempt to visit a webpage found on one of our known phishing blocklists. While many versions of this page exist, only vulnerabilities found on the latest version are eligible for a bounty.
Supporting Documentation:
* https://github.com/MetaMask/phishing-warning/releases
* [Code usage in MetaMask extension](https://github.com/MetaMask/metamask-extension/blob/d96c2b8530ff0fe66ad8977641bc70cc0b58cc03/app/scripts/contentscript.js#L611-L624)
https://user-storage.api.cx.metamask.io
The User Storage API helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy.
Documentation can be found in this [Doc](https://docs.google.com/document/u/1/d/e/2PACX-1vRzlbxKTKQ4x8mvUEUs8hv-fcGsi0W717Pbg2_Rk3lcoM5PuSCI66JUWaWdL_Vz0GNMbZU4aYaC2rcQ/pub)
io.metamask
Installation Link: https://metamask.io/download/
Supporting documentation
- https://github.com/MetaMask/metamask-mobile
io.metamask.Metamask
metamask.io
The root https://metamask.io webpage and the metamask.io DNS configuration.
portfolio.metamask.io
**All reports regarding this asset should be submitted to the ConsenSys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there. **
The Portfolio dApp allows Metamask users to see an aggregated view across multiple different Metamask accounts. It also allows users to access popular on-chain primitives like Swaps, Bridging, Staking, and more.
snaps.metamask.io
This is a directory that lists featured snaps available for installation on MetaMask.
**Supporting Documentation**
- https://github.com/MetaMask/snaps-directory
api.skinport.com
Public REST API - Docs: https://docs.skinport.com
app.skinport.com
Backend: [app.skinport.com](app.skinport.com)
**Important Note:**
Alias of skinport.com/api/ (to app.skinport.com/api/)
http://skinport.com/blog/
skinport.com
skinport.com (without subdomains, e.g. screenshot.skinport.com, float.skinport.com and so on)
Frontend: [skinport.com](https://skinport.com)
- skinport.com/api/ (redirected to app.skinport.com/api/) submissions, please use app.skinport.com scope!
- skinport.com/support: If you are to test anything related to typing in the support ticket, please, send following message before that.
`Hello. I\'m a pentester from HackerOne. I\'m going to test something in support ticket. Your developers are aware of that.`
*.eu.floqast.app
All domains for FloQast\'s Core Application for European Customers
*.floqast.app
All domains for FloQast\'s Core Application for US Customers
api-eu.floqast.app
Public API for FloQast\'s Core Application for European Customers
https://*.floqast.engineering
These domains shouldn\'t be accessible, so if you\'re able to get a 200 response and get the actual page contents and not something like "You need to enable JavaScript to run this app. ", please don\'t hesitate to submit a report.
Any public (Internet-facing) infrastructure owned and operated by Palantir.
This is an expansive scope to help you identify security issues in any Internet-facing infrastructure we run.
All domains and subdomains owned and operated by Palantir are included within the scope. These may include, but are not limited to:
* palantir.com
* palantir.tech
* palantir.build
* palantircloud.com
* palantircloud.co.uk
* palantirfoundry.com
* palantirfoundry.co.uk
* palantirfoundry.de
* palantirfoundry.fr
* palantirfoundry.com.au
* palantirgov.com
* foundrygov.com
All assets and services on these, and other Palantir-owned domains (unless otherwise noted as out-of-scope) may be eligible for awards. This may include cloud resources, firewalls, network devices, servers, and other assets or applications.
Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.
- Public cloud storage accounts. (e.g. AWS S3 buckets, Azure data blobs)
- Public cloud compute servers. (e.g. AWS EC2 instances, Azure Virtual Machines)
MongoDB BI Connector
MongoDB Cluster-To-Cluster sync
MongoDB Compass
MongoDB Driver: .NET
MongoDB Driver: C
MongoDB Driver: C#
MongoDB Driver: C++
MongoDB Driver: Go
MongoDB Driver: Java
MongoDB Driver: Node.js
MongoDB Driver: PHP
MongoDB Driver: Python
MongoDB Driver: Ruby
MongoDB Driver: Rust
MongoDB Kafka Connector
MongoDB Owned GitHub Repositories
MongoDB GitHub related reports are encouraged however, eligible reports may be rewarded at a percentage of the severity reward payout.
MongoDB Realm SDKs
MongoDB Relational Migrator
MongoDB Server Local Instance
MongoDB Shell
MongoDB Spark Connector
MongoDB VS Code Plugin
artifactory.corp.mongodb.com/
https://*.corp.mongodb.com*
https://www.*mongodb.com/*
The following domains fall under the \\*.mongodb.com/\\* domain:
* \\*.corp.mongodb.com/\\*
* \\*.infosec.mongodb.com/\\*
* \\*.marian.mongodb.com/\\*
* \\*.transport.mongodb.com/\\*
* \\*.students.mongodb.com/\\*
* \\*.dev.mongodb.com/\\*
* \\*.support.mongodb.com/\\*
* \\*.compass.mongodb.com/\\*
* \\*.university.mongodb.com/\\*
* \\*.blog.mongodb.com/\\*
* \\*.api.mongodb.com/\\*
There are domains that fall under the \\*.mongodb.com/\\* that are out of scope. Please refer to out of scope section
PLEASE NOTE eligible subdomain takeover reports may be rewarded at a percentage of the severity reward payout.
mongodb.live/*
*.deribit.com
1293674041
Tier 1
Tier 2
com.deribit
insights.deribit.com
metrics.deribit.com
pb.deribit.com
test.deribit.com
tools.deribit.com
api.sorare.com
This is Sorare\'s GraphQL Open API. More documentation about the API can be found on GitHub: https://github.com/sorare/api
sorare.com
This is Sorare\'s main application.
ws.sorare.com
This is Sorare\'s WebSocket domain, providing GraphQL subscriptions capabilities as described in https://github.com/sorare/api#subscribing-to-graphql-events
*.hilton.com
All subdomains of hilton.com that resolve to IP addresses belonging to the Rackspace organization are considered out of scope. In addition, the application eis.hilton.com is out of scope.
*.hilton.io
*.hiltonbusinessonline.com
*.hiltonlocalbiz.com
121.200.237.36/29
167.187.0.0/16
192.251.123.0/24
192.251.124.0/24
192.251.125.0/24
192.251.126.0/24
203.79.37.2/29
62.216.152.46/29
82.196.42.196/28
hilton.com
Authentication functionality when a user creates a Hilton Honors account (https://www.hilton.com/en/hilton-honors/join/). To create a Hilton Honors account, finders should complete the free sign-up process. The string “Test-Hackerone” must be prepended to the First and Last name fields for all Honors accounts created for the purposes of security testing.
hilton.io
hiltonbusinessonline.com
hiltonlocalbiz.com
com.compass.compass
https://apps.apple.com/us/app/compass-real-estate-homes/id692766504
www.compass.com
*.sidefx.com
*.wellsfargo.com
com.wellsfargo.ceomobile
com.wf.ceomobile
com.wf.mobilebanking
com.wf.wellsfargomobile
connect.secure.wellsfargo.com
This is our retail banking experience, and a priority domain.
http://wellsfargo.com
Wickr Me Android
Wickr Me Linux
Wickr Me OS X
Wickr Me Windows
Wickr Me iOS
Wickr Pro Android
Wickr Pro Linux
Wickr Pro OS X
Wickr Pro Windows
Wickr Pro iOS
Wickr Pro/Wickr Me (all related technical components) (up to)
admin.wickr.com
*.payoneer.com
http://greenchannel.payoneer.com.cn/gcportal
payoneer.com.cn
Payoneer China
*.hypermint.com
*.moonpay.com
*.moonpaycloud.com
api.moonpay.com
app.moonpay.com
auth.moonpay.com
buy.moonpay.com
https://apps.apple.com/app/id1635031432
https://github.com/moonpay
Archived repositories are excluded and considered out of scope.
https://play.google.com/store/apps/details?id=com.moonpay
hypermint.com
moonpay.com
sell.moonpay.com
web3.moonpay.com
1091010942
iOS Mobile app
app.koho.ca
Our app API gateway.
ca.koho
Android Mobile app
http://api.koho.ca/1.0
Our main API gateway
http://api.koho.ca/partner
Used for API calls to/for our partners
usercontent.koho.ca
Used for our assets to be delivered to customers (i.e. logo, stylesheets, etc.).
web.koho.ca
Customer-facing Web application
webgateway.koho.ca
Our web API gateway.
www.koho.ca
Marketing website
*.capitalone.ca
*.capitalone.com
*.capitalonegslbex.com
*.capitaloneshopping.com
1089294040
407558537
Capital One Shopping Browser Extension
Eno® Browser Extension
com.konylabs.capitalone
com.wikibuy.prod.main
knox.beta.blendlabs.com
api.razorpay.com
Reference:
https://razorpay.com/docs/
checkout.razorpay.com
Payment Workflow: https://razorpay.com/docs/payments/dashboard/test-live-modes/
https://razorpay.com/docs/payments/payments/test-card-upi-details/
dashboard.razorpay.com
Signup Workflow: https://razorpay.com/docs/payments/sign-up/
invoices.razorpay.com
payroll.razorpay.com
Doc - https://razorpay.com/docs/x/xpayroll/
x.razorpay.com
Docs - https://razorpay.com/docs/x
https://git.libssh.org/
Disclosure instructions: https://www.libssh.org/development/security-process/
https://github.com/Electron
Build cross platform desktop apps with JavaScript, HTML, and CSS. Disclosure instructions: https://github.com/electron/electron/security/policy
https://github.com/Nginx
Disclosure instructions: http://nginx.org/en/security_advisories.html
https://github.com/apache/airflow
Disclosure instructions: https://github.com/apache/airflow/security/policy
https://github.com/apache/httpd
Disclosure instructions: http://httpd.apache.org/security_report.html
https://github.com/apache/tomcat
Disclosure instructions: https://tomcat.apache.org/security.html
https://github.com/argoproj/argoproj
Disclosure instructions: https://github.com/argoproj/argoproj/blob/master/SECURITY.md
Project Modifier: bounty amounts for this project are adjusted based on the following criteria:
-50% : Vulnerability is not exploitable in a default configuration of Argo.
https://github.com/curl/curl
Disclosure instructions: https://github.com/curl/curl/blob/master/docs/VULN-DISCLOSURE-POLICY.md
https://github.com/django
The Web framework for perfectionists with deadlines. Disclosure instructions: https://www.djangoproject.com/security/
https://github.com/libuv/libuv
Disclosure instructions: https://github.com/libuv/libuv/security
https://github.com/nodejs/node
Disclosure instructions: https://hackerone.com/nodejs
**Project Modifier:** bounty amounts for this project are adjusted based on the following criteria:
-50% : Vulnerability is not exploitable in a default configuration of Node.js.
-25% : A proposed patch was not provided for the issue.
https://github.com/openssl/openssl
OpenSSL. Disclosure instructions: https://www.openssl.org/news/vulnerabilities.html
https://github.com/rack/rack
Disclosure instructions: https://github.com/rack/rack/security/policy
https://github.com/rails
Ruby on Rails. Disclosure Instructions: https://rubyonrails.org/security/
https://github.com/ruby
The Ruby Programming Language. Disclosure Instructions: https://www.ruby-lang.org/en/security/
https://github.com/rubygems/rubygems
Library packaging and distribution for Ruby. Disclosure instructions: https://guides.rubygems.org/security/#reporting-security-vulnerabilities
https://github.com/rust-lang/rust
Rust Programming Language. Disclosure Instructions: https://www.rust-lang.org/policies/security
https://github.com/spiffe/spiffe
Disclosure instructions: If you\'ve found a vulnerability or a potential vulnerability in SPIFFE please report it at security@spiffe.io.
https://github.com/spiffe/spire
Disclosure instructions: https://github.com/spiffe/spire/security/policy
https://wiki.xenproject.org/wiki/Xen_Project_Repositories
Disclosure instructions: https://xenproject.org/developers/security-policy/
Eligible scope only includes issues for which an XSA is issued.
rubygems.org
Disclosure instructions: Submit any new or potential vulnerabilities for rubygems.org to https://hackerone.com/rubygems
*.code.gov
Bounty level: Initial
*.login.gov
*.search.gov
account.fr.cloud.gov
admin-catalog-bsp.data.gov
admin.fr.cloud.gov
alertmanager.fr.cloud.gov
api.data.gov
api.fr.cloud.gov
catalog.data.gov
From the data.gov Catalog, you will find many external references. These external sites and the data hosted there is **not in scope** for this program.
ci.fr.cloud.gov
cloud.gov
dashboard-beta.fr.cloud.gov
dashboard.fr.cloud.gov
diagrams.fr.cloud.gov
federalist-docs.18f.gov
federalist-proxy.app.cloud.gov
federalist.18f.gov
federation.data.gov
grafana.fr.cloud.gov
https://github.com/18f/docker-ruby-ubuntu
https://github.com/18f/federalist
https://github.com/18f/federalist-builder
https://github.com/18f/federalist-docker-build
https://github.com/18f/federalist-proxy
https://github.com/18f/identity-idp
https://github.com/18f/identity-saml-rails
https://github.com/18f/identity-saml-sinatra
https://github.com/gsa/data.gov
https://github.com/gsa/datagov-deploy
idp.fr.cloud.gov
inventory.data.gov
labs.data.gov
login.fr.cloud.gov
logs-platform.fr.cloud.gov
logs.fr.cloud.gov
marketplace.fedramp.gov
nessus.fr.cloud.gov
opslogin.fr.cloud.gov
prometheus.fr.cloud.gov
sdg.data.gov
ssh.fr.cloud.gov
tock.18f.gov
www.data.gov
www.fedramp.gov
www.usa.gov
Bounty Level: Initial ($150 - $2,000)
The following subdomains are also in scope:
- analytics.usa.gov
- search.usa.gov
Chatbot, chat, and webform functionality on www.usa.gov is provided by SaaS providers, therefore we cannot guarantee being able to make mitigations in these areas.
http://*.newegg.ca
http://*.newegg.com
*.krisp.ai
Except for OOS domains
Other
Anything that is verified that belongs to us and doesn\'t match any other scope.
account.krisp.ai
Krisp account frontend
analytics.krisp.ai
Krisp analytics
api.krisp.ai
Krisp API
app.krisp.ai
download.krisp.ai
Download endpoints
https://download.krisp.ai/mac
Krisp MacOS electron app.
Bypassing free minutes limitation via changing frontend applications\' logic is out of scope
https://download.krisp.ai/win
Krisp Windows electron app.
krisp.ai
teams.krisp.ai
Teams API
upld.krisp.ai
Websocket API
Hedera Go SDK
https://github.com/hashgraph/hedera-sdk-go
The Hedera Go SDK provides services for interacting with Hedera Hashgraph.
Hedera Java SDK
https://github.com/hashgraph/hedera-sdk-java
The Hedera Java SDK provides services for interacting with Hedera Hashgraph.
Hedera Javascript SDK
https://github.com/hashgraph/hedera-sdk-js
The Hedera Javascript SDK provides services for interacting with Hedera Hashgraph.
Hedera Mirror Node Codebase
https://github.com/hashgraph/hedera-mirror-node
Hedera Mirror Nodes receive information from the Hedera nodes and can provide value-added services such as APIs, auditing, analytics, visibility services, security threat modeling, data monetization services, etc.
Hedera Network Services Codebase
https://github.com/hashgraph/hedera-services
Services run by Hedera consensus nodes. Testing for the purposes of bug bounties is best replicated using Local Nodes.
Hedera Testnet API Endpoints
nodes: https://docs.hedera.com/guides/testnet/testnet-nodes
Testnet nodes belong to the test network and run the same code as the Hedera Mainnet nodes.
Testnet Mirror Node APIs
https://testnet.mirrornode.hedera.com
https://hcs.testnet.mirrornode.hedera.com
1180400838
iOS app ([App Store](https://apps.apple.com/il/app/k-health-telehealth/id1180400838
)).
accounts.khealth.com
Please remember to include a unique string in the User-Agent of every HTTP request made by yourself or any tooling you use.==**Include the string “(h1)” in your user-agent as follows:** - `User-Agent`: `[..] (h1)`
This helps us separate your traffic from real user traffic. It is especially useful when we\'re seeing indicators of attack!!
ai.kanghealth
Android app ([Play Store](https://play.google.com/store/apps/details?id=ai.kanghealth
anthem.khealth.com
api.khealth.com
api.khealth.io
Main API (“kangpy” service)
app.khealth.com
Redirect - The production environment of the K Health app, redirects you to the kaccount.khealth.com service for login purposes.
ask.khealth.com
Ask K is an open question platform where anyone can ask our engine any question without the need to identify themselves.
eligibility.khealth.com
Enterprise account experience to determine eligibility
http://auth.khealth.com/cedars/sign-up
http://auth.khealth.com/khealth/sign-up
http://auth.khealth.com/mayo-la-crosse/sign-up
http://clinical-quality.khealth.com/api/v1
https://*.khealth.com
All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope.
https://*.khealth.io/
https://*.khealth.us/
kaccount.khealth.com
This web page is K Health\'s login page. Users are logging into the K app from this web page.
middle-force.khealth.io
salesforce.khealth.com
start.khealth.com
Also known as “care navigation”, is a separate web application (and set of server side APIs) that attempts to route users to the correct program inside of K. This is very old code that dates back to when we only had a mobile app.
treatments.khealth.com
ED medication selection used in the current ED flow. Select meds / quantity / frequency + enter CC details
www.kpharmacyllc.com
api.smtp2go.com
Most of the endpoints are handled by Flask on Python3 with Postgres as a main database.
Newer endpoints use Go on Gin framework.
Redis is mostly used for cache and ratelimitting.
Instructions and documentations can be found here:
https://apidoc.smtp2go.com/documentation/
app.smtp2go.com
Flask based app running on Python 2.7, some pages are VueJS but most are scripted with custom JQuery.
Create a free account in order to gain login access.
smtp2go.com
Standard Wordpress site hosted with WPEngine, scripting is all custom JQuery based.
*.bingoblitz.com
*.boardkingsgame.com
*.caesarsgames.com
*.houseoffun.com
*.justfall.lol,*.justplay.lol,*.1v1.lol
*.monopoly-poker.com
This App belongs to our Tier 3 category of rewards system.
*.playtika.com
Reports on any domain/app not specifically included are excluded from the scope.
*.playwsop.com
*.redecor.com
*.serious.li
*.seriously.com
*.slotomania.com
*.wooga.com
1116488672
1200391796
1215220850
1223338261
1413287364
1438744533
1448884851
1474700 (Steam app id)
1508620125
1510325826
1v1.lol
447553564
480523695
529996768
586634331
594802437
603097018
645949180
654671575
719525810
868013618
975035622
9nqwjwnqjj5n
air.com.buffalo_studios.newflashbingo
air.com.playtika.cvs
air.com.playtika.slotomania
bestfiends.com
com.Seriously.BestFiends
com.Seriously.Phoenix
com.bigblueparrot.pokerfriends
com.jellybtn.boardkings
com.jellybtn.cashkingmobile
com.pacificinteractive.HouseOfFun
com.playtika.caesarscasino
com.playtika.wsop.gp
com.wooga.pearlsperil
com.youdagames.monopolypoker
fi.reworks.redecor
gnocchi-www.buffalo-ggn.net
https://apps.facebook.com/pearls-peril
https://apps.facebook.com/pokerheat
https://apps.facebook.com/vegas_downtown_slots
lol.onevone
net.supertreat.solitaire
net.wooga.junes_journey_hidden_object_mystery_game
net.wooga.switchcraft.googleplay
net.wooga.tropicats_tropical_cats_puzzle_paradise
*.tide.co
api.tideplatform.in
co.tide
co.tide.tideplatform.in
com.tideplatform.banking
1127881507
Dolap IOS Application
524362642
Trendyol IOS Application
6467634418
Trendyol Milla IOS Application
com.dolap.android
com.trendyol.milla.android
Trendyol Milla Android Application
m.trendyol.com
Feel free to use enm.trendyol.com as the codebase is shared across all languages
trendyol.com
www.dolap.com
www.trendyol-milla.com
www.trendyol.com
Feel free to use en.trendyol.com as the codebase is shared across all languages
api.recordedfuture.com
app.recordedfuture.com
com.recordedfuture.mobile
geminiadvisory.io
hatching.io
id.recordedfuture.com
securitytrails.com
therecord.media
tria.ge
www.recordedfuture.com
*.clubhouse.com
*.clubhouseapi.com
*.joinclubhouse.com
1503133294
iOS application
Clubhouse Production and Corporate Infrastructure
com.clubhouse.android
Android Application
*.api.cx.metamask.io
developer.metamask.io
http://portfolio.metamask.io
http://staking.consensys.io
https://consensys.io/
https://docs.metamask.io/developer-tools/faucet
https://metamask-sdk-socket.metafi.codefi.network/
The SDK Socket server facilitates the communication between a MetaMask SDK Client and a MetaMask wallet allowing for them to connect with each other remotely. For documentation please read https://c0f4f41c-2f55-4863-921b-sdk-docs.github.io/guide/metamask-sdk-concepts.html#communication-layer.
on-ramp.metaswap-dev.codefi.network
# On-Ramp Aggregator HackerOne
## Description
The goal of the On-Ramp Aggregator is to allow users to purchase cryptocurrencies from multiple providers. The aggregator takes a list of parameters (country, payment method, crypto currency, fiat, etc.) and retrieves quotations from the providers.
## Scope
The scope of this HackerOne project is:
- The API located at https://on-ramp.metaswap-dev.codefi.network
- The associated SDK available at https://www.npmjs.com/package/@consensys/on-ramp-sdk
Vulnerabilities you may look for:
- Getting access to personal information that is not yours
- Getting access to secret API keys
- Server crashes
## Out of scope
The following are out of scope:
- SDK technical errors
- The Swagger UI located at https://on-ramp.metaswap-dev.codefi.network/docs (it is only available for your convenience on this test environment)
- Server performance: this is a test infrastructure
- Any SDK version < 0.0.21
The MetaMask mobile version uses the API and the SDK, and is associated to another HackerOne project.
## How to test the API
The test environment provides a Swagger UI: https://on-ramp.metaswap-dev.codefi.network/docs. You can use it to list the available endpoints.
### Health
These endpoints provide information about the status of the API: version, dependencies...
### Regions
The `/regions/countries` endpoint provides information about support of most of the world countries.
The `/regions/{regionCode}` endpoint provides information about supported payment methods, fiat currencies, crypto currencies in a specific country. Exmaples of `{regionCode}` are provided by Swagger UI.
### Translations
The `/translations/default` endpoint provides the translation template which can be used to translate the application. Only the English version ("default") is available. This endpoint shouldn\'t return any user-related information.
### Order Management
The `/providers/{providerCode}/callback` endpoint allows to extract a purchase order ID from an URL. This URL is supposed to be provided by crypto currencies providers: Transak, Wyre, MoonPay...
The `/providers/{providerCode}/orders/{orderCode}` allows a user to retrieve information about their order. They need to provide the Order ID and the associated wallet (an ethereum address). Getting access to an order without both these parameters would be a vulnerability.
The `/providers/{providerCode}/buy-widget` displays the associated provider widget allowing to purchase crypto currency with the provided parameters. It only works for Moonpay. Here is an example of parameters:
- providerCode: `moonpay`
- regionId: `/regions/fr`
- paymentMethodId: `/payments/debit-credit-card`
- cryptoCurrencyId: `/currencies/crypto/1/eth`
- fiatCurrencyId: `/currencies/fiat/eur`
- amount: `50`
- walletAddress: `0x58e5A5478bd302c2E8BEbCbF0342919EE4Aa0e6c`
- redirectUrl: `https://www.google.com/`
## How to test the SDK
The SDK is available here: https://www.npmjs.com/package/@consensys/on-ramp-sdk
The SDK is written in TypeScript, so you can use autocompletion to display the available methods.
## For support
Please contact Kevin Le Jeune for technical questions: kevin.le-jeune@consensys.net
support.metamask.io
tickets.metamask.io
*.gethypr.com
*.hypr.com
HYPR Workforce Access.app
HyprUnlock.exe
com.hypr.one
*.lemonsqueezy.com
We will only be accepting reports with high and critical CVSS for the time being.
*.link.co
Link is a simple and secure way to pay in one click on tens of thousands of sites. Save your payment information with Link the first time you check out. Link will autofill your saved card details and shipping addresses for all future purchases on Link-supported sites. Users can manage their saved information on the link.co website.
Landing page: https://link.com
Main application: https://app.link.com
Support page: https://support.link.com
*.recko.io
*.reckoproduction.com
*.reckostaging.com
*.stripe.com
978516833
Stripe iOS Dashboard App
App Store URL: https://apps.apple.com/us/app/stripe-dashboard/id978516833
Stripe Apps
Vulnerabilities found in third party apps and their backend infrastructure should be reported to the responsible developer.
Reporters should only report vulnerabilities in Stripe third party apps to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty.
Stripe Atlas
Startup incorporation
Docs: https://stripe.com/docs/atlas
Stripe Billing
Subscriptions and invoicing
Docs: https://stripe.com/docs/billing
Sample Billing applications:
* [stripe-samples/subscription-use-cases](https://github.com/stripe-samples/subscription-use-cases): Create subscriptions with fixed prices or usage based billing.
* [stripe-samples/checkout-single-subscription](https://github.com/stripe-samples/checkout-single-subscription): Learn how to combine Checkout and Billing for fast subscription pages
Stripe Capital
Docs: https://docs.stripe.com/capital/how-stripe-capital-works
Stripe Checkout
Prebuilt, Stripe hosted checkout page
URL: https://checkout.stripe.com/
Docs: https://stripe.com/docs/payments/checkout
Sample Checkout applications:
* [stripe-samples/checkout-subscription-and-add-on](https://github.com/stripe-samples/checkout-subscription-and-add-on): Uses Stripe Checkout to create a payment page that starts a subscription for a new customer.
* [stripe-samples/checkout-one-time-payments](https://github.com/stripe-samples/checkout-one-time-payments): Use Checkout to quickly collect one-time payments.
Stripe Climate
Docs: https://docs.stripe.com/climate
Stripe Connect
Payments for platforms and marketplaces
Docs: https://stripe.com/docs/connect
Sample Connect applications:
* [stripe/stripe-demo-connect-kavholm-marketplace](https://github.com/stripe/stripe-demo-connect-kavholm-marketplace): Demo app for Global Marketplace using Stripe Connect
* [stripe/stripe-connect-rocketrides](https://github.com/stripe/stripe-connect-rocketrides): Sample on-demand platform built on Stripe: Connect onboarding for pilots, iOS app for passengers to request rides.
Stripe Dashboard
A user interface to operate and configure your Stripe account.
URL: https://dashboard.stripe.com
Docs: https://stripe.com/docs/dashboard
Stripe Data Pipeline
Docs: https://docs.stripe.com/stripe-data/access-data-in-warehouse
Stripe Elements
Secure frontend UI component
Docs: https://stripe.com/docs/stripe-js
Sample Stripe Elements application: [stripe/elements-examples](https://github.com/stripe/elements-examples): Stripe Elements examples
Stripe Financial Connections
https://docs.stripe.com/financial-connections
Stripe Identity
Docs: https://docs.stripe.com/identity
Stripe Invoicing
Docs: https://docs.stripe.com/invoicing
Stripe Issuing
Card creation
Docs: https://stripe.com/docs/issuing
Stripe Open Source
Open source projects authored or maintained by Stripe. Only non-archived and non-demo/non-sample projects are in scope. Projects forked from upstream sources are not in scope unless the reported functionality is used by Stripe.
URL: https://github.com/stripe
Stripe Payment Links
Docs: https://docs.stripe.com/payment-links
Stripe Payments
Online payments
Docs: https://stripe.com/docs/payments
Sample Payments application: [stripe-samples/accept-a-card-payment](https://github.com/stripe-samples/accept-a-card-payment): Learn how to accept a basic card payment on web, iOS, Android
Stripe Radar
Fraud and risk management
Docs: https://stripe.com/docs/radar
Stripe Revenue Recognition
Docs: https://docs.stripe.com/revenue-recognition
Stripe SDKs
Official API libraries
URL: https://stripe.com/docs/libraries
Terminal SDKs: https://stripe.com/docs/terminal/payments/setup-integration
Stripe Sigma
Custom reports
Docs: https://stripe.com/docs/sigma
Stripe Tax
Docs: https://docs.stripe.com/tax
Stripe Terminal
In-person and omnichannel payments
Docs: https://stripe.com/docs/terminal
Sample Terminal application: [stripe/stripe-terminal-js-demo](https://github.com/stripe/stripe-terminal-js-demo): Demo app for the Stripe Terminal JS SDK
Stripe Treasury
Docs: https://docs.stripe.com/treasury
Stripe for Visual Studio Code
api.stripe.com
https://stripe.com/docs/api
api.taxjar.com
app.taxjar.com
com.stripe.android.dashboard
Google Play Store URL: https://play.google.com/store/apps/details?id=com.stripe.android.dashboard&hl=en_US&pli=1
js.stripe.com
https://stripe.com/docs/js
Sample Stripe.js application: https://github.com/stripe-samples/accept-a-card-payment
Freshcaller-iOS-App
Freshcaller iOS app can be downloaded from https://apps.apple.com/us/app/freshcaller/id1424866045
Freshchat-iOS-App
Freshchat iOS app can be downloaded from
https://apps.apple.com/us/app/freshchat/id1273666080
Freshdesk-iOS-App
Freshdesk iOS app can be downloaded from https://apps.apple.com/us/app/freshdesk/id849713306
Freshservice Discovery Agent and Probe
Maximum reward of USD 7500 for RCE at agent endpoints using the Freshservice Discovery Agent and Probe.
Freshservice-Intune-iOS-App
Freshservice Intune iOS app can be downloaded from https://apps.apple.com/us/app/freshservice-for-intune/id6475669802
Freshservice-iOS-App
Freshservice iOS app can be downloaded from https://apps.apple.com/us/app/freshservice/id891265220
com.freshchat.agent.android
Freshchat Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshchat.agent.android
com.freshdesk.helpdesk
Freshdesk Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk
com.freshservice.helpdesk
Freshservice Android App can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk
com.freshservice.helpdesk.intune
Freshservice Intune Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshservice.helpdesk.intune
com.freshworks.freshcaller
Freshcaller Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshworks.freshcaller
yourdomain.freshcaller.com
Please sign up to create your account and start testing. Read the "In scope" items mentioned in the description. Reports received from accounts/domains that you don\'t own will not be considered eligible for bounty.
yourdomain.freshchat.com
yourdomain.freshdesk.com
yourdomain.freshservice.com
yourdomain.myfreshworks.com
We encourage you to create an account and commence testing. We kindly request that you review the "In scope" items detailed in the program description. Due to a product revamp, we have decided to remove Freshsales and Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team.
Out of scope:
Freshsales - https://yourdomain.myfreshworks.com/crm/sales/*
Freshmarketer - https://yourdomain.myfreshworks.com/crm/crm/marketer/*
bigcommerce-adapter.judge.me
This is a simple, lightweight server, basically just to connect BigCommerce websites to our main asset https://judge.me/.
Its entry point is from installing our BigCommerce app: https://www.bigcommerce.com/apps/product-reviews-by-judge-me/
cache.judge.me
This is a simple NodeJS server, using Hapi framework. It\'s basically to store and cache our public widgets\' HTML content, so that when end users want to fetch our widget content, they can fetch from this server directly, which is faster and more resilient to spikes in number of requests.
Please see our [help desk article](https://support.judge.me/support/solutions/articles/44001816387-how-to-make-requests-to-the-judge-me-cache-server) on how to enable and use this server.
https://judge.me/reviews
This is our new product. It is user (reviewer) facing, unlike the other assets, which are merchant facing. Its entry point is https://judge.me/reviews, and its pages are prefixed with https://judge.me/reviews.
judge.me
This is the core part of our system. It hosts our main app [Judge.me Product Reviews](https://apps.shopify.com/judgeme) and is also the central point of communication for other assets.
shop.judge.me
This is lightweight, basically just to connect our other Shopify apps to our main asset https://judge.me/.
Its entry point is https://shop.judge.me/login?app_key=ali_reviews or https://apps.shopify.com/aliexpress-review-importer
woocommerce-adapter.judge.me
This is a simple, lightweight server, basically just to connect Wordpress websites (specifically WooCommerce websites) to our main asset https://judge.me/.
Its entry point is from installing our Wordpress plugin: https://wordpress.org/plugins/judgeme-product-reviews-woocommerce/
api.doppler.com
This domain hosts our public API. It\'s used by the Doppler CLI as well as by customers directly. All APIs and supported auth schemes are [documented](https://docs.doppler.com/reference) in our Docs hub.
dashboard.doppler.com
This web app provides the ability to view and manage your secrets, team members, and account. You can read about additional functionality in our [docs](https://docs.doppler.com/).
Supported auth methods:
- Email/password. Optional: Authy/OTP MFA and/or WebAuthn
- Google Auth
- SAML SSO
doppler
This is the pre-built binary based on the Doppler CLI [source code](https://github.com/DopplerHQ/cli) (also in scope). You can find all builds on [cli.doppler.com](https://cli.doppler.com/download) or on [GitHub](https://github.com/DopplerHQ/cli/releases).
The CLI can be installed via brew, scoop, apt, yum, sh + curl/wget, and [more](https://github.com/DopplerHQ/cli/blob/master/INSTALL.md).
doppler.team
This domain hosts our internal tools for managing Workplace plans and features. It does not provide access to user secrets.
Access is protected via Cloudflare Access. Users must authenticate with a valid GSuite account, and must additionally be on the Admin allowlist. For this asset, we\'re especially interested in any bypass of our access controls.
https://github.com/DopplerHQ/cli
The Doppler CLI is the primary agent for retrieving secrets and executing your applications. It communicates with the Doppler API, which is also in scope. You can read more about the CLI on our [Docs hub](https://docs.doppler.com/docs/cli), or [Install](https://cli.doppler.com/download) it and give it a spin.
Notable commands we\'re especially interested in:
- `doppler login`: orchestrates the auth flow
- `doppler run`: executes the specified process with secrets injected as environment variables
- `doppler update`: installs the latest CLI
Build instructions can be found on [GitHub](https://github.com/DopplerHQ/cli/blob/master/BUILD.md) and only require installing `go`.
share.doppler.com
Only submissions for vulnerabilities that permit access to shared secrets or otherwise bypass secret access controls are eligible for bounty on share.doppler.com.
Please do not send submissions such as lack of CAPTCHA or rate limiting.
*.grindr.com
This domain includes the following subdomains:
* Website (grindr.com). Note the Grindr website does not provide services found in the mobile application or any sort of user login.
* Chat server (chat.grindr.com, chat-internal.grindr.com).
* ‘Presence’ server (presence.grindr.com). This service manages the availability notification of clients.
* CDN/media files (cdns.grindr.com).
* Gaymoji image index (gaymoji.grindr.com)
* Captcha snippets (captcha-prod.grindr.com)
* Admin webapp (admin.grindr.com)
* Law Enforcement reporting webapp (reporting-portal.grindr.com)
*.grindr.io
This domain is used for development purposes.
*.grindr.mobi
This domain is used for backend API\'s.
The following endpoints are examples of the backend API endpoints to focus security research attention:
General
/v6/nonces
/v4/domains/validation
/v4/feature-configs
/v4/links/ABC123
/v3/bootstrap
/v3/experiments
/v3/health
/v3/logging/mobile/logs
/v3/status
/v3/version
Account Creation, Logins and Passwords:
/v3/sessions
/v3/sessions/thirdparty
/v6/users
/v3/users/email
/v3/users/forgot-password
/v3/users/reset-password
/v3/users/reset-password?request=true
/v3/users/thirdparty
/v3/users/thirdparty/exchange
/v3/users/update-password
/v4/sms/sessions
/v4/sms/verifycode
/v4/sms/users/update-password/sendcode
/v4/sms/users/update-password
/v4/sms/verification/500/sendcode
/v4/sms/verification/{{profileId}}/verifycode
Profiles
/v5/favorites
/v4/hashtags/valid
/v4/hashtags/recommend
/v4/me/blocks?page=1
/v4/me/muted-profiles
/v4/me/profile/
/v4/profiles/{{myProfileId}}
/v4/profiles/reachable
/v4/profiles/status
/v4/profiles/supportedFeatures/{{myProfileId}}
/v4/profile-tags/categories
/v3.1/blockby
/v3.1/blockby/1001210
/v3.1/me/blocks
/v3.1/me/profile
/v3/me/blocks/1001210
/v3/me/favorites/3
/v3/me/legal-agreements
/v3/me/profile
/v3/me/prefs
/v3/me/prefs/phrases
/v3/me/prefs/phrases/bfc44381-c215-35f7-874a-ae512360836a
/v3/me/prefs/settings
/v3/me/subscriptions
/v3/me/subscriptions?platform=android
/v3/me/subscriptions?status=nonexpired
/v3/profiles
Location
/v3/me/location/
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&favorite=true
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&bodyTypeIds=2,1
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&previouslyOnline=true
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=moreguysoffer
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&action=newfreeuser
{{host_nearby_profiles}}/v4/locations/{{geohash}}/profiles?pageNumber=1&cascadeType=REMOTE
{{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance=0
{{host_nearby_profiles}}/v4/locations/{{geohash}}/unlimited-profiles?searchAfterDistance={{searchAfterDistance}}&searchAfterProfileId={{searchAfterProfileId}}
{{host_nearby_profiles}}/v5/profiles/nearby?pageNumber=1
{{host_nearby_profiles}}/v5/profiles/unlimited?searchAfterDistance=0
{{host_nearby_profiles}}/v6/profiles/fresh?pageNumber=1
/v3/places/search?placeName=newyork&limit=3
Chat
/v5/me/vendor-token
/v5/rewarded-chats
/v4/audio-call
/v4/audio-call/join
/v4/audio-call/renew
/v4/audio-call/leave
/v4/pics/expiring/status
/v4/pics/expiring
/v4/phrases/frequency/phraseId=63db06c8-9915-3279-b07c-1fd925013acc
/v4/recognition/face
/v4/recognition/chat
/v4/views
/v4/views/54986486
/v3.1/chat/backup
/v3.1/flags/112788
/v3.1/groupchat/canbeinvited
/v3.1/groupchat/caninvite/44906526
/v3.1/groupchat/invitation-link-code/22345
/v3.1/me/push-conversations/908f72c2d4aea3998a3400c9ad539768
/v3/ad-colony/transactions?amount=4&uid=2&zone=3&id=1&verifier=10&udid=7&odin1=8&open_udid=6&mac_sha1=9&custom_id=49645¤cy=5
/v3/mopub/transactions?ad_revenue=4.0&ad_unit_id=2&advertising_id=3&id=1¤cy_type=10¤cy_value=7&customer_id=8&id=6&placement_id=9×tamp=49645&verifier=5
/v3/video-call
/v3/video-call/12345
{{host_chat_http}}/v3/me/chat/messages?undelivered=true
{{host_chat_http}}/v3/me/chat/messages?undelivered=true&receipts=true
{{host_chat_http}}/v3/me/chat/messages?confirmed=true
{{host_chat_http}}/v3/msgstore?limit=10&from=0
{{host_chat_http}}/v3/msgstore?msgid=messageId
{{host_chat_http}}/v3/msgstore/delete
{{host_chat_http}}/v3/messages/83a833be210bfe8de60e8e4a7bfe1339?limit=10&from=0
{{host_chat_http}}/v3/groupchats
{{host_chat_http}}/v3/groupchats/0835caae4ce92ef1220043a27b0a1b03
{{host_chat_http}}/v3/groupchats/12335
{{host_chat_http}}/v3/groupchats/12335/112233
{{host_chat_http}}/v3/groupchats/all
{{host_chat_http}}/v3/groupchats/all/12335678/2222
{{host_gaymoji}}/grindr/chat/gaymoji
CDN/Media
/v4/videos/expiring
/v4/videos/expiring/status
{{host_cdn}}/grindr/chat/{{chatImageHash}}
{{host_cdn}}/grindr/chat-audio/{{audioHash}}
{{host_cdn}}/images/profile/1024x1024/{{profileImageHash}}
{{host_media}}/v4/videos
{{host_media}}/v3.1/me/profile/images
{{host_media}}/v3/me/audio
{{host_media}}/v3/me/audio/{{audioHash}}
{{host_media}}/v3/me/pics?type=chat
{{host_media}}/v3/me/profile/images
{{host_media}}/v3/me/profile/images?thumbCoords=300,20,260,20
Store
/v4/consumables
/v4/consumables/BOOST
/v4/consumables/boost/report
/v4/store/products
/v4/store/products/consumables
/v4/store/products/com.grindr.productId
/v4/store/status
/v3.1/store/grindrstore/coupons
/v3.1/store/itunes/purchases
/v3.1/store/itunes/purchases/restorations
/v3.1/store/googleplay/purchases
/v3.1/store/googleplay/purchases/restorations
/v3.1/store/itunes/events
/v3.1/store/products/com.grindr.product
/v3/stripe/events
Push/Data
/v4/push-settings
{{host_client_event}}/v3/logging/mobile/logs
{{host_data_requests}}/v1/access-requests
{{host_data_requests}}/v1/access-requests/codes
{{host_data_requests}}/v1/access-requests/confirmations
{{host_push}}/v3/ios-push-tokens
{{host_push}}/v3/gcm-push-tokens
{{host_push}}/v3/push-tokens/000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1aaa
319881193
Vulnerabilities that require physical, jailbroken, or device root OS access of another user\'s device will typically be considered out-of-scope.
com.grindrapp.android
web.grindr.com
This is the Web version of the Grindr app. Only paid subscriptions have access to Grindr Web.
(youriwssubdomain).cloud.com
Please visit the following URL and chose the "Get your test instance" option to get a test environment: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform/build/docs/developer-test-instance.
**Note:** You would need to link your existing Citrix Cloud account or create a new one to get a test environment.
Learn more about the product through guides and videos available here: https://developer.cloud.com/citrixworkspace/citrix-workspace-platform.
The documentation regarding Citrix IWS is available here: https://docs.citrix.com/en-us/citrix-microapps.html
We have created a small video walkthrough of the product using a sample microapp to ensure that you can get to hacking the application as soon as possible. You can view the video and download the sample microapp using the following links:
- Link to video walkthrough: https://citrix.sharefile.com/d-scee2fe1523bf40f68188d984abf871a2
- Link to the sample microapp: https://citrix.sharefile.com/d-s221da461659f42c697e0d327ff88e54e
(yoursubdomain).ap.iws.cloud.com
(yoursubdomain).eu.iws.cloud.com
(yoursubdomain).us.iws.cloud.com
*.citrixworkspacesapi.net
accounts.cloud.com
adm.cloud.com
Please note that some UI elements and features of ADM may only become available when an organization has an ADC, MPX, SDX or VPX appliance to onboard into ADM. The most efficient and cost-effective way to do this would be setting up a "Citrix ADC VPX Express – 20 Mbps" from the AWS or Microsoft Azure marketplace which typically has an hourly running cost of 2-3 cents.
- https://aws.amazon.com/marketplace/pp/B0796LD46X
- https://azuremarketplace.microsoft.com/en-us/marketplace/apps/citrix.netscalervpx-130
Overview - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/overview.html.
Onboarding instructions - https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started.html
ap-s.cloud.com
api.adm.cloud.com
This is the API Gateway for Citrix Application Delivery Management. All traffic between an Agent and Application Delivery Management service is proxied via API Gateway.
API Gateway is also responsible for API authorization checks for traffic from the Agent to Application Delivery Management.
eu.cloud.com
onboarding-*.cloud.com
onboarding.cloud.com
us.cloud.com
gold.xnxx.com
https://www.xvideos.net/app/
www.xnxx.com
www.xvideos.com
www.xvideos.red
*.8x8.vc
Professional Meetings and Jitsi as a Service. At this time 8x8 does not provide credentials and researchers are responsible for any fees occurred if signing up for the service.
*.8x8cloud.net
*.8x8staging.com
*.chalet.8x8.com
*.jit.si
*.jitsi.net
*.p8t.us
*.wavecell.com
8x8 Communication APIs
Transform customer interactions with our seamless SMS, messaging, video, and voice solutions.
⚠️ All APIs listed under "8x8 Connect" are in-scope.
⚠️ Self Sign-up is available: https://connect.8x8.com/
⚠️ [8x8 CPaaS developer portal](https://developer.8x8.com/connect)
⚠️ E.g. sms.8x8.com, sms.8x8.uk, sms.8x8.id, chatapps.8x8.com, …
8x8-work
https://apps.apple.com/us/app/8x8-work/id348177448
Intellectual Property on Public Domains
Leaks identified in public domains are in scope, provided they contain sensitive or proprietary information that could impact our organization’s confidentiality, integrity, or availability.
Virtual Office Desktop
Download 8x8 Work for Desktop: https://support-portal.8x8.com/helpcenter/viewArticle.html?d=8bff4970-6fbf-4daf-842d-8ae9b533153d
admin.8x8.com
Administration portal for managing your 8x8 service including users and telephony features
cloud8.8x8.com
connect.8x8.com
⚠️ out of scope: IDORs in form of unguessable/non-enumerable identifier (UUID)
⚠️ out of scope: IDORs based on `AccountId` and `subAccountId`
⚠️ when testing support functionality please add "HackerOne" in your subject line and limit the number of requests to an absolute minimum
http://*.packet8.net
https://*.chalet.8x8.com/ws/v1
https://8x8.vc/xmpp-websocket
https://github.com/jitsi
Open source repositories that support Jitsi. Good faith review of source that a reporter must have no association with the existence of the vulnerability in question.
Exclusions:
https://github.com/jitsi/jitsi/
Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions.
https://webrtc.8x8.com/
org.vom8x8.sipua
8x8 Work - https://play.google.com/store/apps/details?id=org.vom8x8.sipua
pay.8x8.com
platform.8x8.com
platform.8x8pilot.com
sso.8x8.com
8x8 Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials, such as name and password, to access multiple 8x8 applications.
⚠️ MFA-bypasses requiring prior knowledge of credentials will be treated with `MEDIUM` severity.
sso.8x8pilot.com
uc.8x8pilot.com
user-profile-staging.8x8.com
user-profile.8x8.com
vcc-*.8x8.com
► Contact Center Agent Workspace:
`./AGUI/login.php`
► Configuration Manager:
`./CM/login.php`
⚠️ Latest version of software usually available on https://vcc-na30.8x8.com/
⚠️ shareable Wallboard links are out of scope
voapi.8x8.com
VOAPI is a backend application responsible to process phone calls (like InboundCall, OutboundCall, Click2Dial, CallTransfer, CallMerge, Start/Stop CallRecording).
▶︎ AU Region: voapi-au.8x8.com
▶︎ UK Region: voapi-uk.8x8.com
work-staging.8x8.com
work.8x8.com
At this time 8x8 does not provide test credentials.
Fortress.HongKong.IOS
This is our MoneyBack Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
App Link
https://apps.apple.com/hk/app/fortress/id1133110850
Watsons.TaiWan.Android
This is our Watsons TaiWan Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=tw.com.watsons.app
Drogas (subdomains)
This asset is specifically for Drogas\' subdomain assets.
Please note that for subdomains (tier 3), will only handle reports that have a high or critical severity.
In scope
=====================
>\\*.drogas.lv
>\\*.drogas.lt
Drogas.Latvia.Android
This is our Drogas (Android) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=lv.drogas.consumer
Drogas.Latvia.iOS
This is our Drogas (iOS) app in Latvia. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/lv/app/drogas/id1564705644
Drogas.Lietuva.Android
This is our Drogas (Android) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=lt.drogas.consumer
Drogas.Lietuva.iOS
This is our Drogas (iOS) app in Lithuania. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
Fortress (subdomains)
This asset is specifically for Fortress\'s subdomain assets.
In Scope
=========
> *.fortress.com.hk/
Fortress.HongKong.Android
This is our Fortress Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=fortress.fortressapp
ICI Paris XL (subdomains)
This asset is specifically for ICI Paris XL\'s subdomain assets.
>\\*.iciparisxl.nl/
>\\*.iciparisxl.be/
>\\*.iciparisxl.lu/
ICIParisXL.App.Android
This is our ICI Paris XL (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
App link:
https://play.google.com/store/apps/details?id=com.iciparisxl.app
ICIParisXL.App.IOS
This is our ICI Paris XL (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/nl/app/ici-paris-xl-beauty/id1061895392
Kruidvat (subdomains)
This asset is specifically for Kruidvat\'s subdomain assets.
>\\*.kruidvat.nl/
>\\*.kruidvat.be/
Kruidvat.Belgium.Android
This is our Dutch online retail mobile app for Belgium customers. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
This app is similar to other apps (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already.
https://play.google.com/store/apps/details?id=be.kruidvat.voordeelkaart
Kruidvat.Belgium.iOS
https://apps.apple.com/be/app/kruidvat/id1151434781
Kruidvat.Netherlands.Android
This is our Dutch online retail mobile app. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
https://play.google.com/store/apps/details?id=nl.kruidvat.voordeelkaart
Kruidvat.Netherlands.iOS
https://itunes.apple.com/nl/app/kruidvat-mobiele-app/id531631058
Marionnaud (subdomains)
This asset is specifically for Marionnauds\' subdomain assets.
>\\*.marionnaud.it
>\\*.marionnaud.fr
>\\*.marionnaud.ch
>\\*.marionnaud.ro
>\\*.marionnaud.hu
>\\*.marionnaud.sk
>\\*.marionnaud.cz
Marionnaud.Austria.Android
This is our Marionnaud (Android) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=at.marionnaud.customer
Marionnaud.Austria.iOS
This is our Marionnaud (iOS) app in Austria. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/gb/app/marionnaud-%C3%B6sterreich/id1114541888
Marionnaud.France.Android
This is our Marionnaud (Android) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.marionnaud.marionnaudfrance
Marionnaud.France.iOS
This is our Marionnaud (iOS) app in France. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/fr/app/marionnaud-beaut%C3%A9-soins/id1127368763
Marionnaud.Italy.Android
This is our Marionnaud (Android) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=it.marionnaud.customer
Marionnaud.Italy.iOS
This is our Marionnaud (iOS) app in Italy. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/it/app/marionnaud/id883671274
Marionnaud.Romania.Android
This is our Marionnaud (Android) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=ro.marionnaud.customer
Marionnaud.Romania.iOS
This is our Marionnaud (iOS) app in Romania. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/ro/app/marionnaud-romania/id1021924260
Marionnaud.Switzerland.Android
This is our Marionnaud (Android) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=ch.marionnaud.customer
Marionnaud.Switzerland.iOS
This is our Marionnaud (iOS) app in Switzerland. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/ch/app/id1486316902
MoneyBack.HongKong.Android
https://play.google.com/store/apps/details?id=com.asw.moneyback
MoneyBack.HongKong.iOS
This is our MoneyBack Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/moneyback/id1230818544
Moneyback (subdomains)
This asset is specifically for Moneyback\'s subdomain assets.
> *.moneyback.com.hk/
PNS (subdomains)
This asset is specifically for PNS\'s subdomain assets.
> \\*.pns.hk/
> \\*.parknshop.com/
PNS.HongKong.Android
This is our PNS Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.parknshop.parknshopapp
PNS.HongKong.iOS
This is our PNS Mobile (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/parknshop/id840837558
Superdrug (subdomains)
This asset is specifically for Superdrug\'s subdomain assets.
>*.superdrug.com/
Out of scope
>https://appt.healthclinics.superdrug.com/
>https://healthclinics.superdrug.com/
Superdrug.App.Android
This is our Superdrug Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
App link: https://play.google.com/store/apps/details?id=superdrug.com.beautycard&hl=en
Superdrug.App.IOS
This is our Superdrug Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
App link: https://apps.apple.com/gb/app/superdrug/id1267896687
The Perfume Shop (subdomains)
This asset is specifically for The Perfume Shop\'s subdomain assets.
>\\*.theperfumeshop.com/
ThePerfumeShop.App.Android
This is our The Perfume Shop (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.theperfumeshop.customer
ThePerfumeShop.App.iOS
This is our The Perfume Shop (iOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
Appstore Link
https://apps.apple.com/gb/app/the-perfume-shop/id1202206665
Trekpleister (subdomains)
This asset is specifically for Trekpleister\'s subdomain assets.
>\\*.trekpleister.nl
Watsons HK (subdomains)
This asset is specifically for Watsons HK\'s subdomain assets.
>*.watsons.com.hk/
Watsons ID (subdomains)
This asset is specifically for Watsons Indonesia subdomain assets.
>*.watsons.co.id
Watsons MY (subdomains)
This asset is specifically for Watsons Malaysia subdomain assets.
>*.watsons.com.my/
Watsons PH (subdomains)
This asset is specifically for Watsons Philippines subdomain assets.
>*.watsons.com.ph/
Watsons SG (subdomains)
This asset is specifically for Watsons Singapore subdomain assets.
>*.watsons.com.sg
Watsons TH (subdomains)
This asset is specifically for Watsons TH\'s subdomain assets.
>*.watsons.co.th
Watsons TR (subdomains)
This asset is specifically for Watsons TR\' subdomain assets.
>\\*.watsons.com.tr
Watsons TW (subdomains)
This asset is specifically for Watsons TW\'s subdomain assets.
>*.watsons.com.tw/
Watsons VN (subdomains)
This asset is specifically for Watsons VN subdomain assets.
>*.watsons.vn/
Watsons.HongKong.Android
This is our Watsons HongKong Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.ndn.android.watsons
Watsons.HongKong.IOS
This is our Watsons HongKong Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E9%A6%99%E6%B8%AF/id479512803
Watsons.Indonesia.Android
This is our Watsons Indonesia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.watsons.id.android
Watsons.Indonesia.IOS
This is our Watsons Indonesia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/watsons-id/id1184851346
Watsons.Malaysia.Android
This is our Watsons Malaysia Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.watsons.mcommerce
Watsons.Malaysia.IOS
This is our Watsons Malaysia Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/watsons-my/id1112796292
Watsons.Philippines.Android
This is our Watsons Philippines Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.mtelnet.watson.ph
Watsons.Philippines.IOS
This is our Watsons Philippines Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/watsons-philippines/id1438203234
Watsons.Singapore.Android
This is our Watsons Singapore Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.watsons.sg.android
Watsons.Singapore.IOS
This is our Watsons Singapore Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/watsons-sg-the-official-app/id449412168
Watsons.TaiWan.IOS
This is our Watsons TaiWan Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/%E5%B1%88%E8%87%A3%E6%B0%8F%E5%8F%B0%E7%81%A3/id477968775
Watsons.Thailand.Android
This is our Watsons Thailand Mobile (Android) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.mtelnet.watson.thailand
Watsons.Thailand.IOS
This is our Watsons Thailand Mobile (IOS) app. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/hk/app/watsons-th/id619935224
Watsons.Turkey.Android
This is our Watsons (Android) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://play.google.com/store/apps/details?id=com.mobular.watsons
Watsons.Turkey.iOS
This is our Watsons (iOS) app in Turkey. Please make sure to consult our policy page to see which items are out of scope for mobile apps.
https://apps.apple.com/app/watsons-t%C3%BCrkiye/id1507132907
api.drogas.lt
This is the API server of the Drogas mobile app in Lithuania
api.drogas.lv
This is the API server of the Drogas mobile app in Latvia
api.fortress.com.hk
This is our API Server for our Fortress website (www.fortress.com.hk)
api.iciparisxl.be
This is the API server for the www.iciparisxl.be website
api.iciparisxl.lu
This is the API server for the www.iciparisxl.lu website
api.iciparisxl.nl
api.marionnaud.at
This is the API server for the www.marionnaud.at e-commerce website.
api.marionnaud.ch
This is the API server for the www.marionnaud.ch e-commerce website.
api.marionnaud.fr
This is the API server for the www.marionnaud.fr website
api.marionnaud.it
This is the API server for the www.marionnaud.it e-commerce website.
api.pns.hk
This is our API Server for our PNS website (www.pns.hk)
api.superdrug.com
This is the API server for the superdrug.com website
api.theperfumeshop.com
This is the API server for the www.theperfumeshop.com website
api.watsons.co.id
This is the API server for the www.watsons.co.id website
api.watsons.co.th
This is the API server for the www.watsons.co.th website
api.watsons.com.hk
This is the API server for the www.watsons.com.hk website
api.watsons.com.my
This is the API server for the www.watsons.com.my website
api.watsons.com.ph
This is the API server for the www.watsons.com.ph website
api.watsons.com.sg
This is the API server for the www.watsons.com.sg website
api.watsons.com.tw
This is the API server for the www.watsons.com.tw website
api.watsons.vn
This is the API server for the www.watsons.vn website
app.drogas.lt
This is the API server of the Drogas Lithuania mobile app
app.drogas.lv
This is the API server of the Drogas Latvia mobile app
app.iciparisxl.be
This is the API server of the ICI Paris XL mobile app in Belgium
app.iciparisxl.lu
This is the API server of the ICI Paris XL mobile app in Luxembourg
app.iciparisxl.nl
This is the API server of the ICI Paris XL mobile app in the Netherlands
app.kruidvat.be
This is the API server of the Kruidvat Mobile App in Belgium
app.kruidvat.nl
This is the API server of the Kruidvat Mobile App in the Netherlands
app.marionnaud.at
This is the API server of the Marionnaud mobile app in Austria
app.marionnaud.ch
This is the API server of the Marionnaud mobile app in Switzerland
app.marionnaud.cz
This is the API server of the Marionnaud mobile app in Czech Republic
app.marionnaud.fr
This is the API server of the Marionnaud mobile app in France
app.marionnaud.hu
This is the API server of the Marionnaud mobile app in Hungary
app.marionnaud.it
This is the API server of the Marionnaud mobile app in Italy
app.marionnaud.ro
This is the API server of the Marionnaud mobile app in Romania
app.marionnaud.sk
This is the API server of the Marionnaud mobile app in Slovakia
app.superdrug.com
This is the API server for the Superdrug mobile app
app.theperfumeshop.com
This is the new API server of The Perfume Shop mobile app
app.watsons.com.tr
This hostname is used for the Watsons Turkey mobile app
blog.watsons.com.tr
This is the wordpress blog for Watsons Turkey. This asset is regarded as (Tier 3) subdomain.
https://www.drogas.lt/blog
This is our Wordpress blog for Drogas Lithuania
https://www.drogas.lv/blog/
This is our Wordpress blog for Drogas Latvia
https://www.drogas.lv/lv/blog
This is our wordpress blog for Drogas Latvia
https://www.drogas.lv/ru/blog
https://www.kruidvat.nl/fotoservice
https://www.kruidvat.nl/persoonlijk
mapi.moneyback.com.hk
This is the API Server for our MoneyBack Mobile App
media.drogas.lt
This subdomain is used to store static content for the www.drogas.lt e-commerce website
media.drogas.lv
This subdomain is used to store static content for the www.drogas.lv e-commerce website
media.iciparisxl.be
This subdomain is used to store static content for the www.iciparisxl.be e-commerce website
media.iciparisxl.lu
This subdomain is used to store static content for the www.iciparisxl.lu e-commerce website
media.iciparisxl.nl
This subdomain is used to store static content for the www.iciparisxl.nl e-commerce website
media.marionnaud.at
This subdomain is used to store static content for the www.marionnaud.at e-commerce website.
media.marionnaud.ch
This subdomain is used to store static content for the www.marionnaud.ch e-commerce website.
media.marionnaud.fr
This subdomain is used to store static content for the www.marionnaud.fr e-commerce website.
media.marionnaud.it
This subdomain is used to store static content for the www.marionnaud.it e-commerce website.
media.superdrug.com
This subdomain is used to store static content for the www.superdrug.com e-commerce website
media.theperfumeshop.com
This subdomain is used to store static content for the www.theperfumeshop.com e-commerce website
medias.fortress.com.hk
This subdomain is used to store static content for the www.fortress.com.hk e-commerce website.
medias.pns.hk
This subdomain is used to store static content for the www.pns.hk e-commerce website.
medias.watsons.co.id
This subdomain is used to store static content for the www.watsons.co.id e-commerce website.
medias.watsons.co.th
This subdomain is used to store static content for the www.watsons.co.th e-commerce website.
medias.watsons.com.hk
This subdomain is used to store static content for the www.watsons.com.hk e-commerce website.
medias.watsons.com.my
This subdomain is used to store static content for the www.watsons.com.my e-commerce website.
medias.watsons.com.ph
This subdomain is used to store static content for the www.watsons.com.ph e-commerce website.
medias.watsons.com.sg
This subdomain is used to store static content for the www.watsons.com.sg e-commerce website.
medias.watsons.com.tw
This subdomain is used to store static content for the www.watsons.com.tw e-commerce website.
medias.watsons.vn
This subdomain is used to store static content for the www.watsons.vn e-commerce website.
www.drogas.lt
This is our Lithuanian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.drogas.lv
This is our Latvian online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.fortress.com.hk
Fortress is one of our leading e-commerce websites in Hong Kong and Macau.
Customers could shop for electrical appliances after paying their electricity bills. If you are testing functionalities that require you to be authenticated,
please ensure you register with your @wearehackerone.com email address.
www.iciparisxl.be
This is our Belgium online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
This website is similar to other websites (Such as Superdrug and Kruidvat). Please keep in mind that issues might be considered duplicates if it is reported on another website already.
www.iciparisxl.lu
www.iciparisxl.nl
This is our Dutch online Perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.kruidvat.be
This is our Dutch online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
This website is similar to other websites (Such as Superdrug). Please keep in mind that issues might be considered duplicates if it is reported on another website already.
www.kruidvat.nl
www.marionnaud.at
This is our online Austrian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.ch
This is our online Swiss perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.cz
This is our online Czech perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.fr
This is our online France perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.hu
This is our online Hungarian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.it
This is our online Italian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.ro
This is our online Romanian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.marionnaud.sk
This is our online Slovakian perfumery. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.moneyback.com.hk
MoneyBack has turned shopping into fantastic rewards for families across Hong Kong. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.pns.hk
PNS is our leading e-commerce website for every day items in Hong Kong. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.superdrug.com
This is our online retail platform. If you are testing functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.theperfumeshop.com
The Perfume Shop is one of our leading e-commerce perfumery websites. If you are testing functionalities that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.trekpleister.nl
www.watsons.co.id
This is our online retail platform for health and beauty products in Indonesia.
If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www.watsons.co.th
This is our online retail platform for health and beauty products in Thailand.
www.watsons.com.hk
This is our online retail platform for health and beauty products in Hong Kong.
www.watsons.com.my
This is our online retail platform for health and beauty products in Malaysia.
www.watsons.com.ph
This is our online retail platform for health and beauty products in the Philippines.
www.watsons.com.sg
This is our online retail platform for health and beauty products in Singapore.
www.watsons.com.tr
This is our Turkish online retail platform for health and beauty products.
www.watsons.com.tw
This is our online retail platform for health and beauty products in Taiwan.
www.watsons.vn
This is our online retail platform for health and beauty products in Vietnam. If you are testing a functionality that requires you to be authenticated, please ensure you register with your @wearehackerone.com email address.
www10.fortress.com.hk
This is the API server for the Fortress Mobile App
www10.pns.hk
This is the API server for the PNS Mobile App
www10.watsons.co.id
This is the API server for the Watsons Indonesia Mobile App
www10.watsons.co.th
This is the API server for the Watsons Thailand Mobile App
www10.watsons.com.hk
This is the API server for the Watsons Hong Kong Mobile App
www10.watsons.com.my
This is the API server for the Watsons Malaysia Mobile App
www10.watsons.com.ph
This is the API server for the Watsons Philippines Mobile App
www10.watsons.com.sg
This is the API server for the Watsons Singapore Mobile App
www10.watsons.com.tw
This is the API server for the Watsons Taiwan Mobile App
www10.watsons.vn
This is the API server of the Watsons Vietnam Mobile App
www20.watsons.co.th
*.tiktok.com
*.tiktokv.com
1235601864
[iOS Store Download](https://apps.apple.com/sg/app/tiktok-%E6%9C%89%E8%B6%A3%E7%9A%84%E4%BA%BA%E9%83%BD%E5%9C%A8%E9%80%99%E8%A3%A1/id1235601864)
1591003012
TikTok Shop Seller Center
[iOS Store Download][link].
[link]: https://apps.apple.com/my/app/tiktok-shop-seller-center/id1591003012
641062073
[link]: https://apps.apple.com/be/app/tiktok-now/id1641062073
835599320
[iOS Store Download](https://apps.apple.com/us/app/tiktok-make-your-day/id835599320)
academy-outbound-ads.tiktok.com
ads.tiktok.com
affiliate-id.tokopedia.com
business.tiktok.com
careers.tiktok.com
com.ss.android.ugc.now
[Play Store Download][link].
[link]: https://play.google.com/store/apps/details?id=com.ss.android.ugc.now
com.ss.android.ugc.trill
[Play Store Download](https://play.google.com/store/apps/details?id=com.ss.android.ugc.trill&hl=en_US)
com.tiktok.tv
TikTok TV app
com.tiktokshop.seller
[link]: https://play.google.com/store/apps/details?id=com.tiktokshop.seller&hl=en_US&gl=US
com.zhiliao.musically.livewallpaper
com.zhiliaoapp.musically
[Play Store Download](https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en_US)
creatormarketplace.tiktok.com
developers.tiktok.com
effecthouse.tiktok.com
fp-sg.tiktokv.com
live-backstage.tiktok.com
partner.tiktokshop.com
pay.tokopediax.com
seller-id.tokopedia.com
shop-id.tokopedia.com
shop.tiktok.com
TikTok Shop
tiktok.com
www.pangleglobal.com
1180074773
https://apps.apple.com/us/app/miro-collaborative-whiteboard/id1180074773
9n236hqqtvnh
https://www.microsoft.com/en-us/p/miro-online-collaborative-whiteboard-platform/9n236hqqtvnh
Innovation Workspace
Intelligent Canvas
MacOS Desktop Application
https://desktop.miro.com/platforms/darwin/Miro.dmg
Miro SDK
Miro SDK methods are listed in the documentation: https://developers.miro.com/docs/the-windowmiro-object
Tier1
Tier2
Windows Desktop Application
x32 - https://desktop.miro.com/platforms/win32-x86/Miro.exe
x64 - https://desktop.miro.com/platforms/win32/Miro.exe
api.miro.com
Miro REST API methods are listed in the documentation: https://developers.miro.com/reference
com.realtimeboard
https://play.google.com/store/apps/details?id=com.realtimeboard
http://miro.com/app
Miro application.
http://miro.com/blog
Miro blog.
https://marketplace.atlassian.com/apps/1215456/miro-for-jira-cloud?hosting=cloud
Miro for Jira Cloud.
Plugin for attaching Miro boards to Jira issues. Documentation: https://help.miro.com/hc/en-us/articles/360017572414-Jira-Add-on
https://marketplace.atlassian.com/apps/1217530/miro-for-confluence?hosting=cloud
Miro for Confluence.
Plugin for embedding Miro boards into Confluence pages. Documentation: https://help.miro.com/hc/en-us/articles/360020712594-Confluence-Cloud-Plugin
https://marketplace.atlassian.com/apps/1219583/jira-cards-by-miro?hosting=cloud
Jira Cards by Miro.
Plugin for embedding Jira issues to Miro boards. Documentation: https://help.miro.com/hc/en-us/articles/360017572434-Jira-Cards
miro.com
Miro website.
Does not include paths like https://miro.com/app (application), https://miro.com/blog (blog) and so on.
*.1debit.com
*.chime.com
*.chimebank.com
*.chimecard.com
*.chimepayments.com
*.chmfin.com
*.saltlabs.com
Chime Android App (Beta)
https://app.bitrise.io/app/5bec038cb1e318cd/build/e071d2ed-1b34-41d7-88ac-78d683fce9c7/artifact/4edf32abe1b497ea/p/2f6cacc3a3ca02df5fc194248bfb15b7
Chime IOS App (Beta)
https://app.bitrise.io/app/5bec038cb1e318cd/build/0e56ea84-4683-4ef6-8d3e-60eb0a012c25/artifact/cf0e6abc6528df88/p/85802412acd014f154decf14e4bb8c57
PayFriends/PayAnyone Features
Pay Friends is a fast and safe way to send money to any of your friends and family through the existing Chime app at the bottom of the app screen.
We are open to all findings that show impact but encourage researchers to test for any transactions inconsistencies such as:
- A person sent the money but the money stayed in their account
- A person sent the money but the recipient didn\'t receive it and they money was actually moved from the initial account
- Receive or less money more than is sent
For more details on this feature please refer to the documents below:
Testing instructions:
https://docs.google.com/document/d/1ZU-Hhde5YGBM_72SPqviQHyHid5sNtvDg41Vhkwr-dw/
Example API Endpoints and Queries:
https://docs.google.com/document/d/1G6ef-lc17jLS0Fsa03ptC9Kp__gUmzqd1CALEgiVUHg/edit?usp=sharing
app.chime.com
app.saltlabs.com
app.staging.saltlabs.com
com.1debit.ChimeProdApp
Production Environment iOS Chime App:
https://apps.apple.com/us/app/chime-mobile-banking/id836215269
com.onedebit.chime
Production Environment Android Chime App:
https://play.google.com/store/apps/details?id=com.onedebit.chime
com.saltlabs.app
http://member-qa.chime.com/enroll/#/account
http://member-qa.chime.com/users/sign_in
https://app.chime.com/
id1668462142
saltlabs.com
wp-ci.chime.com
wp-dev1.chime.com
wp-dev2.chime.com
wp-dev3.chime.com
wp-dev4.chime.com
wp-dev5.chime.com
wp-integ.chime.com
wp-qa.chime.com
www.chime.com
LaunchDarkly Open Source SDKs
Our SDKs are open source and are available on Github (e.g. [React client SDK](https://github.com/launchdarkly/react-client-sdk)). We encourage researchers to dig into the open source code if interested. However, we will **not** be accepting the following types of findings:
- Findings related to non-SDK repositories (i.e., repos not ending in `-sdk`)
- Vulnerability/dependency scan results of our source code. Please try and dig into our source code more deeply than just reporting a scan result that we may already be aware of.
app.launchdarkly.com
docs.launchdarkly.com
events.launchdarkly.com
stream.launchdarkly.com
https://github.com/0xPolygon/proof-generation-api
api-gateway.polygon.technology
api-polygon-tokens.polygon.technology/
balance-api.polygon.technology/
ecosystem-api.polygon.technology
ecosystem.polygon.technology
faucet-api.polygon.technology/
faucet.polygon.technology
gasstation.polygon.technology/
https://github.com/0xPolygon/auto-claim-service
https://github.com/0xPolygon/chain-indexer-framework
https://github.com/0xPolygon/lxly.js
https://github.com/0xPolygon/static
https://github.com/maticnetwork/bor
#Bor
The Bor node or the Block Producer implementation is basically the sidechain operator. The sidechain VM is EVM-compatible.
https://github.com/maticnetwork/heimdall
#Heimdall
This github repository contains the source code for one of the core components of Matic. Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic and other essential aspects of the system.
https://github.com/maticnetwork/matic-cli
portal.polygon.technology
Here are just some of things you will be able to to do with Polygon Portal:
Bridge your assets via Socket bridge and a range of third-party bridges;
Manage your assets and token lists;
Use the Refuel Gas feature to purchase MATIC or ETH for gas on the destination chain;
Leverage developer tools to help you build your dream dApp;
Swap assets easily with third-party DEXs.
staking-api.polygon.technology
staking.polygon.technology
https://github.com/skalenetwork/libBLS
https://github.com/skalenetwork/sgxwallet
https://github.com/skalenetwork/skale-consensus
https://github.com/skalenetwork/skale-manager/tree/develop/contracts
Figma Atlassian App
https://marketplace.atlassian.com/apps/1217865/figma-for-jira
Unauthorized access via this app or the APIs that this app uses is also in scope.
Figma Desktop App
Figma Slack App
https://figma.slack.com/apps/A01N2QYSA81-figma-and-figjam?tab=more_info
Figma for Microsoft Teams
https://appsource.microsoft.com/en-us/product/office/wa200004521?tab=overview
Figma iOS and Android apps
api.figma.com
www.figma.com
We are primarily looking for high/critical vulnerabilities in the system.
*.amazon.ae
*.amazon.ca
*.amazon.cl
*.amazon.cn
*.amazon.co.jp
*.amazon.co.uk
*.amazon.co.za
*.amazon.com
*.amazon.com.au
*.amazon.com.be
*.amazon.com.br
*.amazon.com.co
*.amazon.com.mx
*.amazon.com.ng
*.amazon.com.tr
*.amazon.de
*.amazon.eg
*.amazon.es
*.amazon.fr
*.amazon.in
*.amazon.it
*.amazon.nl
*.amazon.pl
*.amazon.sa
*.amazon.se
*.amazon.sg
1057338687
PN Seller https://apps.apple.com/us/app/pn-seller/id1057338687
1265170914
Amazon Live Creator https://apps.apple.com/us/app/amazon-live-creator/id1265170914
1276296103
Amazon Relay
https://apps.apple.com/us/app/itunes-store/1276296103
1454725763
Amazon Flex
https://apps.apple.com/us/app/itunes-store/1454725763
1475021574
Amazon Music for Artists
https://apps.apple.com/us/app/amazon-music-for-artists/id1475021574
1478350915
Amazon Shopping (IN)
https://apps.apple.com/in/app/amazon-india-shop-pay-minitv/id1478350915
1494755014
Amazon Shopper Panel https://apps.apple.com/us/app/amazon-shopper-panel/id1494755014
1498197033
Amazon Business https://apps.apple.com/us/app/amazon-business-b2b-shopping/id1498197033
1532153219
Amazon Freevee
https://apps.apple.com/us/app/amazon-freevee-movies-live-tv/id1532153219
1552455423
Amazon Astro
https://apps.apple.com/us/app/amazon-astro/id1552455423
1579372261
Amazon Business (IN)
https://apps.apple.com/in/app/amazon-business-india-b2b/id1579372261
1592204907
Amazon Sidewalk Bridge Pro https://apps.apple.com/us/app/amazon-sidewalk-bridge-pro/id1592204907
1659883691
Vendor Central (IN) https://apps.apple.com/in/app/vendor-central-india/id1659883691
297606951
https://apps.apple.com/us/app/amazon-shopping/id297606951
335187483
Amazon Shopping (UK) https://apps.apple.com/gb/app/amazon/id335187483
342576766
Amazon Shopping (CN) https://apps.apple.com/cn/app/%E4%BA%9A%E9%A9%AC%E9%80%8A%E8%B4%AD%E7%89%A9/id342576766
348712880
Amazon Shopping (DE) https://apps.apple.com/de/app/amazon/id348712880
358861688
Amazon Shopping (FR) https://apps.apple.com/fr/app/amazon-fr/id358861688
374254473
Amazon Shopping (JP) https://apps.apple.com/jp/app/amazon-%E3%82%B7%E3%83%A7%E3%83%83%E3%83%94%E3%83%B3%E3%82%B0%E3%82%A2%E3%83%97%E3%83%AA/id374254473
510855668
Amazon Music https://apps.apple.com/us/app/amazon-music-songs-podcasts/id510855668
545519333
Amazon Prime Video https://apps.apple.com/us/app/amazon-prime-video/id545519333
6444868926
Amazon Vendor https://apps.apple.com/us/app/amazon-vendor/id6444868926
6452192521
Amazon One https://apps.apple.com/us/app/amazon-one/id6452192521
6471528064
Amazon Kids + Parents Dashbaord
https://apps.apple.com/us/app/amazon-kids-parent-dashboard/id6471528064
794141485
Amazon Seller
https://apps.apple.com/us/app/itunes-store/794141485
988788863
Selling Services on Amazon https://apps.apple.com/us/app/selling-services-on-amazon/id988788863
GenAI Apps under *.amazon.*
This is a catchall for any GenAI applications found under \\*.amazon.\\*. Rufus is an example of this.
amazon.speech.sim
Amazon Alexa - Show Mode for L
https://play.google.com/store/apps/details?id=amazon.speech.sim
amazonpayinsurance.in
com.amazon.amazonone.androidapp
Amazon One
https://play.google.com/store/apps/details?id=com.amazon.amazonone.androidapp
com.amazon.amazonvideo.livingroom
Amazon Prime Video (TV) - Android TV https://play.google.com/store/apps/details?id=com.amazon.amazonvideo.livingroom
**Android TV**: follow the documentation [here](https://developer.android.com/training/tv/get-started/create#run-on-a-virtual-device) to create an Android TV virtual device. The “Android 14.0 (Google TV)” image includes the Play Store and can be used to install and run the in-scope apps.
com.amazon.astro
https://play.google.com/store/apps/details?id=com.amazon.astro
com.amazon.avod.thirdpartyclient
Amazon Prime Video
https://play.google.com/store/apps/details?id=com.amazon.avod.thirdpartyclient
com.amazon.flex.rabbit
https://play.google.com/store/apps/details?id=com.amazon.flex.rabbit
com.amazon.helix.prod
Amazon Hub Counter
https://play.google.com/store/apps/details?id=com.amazon.helix.prod
com.amazon.imdb.tv.mobile.app
https://play.google.com/store/apps/details?id=com.amazon.imdb.tv.mobile.app
com.amazon.kisan.app
Amazon Kisan
https://play.google.com/store/apps/details?id=com.amazon.kisan.app
com.amazon.mShop.android.business.shopping
Amazon Business
https://play.google.com/store/apps/details?id=com.amazon.mShop.android.business.shopping
com.amazon.mShop.android.shopping
https://play.google.com/store/apps/details?id=com.amazon.mShop.android.shopping
com.amazon.minitv.android.app
Amazon miniTV
https://play.google.com/store/apps/details?id=com.amazon.minitv.android.app
com.amazon.mp3
Amazon Music
https://play.google.com/store/apps/details?id=com.amazon.mp3
Amazon Music (Watch) is also in scope
**wearOS**: follow the documentation [here](https://developer.android.com/training/wearables/get-started/creating#run-emulator) to create a wearOS virtual device. The “Android 14.0 (Wear OS 5)” image includes the Play Store and can be used to install and run the in-scope apps. The documentation [here](https://developer.android.com/training/wearables/get-started/connect-phone) explains how to pair a physical/virtual phone to the virtual wearOS device to complete setup.
com.amazon.mp3.automotiveOS
Amazon Music - Automotive
https://play.google.com/store/apps/details?id=com.amazon.mp3.automotiveOS
**Android Automotive (AAOS)**: follow the documentation [here](https://developer.android.com/training/cars/testing/emulator) to create an AAOS virtual device. The “Android 14.0 (Automotive)” image includes the Play Store and can be used to install and run the in-scope apps.
com.amazon.music.tv
Amazon Music TV
https://play.google.com/store/apps/details?id=com.amazon.music.tv
com.amazon.primenow.seller.android
PN Seller https://play.google.com/store/apps/details?id=com.amazon.primenow.seller.android
com.amazon.relay
https://play.google.com/store/apps/details?id=com.amazon.relay
com.amazon.sellerflexmobile
Amazon Seller Flex App https://play.google.com/store/apps/details?id=com.amazon.sellerflexmobile
com.amazon.sellermobile.android
https://play.google.com/store/apps/details?id=com.amazon.sellermobile.android
com.amazon.sft.rangoli.seller.app
SmartBiz by Amazon Web Builder
https://play.google.com/store/apps/details?id=com.amazon.sft.rangoli.seller.app
com.amazon.shopperpanel.android.mobile.app
Amazon Shopper Panel https://play.google.com/store/apps/details?id=com.amazon.shopperpanel.android.mobile.app
com.amazon.tahoe.grownups
Amazon Kids + Parent Dashboard
https://play.google.com/store/apps/details?id=com.amazon.tahoe.grownups
com.amazon.technician.android
Selling Services on Amazon https://play.google.com/store/apps/details?id=com.amazon.technician.android
com.amazon.vendormobile.android
Amazon Vendor https://play.google.com/store/apps/details?id=com.amazon.vendormobile.android
com.amazon.vendormobile.india.android
Vendor Central (IN) https://play.google.com/store/apps/details?id=com.amazon.vendormobile.india.android
com.amazon.warhol.android
Amazon Live Creator
https://play.google.com/store/apps/details?id=com.amazon.warhol.android
com.amazon.ziggy.android
https://play.google.com/store/apps/details?id=com.amazon.ziggy.android
com.imdbtv.livingroom
Amazon Freevee (TV) https://play.google.com/store/apps/details?id=com.imdbtv.livingroom
com.localqueen
GlowRoad: Resell & Earn Online
https://play.google.com/store/apps/details?id=com.localqueen
https://www.amazonpay.in/*
in.amazon.mShop.android.business.shopping
https://play.google.com/store/apps/details?id=in.amazon.mShop.android.business.shopping
in.amazon.mShop.android.shopping
https://play.google.com/store/apps/details?id=in.amazon.mShop.android.shopping&hl=en_US
primevideo.com/*
www.amazon.*
All international retail marketplaces
* Brazil: www.amazon.com.br
* Canada: www.amazon.ca
* Mexico: www.amazon.com.mx
* United States: www.amazon.com
* China: www.amazon.cn
* India: www.amazon.in
* Japan: www.amazon.co.jp
* Singapore: www.amazon.sg
* Turkey: www.amazon.com.tr
* United Arab Emirates: www.amazon.ae
* France: www.amazon.fr
* Germany: www.amazon.de
* Italy: www.amazon.it
* Netherlands: www.amazon.nl
* Spain: www.amazon.es
* Sweden: www.amazon.se
* United Kingdom: www.amazon.co.uk
* Australia: www.amazon.com.au
3d.cs.money
[3d.cs.money](https://3d.cs.money/) is a skin model generator.
## What to look for:
* Vulnerabilities related to user privacy violations
* Vulnerabilities directly affecting `cs.money`
blog.cs.money
By visiting this domain you will be redirected to our blog at [cs.money/blog/](https://cs.money/blog/). This is a web application built on Wordpress.
Mainly, we\'re looking for vulnerabilities that can affect `cs.money`, our primary web application.
cs.money
[cs.money](https://cs.money/) is our primary web application where users can trade, sell and buy in-game items.
* Besides the described scope on our policy tab, please pay attention to anything else that can affect user experience, security and privacy.
support.cs.money
This is our [web client](https://support.cs.money/) for providing technical support.
* Direct access to the client, authentication bypass
* Vulnerabilities, directly affecting `cs.money`
#Important information
If you are to test anything related to typing in the support chat, please send the following message before that.
```
Hello. I\'m a pentester from HackerOne. I\'m going to test something in support chat. Your developers are aware of that.
wiki.cs.money
[wiki.cs.money](https://wiki.cs.money/) contains detailed description and characteristics of all CS2 skins as well as a unique 3D viewing system.
H5G
We are introducing a new testing scope for our Hosting Infrastructure tailored for WordPress websites.
builder.hostinger.com
cpanel.hostinger.com
This is Hostinger\'s customers management panel, area meant for managing all services: hosting, vps, domains, ssl, cpanel hosting, windows_vps, logibox email, gsuite, cloudflare, marketgoo, flockmail. Servers and databases under this domain contain confidential and client data.
hpanel.hostinger.com
payments.hostinger.com
This is Hostinger\'s payment microservice gateway. Assets under this domain stores only depersonalized data, however, it is important to us that unverified operations wouldn\'t occur and integrity of the records wouldn\'t be affected by an unauthorized individuals.
www.hostinger.com
This is Hostinger\'s main web application meant for service presentation and client account registration. No confidential information or client data is stored on these systems. However, gaining access to these assets might help attacker to access confidential information on other servers.
*.romwe.com
*.romwe. [com | co.in ]
.romwe.org
1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (ie: .com, .co.in and .org), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.**
2. Please read the "Important guidelines regarding cross-host vulnerabilities" section of the policy page as the guidelines apply for this asset.
*.shein.com
*.shein.[com | in | tw | se | com.hk | com.vn | com.mx | co.uk ]
1. **Please note that if the exact same vulnerability is found on different top-level domains listed above (example: .com, .in, .tw etc), please do not submit multiple reports. Any duplicate reports submitted will be treated as such.**
*.sheingsp.com
1080248000
[ROMWE - Fashion Store](https://apps.apple.com/app/romwe-fashion-store/id1080248000) on the Apple App Store
878577184
[SHEIN-Fashion Shopping Online](https://apps.apple.com/app/shein-fashion-shopping-online/id878577184) on the Apple App Store
com.romwe
[ROMWE](https://play.google.com/store/apps/details?id=com.romwe) on the Google Play Store
com.zzkko
[SHEIN-Fashion Shopping Online](https://play.google.com/store/apps/details?id=com.zzkko) on the Google Play Store
api.faraday.ai
app.faraday.ai
s3://faraday-secret
s3://faraday-uploads
*.api.playstation.com
*.playstation.net
*.sonyentertainmentnetwork.com
410896080
iOS PlayStation App
https://apps.apple.com/app/apple-store/id410896080?pt=104940801&ct=pdcexploreapp&mt=8
PlayStation 4
Console system and operating system
PlayStation 5
PlayStation Network
See in scope assets above - domains/subdomains not listed are out of scope
api.direct.playstation.com
ca.account.sony.com
com.scee.psxandroid
Android PlayStation App
https://play.google.com/store/apps/details?id=com.scee.psxandroid&utm_source=pdcexploreapp
direct.playstation.com
my.account.sony.com
my.playstation.com
social.playstation.com
store.playstation.com
transact.playstation.com
wallets.api.playstation.com
*-asia-south1.truecaller.com
*-eu.truecaller.com
*-noneu.truecaller.com
448142450
iOS Application ID
business-resources.truecaller.com
business.truecaller.com
com.truecaller
web.truecaller.com
www.truecaller.com
281796108
406056744
MacOS
9wzdncrfj3mb
accounts.evernote.com
api.evernote.com
api.evernote.com is the API gateway into Evernote\'s microservice infrastructure. The microservice infrastructure is managed by Istio and is provisioned by Google Kubernetes Engine (GKE). Traffic is HTTP or gRPC, depending on the service being interacted with.
com.evernote
www.evernote.com
www.evernote.com serves the main Evernote web app. It also exposes several HTTP and Thrift endpoints that the Evernote mobile/desktop apps use to communicate with the service. Almost all endpoints on the www. domain are routed by HAProxy to an array of Java based Tomcat/Struts shards.
https://filezilla-project.org/download.php?type=server&show_all=1
https://svn.filezilla-project.org/svn/FileZilla3/trunk/
https://svn.filezilla-project.org/svn/filezilla3/trunk/src/putty
The code in this directory is based on PuTTY. Only vulnerabilities specific to changes made in FileZilla compared to upstream are eligible for a bounty.
https://svn.filezilla-project.org/svn/libfilezilla/trunk
https://svn.filezilla-project.org/svn/libfilezilla/trunk/
Mackeeper app
Please use the last updated version available on our site https://mackeeper.com
Currently we accept only the reports on version 6.1.1 or higher.
For short period of time, we will still accept High and Critical vulnerability reports for older versions of Mackeeper (5.12 and higher)
account.mackeeper.com
adblocking.clario.co
api-ne.mackeeper.com
api.account.clario.co
chat-crm.clario.co
chat.clario.co
clario.co
crm.clario.co
dcs.clario.co
dl.clario.co
event.clario.co
inapp.clario.co
kbill.mackeeper.com
mackeeper.com
mkapi.mackeeper.com
static-cdn.clario.co
updater.clario.co
updatetracker.clario.co
webapi.clario.co
yapi.clario.co
*.a.exodus.io
Everything underneath the `*-s.a.exodus.io` is generally considered our staging environment and is okay/safe for performing simple/basic attack vectors against our wallet and our backends. Add `-s` to any asset/service name to hit our staging environment, for example bitcoin-s.a.exodus.io.
**KNOWN ISSUES**
1. Please do not re-submit reports disclosing XSS attacks on outdated openapi/swaggerhub version embedded in the various open source blockchain APIs that we host. This is a known issue, posting here for clarity to prevent wasted cycles on your end and ours.
1. API keys that are hardcoded in our wallet involving 3rd party blockchain APIs (ex. bitcoin, tezos, waves etc) are similarly a known/non issue. These are effectively public APIs and no changes will be made to these endpoints.
*.exodus.com
This is basically a marketing site while our product API is still pointing to `*.exodus.io`, Some of `exodus.io` subdomains should be redirected to `exodus.com` such as `www.exodus.io` --> `www.exodus.com`
*.exodus.io
Any domains or subdomains underneath exodus.io are considered our public "face" of our company, including our website, subdomains, download links, etc. Please review our policy for things that are considered in-scope and will result in bounties.
Exodus Browser Extension
Install using: https://www.exodus.com/browser-extension/
Exodus Desktop Wallet
Desktop Download Link: [Exodus Crypto Wallet](https://exodus.io/download)
This is the official Exodus Crypto Wallet for the Desktop (Mac/Win/Linux) which itself stores and manages a user\'s cryptocurrency. This has much higher Environmental Score and potential attack vectors especially due to its desktop-computer nature.
**NOTE:** Please make sure to read our Program Policy, as certain attack vectors are considered out of scope (eg: OS-related attacks).
Passkey Wallet
1. https://passkeys.foundation/playground
2. https://wallet.passkeys.foundation/
3. https://my.passkeys.network/
exodus-movement.exodus
App Store: [Exodus Crypto Wallet](https://apps.apple.com/us/app/exodus-crypto-wallet/id1414384820)
This is the official Exodus Crypto Wallet, which itself stores and manages a user\'s cryptocurrency. This has much higher Environmental Score and potential attack vectors.
The most critical thing we want to help ensure is that our users are never vulnerable to getting their money/wallet stolen, and that users can always use their wallet to view/manage/exchange crypto.
exodusmovement.exodus
Google Play Store: [Exodus Crypto Wallet](https://play.google.com/store/apps/details?id=exodusmovement.exodus&hl=en)
Tier 3
github.com/kubernetes-csi
Kubernetes CSI drivers & infrastructure. Not all repos are eligible for bounty.
Eligible for bounty:
- github.com/kubernetes-csi/external-provisioner
- github.com/kubernetes-csi/external-snapshotter
- github.com/kubernetes-csi/node-driver-registrar
- github.com/kubernetes-csi/livenessprobe
- github.com/kubernetes-csi/csi-release-tools
- github.com/kubernetes-csi/csi-lib-utils
- github.com/kubernetes-csi/kubernetes-csi.github.io
- github.com/kubernetes-csi/docs
Ineligible:
- github.com/kubernetes-csi/driver-registrar (deprecated)
- github.com/kubernetes-csi/csi-test
- github.com/kubernetes-csi/drivers (example code)
- github.com/kubernetes-csi/cluster-driver-registrar (deprecated)
- github.com/kubernetes-csi/external-attacher (alpha)
- github.com/kubernetes-csi/external-resizer (alpha)
- github.com/kubernetes-csi/csi-driver-host-path (not recommended for production)
- github.com/kubernetes-csi/csi-driver-iscsi (not stable)
- github.com/kubernetes-csi/csi-driver-nfs (not stable)
- github.com/kubernetes-csi/csi-driver-image-populator (not stable)
- github.com/kubernetes-csi/csi-driver-flex (not stable)
- github.com/kubernetes-csi/csi-driver-fibre-channel (not stable)
- github.com/kubernetes-csi/csi-lib-fc (not stable)
- github.com/kubernetes-csi/csi-lib-iscsi (not stable)
https://github.com/kubernetes-client
Kubernetes client libraries. The stable libraries are eligible for bounty, including:
- https://github.com/kubernetes-client/python
- https://github.com/kubernetes-client/java
Supporting libraries are also eligible:
- https://github.com/kubernetes-client/gen
- https://github.com/kubernetes-client/python-base
All other libraries are ineligible for bounty due to the alpha status or work in progress status.
https://github.com/kubernetes-security
Unauthorized access (read or write) to any repositories under the kubernetes-security github organization is eligible.
https://github.com/kubernetes/api
The canonical location of the Kubernetes API definition.
https://github.com/kubernetes/apiextensions-apiserver
API server for API extensions like CustomResourceDefinitions
https://github.com/kubernetes/apimachinery
https://github.com/kubernetes/apiserver
Library for writing a Kubernetes-style API server.
https://github.com/kubernetes/autoscaler
Autoscaling components for Kubernetes
https://github.com/kubernetes/cli-runtime
Set of helpers for creating kubectl commands and plugins.
https://github.com/kubernetes/client-go
Go client for Kubernetes.
https://github.com/kubernetes/cloud-provider
cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider.
https://github.com/kubernetes/cluster-bootstrap
https://github.com/kubernetes/cluster-registry
Cluster Registry API
https://github.com/kubernetes/code-generator
Generators for kube-like API types
https://github.com/kubernetes/component-base
Shared code for kubernetes core components
https://github.com/kubernetes/cri-api
Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes.
https://github.com/kubernetes/csi-api
https://github.com/kubernetes/csi-translation-lib
Staging repo for CSI Migration/Translation libraries
https://github.com/kubernetes/dashboard
General-purpose web UI for Kubernetes clusters
https://github.com/kubernetes/dns
Kubernetes DNS service
https://github.com/kubernetes/gengo
Gengo library for code generation.
https://github.com/kubernetes/git-sync
A sidecar app which clones a git repo and keeps it in sync with the upstream.
https://github.com/kubernetes/k8s.io
Kubernetes files for various *.k8s.io sites
https://github.com/kubernetes/klog
Forked from golang/glog
Leveled execution logs for Go (fork of https://github.com/golang/glog)
https://github.com/kubernetes/kompose
Go from Docker Compose to Kubernetes
https://github.com/kubernetes/kops
Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management
https://github.com/kubernetes/kube-aggregator
Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy
https://github.com/kubernetes/kube-controller-manager
kube-controller-manager component configs
https://github.com/kubernetes/kube-deploy
A place for cluster deployment automation
https://github.com/kubernetes/kube-openapi
Kubernetes OpenAPI spec generation & serving
https://github.com/kubernetes/kube-proxy
kube-proxy component configs
https://github.com/kubernetes/kube-scheduler
kube-scheduler component configs
https://github.com/kubernetes/kube-state-metrics
Add-on agent to generate and expose cluster-level metrics.
https://github.com/kubernetes/kubeadm
Aggregator for issues filed against kubeadm
https://github.com/kubernetes/kubectl
Issue tracker and mirror of kubectl code
https://github.com/kubernetes/kubelet
kubelet component configs
https://github.com/kubernetes/kubernetes
Production-Grade Container Scheduling and Management
https://github.com/kubernetes/metrics
Kubernetes metrics-related API types and clients
https://github.com/kubernetes/minikube
Run Kubernetes locally
https://github.com/kubernetes/node-api
https://github.com/kubernetes/node-problem-detector
This is a place for various problem detectors running on the Kubernetes nodes.
https://github.com/kubernetes/org
Meta configuration for Kubernetes Github Org
https://github.com/kubernetes/publishing-bot
Code behind the robot to publish from staging to real repositories.
https://github.com/kubernetes/release
Release infrastructure for Kubernetes and related components
https://github.com/kubernetes/repo-infra
Kubernetes repository infrastucture tools
https://github.com/kubernetes/sig-release
Repo for SIG release
https://github.com/kubernetes/test-infra
Test infrastructure for the Kubernetes project.
https://github.com/kubernetes/utils
Non-Kubernetes-specific utility libraries which are consumed by multiple projects.
https://github.com/kubernetes/website
Kubernetes website and documentation repo:
https://storage.googleapis.com/kubernetes-release/
Kubernetes release artifacts download server.
Write access or modification of assets are eligible for bounty. Please DO NOT modify production artifacts. If you need a test target, you can use a test artifact such as `addons/test/crinit/2017-11-17/crinit`
k8s.gcr.io
Our official container repository (an alias to gcr.io/google-containers).
The ability to write to or modify containers in the repository are in scope. Please DO NOT modify production containers. If you need a test target, please use a test image such as fakegitserver.
k8s.io
Kubernetes nginx server.
kubernetes-csi.github.io
Kubernetes CSI documentation site.
kubernetes.io
Main kubernetes website, hosted by netlify.
prow.k8s.io
Kubernetes build & test infrastructure.
Please limit automated scanning to 1qps.
1541949985
com.coinspot.app
www.coinspot.com.au
*.gocardless-cicd.io
Non-production environment for infrastructure services.
*.gocardless-lab.io
Testing and experimentation environment for internal tools with no live data.
*.gocardless-staging.io
Staging environment for GoCardless applications, APIs, and internal tools being developed or supported, may contain live data.
*.gocardless.io,*.gocardless-banking.io
Internal infrastructure and tools (e.g., performance dashboards).
api-sandbox.gocardless.com
Sandbox version of the Merchant Dashboard API component - used to power the Merchant Dashboard (manage.gocardless) and to provide functionality for customers who wish to integrate their services with ours.
auth0.gocardless.com
bankaccountdata.gocardless.com, ob.gocardless.com
!Note that this is a production instance, so you must avoid denial of service, data corruption, and any other destructive or disruptive actions. No automated scanning allowed - manual testing only!
This is our Bank Account Data dashboard application and Open Banking API endpoint meant for partners and developers who wish to integrate with our Open Banking APIs.
connect-sandbox.gocardless.com
Sandbox version of the Merchant Dashboard OpenID authentication component.
manage-sandbox.gocardless.com
Sandbox version of the Merchant Dashboard application. Includes user management for the GC4X application (xero.gocardless).
oauth-sandbox.gocardless.com
The authentication component for GoCardless for Xero (GC4X).
pay-sandbox.gocardless.com
Sandbox for the API used to process billing requests, related to the Merchant Dashboard application.
www.gocardless.com
Our public-facing content, without authenticated access to sensitive information related to merchants or payers.
194.90.151.192/28
Please do not bombard these sites while testing. Be gentle.
194.90.25.80/29
Please be careful when testing these sites to not bombard them. Be gentle.
194.90.89.165/32
212.143.112.81/29
Please be gentle when testing these sites. Do not bombard them.
38.140.238.56/29
64.47.18.80/29
64.84.60.0/24
97.105.243.96/28
CounterAct 8.4
This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings!
a360f0bcc63ca11ea92550aeac091f3d-1101372245.us-east-1.elb.amazonaws.com
Please prioritize your testing for this device. Thank You.
ab2b0c50cdc7b445391f99d4957850c5-cd4ccfdb37dfafad.elb.us-east-1.amazonaws.com
aebddc74953f248bc8455665b0f7d47b-78af959a11e5d0c1.elb.us-east-1.amazonaws.com
app.command.cysiv.com
app.iris.acceptance.forescoutcloud.net
app.iris.production.forescoutcloud.net
community.forescout.com
Community Support Login
cysiv.com
datapod-1-100-druid-ingest.development.forescoutcloud.net
*New Host Added on 3/12/2010
** Naming convention is datapod-[1-100]-druid-ingest.development.forescoutcloud.net
** Example: datapod-1-druid-ingest.development.forescoutcloud.net
** Example: datapod-10-druid-ingest.development.forescoutcloud.net
and so on.
datapod-1-100-druid-ingest.testing.forescoutcloud.net
* Expanded Datapod Host Range to 100 nodes
datapod-1-100-druid-query.development.forescoutcloud.net
** Naming convention is datapod-[1-100]-druid-query.development.forescoutcloud.net
** Example: datapod-1-druid-query.development.forescoutcloud.net
** Example: datapod-10-druid-query.development.forescoutcloud.net
datapod-1-100-druid-query.production.forescoutcloud.net
datapod-1-100-druid-query.production.forescoutcloud.net is the range
ex. datapod-1-druid-query.production.forescoutcloud.net
datapod-2-druid-query.production.forescoutcloud.net
datapod-10-druid-query.production.forescoutcloud.net
and so on....
datapod-1-druid-ingest.production.forescoutcloud.net
datapod-1-ingest.production.forescoutcloud.net
datapod-1-query.production.forescoutcloud.net
datapod-2-druid-ingest.production.forescoutcloud.net
datapod-2-ingest.acceptance.forescoutcloud.net
datapod-2-query.acceptance.forescoutcloud.net
de.forescout.cloud
http://backend-api.devicecloud.production.forescoutcloud.net/api/v1/settings
http://datapod-1-druid-ingest.production.forescoutcloud.net/v1/upload
http://datapod-1-druid-query.production.forescoutcloud.net/v1/polling
http://datapod-1-druid-query.production.forescoutcloud.net/v1/query/agg
http://datapod-1-druid-query.production.forescoutcloud.net/v2/deletestatus
http://datapod-1-druid-query.production.forescoutcloud.net/v2/matrixoverview
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/firstreporttimeentry
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/grouptogroup
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/iplist
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bydst/details
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bysrc
http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/overlappinggroups
http://datapod-1-druid-query.production.forescoutcloud.net/v2/service-list
http://datapod-1-druid-query.production.forescoutcloud.net/v2/services
http://datapod-1-druid-query.production.forescoutcloud.net/v3/matrixoverview
http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/overlappingzones
http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/zonetozone
http://logstash-props.devicecloud.production.forescoutcloud.net/api/v1/properties
http://mgmtpod-1.production.forescoutcloud.net/oauth/token
https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/package
This asset is currently in Acceptance testing.
https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/polling
https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/upload
This asset is currently in Acceptance Testing.
iris-testing-us-east-1-nlb-4df4bbde6f6e2bbb.elb.us-east-1.amazonaws.com
logstash-props.devicecloud.acceptance.forescoutcloud.net
Please begin testing against this host as soon as possible. We are working through a release cycle and this testing is part of that cycle.
mgmt-sensors.iris.acceptance.forescoutcloud.net
mgmt-sensors.iris.production.forescoutcloud.net
mgmtpod-1-dashboard.production.forescoutcloud.net
mgmtpod-1.production.forescoutcloud.net
obs-sensors.iris.acceptance.forescoutcloud.net
obs-sensors.iris.production.forescoutcloud.net
streaming-api.iris.acceptance.forescoutcloud.net
streaming-api.iris.production.forescoutcloud.net
streaming-gw.iris.production.forescoutcloud.net
streaming.iris.acceptance.forescoutcloud.net
streaming.iris.production.forescoutcloud.net
uk.forescout.cloud
updates.forescout.com
us.forescout.cloud
www.forescout.com
This is the primary www.forescout.com website.
*.line-apps.com
**_Tier B_ Asset**
*.line.biz
*.line.me
Previous standalone web domains such as live.line.me, music.line.me, news.line.me, store.line.me are now included in this wildcard.
URLs that contain `nvapis.line.me` will be out of scope.
*.line.naver.jp
*.linecorp.com
443904275
**_Tier A_ Asset**
[Apple App Store](https://apps.apple.com/jp/app/line/id443904275)
Please make sure you are testing the latest version. Only the latest version is considered in scope.
539883307
macOS: [Apple Mac App Store](https://apps.apple.com/id/app/line/id539883307)
9wzdncrfj2g6
[Microsoft Windows Store](https://www.microsoft.com/ja-jp/p/line/9wzdncrfj2g6)
Chrome Extension
https://chrome.google.com/webstore/detail/line/ophjlpahpchlmihnnnihgmmeilfjmjjc
LINE Messenger - Chat
Chat and Group Chat feature that can send texts, images, stickers and so on in LINE Messengers > Chats Tab and related servers. Supplementary services such as Album, Notes are also included.
LINE Messenger - Keep
A storage service that lets you save photos, videos, text and files in LINE Messengers > Keep feature and related servers.
LINE Messenger - News
News service in LINE Messengers > News Tab and related servers.
Please note that this is available in Japan Only.
LINE Messenger - OpenChat
Anonymous chat service in LINE Messengers > OpenChat and related servers.
LINE Messenger - VOOM
Social media feature that can share contents in LINE Messengers > Voom Tab and related servers.
The website (https://linevoom.line.me) is also included.
LINE Messenger - VoIP
Voice and Video call service in LINE Messengers > Calls tab or call menu in a chat room and related servers.
Windows Executable
https://desktop.line-scdn.net/win/new/LineInst.exe
com.linecorp.linelite
LINE Lite on the [Google Play Store](https://play.google.com/store/apps/details?id=com.linecorp.linelite)
http://recruit.linepluscorp.com
jp.naver.line.android
[Google Play Store](https://play.google.com/store/apps/details?id=jp.naver.line.android)
Other Assets
1452166623
**Tier 1** Asset
Only the latest version of the application will be in scope.
[Download from the Apple App Store here](https://apps.apple.com/app/lark-collaboration-tool/id1452166623)
Mac OS Executable: Download here https://www.larksuite.com/download
This is the Lark Suite application for Mac OS. Only the latest version of the application will be in scope.
Please download the latest version of the application here: https://www.larksuite.com/download
Windows OS Executable: Download here https://www.larksuite.com/download
This is the Lark Suite application for Windows. Only the latest version of the application will be in scope.
api.larksuite.com
app.larksuite.com
**Tier 2** Asset
caldav.larksuite.com
com.larksuite.suite
[Download from the Google Play Store here](https://play.google.com/store/apps/details?id=com.larksuite.suite)
file.larksuite.com
hackers_chosendomain.larksuite.com
<hacker’s_chosendomain>.larksuite.com
If you find a vulnerability against your own test account domain, please feel free to use this asset for submission.
internal-api-drive-stream.larksuite.com
internal-api-lark-api.larksuite.com
internal-api.larksuite.com
lark-frontier.byteoversea.com
larksuite.com
open.larksuite.com
passport.larksuite.com
status.larksuite.com
DSE, Opscenter
Applications packaged and in scope are:
* DataStax Enterprise (DSE) [Server, Analytics, Graph, Search]
Vulnerabilities in scope:
* Loss of availability, confidentiality, or integrity of the data from unauthenticated side-channel or protocol attacks on the DSE server (attacks on the native or storage ports)
* Privilege escalation, or loss of tenancy within CQL
Vulnerabilities out of scope:
* JMX related vulnerabilities
* DDOS attacks using large or high throughput payloads
astra.datastax.com
docs.datastax.com
*Automated Scanning Prohibited*
downloads.datastax.com
Our downloads site available for the general public.
Open directory listings with read only access is not in scope.
langflow.datastax.com
https://docs.datastax.com/en/langflow/quickstart.html
langflow.org
Please check https://github.com/langflow-ai/langflow/issues before filing here.
www.datastax.com
*.sprint.apps.dynatracelabs.com
Wildcard domain for your Dynatrace Platform environment, sometimes also called 3rd gen.
This is your default testing environment. Once you request your testing environment you will be redirected to this environment.
API endpoints:
- <environment-id>.sprint.apps.dynatracelabs.com/platform/swagger-ui/index.html
How to Switch Between APIs:
1. Navigate to the top right corner of the page.
2. Locate the drop-down box next to "Select a Definition."
3. Click on the drop-down box.
4. Choose the desired API from the available options.
*.sprint.dynatracelabs.com
Wildcard domain for your 2nd gen testing environments - an older but fully supported and regularly updated version of our product.
To get there, follow the steps described in our Policy page under "how to access your 2nd gen environment"
* <environment-id>.sprint.dynatracelabs.com/rest-api-doc/index.jsp
All other Assets
Used for asset classification only, please have a look at the policy page or the rewards section.
Core Assets
Dynatrace ActiveGate
ActiveGate is a secure proxy that connects Dynatrace OneAgents to Dynatrace Clusters or other ActiveGates. For more details please have a look at the Useful tips section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate).
Dynatrace MobileAgent
The MobileAgent can be used to monitor Android or IOs apps.
For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/platform-modules/digital-experience/mobile-applications).
Dynatrace OneAgent
OneAgent is responsible for collecting all monitoring data within your environment.
For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation).
account-sprint.dynatracelabs.com
This is the old domain for our account management, the new domain is myaccount-hardening.dynatracelabs.com. Since the domain is still used in some parts of our software, it is still in scope.
https://github.com/Dynatrace
Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/).
https://github.com/Dynatrace-innovationlab
myaccount-hardening.dynatracelabs.com
Myaccount is the place where you can manage your license, subscriptions, users, groups, policies and more.
For more details please have a look at the "Useful tips" section of the policy or our [support page](https://www.dynatrace.com/support/help/manage/account-management).
- https://api-hardening.internal.dynatracelabs.com/spec/
sso-sprint.dynatracelabs.com
This domain is used in our single sign on solution, you will see the domain for example during the login process.
university-staging.dynatracelabs.com
University is a learning platform which offers courses that help improve your knowledge about Dynatrace. Use the "**University Login**" button and your already claimed credentials.
com.citymapper.app.release
469463298
6449737830
6464473474
657777015
eu.remix.com
global-api.citymapper.com
https://metroconnect.app.ridewithvia.com
https://pt-runner.app.ridewithvia.com
platform.remix.com
ridewithvia.neoridelittlerock
ridewithvia.par.piercetransit
via.rider
*.mi.com
*.miui.com
*.miwifi.com
*.xiaomi.com
*.xiaomiyoupin.com
MIUI OS for Xiaomi Phone
MIUI is Xiaomi phone operation system (OS), custimized on stock android.
the scope inculdes the pre-installed apps with Xiaomi certification signed.
Mi Band
mi-band-3/4/5
Mi Electric Scooter
https://www.mi.com/us/mi-electric-scooter/
Mi Home Webcam
https://www.mi.com/us/mi-home-security-camera/ , https://www.mi.com/in/camera-360/
Mi Laser Projector
https://www.mi.com/us/mi-laser-projector-150/
Mi Robot Vacuum
https://www.mi.com/hk/mi-robot-vacuum/
Mi TV
https://store.mi.com/in/accessories/213
Mi TV Box
https://www.mi.com/us/mi-box-s/
Mi/Redmi Phone
https://www.mi.com/hk/mi-note-10/,https://www.mi.com/hk/mi-a3/,https://www.mi.com/hk/max3/,https://www.mi.com/hk/mi-8-pro/,https://www.mi.com/hk/redmi-note-8-t/,https://www.mi.com/hk/redmi-note-8-pro/
Other APK Assets
com.miui.screenrecorder
com.android.providers.telephony
com.android.dynsystem
com.miui.powerkeeper
com.xiaomi.miplay_client
com.milink.service
com.xiaomi.mi_connect_service
com.android.updater
com.miui.securityadd/com.miui.gallery/com.android.mms.service/com.miui.msa.global/com.android.browser/com.miui.videoplayer/com.android.soundrecorder/com.miui.backup/com.miui.notification/com.android.certinstaller/com.miui.huanji/com.miui.hybrid/com.miui.vsimcore/com.miui.securitycore/com.mi.health/com.xiaomi.simactivate.service/com.miui.phrase/com.miui.player/com.miui.miservice/com.android.provision/com.miui.system/com.miui.global.packageinstaller/com.miui.compass/com.miui.cit/com.miui.android.fashiongallery/com.miui.bugreport/com.android.fileexplorer/com.android.camera/com.xiaomi.glgm/com.xiaomi.xmsf/com.miui.mishare.connectivity/com.miui.freeform/com.xiaomi.finddevice/com.mi.global.bbs/com.xiaomi.joyose/com.mi.android.globalFileexplorer/com.miui.notes/com.miui.wmsvc/com.xiaomi.midrop/com.miui.touchassistant/com.miui.miwallpaper/com.xiaomi.bluetooth/com.miui.cleanmaster/com.miui.analytics/com.android.settings/com.xiaomi.scanner/com.android.phone/com.android.deskclock/com.android.systemui/com.xiaomi.discover/com.android.thememanager/com.android.bluetooth/com.miui.face/com.miui.home
Other Hardware Assets
Accepted ranges of hardware in Xiaomi’s Program include Xiaomi and Mijia products ( these are for assets that are not specified in the Hardware/IoT scope list )
com.android.browser
com.mi.global.shop
com.miui.cloudbackup
com.miui.cloudservice
com.miui.micloudsync
com.xiaomi.account
com.xiaomi.market
com.xiaomi.mibrain.speech
com.xiaomi.micloud.sdk
com.xiaomi.mipicks
com.xiaomi.payment
com.xiaomi.smarthome
Coda Chrome Extension
Link: https://chrome.google.com/webstore/detail/coda-browser-extension/cdgkmagmdldlpiglliebaajdpdkigcbi?hl=en
codacontent.io
codahosted.io
https://*.coda.io/*
https://airflow-prod.coda.io/*
https://airflow-prod.ops.coda.io/*
https://coda.io/*
https://coda.io/signup/email
Please use your HackerOne designated email when signing up (**`@wearehackerone.com`**), and furthermore please avoid any automated testing or brute-forcing as that may lead to your accounts or IP getting locked out and also create issues on our end.
https://data.coda.io/*
https://head.coda.io/*
https://infra.coda.io/*
https://shiny.ops.coda.io/*
https://staging.coda.io/*
https://user-profile-prod.coda.io/*
io.coda
Link: https://apps.apple.com/us/app/coda/id1397968110
Coda\'s native apps make heavy use of the same endpoints and UX that\'s used by the mobile website. That being said, there are some differences and we invite security reports pertaining to our iOS and Android apps. Please be sure to follow the same guidelines for setting up an account in our mobile apps as on https://coda.io.
io.coda.codaapp
Link: https://play.google.com/store/apps/details?id=io.coda.codaapp
*.memorable.io
[Non-Core asset]
*.reddit.com
[Core asset]
*.redditblog.com
[Non-core asset]
*.reddithelp.com
*.redditinc.com
Vendor hosted and managed CMS for corporate / marketing site. It is domain whitelisted for reddit.com functionality so if you can string an attack together with reddit.com then this becomes super interesting.
*.redditmedia.com
*.snooguts.net
This is our internal domain for "intranet" related services. Accessible to the internet should be either 1) an OAuth proxy that gates access to backend services (SCM, admin tooling, CI/CD, etc.) or 2) k8s public ingresses.
This domain isn\'t necessarily "private" so leaking the domain isn\'t interesting, but certainly bypassing proxy auth wall or finding juicy targets on that domain is of interest.
*.spiketrap.io
Android App
Non-Core Assets
accounts.reddit.com
Authentication / authorization service for reddit.com
ads.reddit.com
amp.reddit.com
This service houses our AMP generated pages for search engine optimization.
api.reddit.com
The Reddit API is used for programmatic access. Please use your own test accounts and do not try to access the private data of other users/mods/admins or Reddit employees. Authentication ([OAUTH](https://github.com/reddit-archive/reddit/wiki/OAuth2)) and authorization are especially important.
Docs are available at: https://www.reddit.com/dev/api
Please follow Reddit\'s [rules for API access](https://github.com/reddit-archive/reddit/wiki/API).
business.reddithelp.com
Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren\'t eligible for payout, but misconfigurations that are Reddit\'s responsibility are.
developers.reddit.com
gateway.reddit.com
Frontdoor service that handles dispensation to backend microservices. Relies on oauth authentication
gql.reddit.com
GraphQL implementation for Reddit accessing all our internal things requiring OAuth.
iOS App
m.reddit.com
Mobile webapp (we call mweb) for Reddit. Use a mobile UA to access.
matrix.redditspace.com
meta-api.reddit.com
Houses Reddit\'s smart contracts based on Ethereum, which is called Community Points and ties in with the Vault functionality within Reddit\'s official mobile apps.
mod.reddit.com
The Reddit modmail interface is used by moderators to take moderator actions and view reports. Please test against your own subreddits and not those belonging to other users/mods/admins.
new.reddit.com
The Reddit redesign. Follow the same rules as `www.reddit.com`.
redditforbusiness.com
Third party hosted CMS platform on WebFlow
sh.reddit.com
strapi.reddit.com
Our streaming api.
*.clearxchange.com
*.earlywarning.com
*.zelle.com
*.zellepay.com
api.zellepay.com
api.zmsp.*.earlywarning.io
api.zmsp.earlywarning.com
com.zellepay.zelle
developer*.earlywarning.com
earlywarningapi.force.com
ews-fusion.my.site.com
https://mywallet-management-east.wallet.cat.earlywarning.io/
https://mywallet-management-west.wallet.cat.earlywarning.io/
https://sandbox.digitalwallet.earlywarning.com
platform.cat.earlywarning.io
platformtest.cat.earlywarning.io
support*.earlywarning.com
zellepay.force.com
zelleservice.my.site.com
*.instacart.com
*.instacart.tools
545599256
Instacart’s iOS application for online grocery delivery.
package name: com.instacart
Android & iOS App for Instacart Shoppers
To download the shoppers app please visit https://shoppers.instacart.com/apps and enter your phone number to get the download link
Shoppers receive orders through the app on their smartphone and then they shop and deliver groceries to the customers
admin.instacart.com
An admin page that lets our internal users access tools, reports. It is used by customer support for order refunds, redelivery. Internal corporate employees can use it for editing store configuration and warehouse availability.
api.instacart.com
A service that allows Instacart\'s retailers to connect to Instacart\'s API to do fulfillment through their apps/websites.
com.instacart.client
Instacart’s Android application for online grocery delivery.
shoppers.instacart.com
A service that allows people to apply for the shoppers position at Instacart
www.instacart.com
Web application to provide online ordering of groceries for either delivery or in store pick up.
Account Settings
**Note that if you do not see the \'Account\' link on the top right please perform a hard-reload in your browser**
**Type:** Fortmatic Modal
**What it runs on:**
- Redux, HTML, LESS
**What it does:**
- This provides users access to their personal settings, and offers critical features such as managing their PIN, recovery email, and exporting their private key.
**What to look for:**
- There is a host of private information being disclosed through this modal. Any web or access control vulnerabilities are of high risk here. Any attacks that can bypass, or skip layers of authentication allowing modification of a user\'s account is of high interest.
**Test plan:**
- You can gain access to the account settings on our [landing page](www.fortmatic.com?ref=h1) and hitting the `Account` link in the nav bar on the top right. Accessing and interacting with the modal will not require any cryptocurrencies or setup beyond a Fortmatic account.
Any .magic.link demo sites
Login with SMS - Feature
Demo and Overview:
https://magic.link/docs/login-methods/sms/build-a-demo/browser
Getting started on React:
https://magic.link/docs/login-methods/sms/integration/web
Getting started on React Native:
https://magic.link/docs/login-methods/sms/integration/react-native
swagger.json: https://drive.google.com/file/d/1Uu_j7feFo4qot74f0zIj6xCfYyokOnUc/view
swagger.yaml: https://drive.google.com/file/d/1NdZPQVBhrkZnEGoZmUcYqLi_3Yv5Ks5c/view
Multi-factor Auth - Feature
api.fortmatic.com
**Any activity that could lead to the disruption of our service (DDOS) is explicitly out of scope.**
- This is our main API that serves the rest of the Fortmatic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to interacting with the blockchain can be found.
- We are interested in vulnerabilities which are caused by improper access control and can cause leakage/modification of user information. Please keep in mind to only ever test against your own accounts.
- Access our API by providing your API key to the `X-Fortmatic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `x2.fortmatic.com`’s interactions with the API will provide a good idea of how the API can be invoked.
**Known Issues**
- Bugs involving bypass of SMS/2FA verification are known issues and will be considered duplicates
api.magic.link
- This is our main API that serves the rest of the Magic assets. As a result a lot of functionality is exposed here -- everything from creating/authenticating users to supporting our [dashboard](https://dashboard.magic.link/login?ref=h1) functionalities can be found here.
- Grab a set of API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1)
- Access our API by providing your API key to the `X-Magic-API-Key` header. Endpoints under access control uses an authorization bearer token returned by the API once the user is able to successfully authenticate. Inspecting `auth.magic.link`’s or `dashboard.magic.link`\'s interactions with the API will provide a good idea of how the API can be invoked.
auth.magic.link
This is our main product, orchestrating the one-click passwordless login experience.
Follow the instructions on our [documentation page](https://docs.magic.link/?ref=h1), and please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing.
**What it is:**
- User interface and authentication relayer to enable passwordless authentication using magic links. The main way to interact with this interface will be through our [client SDK](https://www.npmjs.com/package/magic-sdk), our [docs](https://docs.magic.link/get-started?ref=h1) will help you to quickly get up and running!
- We are highly interested in any access control, token enumerations, or privilege escalation vulnerabilities and consider them as very high risk issues. Also keep an eye on other standard web vulnerabilities such as XSS/CSRF for extracting held secrets in local storage/cookies. Please note to only ever test against your own account.
- Javascript ES6, TypeScript, React, Redux, HTML, CSS, LESS,
- Get your API keys from our [dashboard](https://dashboard.magic.link/login?ref=h1).
- Fork our [demo app](https://go.magic.link/hello-world-code), and run with your test publishable API keys from our dashboard.
- Inputting an email will start the login process, and you\'ll be off to the races!
dashboard.fortmatic.com
Navigate to our [dashboard](https://dashboard.fortmatic.com/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our hackers, apologies for the inconvenience.
**Similar to our other scopes any DDoS based exploits are explicitly out of scope**
- HTML, LESS
- Developers come in here to manage their access to the Fortmatic API. It contains features that are vital to the operation of the developers’ app -- domain verification, and obtaining/rolling their API keys.
- Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Also interested in vulnerabilities in the OAuth flow that occur for user sign-up/sign-in.
- This is a fairly standard web application, with no particular gotchas. Your standard tool kit should be all that you’d need here.
dashboard.magic.link
Navigate to our [dashboard](https://dashboard.magic.link/login?ref=h1) for signup, at this time there is no way for us to pre-assign credentials for our testers, apologies for the inconvenience. Please keep our [out of scope vulnerabilities](https://hackerone.com/magic-bbp) in mind while testing.
- React, Redux, Javascript, Typescript, HTML, CSS, LESS
- Developers come in here to manage their access to the Magic API. It contains features that are vital to the operation of the developers’ app -- billing setup, branding customizations*, and obtaining/rolling their API keys, to name a few.
- Any web vulnerabilities are of concern here e.g, cross-site scripting (XSS) or cross-site request forgery (CSRF) that could force the developer to commit unwanted actions or on behalf of another user. Access control bypasses are also of interest to us, can you maybe bypass payments to get access to branding, or access to other higher paid tier features?
*Branding is available to developer tier and up. However a free trial can be used to access any paid tier features.
fortmatic.com
If you\'ve previously visited this [page](https://www.fortmatic.com?ref=h1), we highly recommend performing one hard reload when visiting this asset as an older version of the page may still be cached by your browser.
*.carrentals.com
Some subdomains are owned by third parties and are therefore out of scope and ineligible for bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below.
**Out of scope subdomains**: - dbmanalytics.carrentals.com
*.cheaptickets.com
Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below.
**Out of scope subdomains:** - faq-lab.cheaptickets.com, faq.cheaptickets.com, groups.cheaptickets.com, link.mailer.cheaptickets.com, login.cheaptickets.com, mi.cheaptickets.com, refer.cheaptickets.com, secure.cheaptickets.com, track.cheaptickets.com
*.expediacruises.com
Some subdomains are owned by third parties and are therefore out of scope and ineligible for a bounty. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below.
**Out of scope subdomains:** - socialhub.expediacruises.com
*.expediapartnercentral.com
**Out of scope subdomains:**
discoveryhub.expediapartnersolutions.com
gco-get.expediapartnersolutions.com
gco.expediapartnersolutions.com
info.expediapartnersolutions.com
status.expediapartnersolutions.com
support.expediapartnersolutions.com
sure.expediapartnersolutions.com
taap-ui-bundles-test.expediapartnersolutions.com
taap-ui-bundles.expediapartnersolutions.com
taapacademy.expediapartnersolutions.com
*.hotwire.com
Some subdomains are owned by third parties and are therefore *out of scope* and *ineligible for bounty*. Before submitting your report, please confirm that the asset you are testing does not appear in the Out of Scope list below.
**Out of scope subdomains**:partners.hotwire.com, press.hotwire.com, movableink.hotwire.com, affiliates.hotwire.com
*.lastminute.co.nz
**Out of scope subdomains:** - res.ac.lastminute.co.nz
Please note *.lastminute.com is NOT owned by Expedia Group and is out of scope.
*.lastminute.com.au
*Out of scope subdomains:* - mi.lastminute.com.au, mtx.lastminute.com.au, smtx.lastminute.com.au
*.travelocity.ca
*Out of scope subdomains:* - click.e.travelocity.ca, fr.groups.travelocity.ca, groups.travelocity.ca, om.travelocity.ca, oms.travelocity.ca
*.travelocity.com
**Out of scope subdomains:** - br.ac.travelocity.com, groups.travelocity.com, mi.travelocity.com, om.travelocity.com, oms.travelocity.com, thingstodo.travelocity.com, track.travelocity.com, view.e.travelocity.com
*.vrbo.com
**Out of scope subdomains**: li.vrbo.com, media.vrbo.com, om.vrbo.com, community.vrbo.com, trk.vrbo.com
*.wotif.com
**Out of scope subdomains:** - groups.wotif.com, link.wotif.com, res.ac.wotif.com, smobile.wotif.com, w.smobile.wotif.com
1245772818
https://apps.apple.com/us/app/vrbo-vacation-rentals/id1245772818
284803487
This is the travelocity iOS app
https://apps.apple.com/us/app/travelocity-hotels-flights/id284803487
284971959
https://apps.apple.com/us/app/hotels-com-book-your-hotel/id284971959
403546234
This is the Orbitz iOS app
https://apps.apple.com/us/app/orbitz-hotels-flights/id403546234
427916203
Expedia iOS App
https://apps.apple.com/us/app/expedia-hotels-flights-car/id427916203
483394780
This is the ebookers iOS app
https://apps.apple.com/us/app/ebookers-hotels-flights/id483394780
531549799
This is the wotif iOS app
https://apps.apple.com/au/app/wotif-hotels-flights/id531549799
566635048
[Hotwire iOS App](https://apps.apple.com/us/app/hotwire-last-minute-hotels/id566635048)
880759727
This is the cheaptickets iOS app
https://apps.apple.com/us/app/cheaptickets-hotels-flights/id880759727
bookus.expediacruises.com
com.cheaptickets
This is the cheaptickets Android app
https://play.google.com/store/apps/details?id=com.cheaptickets
com.ebookers
This is the ebookers Android app
https://play.google.com/store/apps/details?id=com.ebookers
com.expedia.bookings
Expedia Android App
https://play.google.com/store/apps/details?id=com.expedia.bookings
com.hcom.android
[Hotels Android App](https://play.google.com/store/apps/details?id=com.hcom.android)
com.hotwire.hotels
[Hotwire Android App](https://play.google.com/store/apps/details?id=com.hotwire.hotels)
com.orbitz
This is the Orbitz Android app
https://play.google.com/store/apps/details?id=com.orbitz
com.travelocity.android
This is the travelocity Android app
https://play.google.com/store/apps/details?id=com.travelocity.android
com.vrbo.android
[VRBO Android App](https://play.google.com/store/apps/details?id=com.vrbo.android)
com.wotif.android
This is the wotif Android app
https://play.google.com/store/apps/details?id=com.wotif.android
www.abritel.fr
Out of scope subdomains: - https://www.abritel.fr/api/track
Note: We are requesting not to test this URL: https://www.abritel.fr/api/track.
www.bookabach.co.nz
www.carrentals.com
www.cheaptickets.com
www.ebookers.com
www.ebookers.fi
www.expedia.com
Please note the only point-of-sale assets of www.expedia.com are in scope. This includes regional versions of www.expedia.com such as www.expedia.co.in and www.expedia.co.uk.
Other sub-domains are out of scope and ineligible for a bounty.
www.expediaagents.com
www.expediagroup.com
www.expediataap.com
www.fewo-direkt.de
www.flights.com
www.hotels.com
Please note only point of sale assets of www.hotels.com are in scope. This includes regional versions of www.hotels.com such as www.in.hotels.com, www.uk.hotels.com, and www.fr.hotels.com.
Other sub-domains are out of scope and ineligible for bounty.
www.hotwirepartnercentral.com
www.lastminute.co.nz
www.lastminute.com.au
www.mrjet.se
www.orbitz.com
www.stayz.com.au
www.travelocity.ca
www.travelocity.com
www.vrbo.com
www.wotif.com
Front for Mac
Download here: https://front.com/download
Front for Windows
api2.frontapp.com
This scope is our public API documented at https://dev.frontapp.com/
app.frontapp.com
com.frontapp.mobile
https://apps.apple.com/us/app/frontapp/id983808769
https://play.google.com/store/apps/details?id=com.frontapp.mobile
aggregator.etoro.com
api.etoro.com
billing-pci.etoro.com
billing.etoro.com
bullsheet.me
We do not consider any data that is not username ,email or password, payment methods to be confidential.
All positions data taken from eToro are public by design.
candle-src.etoro.com
candle.etoro.com
cashier-src.etoro.com
cashier.etoro.com
charts.etoro.com
com.etoro.openbook
com.etoro.wallet
delta.app
etorologsapi.etoro.com
etoropartners.com
io.getdelta.android
io.getdelta.ios
kyc-src.etoro.com
kyc.etoro.com
partners.etoro.com
push-d-gw.cloud.etoro.com
push-d-hap.cloud.etoro.com
push-demo-hk-lightstreamer.cloud.etoro.com
push-demo-lightstreamer.cloud.etoro.com
push-dn-hap.cloud.etoro.com
push-hap.cloud.etoro.com
push-lightstreamer.cloud.etoro.com
push-n-hap.cloud.etoro.com
push-real-hk-lightstreamer.cloud.etoro.com
r.etoro.com
rankings.etoro.com
streams.etoro.com
sts.etoro.com
tapi-demo.etoro.com
tapi-real.etoro.com
uapi-front.etoro.com
wallet.etoro.com
watchlistapi.etoro.com
www.etoro.com
*.infra-prod.nsvcs.net
*.onegraph.com
As of December 28, 2022 this feature is no longer available for Netlify users who have not yet enabled it. See https://docs.netlify.com/netlify-labs/experimental-features/netlify-graph/get-started/.
*.ops.netlify.com
*.services-prod.nsvcs.net
*.services.netlify.com
api.netlify.com
`netlify api --list` after installing the CLI: https://docs.netlify.com/cli/get-started/. See also https://open-api.netlify.com/.
app.netlify.com
See https://docs.netlify.com/get-started/. Also `netlify init` after installing the CLI: https://docs.netlify.com/cli/get-started/.
internal-docs.netlify.com
internal.netlify.com
list-v2--netlify-plugins.netlify.app
Powers templates offered by app.netlify.com. See: https://www.netlify.com/integrations/templates/.
netlify-cdp-loader.netlify.app
Powers this feature: https://docs.netlify.com/site-deploys/deploy-previews/#collaborative-deploy-previews.
netlify-rum.netlify.app
screenshot-proxy.netlify.app
supportal.netlify.app
*.east.fdbox.net
*.mgmt.fndlsb.net
*.prd.fndlsb.net
*.prod.fdbox.net
*inf.fndlsb.net
*racing.fanduel.com
4njbets.com
4njbets.tvg.com
4njbets.tvgnetwork.com
4njbets.us.betfair.com
599664106
b2b.tvgnetwork.com
com.fanduel.android.self
com.fanduel.sportsbook
fanduel.com
fdbox.net
Development or testing instances are not in scope for this asset. Submissions affecting such environments will be closed.
ia.tvg.com
login-4ngbets.us.betfair.com
login-4njbets.us.betfair.com
login-ia.tvg.com
login-pabets.tvg.com
login.pabets.tvg.com
login.tvg.com
m.4njbets.tvg.com
mobile-prod.tvg.com
pabets.tvg.com
promos.tvg.com
service.racing.fanduel.com
service.tvg.com
sportsbook.fanduel.com
tvg.com
us.tvg.com
www.4njbets.com
www.tvg.com
accounts.creditkarma.com
api.creditkarma.com
Our Native apps make use of our API to talk to our servers.
blog.creditkarma.com
com.creditkarma.mobile
com.creditkarma.mobile.international
http://*.creditkarma.co.uk
https://*.creditkarma.ca
https://*.creditkarma.com
https://www.creditkarma.com/reviews/
https://www.creditkarma.com/savings
support.creditkarma.ca
SalesForce owned Endpoint. Manual review only - No Automated Scans.
• No automated scanning on this endpoint.
• Overnight hours only (10PM - 2AM PT)
• Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from Hacker One and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga.
www.creditkarma.ca
*.adminml.com
*.gokangu.cl
*.gokangu.co
*.gokangu.mx
*.gokangu.uy
*.kangu.com.br
*.kangu.tech
*.mercadolibre.cl
*.mercadolibre.com
*.mercadolibre.com.ar
*.mercadolibre.com.co
*.mercadolibre.com.mx
*.mercadolibre.com.pe
*.mercadolibre.com.uy
*.mercadolivre.com.br
*.mercadopago.cl
*.mercadopago.com
*.mercadopago.com.ar
*.mercadopago.com.br
*.mercadopago.com.co
*.mercadopago.com.mx
*.mercadopago.com.pe
*.mercadopago.com.uy
*.mercadoshops.cl
*.mercadoshops.co.cr
*.mercadoshops.com
*.mercadoshops.com.ar
*.mercadoshops.com.br
*.mercadoshops.com.co
*.mercadoshops.com.do
*.mercadoshops.com.ec
*.mercadoshops.com.mx
*.mercadoshops.com.pa
*.mercadoshops.com.pe
*.mercadoshops.com.py
*.mercadoshops.com.uy
*.mlstatic.com
Crypto
- www.mercadopago.com.mx/crypto/*
- www.mercadopago.cl/crypto/*
- www.mercadopago.com.br/crypto/*
Point Smart
Tier 1 - MLA - https://www.mercadopago.com.ar/point-smart
Tier 1 - MLB - https://www.mercadopago.com.br/point-smart
api.mercadolibre.com
Tier 1 - See documentation: https://developers.mercadolibre.com.ar/en_us/api-docs
api.mercadopago.com
Tier 1 - See documentation: https://www.mercadopago.com.ar/developers/en/reference
com.3mosquitos.MercadoLibre
Tier 1 - Mercado Libres iOS: https://apps.apple.com/ar/app/mercado-libre/id463624852
com.mercadoenvios.crowdsourcing
Tier 1 - Mercado Envíos Extra: https://play.google.com/store/apps/details?id=com.mercadoenvios.crowdsourcing
com.mercadoenvios.driver
Tier 1 - Mercado Envíos Flex: https://play.google.com/store/apps/details?id=com.mercadoenvios.driver
com.mercadolibre
Tier 1 - Mercado Libre Android: https://play.google.com/store/apps/details?id=com.mercadolibre
com.mercadopago.MercadoPago
Tier 1 - Mercado Pago iOS:
https://itunes.apple.com/ar/app/mercado-pago-recargar-celular/id925436649
com.mercadopago.wallet
Tier 1 - Mercado Pago Android:
https://play.google.com/store/apps/details?id=com.mercadopago.wallet
logistica.redelcom.cl
www.mercadolibre.co.cr
www.mercadolibre.com.bo
www.mercadolibre.com.do
www.mercadolibre.com.ec
www.mercadolibre.com.gt
www.mercadolibre.com.hn
www.mercadolibre.com.ni
www.mercadolibre.com.pa
www.mercadolibre.com.py
www.mercadolibre.com.sv
www.mercadolivre.com
www.mercadopago.com.ec
1032480595
This is our customer iOS apps
982922982
This is our professional ios app.
com.urbanclap.provider
This is our partner android app.
com.urbanclap.urbanclap
This is our customer app.
www.urbanclap.com
www.urbanclap.com is also our root and critical domain. Most of our traffic routes through it.
www.urbancompany.com
www.urbancompany.com is our main and critical domain. Most of our traffic routes through urbanclap.com. Other subdomains mentioned in scope are for internal purpose and either are password protected or Google auth protected. We do not wish anyone to login to mentioned domains and hence they are critical for us to find vulnerabilities in.
**partner.urbancompany.com is one of the critical subdomains within this asset.**
Testing Directions:
* A user can Sign Up using his phone number and email ID from the website home page or app. Do ensure that you are reachable on the mobile number that you shall use to register with us. While creating account reporters should use their own HackerOne email address like [handle]@wearehackerone.com
*.dev.remitly.com
*.int.remitly.com
674258465
ablink.info.remitly.com
access-sandbox.remitly.com
access.remitly.com
api.remitly.io
app.rewire.to
app3.rewire.to
auth.remitly.com
blog.remitly.com
cardpayments.remitly.io
cards.remitly.io
careers.remitly.com
com.remitly.androidapp
funding-webhooks.remitly.io
hub-api-sandbox.remitly.io
ir.remitly.com
media.remitly.io
metrics.int.remitly.com
news.remitly.com
partner-webhook.remitly.io
rates.rewire.com
remitly.com
rewire.com
site.rewire.com
740514933
S-mobiili banking application (iOS).
The application can be found from App Store
https://apps.apple.com/fi/app/s-mobiili/id740514933?l=fi
api.sokos.fi
S-Group online beauty and fashion store.
You do not need to have an account but to get access to all asset\'s functionality we prefer you create Sokos/S-Käyttäjätili account. Refer to instructions for www.sokos.fi for the account.
Please ensure to place your @wearehackerone email into the User-Agent header when testing api.sokos.fi asset. Requests without this identification might be blocked.
cfapi.voikukka.fi
This is a GraphQL API for s-kaupat.fi
digili.s-cloud.fi
Services for S-Bank and S-group customers where customers can take S-bank basic banking services into use (later "digipa") and gain S-Group co-op membership (later "digili).
Basic banking services include opening an account and setting it as a benefit services account, applying for Visa Debit-card and opening and ordering net bank credentials that can be used as logging into S-bank netbank and using credentials to identify oneself in digital environments.
Digili and Digipa are different applications but they are built on top of same services. Difference Between Digili and Digipa is that in Digili user opens S-group co-op membership before opening basic banking services. In Digipa user can open banking services directly without the need to gain S-group co-op membership. In case user doesn’t have required co-op membership s/he is directed to Digili application.
If user has already co-op membership and s/he enters Digili, user will be forwarded to open banking services. In case user has some of the offered basic banking services in use, the step is skipped and user is shown a possibility to open the missing services.
Digili and Digipa applications can be entered through https://www.s-pankki.fi/fi/tule-asiakkaaksi/, https://www.s-kanava.fi/asiakaspalvelu/nain-liityt/ or taking S-mobiili into use as a non- S-group co-op member where user is directed automatically to Digili to gain S-group co-op membership that is a requirement to take S-mobiili into use.
In order to access Digili or Digipa user needs to be able to authenticate himself/hersef with Finnish banking credentials or through Mobiilivarmenne.
User need also to fulfill following requirements in order to be able to access the service:
- Needs to be 18 years of age
- Needs to have Finnish social security number
- Needs to have permanent street address in Finland
In case user is not a S-group co-op member there is a minimum of 20€ membership payment that needs to be made during the process.
Only vulnerabilities under domains https://digili.s-cloud.fi/ and https://api.digili.s-cloud.fi are eligible for bounty.
extranet.s-pankki.fi
S-Bank portal where customers can take care of their S-Bank actions with other banks credentials.
fi.spankki
S-mobiili banking application (Android).
The application can be found from Google Play https://play.google.com/store/apps/details?id=fi.spankki&hl=fi
https://crosskey.io/stores/s-pankki/apis
S-Bank PSD2 interface.
mobile.s-pankki.fi
S-mobile banking application interface.
online.s-pankki.fi
S-Bank netbank which provides netbank functionalities (accounts, payments, cards, loans, investments etc) to private customers.
Notice that you should use your own netbank credentials or demo customer (ID: 12345678 PW: 123456) credentials.
Please ensure to place your @wearehackerone email into the User-Agent header when testing online.s-pankki.fi asset. Requests without this identification might be blocked.
tunnistus.s-ryhma.fi
S-Group online identity (S-käyttäjätili, later "S-ID").
To get access to all asset\'s functionality, we prefer you create new S-ID account via S-Kaupat (https://www.s-kaupat.fi/) "Kirjaudu (Login) / Luo S-käyttäjätili (Create new account)". You can also access the account, or other test-accounts created, via S-Kaupat "Kirjaudu / Kirjaudu S-käyttäjätilillä".
S-ID service at https://tunnistus.s-ryhma.fi is available in Finnish, Swedish and English.
When you create S-ID accounts, please use info regarding HackerOne reference, for example: firstname.lastname+hackerone@email.com
To enable login via SMS OTP, you need to first verify the SMS number from "S-käyttäjätili" via S-Kaupat "Firstname / Oma profiili / Muokkaa tietojasi S-käyttäjätilillä". From this page under "Yhteystiedot" click "Vahvista puhelinnumero".
Notice that:
- SMS number verification requires recent-enough login/session.
- SMS number can only be "verified" state in one (1) account at a time.
You are allowed to access S-ID accounts that you have created for testing purposes, any other accounts are out-of-scope.
Notice that these "HackerOne" S-ID accounts will be automatically removed after a certain period of time. They are available for at least 3 months from date of creation.
www.prisma.fi
S-Group online consumer goods store.
You do not need to have an account but to get access to all asset\'s functionality we prefer you create Prisma/S-Käyttäjätili account via "Kirjaudu" / "Log in".
In case you create Prisma/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Prisma/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months.
Please use email address "firstname.lastname+hackerone@email.com" for order form and contact form.
Note: Real orders will be delivered and charged with the given information. Only domestic delivery (Finland).
www.s-kaupat.fi
S-Group online grocery store.
You do not need to have an account but to get access to all asset\'s functionality we prefer you create S-Kaupat account via "Kirjaudu" / "Log in".
In case you create S-Kaupat account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these S-Kaupat "HackerOne" accounts will be automatically removed after 6 months.
If you create an grocery order please fill in "Älä kerää" / "Do not collect" info to field "lisätiedot kaupalle" and set the pickup date to minimum of five days from current date.
www.s-pankki.fi
S-bank public pages
www.sokos.fi
You do not need to have an account but to get access to all asset\'s functionality we prefer you create Sokos/S-Käyttäjätili account via "Kirjaudu" / "Log in".
In case you create Sokos/S-Käyttäjätili account please use info regarding HackerOne reference for example "firstname.lastname+hackerone@email.com". Notice that these Sokos/S-Käyttäjätili "HackerOne" accounts will be automatically removed after 6 months.
*.flickr.com
All flickr.com are in scope unless otherwise listed as specifically out of scope. All third-party assets are out of scope.
328407587
com.yahoo.mobile.client.android.flickr
https://github.com/innocraft/
All other software on the innocraft GitHub organisation
https://github.com/matomo-org
All other software on the matomo-org GitHub organisation
https://github.com/matomo-org/docker
Official Docker project for Matomo Analytics
https://github.com/matomo-org/matomo
this repository contains the source code of Matomo Analytics
https://plugins.matomo.org/developer/innocraft
Official plugins by Innocraft
https://plugins.matomo.org/developer/matomo-org
Official plugins by the Matomo team
matomo.cloud
Matomo Analytics Cloud
*$username.matomo.cloud* is also in scope, but please limit tests to ones that don\'t affect the live instance. (no automated tools) You can easily set up your own Matomo instance for extensive testing (see https://matomo.org/docs/installation/)
*.getmeetio.com
Are in the scope:
admin.getmeetio.com
storage.getmeetio.com
stats-api.getmeetio.com
api.getmeetio.com
look.getmeetio.com
parse.getmeetio.com
*.streamlabs.com
*vc.logitech.com
1018340690
This is the iOS app for the Circle ecosystem of devices,
1294578643
This app is Streamlabs: Stream Live by Streamlabs
1456293789
This app is Logi Tune by Logitech Inc.
1476615877
This app is Streamlabs Deck by Streamlabs
632344648
App: BOOM & MEGABOOM by Ultimate Ears
Circle Cameras
Please note exploits resulting from physical hacks to the device itself are out of scope, and any received reports will be marked N/A in accordance with HackerOne policy. Please refrain from submitting reports for physical hacks to avoid losing Reputation.
At this time we are unable to provide Circle devices for testing purposes. If you already own a Circle , hack away to your heart\'s content, otherwise watch this space for updates!
Eligible models include all Circle cameras (Circle View Doorbell, Circle View Camera, Circle 2, Circle) running the latest firmware.
G Hub
Only the latest version of GHub is in scope.
Logi Options+ PC/MAC
Logi Options+ software lets you configure your Logitech device.
The latest version is eligible (PC & MAC).
Logi Tune PC/MAC
Logi Tune Desktop application for PC and MAC reports are eligible as long as they are on the latest version.
Logitech MIXLINE
Logitech Mice & Keyboards
The current generation of Logitech Keyboards and Mouses.
Logitech Sync
This is Sync Desktop Application by Logitech. The latest version is eligible.
Presentation Remotes
In-scope devices: R500 Laser Presentation Remote; Spotlight Presentation Remote; R400 Laser Presentation Remote; R700 Laser Presentation Remote
Streamlabs Desktop Application PC/MAC
The latest version is eligible
USB Unifying and LightSpeed Receivers
Ultimate Ears Speakers
Products in scope are the current generation
BLAST, MEGABLAST, BOOM 3, MEGABOOM 3, WONDERBOOM 2, HYPERBOOM, POWER UP
Video Conferencing Products
All products running their latest firmware listed in the page below are eligible:
https://www.logitech.com/en-us/video-collaboration/products
accounts.logi.com
Non production testing site exists under sandbox.accounts.logi.com
circle.logi.com
Also includes the *.video.logi.com and *.circle.logi.com
See developer documentation at https://developers.logitech.com/circle
com.getmeetio.*
Meetio Room (com.getmeetio.room), Android
Meetio View (com.getmeetio.view), Android
Meetio Desk (com.getmeetio.meetiodesk), Android
Meetio Update (com.getmeetio.update), Android
Meetio System (com.getmeetio.system), Android
Meetio Personal (com.getmeetio.personal), Android
com.getmeetio.Meetio-Enterprise
Meetio Personal (com.getmeetio.Meetio-Enterprise), iOS
com.logitech.circle
This app is part of the Circle ecosystem of camera devices.
com.logitech.logue
This App is Logi Tune for Zone Headsets by Logitech
com.logitech.ueboom
com.streamlabs
This is the "Streamlabs: Live Streaming" App by Streamlabs
com.streamlabs.slobsrc
gaming.logicool.co.jp
id.logi.com
logitechg.com.cn
meetiobook.com
sync.logitech.com
Cloud service associated with the Logitech Sync application
www.astrogaming.com
www.jaybirdsport.com
www.logicool.co.jp
www.logitech.com
www.logitech.com.cn
Ineligible for bounty:
store.logitech.com.cn is a hosted 3rd party service, so we will forward any reports onto the vendor.
www.logitechg.com
www.ultimateears.com
*uat.marriott.com
user acceptance testing environments for marriott.com products .
455004730
activities.marriott.com
all-inclusive.marriott.com
careers.marriott.com
cpp.marriott.com
dcfgateway*.marriott.com
gateway*.marriott.com
help.marriott.com
homes-and-villas.marriott.com
hotel-deals.marriott.com
http://www.shopmarriott.com
Marriott Store
https://dcfgatewaytst1.marriott.com/
https://gatewaydsapdev2.marriott.com/
https://gatewaydsaptst1.marriott.com/
https://gatewaydsaptst2.marriott.com/
jobs.marriott.com
lawmanager.marriott.com
marriottfranchisetransactions.marriott.com
marrtool.com
mgs.marriott.com
mipartnerprivileges.marriott.com
moments.marriottbonvoy.com
passwordchallenge.marriott.com
This app is used for employees all over marriott to reset their passwords, for new employees to set their first password, and set up challenge questions.
reservations.all-inclusive.marriott.com
sso.marriott.com
travelagents.marriott.com/
traveler.marriott.com
www.marriott.com
www.ritzcarlton.com/
This is the flagship website of one of our luxury brands that we acquired several years ago.
140.95.0.0/16
199.66.248.0/22
213.139.133.32/28
476639005
assets.hyatt.com
We are adding this subdomain to our program as our main domain pulls images and other assets from this site.
blueskytours.globalbookingsolutions.com
Does not include additional subdomains.
book.applevacations.com
book.beachbound.com
book.booktandl.com
book.cheapcaribbean.com
Do not target additional subdomains.
book.extraholidaysvacations.com
booking.applevacations.com
booking.beachbound.com
booking.cheapcaribbean.com
com.Hyatt
confluence.hyattdev.com
ebsext.oft.hyatt.com
holidays-au.fijiairways.com
holidays-fj.fijiairways.com
holidays-hk.fijiairways.com
holidays-nz.fijiairways.com
holidays-sg.fijiairways.com
holidays-us.fijiairways.com
hyatt.com
jira.hyattdev.com
login.www.vaxvacationaccess.com
meetings.hyatt.com
mobileapp.hyatt.com
new.www.vaxvacationaccess.com
newsroom.images.hyatt.com
Only test newsroom.images.hyatt.com; newsroom.hyatt.com is not hosted by Hyatt (do not test).
plannerrequest.hyatt.com
public.hyatt.com
res.blueskytours.globalbookingsolutions.com
res.funjet.com
res.hyattinclusivecollection.com
res.nowresorts.com
res.secretsresorts.com
res.skyteam.com
res.southwestvacations.com
res.treasureisland.globalbookingsolutions.com
res.universalorlandovacations.com
res.vacations.buschgardens.com
res.vacations.discoverycove.com
res.vacations.seaworld.com
res.vacations.sesameplace.com
res.vacations.united.com
res.vacations.universalstudioshollywood.com
reservations.wynnvacations.com
rezagent.triseptsolutions.com
roominglist.hyatt.com
salesportal.hyatt.com
scapegoat.hyatt.com
shop.wyndhamvacationownership.trisept.travel
soaext.oft.hyatt.com
sso.oft.hyatt.com
upsell.hyatt.com
vacations.travelimpressions.com
vacations.united.com
vacations.universalstudioshollywood.com
vacations.us.palladiumhotelgroup.com
world.hyatt.com
www.applevacations.com
www.beachbound.com
www.blueskytours.com
www.cheapcaribbean.com
www.funjet.com
www.globalhotelchoices.com
www.hyatt.com
www.hyattconnect.com
www.hyattinclusivecollection.com
www.triseptapi.com
www.triseptdemo.com
www.triseptsolutions.com
www.universalorlandovacations.com
www.wynnvacations.com
*-api-*.acronis.com
*.5nine.com
*.acronis.com
*.acronis.work
*.devicelock.com
1118448159
Acronis Cyber Protect for [iOS](https://apps.apple.com/app/acronis-cyber-backup/id1118448159).
1192506963
Acronis Files Cloud for [iOS](https://apps.apple.com/us/app/files-cloud/id1192506963).
429704844
Acronis Files Advanced for [iOS](https://apps.apple.com/us/app/acronis-files-advanced/id429704844).
978342143
Acronis Mobile for [iOS](https://apps.apple.com/app/acronis-true-image-mobile/id978342143).
Acronis Agent
Acronis Agent is a client-side application for Acronis Cyber Protect that incorporates backup and cyber protection mechanisms. You may download versions for all supported platforms from [here](https://mc-beta-cloud.acronis.com/download/u/baas/4.0/).
Acronis Cloud Manager
Acronis Cloud Manager provides advanced monitoring, management, migration, and recovery for Microsoft Cloud environments. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/cloud-manager/trial/).
Acronis Cyber Files
Acronis Cyber Files is a secure file sync and share solution that enables your team to collaborate, access company files, and share documents on any device. You may request a trial by completing [registration](https://www.acronis.com/en-eu/products/files/trial/).
Acronis Cyber Infrastructure
Acronis Cyber Infrastructure unites software-defined compute, network and storage in a single, scalable product, designed for building private or public clouds. You can read more about it at [kb.acronis.com](https://kb.acronis.com/acronis-cyber-infrastructure).
Please note that this asset is only available periodically during testing phases.
Acronis Cyber Protect
Acronis Cyber Protect is an on-premises cyber protection solution designed for business environments. You may request a trial by completing [registration](https://www.acronis.com/en-us/business/cyber-protect/trial/#/registration).
Acronis DeviceLock DLP
Acronis DeviceLock DLP provides comprehensive endpoint data loss prevention. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/devicelock/trial/).
Acronis Snap Deploy
Acronis Snap Deploy is designed to deploy and provision all of your servers and workstations at once. You may request a trial by completing [registration](https://www.acronis.com/en-us/products/snap-deploy/trial/).
Acronis True Image (formerly Acronis Cyber Protect Home Office)
Acronis True Image is designed for protection of home computers. [Download a trial](https://www.acronis.com/en-us/products/true-image/trial/).
Other Acronis Domains
Other Acronis executables
account.acronis.com
Acronis Customer Portal.
beta-cloud.acronis.com
Acronis Cyber Cloud beta environment. To request an account, please follow HackerOne [Credentials](https://docs.hackerone.com/en/articles/8466488-credentials) guide and select `beta-cloud.acronis.com` asset.
com.acronis.abc
Acronis Cyber Protect for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2b).
com.acronis.acronistrueimage
Acronis Mobile for [Android](https://play.google.com/store/apps/details?id=com.acronis.cyberb2c).
Faucets
Chainlink Testnet Faucet is available at the following URL: https://faucets.chain.link/
https://github.com/smartcontractkit/chainlink
https://github.com/smartcontractkit/chainlink/tree/master/contracts
https://github.com/smartcontractkit/external-adapters-js/
https://github.com/smartcontractkit/staking-v0.1/tree/master/contracts
*.braintree-api.com
For testing and account creation, please use *.sandbox.braintree-api.com rather than production.
*.braintree.tools
Please note, this is a development environment that is constantly in flux. Accordingly, vulnerabilities found on this asset will generally have lower impact and payouts.
*.braintreegateway.com
*.braintreepayments.com
For testing and account creation, please use *.sand.braintreepayments.com rather than production.
*.hyperwallet.com
*.paydiant.com
*.paylution.com
*.paypal.com
*.paypalcorp.com
*.venmo.com
*.xoom.com
351727428
[iOS Venmo App](https://apps.apple.com/us/app/venmo/id351727428)
Braintree SDK
PayPal SDK
api.loanbuilder.com
api.swiftfinancial.com
com.paypal.android.p2pmobile
com.paypal.merchant
com.paypal.merchant.client
com.venmo
com.xoom.android.app
com.xoom.app
decision.swiftfinancial.com
We are aware that the root URL of this domain returns an error, the API is functioning correctly.
loanbuilder.com
my.loanbuilder.com
my.swiftfinancial.com
partner.swiftfinancial.com
paypal.me
paypalobjects.com
pigeon.swiftfinancial.com
prequal.swiftfinancial.com
py.pl
sandbox.braintreegateway.com
scrutiny.swiftfinancial.com
swiftcapital.com
swiftfinancial.com
www.loanbuilder.com
www.paypal-*.com
PayPal\'s Partner Sites (www.paypal-__.com) are mainly marketing based sites that are not part of the core PayPal customer domains (.paypal.com) and are managed by hosting vendor companies. They have variable timelines and are often decommissioned. A listing of these sites designated for deprecation will not be publically maintained due to frequent changes. When researching bugs on these sites, please keep this in mind as bug Submissions for sites on schedule for deprecation will not be honored.
Submissions of bugs relating to services or domains not referenced above or for sites on schedule for deprecation are ineligible for the Bug Bounty Program and will not be eligible for a Bounty Payment.
www.swiftcapital.com
www.swiftfinancial.com
*.cb.dev
**Caution: Reports about the testbed will be excluded if they do not affect the main site.** However it is useful to test some exploits.
*.highwebmedia.com
This domain covers all our main media servers; such as video servers, chat servers, image servers, etc.
*.mmcdn.com
Our new CDN Domain, replaces highwebmedia.com
*.mmwebc.dev
Our domain for Web Components
*.securegatewayaccess.com
Our billing customer service site. Any access here is critical and must be immediately reported.
billingsupport.chaturbate.com
Alisas of the billing customer support site.
chaturbate.com
The main chaturbate site!
m.chaturbate.com
The mobile version of Chaturbate
secure.chaturbate.com
The billing customer service and signup page
*.fanbox.cc
* This site uses pixiv account (signup at https://accounts.pixiv.net).
accounts.pixiv.net
* Signin / signup site for many pixiv products (`*.pixiv.net`, `*.booth.pm`, etc).
booth.pm
* PC: https://booth.pm
coban.pixiv.net
comic.pixiv.net
This site is in Japanese.
This site uses pixiv account (signup at https://accounts.pixiv.net).
- Web: https://comic.pixiv.net
- iOS : https://apps.apple.com/jp/app/pixiv%E3%82%B3%E3%83%9F%E3%83%83%E3%82%AF/id975414811
- Android: https://play.google.com/store/apps/details?id=jp.pxv.android.manga
dic.pixiv.net
https://github.com/pixiv/charcoal
charcoal (https://github.com/pixiv/charcoal) is a set of libraries used as a design system and maintained by pixiv.
- Vulnerabilities caused by the libraries included in charcoal
- Supply chain vulnerabilities related to the dependencies of charcoal libraries
- Vulnerabilities of sites using any of the charcoal libraries (including services by pixiv inc)
https://vroid.com/studio
hub.vroid.com
* This is a site where users share their 3D characters in [VRM file format](https://vrm.dev/en/).
* When testing with VRM, please use characters provided by [our official account](https://hub.vroid.com/users/36144806).
* Go to a character -> click "Use this model" -> click "Download".
* Please avoid interactions / exposure to other users to the best of you ability.
neoket.net
novel.pixiv.net
- Web: https://novel.pixiv.net
pastela.app
- This site uses pixiv account (signup at https://accounts.pixiv.net).
- PC: https://pastela.app
- iPadOS: https://apps.apple.com/app/pastela/id6478907270
payment.pixiv.net
sensei.pixiv.net
sketch.pixiv.net
* This site is in Japanese.
* PC: https://sketch.pixiv.net/
* iOS: https://itunes.apple.com/app/pixiv-sketch/id991334925
* Android: https://play.google.com/store/apps/details?id=jp.pxv.android.sketch
vroid.com
www.pixiv.net
* The core pixiv.
* Signup at https://accounts.pixiv.net
* PC: https://www.pixiv.net/
* iOS: https://itunes.apple.com/app/pixiv/id337248563
* Android: https://play.google.com/store/apps/details?id=jp.pxv.android
CometBFT
CometBFT is a blockchain application platform; it provides the equivalent of a web-server, database, and supporting libraries for blockchain applications written in any programming language. CometBFT implements Byzantine Fault Tolerant (BFT) State Machine Replication (SMR) for arbitrary deterministic, finite state machines.
For more background, see the [CometBFT docs site](https://docs.cometbft.com/v0.38/). To get started quickly with an example application, see the [quick start guide](https://docs.cometbft.com/v0.38/guides/quick-start).
## In-Scope Repositories
* [cometbft](https://github.com/cometbft/cometbft)
* [cometbft-db](https://github.com/cometbft/cometbft-db)
## LTS Policy
Bugs present in the latest released versions of the v0.34, v0.37 and v0.38 series are eligible for bounty. Bugs present in pre-releases of new versions are also eligible.
CosmWasm
CosmWasm is a smart contract platform that focuses on security, performance and interoperability by Confio GMBH. It is the only smart contracting platform for public blockchains with significant adoption outside of the EVM.
For documentation about the platform and a Getting Started guide, please see https://www.cosmwasm.com/build
## In-scope Repositories
* Execution environment
* [cosmwasm](https://github.com/CosmWasm/cosmwasm)
* [wasmvm](https://github.com/CosmWasm/wasmvm)
* [wasmd](https://github.com/CosmWasm/wasmd)
* Standard library dependencies
* [serde-json-wasm](https://github.com/CosmWasm/serde-json-wasm)
* Libraries for building contracts
* [cw-plus](https://github.com/CosmWasm/cw-plus)
* [cw-storage-plus](https://github.com/CosmWasm/cw-storage-plus)
* [cw-utils](https://github.com/CosmWasm/cw-utils)
* Build tools
* [rust-optimizer](https://github.com/CosmWasm/rust-optimizer)
Cosmos SDK
The Cosmos SDK is an open-source framework for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. SDK-based blockchains are built out of composable [modules](https://docs.cosmos.network/main/build/building-modules/intro), most of which are open-source and readily available for any developers to use.
To get started, learn more about the [architecture of a Cosmos SDK application](https://docs.cosmos.network/main/learn/intro/sdk-app-architecture), or how to build application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial).
* [cosmossdk](https://github.com/cosmos/cosmos-sdk)
### Core packages
* [baseapp](https://github.com/cosmos/cosmos-sdk/tree/main/baseapp)
* [crypto](https://github.com/cosmos/cosmos-sdk/tree/main/crypto)
* [types](https://github.com/cosmos/cosmos-sdk/tree/main/types)
* [store](https://github.com/cosmos/cosmos-sdk/tree/main/store)
### Modules
* [x/auth](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth)
* [x/bank](https://github.com/cosmos/cosmos-sdk/tree/main/x/bank)
* [x/staking](https://github.com/cosmos/cosmos-sdk/tree/main/x/staking)
* [x/slashing](https://github.com/cosmos/cosmos-sdk/tree/main/x/slashing)
* [x/evidence](https://github.com/cosmos/cosmos-sdk/tree/main/x/evidence)
* [x/distribution](https://github.com/cosmos/cosmos-sdk/tree/main/x/distribution)
* [x/mint](https://github.com/cosmos/cosmos-sdk/tree/main/x/mint)
We are interested in bugs in other modules, however the above are most likely to have significant vulnerabilities, due to the complexity/nuance involved. We also recommend reading the [specification](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules/README.md) of each module before digging into the code.
Hermes Relayer
Hermes is a Rust implementation of an Inter-Blockchain Communication (IBC) relayer that is developed and maintained by Informal Systems. It provides a CLI to relay packets between Cosmos SDK chains, exposes [Prometheus](https://prometheus.io/) metrics and offers a REST API.
The [documentation for Hermes](https://hermes.informal.systems/) includes a [guide for installation](https://hermes.informal.systems/quick-start/installation.html) and [several tutorials](https://hermes.informal.systems/tutorials/local-chains/index.html) that will help you get started with security testing in a local environment.
This component of the Interchain Stack comprises primarily of 6 crates:
* [ibc-relayer](https://crates.io/crates/ibc-relayer) provides an implementation of an IBC relayer, as a *library*.
* [ibc-relayer-cli](https://crates.io/crates/ibc-relayer-cli) is a CLI (a wrapper over the ibc-relayer library), comprising the [hermes](https://hermes.informal.systems/) binary.
* [ibc-chain-registry](https://crates.io/crates/ibc-chain-registry) provides functions to fetch data from the [chain registry](https://github.com/cosmos/chain-registry) and automatically generate chain configuration for Hermes.
* [ibc-telemetry](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for gathering telemetry data and exposing that in a Prometheus endpoint.
* [ibc-relayer-rest](https://crates.io/crates/ibc-telemetry) is a library for use in the Hermes CLI, for exposing a REST API to inspect the state of the relayer.
* [ibc-test-framework](https://crates.io/crates/ibc-test-framework) provides the infrastructure and framework for writing end-to-end (E2E) tests that include the spawning of the relayer together with Cosmos full nodes.
Horcrux
Horcrux is a [multi-party-computation \\(MPC\\)](https://en.wikipedia.org/wiki/Secure_multi-party_computation) signing service for CometBFT nodes built and maintained by Strangelove Labs. It provides high-availability key management for Cosmos validator operations, and mitigates the risk of double signing transactions.
This documentation and set of guides will help you get started with learning about Horcrux:
### Guides:
* [PFC-Validator example shell script](https://github.com/PFC-Validator/horcrux-container/blob/main/launch-all.sh)
* [PFC-Validator Kubernetes Cluster yaml configs](https://github.com/PFC-Validator/PFC-Cluster/tree/main/manifests/cosmos/pisco)
* [Lavender.Five Ansible Cluster automation](https://github.com/LavenderFive/horcrux-ansible)
### Diagrams:
* [https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png](https://user-images.githubusercontent.com/6722152/157145772-8557b4b5-a0cc-4073-8834-86afda1900fc.png)
* [https://github.com/strangelove-ventures/horcrux](https://github.com/strangelove-ventures/horcrux)
The Strangelove Labs team maintains a dedicated [Horcrux Support Policy](https://docs.google.com/document/d/1XrrOfigfoDuJUp04b_4BMvoDvgQwTQGutXVio5cAfAE/edit?usp=sharing).
IBC Go Relayer
The ibc-go relayer is a Golang implementation of an Interblockchain Communication (IBC) relayer maintained by Strangelove Labs. A relayer process monitors for updates on open paths between sets of IBC enabled chains and submits these updates in the form of specific message types to the counterparty chain. Clients are then used to track and verify the consensus state.
In addition to relaying packets, this relayer can open paths across chains, thus creating clients, connections and channels.
The [documentation for this relayer](https://github.com/cosmos/relayer?tab=readme-ov-file#table-of-contents) and a [demo](https://github.com/cosmos/relayer/blob/main/examples/README.md) for setting up a development environment are available. Additional information on how IBC works can be found [here](https://ibc.cosmos.network/main).
[https://github.com/cosmos/relayer](https://github.com/cosmos/relayer)
Packet Forward Middleware
Packet Forward Middleware (PFM) is an IBC middleware module built for Cosmos blockchains that routes incoming IBC packets from a source chain to a destination chain.
This [diagram](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware%23sequence-diagrams) and [integration guide](https://github.com/cosmos/ibc-apps/blob/main/middleware/packet-forward-middleware/docs/integration.md) will help you get acquainted with the code.
* [https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware/packetforward)
The Strangelove Team maintains a [Support Policy](https://docs.google.com/document/d/1I50F_rvp7oPnn6UuKwUdulZvBtMnePoRXtBhrYWMjkE/edit?usp=sharing) for this component.
https://github.com/cosmos/gaia
The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in!
* Injection exploits
* Privilege escalation
* IBC
* Inter-module interactions
* Network channel attacks
* Replay attacks
https://github.com/cosmos/iavl
The `iaviewer` application itself is not in-scope for the bug bounty program, unless there is an underlying bug in the `iavl` library that can be exploited through the application or other applications using the `iavl` library.
https://github.com/cosmos/ics23
https://github.com/cosmos/ledger-cosmos
We are looking for security vulnerabilities that, when exploited, can make a person lose their fund, access to their private key or otherwise impact them _on the production system_, in this case, a public Ledger device.
https://github.com/iqlusioninc/crates/tree/main/signatory
Restricted to the ed25519 provider sub-crates like dalek-ed25519 and ring.
https://github.com/iqlusioninc/tmkms
https://github.com/iqlusioninc/yubihsm.rs
The bug bounty is restricted to the ed25519 pubkey and signing paths.
ibc-go
The Inter-Blockchain Communication Protocol (IBC) allows blockchains to talk to each other. The protocol realizes this interoperability by specifying a set of data structures, abstractions, and semantics that can be implemented by any distributed ledger that satisfies a small set of requirements.
To learn more about IBC and its components, visit the [documentation site](https://ibc.cosmos.network/main/ibc/overview).
* [https://github.com/cosmos/ibc-go/tree/main](https://github.com/cosmos/ibc-go/tree/main)
### IBC Core
* [02-client](https://github.com/cosmos/ibc-go/tree/main/modules/core/02-client)
* [03-connection](https://github.com/cosmos/ibc-go/tree/main/modules/core/03-connection)
* [04-channel](https://github.com/cosmos/ibc-go/tree/main/modules/core/04-channel)
* [05-port](https://github.com/cosmos/ibc-go/tree/main/modules/core/05-port)
* [23-commitment](https://github.com/cosmos/ibc-go/tree/main/modules/core/23-commitment)
* [24-host](https://github.com/cosmos/ibc-go/tree/main/modules/core/24-host)
### Application Modules
* [Transfer](https://github.com/cosmos/ibc-go/tree/main/modules/apps/transfer)
* [27-interchain-accounts](https://github.com/cosmos/ibc-go/tree/main/modules/apps/27-interchain-accounts)
### Light Clients
* [06–solomachine](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/06-solomachine)
* [07-tendermint](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/07-tendermint)
* [09-localhost](https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/09-localhost)
* [08-wasm] (https://github.com/cosmos/ibc-go/tree/main/modules/light-clients/08-wasm)
### Middleware Modules
* [29-fee](https://github.com/cosmos/ibc-go/tree/main/modules/apps/29-fee)
* [Callbacks](https://github.com/cosmos/ibc-go/tree/main/modules/apps/callbacks)
The ibc-go team has implemented a [Stable Release Policy](https://github.com/cosmos/ibc-go/blob/main/RELEASES.md%23stable-release-policy) that covers the protocol and components it maintains.
com.affirm.central.audit
This is the Android testing app built for HackerOne. It\'s distributed through Google Play Store.
com.affirm.internal.hackerone
This is the testing iOS app built for HackerOne. It is distributed through Crashlytics.
sandbox.affirm.com
*.crypto.com
We will consider all vulnerability reports against assets in Crypto.com\'s control. Severity might be limited for certain assets based on business impact.
*.mona.co
Crypto.com Exchange APIs that require an account
Includes any BFF APIs
Crypto.com Wallet Extension
Crypto.com mobile app APIs that require an account
app.mona.co
co.mona.android
Get the app here: https://play.google.com/store/apps/details?id=co.mona.android
You won’t need test accounts for this as it will be public-facing sites for now.
The app should give you the functionality to start using CRO services.
com.defi.wallet
https://apps.apple.com/app/crypto-com-wallet/id1512048310
https://play.google.com/store/apps/details?id=com.defi.wallet
com.monaco.mobile
developer-platform-api.crypto.com
https://crypto.com/exchange
https://crypto.com/nft
https://crypto.com/price
https://etherscan.io/token/0xfe18ae03741a5b84e39c295ac9c856ed7991c38e
**Bounty Range Changes: CDCETH Smart Contract**
Critical Severity: Up to $50,000 USD
Extreme Tier: Up to $1,000,000
js.crypto.com
merchant.crypto.com
nadex.com
tax.crypto.com
web.crypto.com
com.goodrx
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx
com.goodrx.iphone
iOS Download: https://itunes.apple.com/app/id485357017
www.goodrx.com
This our primary site. Our mobile site m.goodrx.com is also covered by this scope. Only issues regarding the frontend of https://www.goodrx.com/care will be considered in-scope. Any backend issue is belonging to a partner of ours.
https://api-staging.pingone.com/*
* **What it is:**
* REST API for configuring and managing your PingOne For Customers organization
Please note that this documentation points to **PROD**, which is out of scope for this engagement. To access the ORT environment URLs will have to be appended with -staging like the console link above.
https://apps-staging.pingone.com/*
* Cloudfront distribution for the PingOne for Customers login/authentication flow orchestration and self-service account/profile management user interfaces
* **What it does:**
* Provides user interface for administrators to configure authentication flows and assign different authentication policies
* Provides interface for end users to manage their account profiles and settings
https://console-staging.pingone.com/*
* Administrative console to the PingOne For Customers platform that manages user access, authentication types, and connected applications.
* **Here\'s how to add an application to your PingOne For Customer environment:**
https://youtu.be/TBA5VTfnsSE
* **Sample client-side app (Please note that the content of the github repository is out of scope):**
https://github.com/pingidentity/pingone-customers-sample-oidc
* Allows administrators to configure authentication workflows and assign different authentication policies (SAML, OAuth2, and OpenID Connect are supported) to each of your applications.
* Supports Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) across all connected applications.
* Offers robust user-management capabilities.
https://openam-bug-bounty-stag.forgeblocks.com/*
* Administrative console for the single-tenant SAAS PingOne Advaced Identity Cloud platform which manages IAM functionality for Enterprise customers.
* Staging environment - Used for testing development changes, including stress tests and scalability tests with realistic deployment settings.
* **Documentation:**
* https://backstage.forgerock.com/docs/idcloud/latest/overview.html
https://ort-admin.pingone.com/*
* Administrative web portal for PingOne For Enterprise (P14E)
* Allows P14E administrators to manage all aspects of their enterprise user accounts
https://ort-authenticator.pingone.com/*
* Multi-factor Authentication (MFA) authenticator service
* MFA is configured via the PingOne Desktop > Devices > My Device > Add.
* Ping Authenticator used for Multi-Factor Authentication (MFA)
* The authenticator is a service which provides multi-factor via PingID mobile applications available in the iTunes and Android app stores, Yubikey Series 4, PingID Desktop apps for OS X and Windows, or email.
* The authenticator service is a back-end hosted service.
* The client MFA applications are not in scope but the protocol data and authenticator service are, this includes requests and responses.
* Employs MFA (typically [PingID](https://www.pingidentity.com/en/cloud/pingid.html)) to authenticate users and then pass control back to PingOne for Enterprise
https://ort-desktop.pingone.com/*
* **What it is:**
* Central hub of Ping One For Enterprise, a cloud-based dock that provides users with secure SSO access to an expansive library of applications
* **What it does:**
* Provides many pre-existing integrations with popular SaaS applications
* Leverages SAML, OIDC and other secure identity standards to integrate with any other cloud-based applications
Provides the option of storing user identity data in PingOne’s cloud directory
*.betfair.com
*.betfair.es
*.betfair.it
*.betfair.ro
*.betfair.se
*.betsharedservices.io
*.betviewapi.com
*.bonne-terre-data-layer.com
*.dibz.co.uk
*.msgsvc.io
*.operationstechnology.io
*.paddypartners.com
*.paddypower.com
*.paddypower.it
*.platformservices.io
*.ppbdev.com
*.sbgcdn.com
*.sbgcore.com
*.sbgorigin.com
*.sbgservices.com
*.sbgtest.net
*.securityservices.io
*.skybet.co.uk
*.skybet.com
*.skybet.net
*.skybetservices.com
*.skybettest.net
*.skybettingandgaming.com
*.skybettingandgaming.design
*.skybettingandgaming.info
*.skybingo.com
*.skycasino.com
*.skygamingcontent.com
*.skypoker.com
*.skyvegas.com
*.sportinglife.com
com.betfair.exchange
Betfair Exchange Betting
https://play.google.com/store/apps/details?id=com.betfair.exchange&gl=uk
https://assets.cdnbf.net/static/android/betfair-wrapper-exchange.apk
com.betfair.sportsbook
Betfair Sports Betting
https://play.google.com/store/apps/details?id=com.betfair.sportsbook&gl=uk
https://assets.cdnbf.net/static/android/betfair-wrapper-sportsbook.apk
com.flutter.bem.release
com.paddypower.sportsbook.u.inhouse
Paddy Power Sports Betting: https://play.google.com/store/apps/details?id=com.paddypower.sportsbook.u.inhouse&gl=uk
itv7.itv.com
super6.skysports.com
bounty-node.rsk.co
A RSKj JSON RPC server is available for testing. You can obtain the list of JSON RPC methods supported from the rskj source code and from RSK and Ethereum documentation.
You can attempt the following attacks:
* Bypass the Varnish JSON RPC method blacklist/whitelist filtering.
* Application level DoS: exploit the whitelisted methods to consume server\'s resources.
* System Information disclosure (file system, private keys)
* Code execution (Hint: check the object mapping capabilities of the JSON parser library and Java reflection)
**Only application level DoS attacks are allowed. Do not attempt volumetric transport level attacks**
Sample Request:
`curl -s -X POST -H "Content-Type: application/json" -d \'{"jsonrpc":"2.0","method":"web3_clientVersion", "params": {}, "id":666}\' https://bounty-node.rsk.co `
The whitelisted methods are the following:
```web3_clientVersion
eth_getUncleCountByBlockNumber
net_version
net_listening
net_peerCount
eth_protocolVersion
eth_hashrate
eth_mining
eth_call
eth_estimateGas
eth_gasPrice
eth_blockNumber
eth_getBalance
eth_getBlockByHash
eth_getBlockByNumber
eth_getBlockTransactionCountByHash
eth_getBlockTransactionCountByNumber
eth_getCode
eth_getStorageAt
eth_getTransactionByBlockHashAndIndex
eth_getTransactionByBlockNumberAndIndex
eth_getTransactionByHash
eth_getTransactionCount
eth_getTransactionReceipt
eth_getUncleByBlockHashAndIndex
eth_getUncleByBlockNumberAndIndex
eth_getUncleCountByBlockHash
eth_sendRawTransaction
Good luck!
https://github.com/rsksmart/2wp-api
# Scope
We are interested in finding issues that lead to compromise of the app.
# Out of scope
- `__test__` directory
- Vulnerabilities in dependencies/libraries
- Clickjacking
- Reports from automated tools or scans, without exploitability demonstration
- Theoretical vulnerabilities without demonstrated security impact
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
- Attacks requiring MITM or physical access to a user\'s device.
- Attacks requiring a compromised victim device.
- Comma Separated Values (CSV) injection without demonstrating a vulnerability.
- Missing best practices in SSL/TLS configuration.
- Any activity that could lead to the disruption of our service (DoS).
- Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
- Rate limiting or bruteforce issues
- Missing best practices in Content Security Policy.
- Missing HttpOnly or Secure flags on cookies
- Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...)
- Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]
- Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors).
- Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis.
- Open redirect - unless an additional security impact can be demonstrated
- Issues that require unlikely user interaction
- Cache poisoning without demonstrated security impact
- Tabnabbing
- Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.)
- Reporting a leaked token without first confirming it is valid and has access to sensitive operations
- Secret recovery phrase brute-forcing
- Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.)
- Vulnerabilities under development branches in our source code.
- Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment)
- Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory
- Lack of binary protection (anti-debugging) controls.
- Absence of certificate pinning
https://github.com/rsksmart/2wp-app
# We are interested in finding:
- Exploits to extract the private keys of the wallet from the memory
- Ways to gain control over the software or hardware wallets
- Ways to change the transaction by adding or removing data
#Out of scope
- `test` directory
https://github.com/rsksmart/powpeg-node
- Attacks requiring physical access or local user level access to a user\'s device.
- Previously known vulnerable libraries without a working Proof of Concept.
- Denial of our service (DoS) not directly related to a flaw in the IOVLabs code or environment.
- DoS attacks that require sending multiple network packets at any layer. We’re interested in DoS that depends on the data and can\'t be stopped at the network level.
- Flaws on the configuration related to the option to store private keys on disk.
- Vulnerabilities reported on the rskj project are out of scope for the powpeg-node.
https://github.com/rsksmart/rif-wallet
##Out of scope
* Clickjacking
* Reports from automated tools or scans, without exploitability demonstration
* Theoretical vulnerabilities without demonstrated security impact
* Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
* Attacks requiring MITM or physical access to a user\'s device.
* Attacks requiring a compromised victim device.
* Previously known vulnerable libraries without a working Proof of Concept.
* Comma Separated Values (CSV) injection without demonstrating a vulnerability.
* Missing best practices in SSL/TLS configuration.
* Any activity that could lead to the disruption of our service (DoS).
* Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
* Rate limiting or bruteforce issues
* Missing best practices in Content Security Policy.
* Missing HttpOnly or Secure flags on cookies
* Missing HTTP headers hardening and recommendations (Clickjacking, X-Frame-Options, CORS, ...)
* Vulnerabilities only affecting users of outdated or unpatched browsers [Less than 2 stable versions behind the latest released stable version]
* Software version disclosure / Banner identification issues / Descriptive error messages or headers (e.g. stack traces, application or server errors).
* Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis.
* Open redirect - unless an additional security impact can be demonstrated
* Issues that require unlikely user interaction
* Cache poisoning
* Tabnabbing
* Social engineering attacks, including those targeting or impersonating internal employees by any means (e.g. customer service chat features, customer support, social media, personal domains, etc.)
* Reporting a leaked token without first confirming it is valid and has access to sensitive operations
* Secret recovery phrase brute-forcing
* Perceived security weaknesses without evidence of the ability to demonstrate impact (e.g. Missing best practices, functional bugs without security implications, etc.)
* Vulnerabilities under development branches in our source code.
* Runtime hacking exploits (exploits only possible in a jailbroken/rooted environment)
* Public User data, such as, public address, balances, transaction information etc. stored unencrypted on external storage and private directory
* Lack of binary protection (anti-debugging) controls.
* Absence of certificate pinning
https://github.com/rsksmart/rif-wallet-libs
https://github.com/rsksmart/rif-wallet-services
https://github.com/rsksmart/rsk-powhsm/
* Attacks that allow extracting the seed from the device, including but not limited to:
Gaining access to the device recovery mode without wiping the seed first.
* Allowing the installation and use of arbitrary ledger apps without wiping the seed first.
* Attacks that allow signing arbitrary hashes with the BTC key id.
* Attacks that gain access to arbitrary BIP32 paths (either for signing or extracting the public key).
* Attacks that allow the manipulation of the blockchain state\'s best block without the corresponding PoW.
* Attacks that allow the manipulation of the blockchain state\'s ancestor block and/or ancestor receipts root without the corresponding proof of best block ancestry.
* Attacks that fake an authentic attestation on a device running different versions of either the UI or Signer.
* Attacks that allow producing an authentic attestation on a device with a pre-generated or well-known seed.
* Attacks that lead the ledger into a DOS state without the need for physical device access. This does not mean ledger device has open external interface.
* Attacks that lead the middleware manager into a DOS state without the need for physical access to the host. This does not mean the middleware has open external interface.
* Transactions in either the RSK or Bitcoin networks that may lead the powHSM into signing arbitrary pegouts or hashes.
* Side channel attacks.
* Supply chain attacks that have direct consequences on the production software.
* Identification and reporting of vulnerabilities in the Ledger source code will be eligible for rewards after 90 days from the initial disclosure from Ledger.
* Vulnerabilities discovered in the Ledger source code will be rewarded according to the general reward table specified for the bug bounty program, rather than the powHSM project reward table.
* Vulnerabilities found in the Ledger source code will not qualify for the bonus reward associated with Remote Execution Code.
## Out of Scope
* Vulnerabilities related to the ledger devices used by the rsk-powhsm; this includes their physical security.
* Vulnerabilities that don\'t ultimately allow for the arbitrary or unsecure use of any of the keys derived from the device seed.
* Vulnerabilities in TCPSigner component, which is made solely for testing and fuzzing purposes.
* Vulnerabilities located in code under the following path `firmware/src/hal/src/x86/` since is code related to the TCPSigner component.
* All code related to SGX is out of scope.
Due to the complexity of the project some of the points may be interpreted ambiguously, therefore we reserve a right to make a final decision on the report regarding its relevance to the scope and specified severity. Please, reach us if you have any doubts on the scope.
https://github.com/rsksmart/rskj
RSKj Installation instructions: https://dev.rootstock.io/rsk/node/
Binary releases: https://github.com/rsksmart/rskj/releases
Discord channel for technical questions: https://discord.com/invite/fPerbqcWGE
Important: DoS attacks that require sending multiple network packets at any layer are out of scope. We’re interested in DoS that depends on the data and can\'t be stopped at the network level.
https://github.com/rsksmart/tokenbridge
The system is designed to allow to move tokens between blockchains if and only if 50% of the members approve it. Vulnerabilities that require access to a member\'s private key will be valid but will be considered medium risk at most.
* The private key handling and storage is out of scope.
* Malicious ERC20 tokens are out of scope because there is a whitelisting process in place.
* Multi-signature wallet.
* Tests located under `test` folder in (all of them).
* Open Zeppelin contracts located in `bridge/contracts/zeppelin`
*.bitmex.com
1589023233
All Other BitMEX Assets
All other assets that are provably owned by BitMEX.
com.bitmex.app.android
https://play.google.com/store/apps/details?id=com.bitmex.app.android.testnet
Please see the instructions under the mobile beta access section of our policy
https://testflight.apple.com/join/533gFghn
testnet.bitmex.com
When testing our platform, please use our testing environment at `testnet.bitmex.com` and not `www.bitmex.com`.
API Docs: https://testnet.bitmex.com/app/apiOverview
www.bitmex.com
*.adaptive-shield.com
Excluding 3rd party maintained targets
*.bionic.ai
*.crowdstrike.com
**Excluding 3rd party maintained targets**
*.flowsecurity.app
Excluding 3rd party maintained targets
*.humio.com
*.preempt.com
*.preemptsecurity.com
*.reposify.com
*.securecircle.com
CrowdStrike public infrastructure
apps.apple.com/us/app/crowdstrike-falcon/id1458815656
falcon-sandbox.com
hybrid-analysis.com
play.google.com/store/apps/details?id=com.crowdstrike.falconmobile
www.crowdstrike.com
**Including all localized sites: crowdstrike.de, crowdstrike.com.au, crowdstrike.co.uk, crowdstrike.fr, crowdstrike.jp, crowdstrike.com.br**
www.crowdstrike.org
**CrowdStrike Foundation Website**
All Other In-Scope Assets
academy.databricks.com
accounts.cloud.databricks.com
advocates.databricks.com
community.databricks.com
customer-academy.databricks.com
databricks.com
demo.cloud.databricks.com
docs.databricks.com
help.databricks.com
https://community.cloud.databricks.com/
[Register for Demo Accounts](https://docs.databricks.com/en/getting-started/community-edition.html)
Documentation :
* For information on using Databricks, please visit https://docs.databricks.com/.
https://dbc-9a3f8ed1-7608.cloud.databricks.com
For information on using Databricks, please visit https://docs.databricks.com/
kb.databricks.com
labs.databricks.com
marketplace.databricks.com
partners.databricks.com
support.databricks.com
*.elastic.co
All subdomains are in scope UNLESS OTHERWISE LISTED IN OUT-OF-SCOPE. Local, or on-premise Elastic stack is also IN-scope.
*.elasticnet.co
*.elstc.co
*.eops.nl
*.found.io
Exfiltration of data or attacks against any customer clusters will not be eligible for rewards. Local, or on-premise Elastic stack is also in-scope. Only the latest supported versions of the Elastic Stack will be eligible for a bounty.
*.swiftype.com
Beats
Issue that span across multiple Beats
Source: https://github.com/elastic/beats
Download: https://www.elastic.co/downloads/beats/
Including
- Auditbeat
- Filebeat
- Heartbeat
- Metricbeat
- Packetbeat
- Winlogbeat
- Elastic Agent
Beats - Auditbeat
Must be a supported version: https://www.elastic.co/support/eol
Includes
- All platforms: https://www.elastic.co/downloads/beats/auditbeat
- Docker container: https://www.docker.elastic.co/r/beats/auditbeat
- Source code: https://github.com/elastic/beats/tree/main/auditbeat
Beats - Filebeat
- All platforms: https://www.elastic.co/downloads/beats/filebeat
- Docker container: https://www.docker.elastic.co/r/beats/filebeat
- Source code: https://github.com/elastic/beats/tree/main/filebeat
Beats - Heartbeat
- All platforms: https://www.elastic.co/downloads/beats/heartbeat
- Docker container: https://www.docker.elastic.co/r/beats/heartbeat
- Source code: https://github.com/elastic/beats/tree/main/heartbeat
Beats - Metricbeat
- All platforms: https://www.elastic.co/downloads/beats/metricbeat
- Docker container: https://www.docker.elastic.co/r/beats/metricbeat
- Source code: https://github.com/elastic/beats/tree/main/metricbeat
Beats - Packetbeat
- All platforms: https://www.elastic.co/downloads/beats/packetbeat
- Docker container: https://www.docker.elastic.co/r/beats/packetbeat
- Source code: https://github.com/elastic/beats/tree/main/packetbeat
Beats - Winlogbeat
- Download: https://www.elastic.co/downloads/beats/winlogbeat
- Source code: https://github.com/elastic/beats/tree/main/winlogbeat
Elastic Agent
- All platforms: https://www.elastic.co/downloads/elastic-agent
- With Fleet: https://www.elastic.co/guide/en/fleet/current/fleet-elastic-agent-quick-start.html
- Source code: https://github.com/elastic/elastic-agent
Elastic Behavior Detections
Elastic invites security researchers to test our detection (SIEM) and endpoint (EDR) rulesets for potential bypasses, vulnerabilities, and areas for improvement. For this period (Dec 4 2024 - Dec 31 2024), the focus for this bounty period is on Windows behavior detections, particularly on bypassing detection capabilities tied to specific MITRE ATT&CK techniques such as Process Injection, Lateral Movement, Phishing: Spearphishing Attachments, and Impair Defenses.
We are looking for submissions that demonstrate realistic, high-impact techniques that evade detection, focusing on novel approaches and measurable risks.
Submissions will be evaluated based on their impact and complexity. The reward tiers are structured as follows:
- Low: Alerts generated are only low severity
- Medium: No alerts generated (SIEM or Endpoint)
For complete details on target rulesets, MITRE techniques, and submission guidelines, view the full scope [here](https://docs.google.com/document/d/1YDyaFpIRNumh2zOSSNHY1lzL0RXNqxIkv_-0SAgdtjk/edit?tab=t.0#heading=h.1fkf7cph0u7z).
Elastic Clients
- Java Client: https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/index.html
- JavaScript Client: https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/index.html
- Ruby Client: https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/index.html
- Go Client: https://www.elastic.co/guide/en/elasticsearch/client/go-api/current/index.html
- .NET Client: https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/index.html
- PHP Client: https://www.elastic.co/guide/en/elasticsearch/client/php-api/current/index.html
- Perl Client: https://www.elastic.co/guide/en/elasticsearch/client/perl-api/current/index.html
- Python Client: https://www.elastic.co/guide/en/elasticsearch/client/python-api/current/index.html
- Eland Client: https://www.elastic.co/guide/en/elasticsearch/client/eland/current/index.html
- Rust Client: https://www.elastic.co/guide/en/elasticsearch/client/rust-api/current/index.html
Elastic Cloud Enterprise (ECE)
- Download: https://www.elastic.co/downloads/enterprise
Elastic Cloud on Kubernetes (ECK)
- Download: https://www.elastic.co/downloads/elastic-cloud-kubernetes
Elastic Enterprise Search
- All platforms: https://www.elastic.co/downloads/enterprise-search
- Docker: https://www.docker.elastic.co/r/enterprise-search
- Cloud: https://cloud.elastic.co
Elastic Maps Server
- Download: https://www.elastic.co/downloads/elastic-maps-server
Elastic Package Registry
- https://github.com/elastic/package-registry
- https://epr.elastic.co/search?all
Elastic\'s package registry is used to pull elastic packages. Being able to modify our package registry is of particular interest to us.
Elastic Synthetics Monitoring
To get access, do the following steps:
1. Create a new deployment on cloud using an account with your @wearehackerone.com email alias.
2. Once in the deployment, go to the Observability application and pick the "Uptime"
3. Go to the Monitor Management tab
4. Fill out the request form.
5. Wait 24 hours for our team to approve you.
Elasticsearch
- All platforms: https://www.elastic.co/downloads/elasticsearch
- Docker container: https://www.docker.elastic.co/r/elasticsearch
- Source code: https://github.com/elastic/elasticsearch
- Instance on Cloud: https://cloud.elastic.co
Fleet Server
Setup (Included in Elastic Cloud): https://www.elastic.co/guide/en/fleet/8.8/fleet-server.html
Source: https://github.com/elastic/fleet-server
Kibana
- All platforms: https://www.elastic.co/downloads/kibana
- Docker container: https://www.docker.elastic.co/r/kibana
- Source code: https://github.com/elastic/kibana
Logstash
- All platforms: https://www.elastic.co/downloads/logstash
- Docker container: https://www.docker.elastic.co/r/logstash
- Source code: https://github.com/elastic/logstash
Observability - APM Agents
- .NET Agent: https://www.elastic.co/guide/en/apm/agent/dotnet/current/setup.html
- .NET Agent Source: https://github.com/elastic/apm-agent-dotnet
- Java Agent: https://www.elastic.co/guide/en/apm/agent/java/current/setup.html
- Java Agent Source: https://github.com/elastic/apm-agent-java
- JavaScript RUM Agent: https://www.elastic.co/guide/en/apm/agent/rum-js/current/getting-started.html
- JavaScript RUM Agent Source: https://github.com/elastic/apm-agent-rum-js
- Go Agent: https://www.elastic.co/guide/en/apm/agent/go/current/getting-started.html
- Go Agent Source: https://github.com/elastic/apm-agent-go
- Node.js Agent: https://www.elastic.co/guide/en/apm/agent/nodejs/current/set-up.html
- Node.js Agent Source: https://github.com/elastic/apm-agent-nodejs
- PHP Agent: https://www.elastic.co/guide/en/apm/agent/php/current/setup.html
- PHP Agent Source: https://github.com/elastic/apm-agent-php
- Python Agent: https://www.elastic.co/guide/en/apm/agent/python/current/set-up.html
- Python Agent Source: https://github.com/elastic/apm-agent-python
- Ruby Agent: https://www.elastic.co/guide/en/apm/agent/ruby/current/set-up.html
- Ruby Agent Source: https://github.com/elastic/apm-agent-ruby
Observability - APM Server
- All platforms: https://www.elastic.co/downloads/apm
- Docker: https://www.docker.elastic.co/r/apm/apm-server
- Source code: https://github.com/elastic/apm-server
If you found something that we own that is not explicitly listed as in-scope, please file it under this asset for us to investigate. We don\'t want our scope section to stop you from finding us vulnerabilities!
Software Supply Chain
Includes threats highlighted by SLSA https://slsa.dev/spec/v0.1/threats
- Source
- Build
- Dependencies
- Package
Specifically
- Github Workflows @ https://github.com/elastic - look under the .github/workflows directory
- Dependency Confusion
- Actual credential exfiltration or leaks (not theoretical) from build services (below)
- Command injection against build service
**Build Services**
Buildkite - https://buildkite.com/elastic
Github Actions - https://github.com/elastic/
Jenkins
- https://elasticsearch-ci.elastic.co
- https://apm-ci.elastic.co/
- https://beats-ci.elastic.co/
- https://clients-ci.elastic.co/
- https://cloud-ci.elastic.co/
- https://devops-ci.elastic.co/
- https://elasticsearch-ci.elastic.co/
- https://infra-ci.elastic.co/
- https://internal-ci.elastic.co/
- https://kibana-ci.elastic.co/
- https://logstash-ci.elastic.co/
- https://swiftype-ci.elastic.co/
cloud.elastic.co
**How to test**
1. Go to https://cloud.elastic.co/
1. Click “Sign Up”
1. Enter your @wearehackerone email and click “Start Free Trial” (you can create multiple trials if necessary)
1. Find your verification email and click “Verify and Accept”
1. Set your password
1. Click “Start Free Trial”
You should now be able to create an Elasticsearch deployment in any hosted infrastructure you choose. Once you create a deployment, try to find bugs!
Only the latest supported versions of the Elastic Stack will be eligible for a bounty.
Bugs describing missing rate limiting on cloud.elastic.co/api/v1/users/_login are out of scope. The API is rate limited but doesn\'t return a 429.
elastic.co credentials
www.elastic.co
The main page for Elastic
*.advisorsolutions.gs.com
*.ayco.com
*.folioclient.com
*.foliodigitalwealth.com
This site is in the process of being retired. Only Critical issues will be considered for bounty
*.foliofirst.com
*.foliofn.com
*.folioidentity.com
*.folioinstitutional.com
*.folioinvesting.com
*.global-liquidity.gs.com
*.goldman.com
*.goldmanpfm.com
Avoid all active testing on contact and registration forms, such as "Contact us", "Register for a Demo", and "Speak With a Financial Advisor". These forms may generate emails that will affect the business. If we start receiving test submissions on these forms, we may have to pause eligibility for these sites.
*.goldmansachs.com
This is Goldman Sachs\' main website.
*.gs-mosaic.gs.com
*.gs-mosaic.qa.gs.com
*.gs.com
Excludes third-party hosted applications, including:
- *.subscriptions.gs.com
- gset.gs.com
- 10ksbv.eo.gs.com
- BlackInBusiness.gs.com
*.gs.de
Includes:
*.gsmarkets.de
*.gsmarkets.nl
*.gsmarkets.at
*.gsmarkets.be
Excludes the 3rd party hosted site:
classic.gs.de
In scope sites may display a page overlay to US visitors which can be hidden using an adblocker like uBlock Origin
*.gsam.com
*.gspublishing.com
*.gsselect.com
*.honestdollar.com
*.marcus.co.uk
*.marcus.com
*.nextcapital.com
Any domain pointing to a third party service that is not a cloud provider is out of scope for testing. If unsure whether an asset is in scope, please reach out to bugbounty@gs.com before testing.
*.nnip.com
*.qaglobal-liquidity.gs.com
*.vennhypotheken.nl
GS Select iOS app
[GS Select iOS app](https://apps.apple.com/us/app/gs-select/id1634151697)
api.foliofn.com
apigw.foliofn.com
com.gs.gsnow.external
[GS Now iOS](https://apps.apple.com/us/app/gs-now/id1473474041)
com.gs.gstrader.external
[Marquee Trader Mobile](https://apps.apple.com/us/app/marquee-trader-mobile/id1518269915)
com.gs.mobile.gsnow
[GS Now Android](https://play.google.com/store/apps/details?id=com.gs.mobile.gsnow)
com.gs.mobile.trader
[Marquee Trader Android](https://play.google.com/store/apps/details?id=com.gs.mobile.trader&hl=en_IN&gl=US)
com.gs.pfmg.wellness
[Goldman Sachs Wellness Android](https://play.google.com/store/apps/details?id=com.gs.pfmg.wellness&hl=en_IN&gl=US)
com.gs.pwmdigital.external
[GS PWM iOS](https://apps.apple.com/us/app/gs-pwm/id1440077444)
com.gs.pwmdigital.external.android
[GS PWM Android](https://play.google.com/store/apps/details?id=com.gs.pwmdigital.external.android)
com.marcus.android
[Marcus US Android](https://play.google.com/store/apps/details?id=com.marcus.android&hl=en_IN&gl=US)
com.marcus.android.uk
[Marcus UK: Online Savings Bank Android](https://play.google.com/store/apps/details?id=com.marcus.android.uk)
com.marcus.ios-uk
[Marcus UK: Online savings bank](https://apps.apple.com/gb/app/marcus-uk-online-savings-bank/id1489511701)
com.marcus.ios-us
[Marcus by Goldman Sachs](https://apps.apple.com/us/app/marcus-save-borrow-invest/id1489511701)
developer.gs.com
goldmansachsindices.com
marquee.gs.com
research.gs.com
www.fitvermogen.nl
www.rocaton.com
Excludes:
*.rocaton.com
secure.rocaton.com
983980808
https://itunes.apple.com/us/app/yoti/id983980808
Yoti Password Manager browser extension
https://chromewebstore.google.com/detail/yoti-password-manager/ajgehecfkfhindkhdcjmifbngkfdflla
api.yoti.com
ccloud.yoti.com
code.yoti.com
com.yoti.mobile.android.live
https://play.google.com/store/apps/details?id=com.yoti.mobile.android.live
core.yoti.com
hub.yoti.com
you must use "[Hackerone] <whatever name here>" when creating any organisation/application/service within Hub!
identity.yoti.com
www.yotisign.com
You must use "[Hackerone] ORG_NAME" when registering an organisation!
Steam Client
Steam Servers
api.steampowered.com
com.valvesoftware.Steam
developer.valvesoftware.com
help.steampowered.com
partner.steamgames.com
partner.steampowered.com
playartifact.com
steamcommunity.com
store.steampowered.com
support.steampowered.com
www.counter-strike.net
www.dota2.com
www.teamfortress.com
www.valvesoftware.com
*.3lateral.com
***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
If you are unsure whether or not an asset is considered third party please submit a preliminary finding for confirmation.
*.amplitude-game.com
*.artstation.com
***Note:*** This asset may contain endpoints not hosted by Epic Games (third party endpoints). These third party endpoints are not eligible for bounty.
*.audicagame.com
*.cubicmotion.com
*.dancecentral.com
*.dropmix.com
*.easy.ac
*.epicgames.com
*.epicgames.dev
*.fallguys.com
*.fortnite.com
*.harmonixmusic.com
*.hmxservices.com
*.hmxwebservices.com
*.mediatonic.co.uk
*.oncatapult.com
*.psynet.gg
*.psyonix.com
*.quixel.com
When assessing Quixel models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information.
*.rocketleague.com
**==The white hat is no longer offered as a reward for Rocket League findings.==**
*.singspacegame.com
*.sketchfab.com
When assessing Sketchfab models and/or posts you may only test findings on your own created content. Do not test on any posts or content you did not create. When completed please delete any posts/comments as to not pollute pages. Please review the program policy for further information.
*.twinmotion.com
*.unrealengine.com
*.unrealtournament.com
Any other Epic games owned asset not listed in the out of scope section
Note: Acceptance of findings of this type are at the discretion of the Epic Games team.
EOS C# SDK
[C# SDK] (https://dev.epicgames.com/portal/api/v2/services/sdk/download/?sdkType=c_sharp)
EpicGamesLauncher.exe
Local privilege escalation is currently out of scope for this asset.
EpicOnlineServices
FortniteClient-Android-Shipping-arm64-es2.apk
FortniteClient-Win64-Shipping.exe
FortniteLauncher-Win64-Shipping.exe
FortniteLauncher-Win64-Shipping_BE.exe
FortniteLauncher-Win64-Shipping_EAC.exe
FortniteLauncher.exe
UnrealEditorFortnite-Win64-Shipping.exe
aqtooling.com
aquiris.com.br
aquiris.studio
aquiristech.com
ballistic.com
ballistic.com.br
buckingfuggy.com
capturingreality.com
fab.com
fortnite.com
harmonixmusic.com
hc2services.com
hc2tooling.com
hmxservices.com
horizonchase.com
horizonchase.com.br
horizonchaseturbo.com
id1520720139
id1534920947
innersloth.kidswebservices.com
kidswebservices.com
metahuman.unrealengine.com
This is an API Base, please also see the following list of endpoints
GET: /health-check
GET: /metrics
GET: /api/v1/getClientSession
GET: /api/v1/getQueuePosition
GET: /api/v1/get-eula
POST: /api/v1/accept-eula
niantic.kidswebservices.com
playwonderbox.com
playwonderbox.com.br
staging.kidswebservices.com
twinmotion.unrealengine.com
GET: /logout
GET: /api/drive/account
GET: /api/drive/presentations
POST: /api/drive/rename_presentation
POST: /api/drive/delete_presentation
POST: /api/drive/share_presentation
POST: /api/drive/unshare_presentation
POST: /api/drive/create_session
POST: /api/drive/user_position
POST: /api/public/create_session
POST: /api/public/user_position
POST: /api/public/presentation
v1. kidswebservices.com
v1staging.kidswebservices.com
wonderboxapi.com
wonderboxdev.com
*.cloud.malwarebytes.com
Domains supporting many Malwarebytes services and products.
*.cyrus-security.com
*.malwarebytes.com
* academy.malwarebytes.com
*.mb-cosmos.com
*.mbamupdates.com
*.mwb-threatintel.com
*.mwbsys.com
*.threatdown.com
Any other Malwarebytes asset
Please use this category to report vulnerabilities in any other assets not listed in other categories.
Note: Due to the broad scope of this category, eligibility and rewards will decided on the case-by-case basis.
BrowserGuard (Firefox/Chrome/Safari browser extension)
Malwarebytes Browser Guard crushes unwanted and unsafe content, giving you a safer and faster browsing experience. Not only that, it is the world’s first browser extension that can identify and stop tech support scams.
* Product page: https://www.malwarebytes.com/browserguard
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468293-Malwarebytes-Browser-Guard
Malwarebytes Anti-Ransomware
Advanced antivirus and anti-malware with faster, safer web browsing.
* Product page: https://forums.malwarebytes.com/forum/172-anti-ransomware-beta/
* Documentation: https://support.malwarebytes.com/hc/en-us/articles/360038523414-What-is-Malwarebytes-Anti-Ransomware
Malwarebytes Device Control
* Product page: https://www.malwarebytes.com/business/cloud
* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4417282329491-Device-Control-in-Malwarebytes-Nebula
Malwarebytes Endpoint Detection and Response (EDR)
Cross-platform threat prevention and remediation for Windows, Mac, and Linux
* Product page: https://www.malwarebytes.com/business/edr / https://www.malwarebytes.com/business/edr/server-security/
Malwarebytes Endpoint Protection
Comprehensive security that keeps your devices safe and teams productive.
* Product page: https://www.malwarebytes.com/business/endpoint-protection / https://www.malwarebytes.com/business/endpoint-protection/server-security
Malwarebytes Incident Response
Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. The solution bolsters your enterprise cyber resilience and incident response process by compressing response times with fast and complete remediation.
* Product page: https://www.malwarebytes.com/business/incident-response
* Documentation: https://www.malwarebytes.com/business/incident-response
Malwarebytes Privacy (VPN)
With a single click, our next-generation VPN helps protect your online privacy, secures your WiFi connection, and delivers speeds way faster than older VPNs.
* Product page: https://www.malwarebytes.com/vpn
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360003545953-Malwarebytes-Privacy
**Note**: The scope of the bug bounty program is limited to **ONLY** the VPN client installed on desktop/endpoint. **Server-side** is strictly **NOT** in scope, but your feedback is appreciated, **NOT** rewarded. The primary goal of this bug bounty program is to explore if there are any IP leak, DNS leak, and Data leak vulnerabilities present or not. As a researcher and creative thinker, you are welcome to explore for any other vulnerabilities if they are applicable to the client.
Malwarebytes Remediation for CrowdStrike
Malwarebytes Remediation for CrowdStrike works seamlessly with CrowdStrike Real Time Response (RTR) functionality. It provides automated remediation that thoroughly removes malware on machines where CrowdStrike Falcon has stopped an attack.
* Product page: https://www.malwarebytes.com/business/crowdstrike
* Documentation: https://service.malwarebytes.com/hc/en-us/articles/4413798516627-Malwarebytes-Remediation-for-CrowdStrike-integration-guide
Malwarebytes ToolSet (MBTS)
* Product page: https://www.malwarebytes.com/techbench
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057875-Toolset
Malwarebytes Windows Firewall Control
Windows Firewall Control is a powerful tool which extends the functionality of Windows Firewall and provides new extra features which makes Windows Firewall better. It runs in the system tray and allows the user to control the native firewall easily without having to waste time by navigating to the specific part of the firewall.
* Product page: https://www.binisoft.org/wfc
* Documentation: https://www.binisoft.org/pdf/guides/Malwarebytes-WFC-User-Guide.pdf
Malwarebytes for Mac
* Product page: https://www.malwarebytes.com/mac
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468253-Malwarebytes-for-Mac
Malwarebytes for Teams
* Product page: https://www.malwarebytes.com/business/teams
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4414671777043-For-Teams
Malwarebytes for Windows
* Product page: https://www.malwarebytes.com/premium
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458014-Malwarebytes-for-Windows
Vulnerability & Patch Management
Understand risks quickly and strengthen defenses across your digital ecosystem with modules for our cloud-based security management platform.
* Product page: https://www.malwarebytes.com/business/vulnerability-patch-management
* Documentation: https://www.malwarebytes.com/business/vulnerability-patch-management
cloud.malwarebytes.com
Platform that support most of Malwarebytes for business products.
* Product page: https://cloud.malwarebytes.com
* Documentation: https://www.malwarebytes.com/business/cloud
com.malwarebytes.Malwarebytes
Get all the extra iOS security you need in one app. Protect yourself from online threats and put a stop to annoying spam calls and texts. Browse the web with confidence and focus on the messages that matter.
* Product page: https://www.malwarebytes.com/ios
* Appstore: https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS
my.malwarebytes.com
Portal to manage your subscriptions and billing.
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458094-My-Account-Billing
oneview.malwarebytes.com
The Malwarebytes OneView multi-tenant dashboard enables you to grow revenue while lowering costs with a single pane of glass to centrally manage customer and partner accounts, cloud subscriptions for servers and workstations, invoicing, and integrations. The admin console provides direct linkage to the Malwarebytes internal team for rapid creation and resolution of support tickets.
* Product page: https://www.malwarebytes.com/partners/managed-service-providers
* Documentation: https://service.malwarebytes.com/hc/en-us/categories/4413802057491-OneView
org.malwarebytes.antimalware
* Product page: https://www.malwarebytes.com/android / https://www.malwarebytes.com/chromebook
* Documentation: https://support.malwarebytes.com/hc/en-us/categories/360002458034-Malwarebytes-for-Android-Chrome-OS
www.malwarebytes.com
MS Office Add-In
Grammarly add-on (works with MS Word and Outlook for Windows), where authorized users can check their Word documents or emails. Auto-update functionality can be tested on an [older version](https://download-office.grammarly.com/installer/GrammarlyAddInSetup6.6.110.exe).
Download URL: https://download-office.grammarly.com/latest/GrammarlyAddInSetup.exe .
Prerequisites: MS Word/Outlook, .NET Framework 4.5.
Vulnerabilities are eligible for submission if they’re reproducible on **any version of** Word/Outlook on Windows 10 with **all latest security patches applied**. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word/Outlook license if the report appears being valid.
*.grammarly.com
*.grammarly.io
*.grammarlyaws.com
AppActions
With app actions, you can connect Grammarly to apps you use every day and perform common tasks directly from Grammarly. This saves time by avoiding context-switching and helps you stay in the flow of writing.
URL\'s in scope:
- 3p-access.grammarly.com/*
- goldengate.grammarly.com/skills-proxy/*
- goldengate.grammarly.com/skills/*
You can read more about "App Actions" here - https://support.grammarly.com/hc/en-us/articles/21227721882253-Introducing-App-Actions.
Browser Extensions
The extension is available in the extension/add-on store of the respective browser:
* [Chrome](https://chrome.google.com/webstore/detail/grammarly-for-chrome/kbfnbcaeplbcioakkpcpgfkobkghlhen?hl=en)
* [Firefox](https://addons.mozilla.org/en-US/firefox/addon/grammarly-1/)
* [Edge](https://microsoftedge.microsoft.com/addons/detail/grammarly-ai-writing-and/cnlefmmeadmemmdciolhbnfeacpdfbkd)
* [Safari](https://apps.apple.com/us/app/grammarly-for-safari/id1462114288)
**Browser Extension vulnerabilities will not be distinguished. For example, if a vulnerability exists in the Chrome and Safari extensions, we will consider it the same vulnerability and will only award one bounty.**
Capture the Flag
The first hacker who reports the `$FLAG` saved in the document (`document_id: 1198436185`) of the user `h1_ctf@grammarly.com` (`user_id: 1411519194`) will be awarded a **$100K bounty**.
Grammarly AI Assistant
Grammarly\'s AI writing assistant is a powerful tool that leverages generative AI to assist users in composing, rewriting, ideating, and replying to texts. It\'s contextually aware and offers personalized suggestions that respect user authenticity. The assistant is integrated into Grammarly\'s existing product offerings and can be used across many popular desktop applications and websites. It provides on-demand assistance, allowing users to generate high-quality, task-appropriate writing and revisions. The assistant is also capable of incorporating organizational context for Grammarly Business customers, providing text that\'s tailored to the business.
- Read more about Writing Assistant: https://www.grammarly.com/ai
- Article to help you get started with Grammarly Assistant
https://support.grammarly.com/hc/en-us/articles/14528857014285-Introducing-generative-AI-assistance
Grammarly Auth Services
Multiple services that are used for authentication and authorization.
`auth.grammarly.com`
`tokens.grammarly.com`
`sso.grammarly.com`
Grammarly Business Features
### Security features
- Account roles and permissions
- SAML single sign-on
- Managed mode
- Invite and domain capture
### Team features
- Style guide
- Brand tones
- Knowledge Share
- Snippets
- Analytics dashboard
## Supporting Resources
- [Overview of Business features](https://www.grammarly.com/business)
- [Feature comparison](https://www.grammarly.com/plans)
- [Snippets Introduction](https://www.grammarly.com/business/snippets)
- [Brand tones introduction](https://www.grammarly.com/business/brand-tones)
- [Analytics introduction](https://www.grammarly.com/business/analytics)
- [Style Guide introduction](https://www.grammarly.com/business/styleguide)
- [Knowledge Share introduction](https://support.grammarly.com/hc/en-us/articles/16664924710797-Introducing-Knowledge-Share)
- [Managed Mode](https://support.grammarly.com/hc/en-us/articles/8341171286541-Managed-Mode)
- [Invite](https://support.grammarly.com/hc/en-us/articles/115000931852-Invite-team-members)
- [Domain Capture](https://support.grammarly.com/hc/en-us/articles/19489029001869-How-to-automatically-join-or-request-to-join-a-Grammarly-Business-subscription)
- [Roles and permissions](https://support.grammarly.com/hc/en-us/articles/19026306820109-Group-manager-permissions-for-team-members)
- [How to use style guides](https://support.grammarly.com/hc/en-us/articles/360043832652-Create-style-rules)
- [How to use analytics dashboard](https://support.grammarly.com/hc/en-us/articles/360061408151-Analyze-my-team-s-writing-performance)
- [How to use Brand tones](https://support.grammarly.com/hc/en-us/articles/4403544890253-Set-brand-tones)
- [How to use snippets](https://support.grammarly.com/hc/en-us/articles/4403077145485-Create-snippets)
- [Articles to setup SSO](https://support.grammarly.com/hc/en-us/sections/360010341231-SAML-Single-Sign-On)
Grammarly Desktop for Windows
https://download-windows.grammarly.com/GrammarlyInstaller.exe
Grammarly Desktop for macOS
https://download-mac.grammarly.com/Grammarly.dmg
Grammarly for Microsoft Word
Vulnerabilities are eligible for submission if they’re reproducible on any version of Word on OS with all latest security patches applied. The vulnerability should be tested on a system without additional SDKs and development kits. We cover your expenses on a Word license if the report appears to be valid.
You can install **Grammarly for Microsoft Word** at https://appsource.microsoft.com/en-us/product/office/WA200001011
app.grammarly.com
app.grammarly.com is Grammarly’s web application, enabling users to create, edit, and manage documents while accessing the full suite of Grammarly features through the online editor.
capi.grammarly.com
CAPI: A service dedicated to text analysis, primarily utilizing WebSocket communication with a few HTTP endpoints.
com.grammarly.android.keyboard
Vulnerabilities in Grammarly Mobile Keyboard for Android with a working proof of concept may qualify for an additional bounty through the [Google Play Security Rewards Program](https://hackerone.com/googleplay). To see which vulnerabilities may qualify for a bounty, please refer to the Google Play Security Rewards Program’s [Vulnerability Criteria](https://hackerone.com/googleplay).
com.grammarly.keyboard
grammarly.ai
This service doesn\'t handle, store or transfer any internal data or data of our users. Additionally, it is located in a separate VPC and isn\'t part of our infrastructure.
We accept only **critical submissions**(SSRF, XXE, SQLi, RCE) with a clearly reproducible **proof of concept code**.
_Reports that don\'t match these criteria will be closed as "N/A"._
https://github.com/hyperledger/besu
https://github.com/hyperledger/besu-errorprone-checks
https://github.com/hyperledger/besu-native
https://github.com/hyperledger/besu-verkle-trie
https://github.com/hyperledger/fabric
https://github.com/hyperledger/fabric-admin-sdk
https://github.com/hyperledger/fabric-amcl
https://github.com/hyperledger/fabric-ca
https://github.com/hyperledger/fabric-chaincode-go
https://github.com/hyperledger/fabric-chaincode-java
https://github.com/hyperledger/fabric-chaincode-node
https://github.com/hyperledger/fabric-cli
https://github.com/hyperledger/fabric-config
https://github.com/hyperledger/fabric-contract-api-go
https://github.com/hyperledger/fabric-gateway
https://github.com/hyperledger/fabric-gateway-java
https://github.com/hyperledger/fabric-lib-go
https://github.com/hyperledger/fabric-private-chaincode
https://github.com/hyperledger/fabric-protos
https://github.com/hyperledger/fabric-protos-go
https://github.com/hyperledger/fabric-protos-go-apiv2
https://github.com/hyperledger/fabric-samples
https://github.com/hyperledger/fabric-sdk-go
https://github.com/hyperledger/fabric-sdk-java
https://github.com/hyperledger/fabric-sdk-node
https://github.com/hyperledger/fabric-sdk-py
1604650263
351331194
https://apps.apple.com/gb/app/badoo-dating-chat-friends/id351331194
403684733
https://apps.apple.com/gb/app/badoo-premium/id403684733
6444040977
930441707
https://apps.apple.com/us/app/bumble-dating-meet-people/id930441707
badoo.com
badoocdn.com
bma.badoo.com
bma.bumble.com
ccardseu1.badoo.com
ccardsus1.badoo.com
chatdate.app
com.badoo.hotornot
com.badoo.mobile
https://play.google.com/store/apps/details?id=com.badoo.mobile
com.badoo.twa
https://play.google.com/store/apps/details?id=com.badoo.twa
com.bumble.app
https://play.google.com/store/apps/details?id=com.bumble.app
com.bumblebff.app
com.flashgap.fruits
com.flashgap.fruitz
com.hotornot.app
com.official.rnapp
corp.badoo.com
eu1.badoo.com
getofficial.co
hotornot.com
m.badoo.com
meu1.badoo.com
mus1.badoo.com
translate.badoo.com
us1.badoo.com
www.bumble.com
api.spotify.com, api-partner.spotify.com
Based on simple REST principles, the Spotify Web API endpoints return JSON metadata about music artists, albums, and tracks, directly from the Spotify Data Catalogue.
Web API also provides access to user related data, like playlists and music that the user saves in the Your Music library. Such access should be enabled through selective authorization, by the user.
A full list of the objects returned by the endpoints of the Spotify Web API - https://developer.spotify.com/documentation/web-api/
`api-partner` is a similar API used by Spotify\'s partners, aka Ads API. It\'s documentation is available @ https://developer.spotify.com/documentation/ads-api
*.atspotify.com
If a bug you have submitted affects a site managed by a third party we will award you a $100 bonus payment and close the report as informational.
*.avecspotify.com
*.byspotify.com
*.enspotify.com
*.forspotify.com
*.fromspotify.com
*.spotify.com
Main spotify domain wildcard for assets on this domain that are not otherwise listed.
*.spotify.net
Internal spotify domain wildcard for assets on this domain that are not otherwise listed.
*.tospotify.com
*.withspotify.com
Anchor
Anchor was acquired by Spotify in 2019.
~~~
anchor.fm
Android SDK
* https://developer.spotify.com/documentation/android/
* https://github.com/spotify/android-sdk
Backstage source code
https://github.com/spotify/backstage
GHE
Jira
Megaphone
Megaphone was acquired by Spotify in November 2020.
** These targets are NOT in scope:**
support.megaphone.fm
Okta
Other Spotify websites
Please use this asset for non *.spotify.com websites. This includes sites associated with Spotify, but aren\'t otherwise listed as a separate asset.
Find below a list of in-scope targets. Note that it is continuously updated:
closetheplaygap.com
eyeofthestormers.com
lifeatspotify.com
play-portraits.com
reviewvault.com
sonalytic.com
spotify-library.com
spotify.design
spotify.dev
spotify.stackenterprise.co
spotifycharts.com
spotifycodes.com
spotifycs.my.salesforce.com
spotifyforpartners.com
spotifyforvendors.com
spotifynewsroom.jp
spotifyonstage.com
spotifypodcastsummit.com
spotifypremium.jp
spotifysoundcheck.com
spotifyvault.com
timetoplayfair.com
Podsights
Podsights was acquired by Spotify in February 2022.
[ Non-core asset]
** These targets are in scope: **
admin.podsights.com
api.pdst.fm
cdn.pdst.fm
dash.podsights.com
metarouter.pdst.io
pdst.fm
ping.pdst.fm
podcast-graph-dot-adaptive-growth.appspot.com
podsights.com
sink.pdst.fm
Sonantic
Sonantic was acquired by Spotify in June 2022.
app.sonantic.io
api.sonantic.io
label-studio-public.sonantic.io
Spotify SDKs
For Spotify SDK (note: there is a specific scope for Web, Android and iOS SDK)
https://developer.spotify.com/
Spotify desktop application (Windows and Mac)
VPN
Web Playback SDK
* https://developer.spotify.com/documentation/web-playback-sdk/
assets.spotify.com
* Do not run automated scans against this target. They are often very noisy.
backstage.io
Backstage is an open-source developer portal.
Find below a list of in-scope targets. Note that it is continuously updated:
com.anchorfminc.Anchor
com.spotify.client
Spotify - Music and Podcasts
https://itunes.apple.com/us/app/spotify-music-and-podcasts/id324684580
com.spotify.kids
Spotify Kids
https://apps.apple.com/ie/app/Spotify-Kids/id1470209570
https://play.google.com/store/apps/details?id=com.spotify.kids
com.spotify.lite
Spotify Lite
https://play.google.com/store/apps/details?id=com.spotify.lite
com.spotify.music
https://play.google.com/store/apps/details?id=com.spotify.music
com.spotify.s4a
Spotify for Artists
https://itunes.apple.com/us/app/spotify-for-artists/id1222021797
https://play.google.com/store/apps/details?id=com.spotify.s4a
com.spotify.tv.android
Spotify Music - for Android TV
https://play.google.com/store/apps/details?id=com.spotify.tv.android
fm.anchor.android
iOS SDK
* https://developer.spotify.com/documentation/ios/
* https://github.com/spotify/ios-sdk
*.guilded.gg
*.ra.roblox.com
*.rbx.com
*.roblox.com
App api\'s that are used within Roblox.
Roblox Client
Applies to Windows/Osx/Mobile Platform
Roblox Engine
Roblox Studio
blox.link
*.cp.dyson.com
This namespace is used to publish API\'s relating to the registration and control of Dyson connected products.
*.dyson.com
993135524
(Dyson Link App - https://itunes.apple.com/gb/app/dyson-link/id993135524)
Dyson Connected Products (IoT Hardware)
Github findings
Any issues found on Github that could pose a risk for Dyson such as leaked credentials.
These reports will be evaluated on a case-by-case basis
Other Dyson Assets
We welcome reports for all other assets that are owned or managed by Dyson. If you are unsure if something you have found is a Dyson asset, then please contact us first for clarification.
api.dyson.at
api.dyson.be
api.dyson.ch
api.dyson.co.uk
api.dyson.com
api.dyson.de
api.dyson.dk
api.dyson.es
api.dyson.fr
api.dyson.ie
api.dyson.it
api.dyson.nl
api.dyson.no
api.dyson.pt
api.dyson.se
api.dysoncanada.ca
api.fi.dyson.com
com.dyson.mobile.android
(Dyson Link App - https://play.google.com/store/apps/details?id=com.dyson.mobile.android)
shop.dyson.co.za
shop.dyson.tw
www.dyson.ae
www.dyson.at
www.dyson.be
www.dyson.ch
www.dyson.cn
www.dyson.co.il
www.dyson.co.jp
www.dyson.co.kr
www.dyson.co.nz
www.dyson.co.th
www.dyson.co.uk
www.dyson.com
www.dyson.com.au
www.dyson.com.ee
www.dyson.com.mx
www.dyson.com.ro
www.dyson.com.sg
www.dyson.com.tr
www.dyson.com.ua
www.dyson.cz
www.dyson.de
www.dyson.dk
www.dyson.es
www.dyson.fr
www.dyson.hk
www.dyson.hu
www.dyson.ie
www.dyson.in
www.dyson.it
www.dyson.my
www.dyson.nl
www.dyson.no
www.dyson.pl
www.dyson.pt
www.dyson.se
www.dyson.tw
www.dyson.vn
www.dysoncanada.ca
www.fi.dyson.com
www.gr.dyson.com
www.sa.dyson.com
*.shipt.com
971888874
IOS Member App
976353472
IOS Shopper App
admin.shipt.com
*No credentials will be provided. Unauthenticated assessment only.
api.shipt.com
app.shipt.com
com.shipt.groceries
Shipt Member App
com.shipt.shopper
Shipt Shopper App
shop.shipt.com
shoppingcart.shipt.com
staging-admin.shipt.com
*No credentials will be provided
staging-api.shipt.com
staging-app.shipt.com
staging-shop.shipt.com
staging-shoppingcart.shipt.com
www.shipt.com
Please follow normal scope (no DOS, social engineering, etc.) and please refrain from assessing any other wp-engine platforms.
*.nordvpn.com
Third-party services under our subdomains are out of scope **(please read full policy for details).**
1486322860
NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)
Please make sure you are testing the latest version.
905953485
NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8)
All Mobile Assets
iOS: App Store (905953485) NordVPN - [Apple App Store](https://apps.apple.com/US/app/id905953485?mt=8)
iOS: App Store (1486322860) NordPass - [Apple App Store](https://apps.apple.com/us/app/nordpass-password-manager/id1486322860?ls=1&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)
Android .apk: com.nordvpn.android NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/)
Android Play Store: com.nordvpn.android NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android)
Android Play Store: com.nordpass.android.app.password.manager NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)
NordPass - Linux Executable
[Direct Web Download](https://nordpass.com/download/linux/)
Please make sure you are testing the latest version
NordPass - MacOS Executable
[Direct Web Download](https://nordpass.com/download/macos/)
NordPass - Windows Executable
[Direct Web Download](https://nordpass.com/download/windows/)
NordVPN - Linux Executable
[Direct Web Download](https://nordvpn.com/download/linux/)
NordVPN - MacOS Executable
[Direct Web Download](https://nordvpn.com/download/mac/)
[MacOS App Store](https://apps.apple.com/us/app/nordvpn-vpn-fast-secure/id905953485)
NordVPN - Windows Executable
[Direct Web Download]( https://nordvpn.com/download/windows/)
NordVPN Browser Extension
* Chrome: https://nordvpn.com/download/chrome-extension/
* Firefox: https://nordvpn.com/download/firefox-extension/
app.nordpass.com
com.nordpass.android.app.password.manager
NordPass - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordpass.android.app.password.manager&launch=true&referrer=client_id=eba15f5b-e4a3-42ca-ba68-e16c170f39e0)
com.nordvpn.android
NordVPN - [Google Play Store](https://play.google.com/store/apps/details?id=com.nordvpn.android)
NordVPN - [Android Sideload Download](https://nordvpn.com/download/android/)
*.lyst.co
*.lyst.com
*.lystit.com
597940518
cdna.lystit.com
com.lyst.lystapp
mobileapi.lystit.com
*.kiwi.com
Mostly branded versions of our main www.kiwi.com site, please report vulnerabilities only for www.kiwi.com and don\'t duplicate it here.
*.skypicker.com
APIs & internal tools.
auth.skypicker.com
Authentication API used on www.kiwi.com.
com.skypicker.Skypicker
**Primary target** - Available in [App Store](https://itunes.apple.com/bs/app/kiwi-com-cheap-flight-tickets/id657843853)
com.skypicker.main
**Primary target** - Available in the [Play Store](https://play.google.com/store/apps/details?id=com.skypicker.main)
http://www.kiwi.com/stories
Online travel magazine Kiwi.com Stories, with very limited impact on our sites & infrastructure.
https://github.com/kiwicom/*
Note that archived projects are out of scope.
jobs.kiwi.com
Hiring page, no sensitive information, likely no impact on our company.
tequila.kiwi.com
B2B platform. Backend API requests are proxied via **tequila-api.kiwi.com** & **api.tequila.kiwi.com**
www.kiwi.com
Our main website
https://github.com/discourse/discourse
try.discourse.org
Enjin Blockchain
The Enjin Blockchain refers to either the Enjin Relaychain or the Enjin Matrixchain. It does not refer to other (community-operated) Matrixchains.
Issues originating from Substrate are notifiable but ineligible for a bounty as Enjin Blockchain will automatically work towards scheduling upgrades from Substrate, which includes new features; bug fixes; and security fixes.
Enjin Coin - Ethereum ERC-20 Contract
Mainnet Contract: `0xF629cBd94d3791C9250152BD8dfBDF380E2a3B9c`
**Background**
Enjin Coin (ENJ) is an Ethereum-based cryptocurrency used to directly back the value of next-generation blockchain assets. It is the gold standard for digital assets.
**Additional Conditions**
All testing must be conducted on the Goerli (testnet) contract. The deployed contract is identical to that of the Mainnet contract.
com.enjin.mobile.wallet
https://apps.apple.com/us/app/enjin-cryptocurrency-wallet/id1349078375
The Enjin Wallet is a secure, feature-packed, and convenient blockchain asset wallet built for traders, gamers, and developers.
https://play.google.com/store/apps/details?id=com.enjin.mobile.wallet
nft.io
You can also test, for free, on [canary.nft.io](https://canary.nft.io).
platform.enjin.io
You can also test, for free, on [platform.canary.enjin.io](https://platform.canary.enjin.io).
The Enjin Platform is open-source. You can access the code on our [GitHub Organization](https://github.com/enjin). All related repositories start with the `platform-` prefix.
Nintendo Switch System
Nintendo Switch applications for which Nintendo is the publisher worldwide
cdn.plaid.com
This is on Amazon CloudFront, so the scope here is limited to our content and configuration issues.
dashboard.plaid.com
Plaid\'s developer dashboard
demo.plaid.com
Demo Plaid developer integration
https://github.com/plaid/plaid-link-android
Plaid\'s drop-in client-side module for authentication. Available for web, mobile web and iOS.
https://github.com/plaid/plaid-link-examples
https://github.com/plaid/plaid-link-ios
https://github.com/plaid/plaid-ruby
The official Ruby bindings for the Plaid API. It\'s generated from our OpenAPI schema
https://github.com/plaid/react-native-plaid-link-sdk
Plaid Link for React Native
https://github.com/plaid/react-plaid-link
React hooks and components for integrating with the Plaid Link drop module
my.plaid.com
Portal for customers to access their information as seen by Plaid apps they have permissioned. https://my.plaid.com
plaid.com
Plaid\'s marketing website, not full *.plaid.com
production.plaid.com
Plaid\'s developer API. Docs: https://plaid.com/docs
secure.plaid.com
This is an alias for cdn.plaid.com
*.myinsights.io
*.scatec.io
*.sellzone.com
*.semrush.com
*.semrush.net
*.seoab.io
*.seoquake.com
Leaked/Сompromised Employee accounts
Please review the program policy on this scope before submitting your report.
Other Semrush Related Asset
Please use this Asset tag for any High and Critical report that does not relate directly to another Semrush asset listed in scope, and is also NOT listed under the "Out of Scope" section.
Please note, that Semrush will only accept and review valid high and critical severity reports.
*.quora.com
Except for subdomains managed by third parties, such as help.quora.com, careers.quora.com, and business.quora.com.
com.quora.android
The latest version of Android app installed from the official store at:
https://play.google.com/store/apps/details?id=com.quora.android
com.quora.app.mobile
The latest version of iOS app installed from the official store at:
https://itunes.apple.com/us/developer/quora-inc/id456034440
http://poe.com
0x0d8775f648430679a709e98d2b0cb6250d2887ef
We are particularly interested in any security issue which has consequences for this Ethereum address.
0x44fcfabfbe32024a01b778c025d70498382cced0
0x67fa2c06c9c6d4332f330e14a66bdf1873ef3d2b
0x7c31560552170ce96c4a7b018e93cddc19dc61b6
0xfbfa258b9028c7d4fc52ce28031469214d10daeb
account.brave.com
basicattentiontoken.org
We are not generally interested in bugs on the static website hosted <basicattentiontoken.org>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions.
brave.com
We are not generally interested in bugs on <brave.com>. Particularly severe bugs which threaten immediate user harm may be considered. Due to report volume, we do not guarantee responses to website-related submissions.
com.brave.browser
com.brave.browser_beta
com.brave.ios.browser
creators.basicattentiontoken.org
https://github.com/brave-intl/bat-balance
https://github.com/brave-intl/bat-client
https://github.com/brave-intl/bat-go
https://github.com/brave-intl/bat-ledger
https://github.com/brave-intl/bat-publisher
https://github.com/brave-intl/publishers
https://github.com/brave/brave-core
https://github.com/brave/vault-updater
https://laptop-updates.brave.com/latest/dev/debian64
https://laptop-updates.brave.com/latest/dev/ubuntu64
https://laptop-updates.brave.com/latest/fedora64
https://laptop-updates.brave.com/latest/linux64
https://laptop-updates.brave.com/latest/mint64
https://laptop-updates.brave.com/latest/openSUSE64
https://laptop-updates.brave.com/latest/osx
https://laptop-updates.brave.com/latest/winia32
https://laptop-updates.brave.com/latest/winx64
search.brave.com
talk.brave.com
Burp Collaborator
Burp Collaborator is part of Burp Suite Pro - for further information refer to https://portswigger.net/burp/help/collaborator.html
Burp Suite Enterprise Edition
Download from https://portswigger.net/requestfreetrial/enterprise
Burp Suite Pro/Community
Download from https://portswigger.net/burp
forum.portswigger.net
https://enterprise-demo.portswigger.net/
This is a hosted demo of Burp Suite Enterprise Edition.
portswigger.net
https://portswigger.net
FIles.com REST API
## REST API
Full documentation for the REST API can be found here: https://developers.files.com/
The REST API URL is tied to your specific site (https://*sitename*.files.com) that was generated when you created the trial using the [BUGBOUNTY] setup process defined in the Policy section.
Files.com Desktop Application for Windows or Mac
Download for desktop application is located here: https://www.files.com/docs/desktop/
Files.com SDK\'s
Full documentation for the Files.com SDK’s can be found here:
https://developers.files.com/#per-language-sdks
app.files.com
Files.com Web Application
www.files.com
This is the main marketing site for Files.com.
On the marketing site asset (https://www.files.com) we will only accept vulnerabilities that lead to a vulnerability on the main *.files.com platform.
your-assigned-subdomain.files.com
**Files.com Web Application**
**Please review the Out of Scope assets** -- note that not all subdomains of https://*.files.com are in scope for this asset. Please review the listing of assets marked Out of Scope prior to any testing. This list will change so please refer back during all phases of testing.
The actual application URL will be created as https://*your-assigned-subdomain*.files.com when you create the trial account using the [BUGBOUNTY] process outlined in the Policy section.
Exness Investor
https://apps.apple.com/id/app/exness-investor/id1579331769
Exness Social Trading
https://apps.apple.com/id/app/exness-social-trading/id1392465628
Exness Trade: Online Trading
https://apps.apple.com/id/app/exness-trader-trade-on-the-go/id1359763701
api.excalls.mobi
Mobile API
com.exness.android.pa
https://play.google.com/store/apps/details?id=com.exness.android.pa
com.exness.investments
Social Trading
https://play.google.com/store/apps/details?id=com.exness.investments
com.exness.investor
https://play.google.com/store/apps/details?id=com.exness.investor
exness.com
Public Area for Web Trading
exnessaffiliates.com
Partnership programs
https://my.exness.com/pa/pim/manager
Portfolio Management
https://my.exness.com/pa/socialtrading
https://my.exness.com/webtrading/
Web Terminal For Trading
my.exness.com
Personal Area for Web Trading
pay.ibex.exchange
Payments Services
pwapi.ex2b.com
Public Web API
social-trading.exness.com
*.scopely.com
Vulnerabilities reported on Scopely services additional to the games in scope are now eligible for monetary rewards.
*.scopely.io
*.withbuddies.com
Backend API servers included in scope.
Please take into account that any kind of DOS is totally forbidden.
Games Tier 1
This asset was added for bounty table purposes.
Games Tier 2
Games Tier 3
com.foxnextgames.m3
com.kitkagames.fallbuddies
[Stumbleguys](https://play.google.com/store/apps/details?id=com.kitkagames.fallbuddies)
Stumble Guys is a massive multiplayer party knockout game with up to 32 players online. Join millions of players and stumble to victory in this fun multiplayer knockout battle royale! Are you ready to enter the running chaos? Running, stumbling, falling, jumping, and winning has never been so fun!
com.pieyel.scrabble
[Scrabble GO](https://apps.apple.com/nz/app/scrabble-go-new-word-game/id1215933788)
The world’s greatest word game, is all new and reimagined as a free to play mobile game!
**Status:** Available worldwide.
Shared Framework: Yes
[Scrabble GO](https://play.google.com/store/apps/details?id=com.pieyel.scrabble)
com.scopely.monopolygo
[Monopoly GO! ](https://play.google.com/store/apps/details?id=com.scopely.monopolygo)
Hit GO! Roll the dice! Earn MONOPOLY money, interact with your friends, family members and fellow Tycoons from around the world as you explore the expanding universe of MONOPOLY GO! It’s the new way to play - board flipping cleanup not required!
com.scopely.startrek
[Star Trek Fleet Command ](https://play.google.com/store/apps/details?id=com.scopely.startrek)
You have the conn! Summon your skills in strategy, combat, diplomacy, and leadership to master the dangerous universe of Star Trek Fleet Command.
com.scopely.yux
[Yahtzee with Buddies Dice Game](https://apps.apple.com/us/app/yahtzee-with-buddies-dice/id1206967173)
Roll dice to play YAHTZEE® With Buddies! It is the fun, classic board game with a new look. Play dice with friends in this multiplayer game.
[Yahtzee with Buddies Dice Game](https://play.google.com/store/apps/details?id=com.scopely.yux)
com.withbuddies.dice.free
[Dice With Buddies: Social Game](https://apps.apple.com/us/app/dice-with-buddies-social-game/id432750508)
Dice With Buddies is a fun, new spin on your favorite classic dice game! Enjoyed by millions of players, you can play free multiplayer board games with family, friends, or new buddies!
[Dice With Buddies: Social Game](https://play.google.com/store/apps/details?id=com.withbuddies.dice.free)
id1427744264
[Star Trek Fleet Command](https://apps.apple.com/us/app/star-trek-fleet-command/id1427744264)
id1541153375
[StumbleGuys](https://apps.apple.com/es/app/stumble-guys/id1541153375)
id1621328561
[Monopoly GO!](https://apps.apple.com/us/app/monopoly-go/id1621328561)
api.localizestaging.com
api.localizestaging.com maps to the APIs that are documented here: https://help.localizejs.com/reference
Please refrain from testing against the Production endpoint (https://api.localizejs.com). Instead, the staging endpoint should be used (https://api.localizestaging.com)
app.localizestaging.com
cdn.localizestaging.com
localizestaging.com
localizestaging.com is the primary asset in scope of this program.
This application uses Stripe for credit card payment processing. To test payment related functionality, you may use test credit cards as documented by Stripe: https://stripe.com/docs/testing
*.buddypress.org,bbpress.org,profiles.wordpress.org
*.trac.wordpress.org, *.svn.wordpress.org, *.git.wordpress.org, github.com/WordPress
**Do _not_ pentest Trac instances**, it\'s very annoying to clean up after. Setup a local environment instead; the custom source code is available via the Git command below, in the `trac.wordpress.org` subfolder. **If you ignore this you\'ll forfeit any bounty.**
The projects here are kept mostly for archival purposes and non-critical information disclosure will generally not be eligible for a bounty.
Only report vulnerabilities in our custom code, don\'t report vulnerabilities that only exist upstream in Trac itself. Report those directly to info@edgewall.com.
All source code that isn\'t behind authentication is intended to be public. The source code itself has `High` CVSS impact scores. The applications that manage the code (Trac, Git, SVN, etc) have `Low` scores, except for vulnerabilities that allow modifications to the source code.
Most of the source code in these domains is contained in the "meta" repository: `git clone git://meta.git.wordpress.org/`
*.wordcamp.org
*.wordpress.net
All WordPress.net domains, including (but not limited to) jobs.wordpress.net.
This is a shared-hosting environment, and these are generally low-value targets, so we\'re usually only interested in high- and medium- severity issues that affect the entire server (not just an individual site).
*.wordpress.org
All wordpress.org domains that **are not listed in other assets**, including (but not limited to) the following:
* login.wordpress.org
* developer.wordpress.org
* make.wordpress.org
* translate.wordpress.org
* global.wordpress.org, {locale}.wordpress.org (e.g., de.wordpress.org, es-mx.wordpress.org)
* learn.wordpress.org
BBPress Core
Download source code from: https://bbpress.org/download/
BuddyPress Core
Download source code from: https://buddypress.org/download/
GlotPress
All code located under [the GlotPress organization](https://github.com/GlotPress/) on GitHub.
The most important target is the `glotpress-wp` repository. Other repositories are in scope, but may have a lower importance.
Gutenberg
Download source code from https://github.com/WordPress/gutenberg
Official WordPress plugins
Any plugin listed on the WordPress.org profile for [the "wordpressdotorg" account](https://profiles.wordpress.org/wordpressdotorg#content-plugins).
To find the source code for any of them, clicking on the name will take you to the plugin\'s page within the WordPress.org plugin directory. Once there, click on the `Download` button for a `.zip` file of the latest release, or click on the `Development` tab for links to the code browser and Subversion repository.
WP-CLI
All code located under [the WP-CLI organization](https://github.com/wp-cli) on GitHub.
The most important targets are the main `wp-cli` repository, and any repositories for commands that are bundled with the distributed `wp-cli` source code, like `cache-command`, `scaffold-command`, etc.
Other repositories are in scope, but may have a lower importance.
WordPress Core
Download source code from: https://wordpress.org/download/source/
api.wordpress.org
codex.wordpress.org,codex.bbpress.org,codex.buddypress.org
These are wikis, they\'re intended to be freely edited by anonymous users. We are not interested in vulnerabilities unless they have a severe impact.
doaction.org
gutenberg.run
Each subdomain of this site provides temporary live preview sites for Gutenberg pull requests. Only critical vulnerabilities should be submitted, because the impact of low/medium vulnerabilities is barely noticable.
More info: https://github.com/WordPress/gutenberg.run
irclogs.wordpress.org
These are public logs of very old conversations. We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, XSS, modifying the logs, etc). DoS is not severe in this case.
lists.wordpress.org
We are not interested in vulnerabilities unless they have a severe impact.
mercantile.wordpress.org
This site runs uses [the WooCommerce plugin](https://woocommerce.com/), but we don\'t accept reports for that. We only accept reports for our custom code. If you find any vulnerabilities that are also present in WooCommerce itself, please [report them to Automattic](/automattic).
Please don\'t submit test orders (especially automated ones). They don\'t test any of our custom code, and are a pain to clean up.
Additionally, price manipulation is a common invalid report, please see #682344.
munin-*.wordpress.org
We are not interested in vulnerabilities unless they have a severe impact (e.g., RCE, SSRF). Metrics data is intentionally made public.
planet.wordpress.org
wordpressfoundation.org
Desktop Client
Issues affecting the Desktop Client available from [https://nextcloud.com/install/#install-clients](https://nextcloud.com/install/#install-clients "https://nextcloud.com/install/#install-clients")
com.nextcloud.Talk
Our official iOS Talk client from [https://itunes.apple.com/app/id1296825574](https://itunes.apple.com/app/id1296825574)
com.nextcloud.client
Our official Android client from [https://play.google.com/store/apps/details?id=com.nextcloud.client](https://play.google.com/store/apps/details?id=com.nextcloud.client "https://play.google.com/store/apps/details?id=com.nextcloud.client")
com.nextcloud.talk2
Our official Android Talk client from [https://play.google.com/store/apps/details?id=com.nextcloud.talk2](https://play.google.com/store/apps/details?id=com.nextcloud.talk2)
com.peterandlinda.iOCNotes
Our official iOS Nextcloud Notes client from [https://itunes.apple.com/app/id813973264](https://itunes.apple.com/app/id813973264)
daita/files_fulltextsearch_tesseract
Code from [https://github.com/daita/files_fulltextsearch_tesseract](https://github.com/daita/files_fulltextsearch_tesseract) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
https://github.com/nextcloud/collectives
Code from [https://github.com/nextcloud/collectives](https://github.com/nextcloud/collectives) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
https://github.com/nextcloud/files_confidential
Code from [https://github.com/nextcloud/files_confidential](https://github.com/nextcloud/files_confidential) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
https://github.com/nextcloud/tables
Code from [https://github.com/nextcloud/tables](https://github.com/nextcloud/tables) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
it.niedermann.owncloud.notes
Our official Android Notes client from [https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes](https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes "https://play.google.com/store/apps/details?id=it.niedermann.owncloud.notes")
it.twsweb.Nextcloud
Our official iOS client from [https://itunes.apple.com/app/nextcloud/id1125420102](https://itunes.apple.com/app/nextcloud/id1125420102 "https://itunes.apple.com/app/nextcloud/id1125420102")
nextcloud/3rdparty
Code from [https://github.com/nextcloud/3rdparty](https://github.com/nextcloud/3rdparty "https://github.com/nextcloud/3rdparty") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/activity
Code from [https://github.com/nextcloud/activity](https://github.com/nextcloud/activity "https://github.com/nextcloud/activity") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/approval
Code from [https://github.com/nextcloud/approval](https://github.com/nextcloud/approval) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/bruteforcesettings
Code from [https://github.com/nextcloud/bruteforcesettings](https://github.com/nextcloud/bruteforcesettings) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/calendar
Code from [https://github.com/nextcloud/calendar](https://github.com/nextcloud/calendar) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/calendar_resource_management
Code from [https://github.com/nextcloud/calendar_resource_management](https://github.com/nextcloud/calendar_resource_management) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/circles
Code from [https://github.com/nextcloud/circles](https://github.com/nextcloud/circles "https://github.com/nextcloud/circles") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/contacts
Code from [https://github.com/nextcloud/contacts](https://github.com/nextcloud/contacts) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/data_request
Code from [https://github.com/nextcloud/data_request](https://github.com/nextcloud/data_request) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/deck
Code from [https://github.com/nextcloud/deck](https://github.com/nextcloud/deck "https://github.com/nextcloud/deck") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/end_to_end_encryption
Code from [https://github.com/nextcloud/end_to_end_encryption](https://github.com/nextcloud/end_to_end_encryption "https://github.com/nextcloud/end_to_end_encryption") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/external
Code from [https://github.com/nextcloud/external](https://github.com/nextcloud/external) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_accesscontrol
Code from [https://github.com/nextcloud/files\\_accesscontrol](https://github.com/nextcloud/files_accesscontrol "https://github.com/nextcloud/files\\_accesscontrol") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_antivirus
Code from [https://github.com/nextcloud/files_antivirus](https://github.com/nextcloud/files_antivirus) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_automatedtagging
Code from [https://github.com/nextcloud/files\\_automatedtagging](https://github.com/nextcloud/files_automatedtagging "https://github.com/nextcloud/files\\_automatedtagging") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_fulltextsearch
Code from [https://github.com/nextcloud/files_fulltextsearch](https://github.com/nextcloud/files_fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_lock
Code from [https://github.com/nextcloud/files_lock](https://github.com/nextcloud/files_lock) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_pdfviewer
Code from [https://github.com/nextcloud/files\\_pdfviewer](https://github.com/nextcloud/files_pdfviewer "https://github.com/nextcloud/files\\_pdfviewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_retention
Code from [https://github.com/nextcloud/files\\_retention](https://github.com/nextcloud/files_retention "https://github.com/nextcloud/files\\_retention") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_rightclick
Code from [https://github.com/nextcloud/files_rightclick](https://github.com/nextcloud/files_rightclick "https://github.com/nextcloud/files_rightclick") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/files_texteditor
Code from [https://github.com/nextcloud/files\\_texteditor](https://github.com/nextcloud/files_texteditor "https://github.com/nextcloud/files\\_texteditor") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/firstrunwizard
Code from [https://github.com/nextcloud/firstrunwizard](https://github.com/nextcloud/firstrunwizard "https://github.com/nextcloud/firstrunwizard") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/flow_notifications
Code from [https://github.com/nextcloud/flow_notifications](https://github.com/nextcloud/flow_notifications) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/fulltextsearch
Code from [https://github.com/nextcloud/fulltextsearch](https://github.com/nextcloud/fulltextsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/fulltextsearch_elasticsearch
Code from [https://github.com/nextcloud/fulltextsearch_elasticsearch](https://github.com/nextcloud/fulltextsearch_elasticsearch) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/globalsiteselector
Code from [https://github.com/nextcloud/globalsiteselector](https://github.com/nextcloud/globalsiteselector) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/groupfolders
Code from [https://github.com/nextcloud/groupfolders](https://github.com/nextcloud/groupfolders) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/guests
Code from [https://github.com/nextcloud/guests](https://github.com/nextcloud/guests) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/logreader
Code from [https://github.com/nextcloud/logreader](https://github.com/nextcloud/logreader "https://github.com/nextcloud/logreader") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/mail
Code from [https://github.com/nextcloud/mail](https://github.com/nextcloud/mail "https://github.com/nextcloud/mail") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/nextcloud_announcements
Code from [https://github.com/nextcloud/nextcloud\\_announcements](https://github.com/nextcloud/nextcloud_announcements "https://github.com/nextcloud/nextcloud\\_announcements") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/notes
Code from [https://github.com/nextcloud/notes](https://github.com/nextcloud/notes "https://github.com/nextcloud/notes") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/notifications
Code from [https://github.com/nextcloud/notifications](https://github.com/nextcloud/notifications "https://github.com/nextcloud/notifications") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/notify_push
Code from [https://github.com/nextcloud/notify_push](https://github.com/nextcloud/notify_push) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/onlyoffice
Code from [https://github.com/ONLYOFFICE/onlyoffice-nextcloud](https://github.com/ONLYOFFICE/onlyoffice-nextcloud) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
**Note:** We only issue monetary awards for issue in our own code base. For any bugs within ONLYOFFICE, please contact [ONLYOFFICE](https://www.onlyoffice.com/support-contact-form.aspx).
nextcloud/password_policy
Code from [https://github.com/nextcloud/password\\_policy](https://github.com/nextcloud/password_policy "https://github.com/nextcloud/password\\_policy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/photos
Code from [https://github.com/nextcloud/photos](https://github.com/nextcloud/photos "https://github.com/nextcloud/photos") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/privacy
Code from [https://github.com/nextcloud/privacy](https://github.com/nextcloud/privacy "https://github.com/nextcloud/privacy") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/recommendations
Code from [https://github.com/nextcloud/recommendations](https://github.com/nextcloud/recommendations "https://github.com/nextcloud/recommendations") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/related_resources
Code from [https://github.com/nextcloud/related_resources](https://github.com/nextcloud/related_resources) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/richdocuments
Code from [https://github.com/nextcloud/richdocuments](https://github.com/nextcloud/richdocuments) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
**Note:** We only issue monetary awards for issue in our own code base. For any bugs within Collabora Online, please contact [Collabora](https://www.collaboraoffice.com/about-us/).
nextcloud/server
Code from [https://github.com/nextcloud/server](https://github.com/nextcloud/server "https://github.com/nextcloud/server") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/serverinfo
Code from [https://github.com/nextcloud/serverinfo](https://github.com/nextcloud/serverinfo "https://github.com/nextcloud/serverinfo") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/sharepoint
Code from [https://github.com/nextcloud/sharepoint](https://github.com/nextcloud/sharepoint) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/socialsharing
Code from [https://github.com/nextcloud/socialsharing](https://github.com/nextcloud/socialsharing) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/spreed
Code from [https://github.com/nextcloud/spreed](https://github.com/nextcloud/spreed) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/survey_client
Code from [https://github.com/nextcloud/survey\\_client](https://github.com/nextcloud/survey_client "https://github.com/nextcloud/survey\\_client") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/suspicious_login
Code from [https://github.com/nextcloud/suspicious_login](https://github.com/nextcloud/suspicious_login) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/terms_of_service
Code from [https://github.com/nextcloud/terms_of_service](https://github.com/nextcloud/terms_of_service) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/text
Code from [https://github.com/nextcloud/text](https://github.com/nextcloud/text "https://github.com/nextcloud/text") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/twofactor_totp
Code from [https://github.com/nextcloud/twofactor_totp](https://github.com/nextcloud/twofactor_totp) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/twofactor_webauthn
Code from [https://github.com/nextcloud/twofactor_webauthn](https://github.com/nextcloud/twofactor_webauthn) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/updater
Code from [https://github.com/nextcloud/updater](https://github.com/nextcloud/updater "https://github.com/nextcloud/updater") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/user_migration
Code from [https://github.com/nextcloud/user_migration](https://github.com/nextcloud/user_migration) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/user_oidc
Code from [https://github.com/nextcloud/user_oidc](https://github.com/nextcloud/user_oidc) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/user_saml
Code from [https://github.com/nextcloud/user\\_saml](https://github.com/nextcloud/user_saml "https://github.com/nextcloud/user\\_saml") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/viewer
Code from [https://github.com/nextcloud/viewer](https://github.com/nextcloud/viewer "https://github.com/nextcloud/viewer") – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
nextcloud/workflow_script
Code from [https://github.com/nextcloud/workflow_script](https://github.com/nextcloud/workflow_script) – Note that some folders such as tests and so on will not be packaged. Please make sure that the referenced file is thus also existent in our final releases.
Subdomain Takeover (SDTO)
Subdomain Takeovers will be evaluated on their severity considering cookie scoping, historical significance and potential traffic volume. They maybe bounty eligible or alternately informative as determined by their security impact to Starbucks.
Refer to the Appropriate Proof of Concepts section of this policy for information on how to construct a valid proof of concept for these reports.
app.starbucks.com
Starbucks US
https://app.starbucks.com
com.starbucks.mobilecard
Starbucks USA Android app.
https://play.google.com/store/apps/details?id=com.starbucks.mobilecard
com.starbucks.mystarbucks
Starbucks US ios app.
https://itunes.apple.com/us/app/starbucks/id331177714
openapi.starbucks.com
Starbucks digital service capabilities to 3rd party business partner(s)/cooperators via standard Open API.
secureui.starbucks.com
Starbucks Payment Processing
https://secureui.starbucks.com/
www.starbucks.ca
Starbucks Canada
https://www.starbucks.ca/
www.starbucks.com
https://www.starbucks.com/
www.starbucksreserve.com
Starbucks Reserve
https://www.starbucksreserve.com/
https://github.com/ruby/ruby
*.rockstargames.com
Some subdomains excluded. See the rest of the scope table below.
Rockstar Games Launcher
circolocorecords.com/
prod.ros.rockstargames.com
rockstarnorth.com
socialclub.rockstargames.com
store.rockstargames.com
Please note that the checkout/payment process go through the Xsolla platform. If you believe you have found a vulnerability in the checkout/payment process, please confirm first whether the vulnerability is in the general Xsolla platform, or our specific implementation.
support.rockstargames.com
Vulnerability reports for support.rockstargames.com may not be awarded bounties if it is discovered that the root vulnerability lies in Zendesk\'s code. Hackers are encouraged to submit such reports to [Zendesk\'s bug bounty program](https://hackerone.com/zendesk).
*.github.net
Subdomains under `*.github.net` run services for our internal production network. Many of these services are not accessible from outside our internal network. Not all subdomains are [in-scope](https://bounty.github.com/#scope)
*.githubapp.com
Subdomains under `*.githubapp.com` provide a number of internal services to GitHub employees. Not all subdomains are [in-scope](https://bounty.github.com/#scope)
*.githubusercontent.com
Copilot
Copilot Chat on dotcom
Copilot for Business
Dependabot
Dependabot powers GitHub\'s [automated security fixes](https://help.github.com/en/articles/configuring-automated-security-fixes). This feature allows GitHub users to automatically update vulnerable dependencies. The core logic of Dependabot is [open-source](https://github.com/dependabot/dependabot-core) and an [overview of the architecture](https://github.com/dependabot/dependabot-core#architecture) is available.
* Execution environment breakout attacks, providing access to private networked resources or other users\' data
* Security issues in [`dependabot-core`](https://github.com/dependabot/dependabot-core)
GitHub CLI
[GitHub CLI](https://cli.github.com) is an open source command line tool for working with your GitHub.com account. It is built with Golang, and performs several GitHub.com commands from your terminal, such as viewing, commenting and performing other actions on issues and PRs.
GitHub CSP
While content-injection vulnerabilities are already in-scope for our [GitHub.com bounty](https://bounty.github.com/targets/github.html), we also accept bounty reports for novel [CSP](https://developers.google.com/web/fundamentals/security/csp/) bypasses affecting GitHub.com, even if they do not include a content-injection vulnerability. Using an intercepting proxy or your browser\'s developer tools, experiment with injecting content into the DOM. See if you can execute arbitrary JavaScript or exfiltrate sensitive page contents such as CSRF tokens. Reports of other previously-unknown impacts from content-injection will also be considered.
Previously identified attacks are not eligible for reward (we\'ve put a lot of thought into CSP bypasses already). You can find a discussion of known attacks and our attempts to mitigate them [here](http://githubengineering.com/githubs-csp-journey/). Attacks against CSP features not used on GitHub.com, such as script nonces, are not eligible for reward. Vulnerabilities resulting from injection in implausible locations, such as within an element that doesn\'t contain user-content, are not eligible for reward. Rewards are determined at our discretion: if you think you\'ve found something cool and novel, report it!
GitHub Desktop
[GitHub Desktop](https://desktop.github.com) is an open-source [Electron](https://electronjs.org)-based app for working with your GitHub.com or GitHub Enterprise account. Only the following vulnerabilities are eligible for reward:
* Remote code execution via protocol handlers such as `x-github-client://`
* Code execution without user interaction when cloning or fetching malicious repositories
GitHub Enterprise Cloud
GitHub Enterprise Cloud is the cloud-hosted version of GitHub Enterprise. It is designed for teams who want advanced authentication and permissions without managing infrastructure. More information about GitHub Enterprise Cloud is available at https://github.com/enterprise
GitHub Enterprise Server
GitHub Enterprise Server is the on-premise version of GitHub Enterprise. GitHub Enterprise Server shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies. GitHub Enterprise Server adds a number of features for enterprise infrastructures, including additional authentication backends and clustering options.
Below is a subset of features unique to GitHub Enterprise that might be interesting to investigate.
* Bypassing instance-wide authentication, also known as [*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/)
* External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)
* In-app administration of the instance using a site administrator control panel
* [User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)
* [Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/) and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/) to configure and update the instance
* [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)
* [GitHub Connect](https://help.github.com/enterprise/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com/) allows users to share specific features and workflows between your GitHub Enterprise Server instance and a GitHub.com organization on GitHub Enterprise Cloud.
* See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/) for a list of services typically open on an instance.
You can request a trial of GitHub Enterprise Server for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).
GitHub Pages
GitHub Pages is our static site hosting service designed to host your personal, organization, or project pages directly from a GitHub repository. It uses the Jekyll static site generator and officially supported themes are are developed in the pages-themes organization. GitHub Pages support custom domains and can be secured with HTTPS. Eligible submissions include:
* Executing arbitrary code during the build process, either via a custom Jekyll theme or vulnerabilities in the command-line Git tools when cloning or checking-out repositories
* Reading arbitrary files during the build process which discloses sensitive information, for example by misusing path traversal or symbolic links in a custom Jekyll theme
**Individual GitHub Pages sites hosted under `*.github.io` are out-of-scope.**
GitHub Production Credentials
GitHub, Inc. uses a mix of our own physical infrastructure, cloud platforms and third-party services to keep everything running smoothly. Keeping credentials and access tokens secure for these resources is paramount to the security of our employees and users.
* Credentials allowing access to cloud services, package managers and other resources used by GitHub, Inc employees
* Credentials accidentally made public in repositories which allow access to GitHub, Inc resources. This does *not* include credentials exposed by our users and credentials which do not allow access to GitHub, Inc resources.
* Credentials exposed by third-party services which allow access to GitHub, Inc resources
Please review our [guidance for handling PII](https://bounty.github.com/#handling_personally_identifiable_information_pii) before investigating credentials allowing access to GitHub, Inc resources. The reward amount is based on the impact of the leaked credential which will be determined by the GitHub Security team.
GitHub for mobile
Bring GitHub collaboration tools to your small screens with [GitHub for mobile](https://github.com/mobile).
api.github.com
The GitHub API is used by thousands of developers and applications to programatically interact with GitHub data and services. Because so much of the GitHub.com functionality is exposed in the API, security has always been a high priority.
Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors.
You can find the app at [https://api.github.com](https://api.github.com "https://api.github.com") and can find the API documentation at [https://developer.github.com](https://developer.github.com "https://developer.github.com").
classroom.github.com
education.github.com
GitHub Education offers a variety of tools to help educators and researchers work more effectively inside and outside of the classroom. More details are available at https://education.github.com/. GitHub Classroom is [open-source](https://github.com/education/classroom)
gist.github.com
Gist is one of the first products launched by GitHub after GitHub.com. It is a service for sharing snippets of code or other text content. Gist is built on Ruby on Rails and leverages a number of Open Source technologies.
Rewards range from $555 up to $20,000 and are determined at our discretion based on a number of factors. For example, if you find a reflected XSS that is only possible in Opera, and Opera is \\<2% of our traffic, then the severity and reward will be lower. But a persistent XSS that works in Chrome, at \\>60% of our traffic, will earn a much larger reward.
You can find the app at [https://gist.github.com](https://gist.github.com "https://gist.github.com").
github.com
GitHub.com is our main web site. It is our most intricate application with a number of user inputs and access methods. GitHub.com is built on Ruby on Rails and leverages a number of Open Source technologies.
You can find the app at [https://github.com](https://github.com "https://github.com").
npm CLI
npmjs.com
This is the domain for npm’s public-facing websites. All subdomains under npmjs.com are in scope.
npmjs.org
This is the domain for npm’s registry, public-facing databases, and APIs. All subdomains under npmjs.org are in scope.
*.simpletax.ca
*.wealthsimple.com
com.wealthsimple
com.wealthsimple.wealthsimple
https://github.com/mainwp/mainwp
We are specifically looking for security violations that would enable access to the users “Network” by a third party when a connection between the MainWP Dashboard and MainWP Child Plugin has already been established. This includes but is not limited to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Broken Authentication, Remote Code Execution SQL injection, and Privilege Escalation.
We are generally not interested in DoS vulnerabilities that are perceived by a lack of rate-limiting or captcha.
https://github.com/mainwp/mainwp-child
*.district.in
*.edition.in
*.hyperpure.com
*.insider.in
*.runnr.in
*.ticketnew.com
*.tktnew.com
*.zdev.net
*.zomans.com
This domain is mainly used for internal applications that are hosted in AWS. Our area of interest is any issue that can potentially give anyone unrestricted access or expose internal or confidential data.
*.zomato.com
434613896
Zomato: Food Delivery & Dining
All Assets (other than Blinkit)
Bounty table header
All District Assets (Other than Zomato, BlinkIT & Hyperpure)
All Zomato Assets (Other than BlinkIT & Hyperpure)
BlinkIT, Hyperpure assets (in scope)
api.grofers.com
api2.grofers.com
blinkit.com
com.application.zomato
com.grofers.customerapp
Blinkit\'s Customer Android App:
https://play.google.com/store/apps/details?id=com.grofers.customerapp
http://*.grofer.io
http://*.grofers.com
winecellar.zomato.com
Tor
https://gitlab.torproject.org/tpo/core/tor
Supported versions for Tor can be found at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases.
Tor Browser
https://gitlab.torproject.org/tpo/applications/tor-browser
It\'s a good start to look at the latest stable, alpha, and nightly builds. The former can be found at https://www.torproject.org/download/ and nightlies can be obtained via http://f4amtbsowhix7rrf.onion/tor-browser-builds/.
*.binary.com
*.deriv.cloud
*.deriv.com
*.derivws.com
api.deriv.com
app.deriv.com
cashier.deriv.com
derivws.com
github.com/binary-com
github.com/deriv-com
oauth.deriv.com
secure-dfadmin.deriv.com
smarttrader.deriv.com
1005070636
-
589698942
com.fishbowlmedia.fishbowl
com.glassdoor.app
https://*.glassdoor.com/*
https://api.fishbowlapp.com/*
https://api.glassdoor.com/*
https://design.glassdoor.com/*
https://help.glassdoor.com/*
https://www.fishbowlapp.com/*
https://www.glassdoor.com/*
*.gotinder.com
*.tinder.com
*.tinderops.net
*.tinderwebstaging.com
*.tstaging.com
*.tstaging.tools
547702041
com.tinder
*.fetlife.com
fetlife.com
*.algolia.net
*.algolianet.com
dashboard.algolia.com
www.algolia.com
*.grab-sure.com
*.grab.co
*.grab.com
*.grabpay.com
*.grabtaxi.com
*.myteksi.com
*.myteksi.net
*.ovo.id
Staging/Development/UAT environments are considered out-of-scope, such as:
- *.byte-stack.net
- *.dududev
- *.uat-ovo.net
and other assets that might not be explicitly listed.
*.taralite.com
and other assets that might not be explicitly listed
1142114207
OVO iOS application
https://apps.apple.com/ID/app/id1142114207
1257641454
Grab Driver
* Eligible for updated mobile Apps bounty rewards offering (up to $15,000 for a Critical vulnerability)
1343620481
GrabPay Merchant
647268330
Grab (iOS)
C100447517
Grab Superapp for Huawei Devices(using HMS)
https://appgallery.huawei.com/#/app/C100447517
C103149579
Grab Driver app for Huawei Devices(using HMS)
https://appgallery.huawei.com/#/app/C103149579
api.grabpay.com
**What it does:** Grab iOS and Android apps communicate with this service while you use Grab specifically for newer payment features. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at GrabPay.
**What to look for:** Much like our external API, `api.grabpay.com` is a RESTful API performed over HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the `X-mts-ssid` header and look for authorization and access control issues, business logic and etc. Please keep in mind that you should only ever perform this testing against accounts you own, accessing any data not owned by you can result in disqualification.
**What it runs on:** Golang / Java
com.grab.merchant
com.grabpay.merchant
com.grabtaxi.driver2
com.grabtaxi.passenger
Grab (Android)
gamma.grab.co
gifts.grab.com
grab.careers
jira.grab.com
Please note that since this is a third-party application, most reports will typically be marked with a maximum of medium-severity (especially due to modifications not controlled by the Grab team, but by the vendor). In cases where the vulnerability is severe enough, such as an RCE, mass retrieval of personal information etc, we will review them on a case-by-case basis and will reward a bounty accordingly at our discretion.
kartaview.org
manage.grab.co
ovo.id
OVO\'s Android App:
https://play.google.com/store/apps/details?id=ovo.id
*.byte-stack.net
*.dududev
*.uat-ovo.net and other assets that might not be explicitly listed.
p.grabtaxi.com
**What it does:** Grab iOS and Android apps communicate with this service while you use Grab. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at Grab.
**What to look for:** Much like our external API, p.grabtaxi.com is a RESTful API performed over certificate-pinned HTTPS requests. The best way to hunt for bugs here is to use your own auth token via the X-mts-ssid header and look for authorization and access control issues, user enumeration, business logic etc. Please keep in mind that you should only ever perform this testing against accounts you own, failure to do so could result in ban from the program, which nobody wants!.
**What it runs on:** Golang
wiki.grab.com
xtramile.grabpay.com
com.moneybird.Moneybird
com.moneybird.android
moneybird.com
moneybirdstorage.com
SSO_Saml_connector
https://support.dashlane.com/hc/en-us/articles/360014277880-Setting-up-the-SSO-Connector
Standalone Chrome extension
The standalone extension is available here : https://chrome.google.com/webstore/detail/dashlane-password-manager/fdjamakpfbbddfjaooikfcpapjohcfmg
api.dashlane.com
app.dashlane.com
com.dashlane
com.dashlane.dashlanephonefinal
console.dashlane.com
gehmmocbbkpblljhkekmfhjpfbkclbph
It\'s the standalone edge extension
https://microsoftedge.microsoft.com/addons/detail/dashlane-password-manag/gehmmocbbkpblljhkekmfhjpfbkclbph
https://www.dashlane.com/fr/directdownload-v2?os=OS_X_10_12_6&platform=website&target=launcher_macosx
Our OSX installer
https://www.dashlane.com/fr/directdownload-v2?os=none&platform=website&target=archive_win
Our windows installer
logs.dashlane.com
ws1.dashlane.com
www.dashlane.com
www.udemy.com
yourcompany.udemy.com
1174276185
You need an existing Zendesk Account to use the iOS app. Please sign up for an Account per the instructions in our program page.
Zendesk Support for iOS is built for agents, team leads, and managers on the move. It\'s a fast and secure productivity tool that gives you visibility to your account in real time. Get ahead of the day and keep things running by bringing the right people, conversations, and information together. Support for iOS is available for iPhone and iPad, so you can access Zendesk whether you\'re at your office or on the go!
488534576
https://apps.apple.com/us/app/base-crm-sales-tracking/id488534576
549057844
Zendesk Chat for iOS
com.futuresimple.base
https://play.google.com/store/apps/details?id=com.futuresimple.base
com.zendesk.android
Zendesk Support for Android
com.zopim.android
Zendesk Chat for Android
developer.zendesk.com
This site hosts our documentation and API reference.
h1-your-domain.zendesk.com
The Zendesk Suite is the collection or our core Products. Reports in any of the following Products & services should be submitted here:
* Support, Agent Workspace & Ticketing systems - `/agent/`
* Admin center - `/admin/`
* [Our Public API\'s](https://www.postman.com/zendesk-redback/zendesk-public-api/overview) - `/api/`
* Authentication & Auxiliary functionality - `/auth/` and `/access/`
* Billing - `/billing/`
* Chat - `/chat/`
* Community Forum - `/collaboration/`
* Explore (Data & Analytics) - `/explore/`
* Help Centre - `/hc/`
* Other paths that are not explicitly listed in other parts of the scope.
More details can be found at https://support.zendesk.com/hc/en-us/articles/4408881937306-Getting-started-with-Zendesk-Suite-Introduction
http://h1-your-domain.zendesk.com/qa/
AutoQA analyzes every interaction – including with AI agents – then shows you which ones need extra support. You’ll spend less time hunting through a stack of tickets, and more time actually solving issues.
All reports related to QA (`/qa/`) and sub-paths should be submitted here.
We will also accept bounties for the legacy domains https://kibbles.klausapp.com & https://app.klausapp.com however note that you cannot create new accounts under these domains.
[Setting up Zendesk QA – Zendesk help](https://support.zendesk.com/hc/en-us/sections/7162431070618-Setting-up-Zendesk-QA)
http://h1-your-domain.zendesk.com/sell
In this context, "h1-your-domain" is on your own personal testing account.
http://h1-your-domain.zendesk.com/wfm/
Zendesk Workforce management (WFM) improves the predictability and efficiency of customer service organizations through its wide range of planning, scheduling and monitoring tools. All reports related to WFM (`/wfm/`) and sub-paths should be submitted here.
[Zendesk Workforce management \\(WFM\\) resources](https://support.zendesk.com/hc/en-us/articles/6457209788442-Zendesk-Workforce-management-WFM-resources)
https://developer.zendesk.com/documentation/zendesk-sdks/#android
Zendesk Support SDK for Android
https://developer.zendesk.com/documentation/zendesk-sdks/#ios
Zendesk Support SDK for iOS
www.zendesk.com
zopim.com
business.kayak.com
com.kayak.android
The most recent version of this app is in scope
com.kayak.travel
www.cheapflights.com
including local versions: e.g. www.cheapflights.co.uk, www.cheapflights.com.au, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
www.checkfelix.com
www.hotelscombined.com
including local versions: e.g. www.hotelscombined.com.au, www.hotelscombined.co.kr, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
www.kayak.com
including localised versions: e.g. www.kayak.de, www.kayak.fr and www.kayak.co.uk, etc. Please check https://www.kayak.com/global for full list of domains that belong to us.
www.momondo.com
including localised versions: e.g. www.momondo.dk, www.momondo.se, etc.
www.mundi.com.br
www.swoodoo.com
*.hey.com
3.basecamp.com
Basecamp 3
Basecamp.app
Basecamp for Mac: https://basecamp.com/via#basecamp-for-your-mac-or-pc
HEY.app
HEY for macOS: https://hey.com/apps/
HEY.exe
HEY for Windows: https://www.microsoft.com/en-us/p/hey-mail/9pf08ljw7gw2
ONCE: Campfire
basecamp3.exe
Basecamp for Windows: https://basecamp.com/via#basecamp-for-your-mac-or-pc
com.basecamp.bc3
Basecamp for Android: https://basecamp.com/via#basecamp-for-ios-and-android-devices
com.basecamp.bc3-ios
Basecamp for iOS: https://basecamp.com/via#basecamp-for-ios-and-android-devices
com.basecamp.hey
HEY for Android: https://play.google.com/store/apps/details?id=com.basecamp.hey
com.hey.app.ios
HEY for iOS: https://apps.apple.com/us/app/hey-email/id1506603805
hey-mail
HEY for Linux: https://snapcraft.io/hey-mail/
launchpad.37signals.com
Launchpad
world.hey.com
*.shopify.com
Reports involving *.shopify.com are reviewed on a per case basis for bounty eligibility, this includes shopifycompass.com. Any services operated by a third party without a proof of concept demonstrating impact on *.myshopify.com users will likely be ineligible for a bounty.
*.shopify.io
*.shopify.io may include developer test or third party applications. If you are unsure about a domain and it looks like a test or third party application, please email us at bugbounty@shopify.com before spending time on it.
*.shopifycloud.com
*.shopifycloud.com may include developer test or third party applications. For example, devdegree*.shopifycloud.com, vendorvoice.shopifycloud.com, nsolid-test-console.shopifycloud.com. These types of domains are not considered in scope and reports pertaining to them will be closed Informative. If you are unsure about a domain and it looks like a test application, please email us at bugbounty@shopify.com before spending time on it.
*.shopifycs.com
Shopify\'s service for handling credit card data in a PCI compliant way.
*.shopifykloud.com
Shopify Kloud includes all *.shopifykloud.com applications. Please note, there may be developer test or third party applications launched on the domain which may have low security implications for Shopify. If you are unsure about a subdomain on *.shopifykloud.com and it looks like a test application, email us at bugbounty AT shopify.com before spending time on it.
Shopify Developed Apps
Shopify apps and sales channels means everything installed via the following link https://apps.shopify.com/collections/made-by-shopify
Shopify Mobile Applications
Android: https://play.google.com/store/apps/dev?id=8929232438554100687
iOS: https://itunes.apple.com/ca/developer/shopify-inc/id371294475
Note: any services operated by a third party without a proof of concept demonstrating impact on Shopify users will likely be ineligible for a bounty.
accounts.shopify.com
admin.shopify.com
arrive-server.shopifycloud.com
https://github.com/Shopify/*
Public repositories available under the Shopify organization in Github.
linkpop.com
partners.shopify.com
shop.app
shopify.plus
shopifyinbox.com
your-store.myshopify.com
Your development store hosted at `*.myshopify.com`. Create a development store by signing up at https://partners.shopify.com/
api.mapbox.com
Our APIs are the primary interface to Mapbox for many of our customers, and all actions a customer can take on their account run through them.
https://docs.mapbox.com/android/
[Maps SDK for Android](https://docs.mapbox.com/android/maps/overview/)
[Navigation SDK for Android](https://docs.mapbox.com/android/navigation/overview/)
https://docs.mapbox.com/api/
The Mapbox web services APIs allow for programmatic access to Mapbox tools and services.
- [Accounts Service APIs](https://docs.mapbox.com/api/accounts/)
- [Maps Service APIs](https://docs.mapbox.com/api/maps/)
- [Navigation Service APIs](https://docs.mapbox.com/api/navigation/)
- [Search Service APIs](https://docs.mapbox.com/api/search/)
https://docs.mapbox.com/ios/maps/overview/
[Maps SDK for iOS](https://docs.mapbox.com/ios/maps/overview/)
https://github.com/mapbox
Mapbox has 700+ public Github repositories that are within scope, though only reports that can be actively exploited on Mapbox infrastructure will be eligible for a monetary bounty.
Submissions on assets containing the "Mapbox" name but not owned by Mapbox are not eligible for bounty.
Some repositories in the Mapbox GitHub organization may contain experimental code and are not eligible for a bounty.
* Please submit any open source security issues directly to HackerOne, do not open security-related issues on public Github repositories.
* Please send any questions about the eligibility of an open source repository to security@mapbox.com.
A few of our popular open-source repositories:
[node-sqlite3](https://github.com/mapbox/node-sqlite3) | [node-pre-gyp](https://github.com/mapbox/node-pre-gyp) | [carmen](https://github.com/mapbox/carmen)
https://www.mapbox.com/mapbox-gl-js/
Mapbox GL JS is a JavaScript library that uses WebGL to render interactive maps from vector tiles and Mapbox styles. It is part of the Mapbox GL ecosystem, which includes Mapbox Mobile, a compatible renderer written in C++ with bindings for desktop and mobile platforms.
www.mapbox.com
- https://mapbox.com
- https://studio.mapbox.com/
- https://account.mapbox.com/
*.airbnb-aws.com
Lower Impact Scope
*.airbnb.com
Higher Impact Scope
*.airbnbcitizen.com
*.atairbnb.com
*.byairbnb.com
*.hoteltonight-test.com
*.hoteltonight.com
*.luxuryretreats.com
*.muscache.com
*.withairbnb.com
Localized airbnb sites listed at the link below:
**https://www.airbnb.com/sitemaps/localized**
api.airbnb.com
assets.airbnb.com
callbacks.airbnb.com
com.airbnb.android
com.airbnb.app
com.luxuryretreats.ios
m.airbnb.com
next.airbnb.com
omgpro.airbnb.com
one.airbnb.com
open.airbnb.com
support-api.airbnb.com
www.airbnb.com
www.hoteltonight.com
*.booking.com
if there\'s any vulnerabilities raised on this asset that are owned by a third party we will not be accepting those reports
*.fareharbor.com
*.fareharbor.engineering
*.rentalcars.com
accommodations.booking.com
account.booking.com
admin.booking.com
Incorrect permission check for different roles is out of scope.
autocomplete.booking.com
booking.com
careers.booking.com
cars.booking.com
chat.booking.com
compass.fareharbor.com
demo.fareharbor.com
distribution-xml.booking.com
experiences.booking.com
fareharborsites.com
fhdn.fareharbor.com
flights.booking.com
http://secure-iphone-xml.booking.com/json/
https://apps.apple.com/us/app/booking-com-hotels-travel/id367003839
https://apps.apple.com/us/app/pulse-for-booking-com-partners/id992795726
https://iphone-xml.booking.com/json/
https://play.google.com/store/apps/details?id=com.booking&hl=en
https://play.google.com/store/apps/details?id=com.booking.hotelmanager&hl=en
https://secure-iphone-xml.booking.com/json/
indicative-pricing.taxi.booking.com
kyc-onboarding.booking.com
marketing.fareharbor.com
metasearch-api.booking.com
paybridge.booking.com
paymentcomponent.booking.com
paynotifications.booking.com
phone-validation.taxi.booking.com
portal.taxi.booking.com
readonly.fareharbor.com
secure-supply-xml.booking.com
secure.booking.com
sites.fareharbor.com
spark.fareharbor.com
supplier.auth.toag.booking.com
supply-xml.booking.com
tableau.fareharbor.engineering
taxi.booking.com
taxis.booking.com
teleport.fareharbor.engineering
webhooks.booking.com
widget.rentalcars.com
www.fareharbor.com
*.staging-airtableblocks.com
IMPORTANT: this domain is NOT eligible for stored XSS via building custom apps/blocks functionality.
*.staging.airtable.com
airtable.js SDK (https://www.npmjs.com/package/airtable)
- Install `airtable.js` via `npm install airtable`
- Visit https://staging.airtable.com/account and generate an API key
- Create a new Javascript file and add the following lines:
```javascript
const Airtable = require(\'airtable\');
const airtable = new Airtable({
apiKey: \'PUT YOUR API KEY HERE\',
endpointUrl: \'https://api-staging.airtable.com\', // IMPORTANT: you MUST set the endpointUrl attribute to this URL, or else you will be testing on airtable.com, which is out of scope
});
See https://staging.airtable.com/api for instructions on how to use the API, as well as [the source code on Github](https://github.com/airtable/airtable.js)
Please note that reports about outdated/vulnerable dependencies flagged by `npm audit` or `yarn audit` are **out of scope**. Vulnerabilities discovered via manual code audits are acceptable.
api-staging.airtable.com
Go to https://staging.airtable.com/account to generate an API key. See https://staging.airtable.com/api for API documentation per base.
staging.airtable.com
*.lightroom.adobe.com
Please refer to Lightroom Web Test Plan on how to access/test the environment.
Adobe Commerce, Commerce B2B and Commerce Open Source
C2PA Tool
Please refer to Content Authenticity Initiative Test Plan on how to access/test the environment.
ColdFusion
Please refer to ColdFusion Test Plan on how to access/test the environment.
account.adobe.com
Please refer to IMS Test Plan on how to access/test the environment.
account.magento.com
accounts.magento.cloud
acrobat.adobe.com
adobeid-na1.services.adobe.com
auth.services.adobe.com
com.adobe.Adobe-Reader
com.adobe.lrmobile
Lightroom
com.adobe.reader
com.adobe.scan.android
com.adobe.scan.ios
contributor.stock.adobe.com
firefly.adobe.com
http://federatedid-na1.services.adobe.com
http://ims-na1.adobelogin.com
https://contentcredentials.org/
https://github.com/contentauth/c2pa-js
https://github.com/contentauth/c2pa-rs
imagine.magento.com
learningmanager.adobe.com
Please refer to Adobe Learning Manager Test Plan on how to access/test the environment.
magento.com
magentocommerce.com
magentolive.com
marketplace.magento.com
net.s2stagehance.com
Please refer to Behance Test Plan on how to access the environment.
new.express.adobe.com
Please refer to Express Test Plan on how to access the environment.
photoshop.adobe.com
Please refer to Photoshop Web Test Plan on how to access/test the environment.
repo.magento.com
stock.adobe.com
u.magento.com
*.blockchain.com
1557515848
Blockchain.com Exchange App
https://apps.apple.com/us/app/blockchain-com-exchange/id1557515848
493253309
Blockchain.com Wallet App
https://itunes.apple.com/us/app/blockchain-wallet-bitcoin/id493253309
api.blockchain.info
com.blockchain.exchange
https://play.google.com/store/apps/details?id=com.blockchain.exchange
piuk.blockchain.android
https://play.google.com/store/apps/details?id=piuk.blockchain.android
ws.blockchain.info
www.blockchain.info
*.ubnt.com
*.ui.com
AmpliFi
Cloudkey
EdgeMAX
UCRM
UFiber
UID
https://ui.com/uid
UNMS
UniFi
UniFi Access
UniFi Cloud
UniFi Gateways (UDM, UXG, USG)
UniFi LED
UniFi Network Application
UniFi Protect
UniFi Switches
UniFi Talk
UniFi Wireless Access Points
account.ui.com
airFiber
airMAX
careers.ui.com
com.ubnt.discovery.app
com.ubnt.easyunifi
com.ubnt.umobile
community.ui.com
design.ui.com
fw-update.ubnt.com
ispdesign.ui.com
rma.ui.com
store.ui.com
uisp.com
unifi.ui.com
*.sc-core.net
Snapchat\'s internal services
*.sc-corp.net
Lens Studio
Tier A - Core Assets
Tier B - Non Core (Bitmoji, Playcanvas)
accounts.snapchat.com
Snapchat\'s account management website.
ads.snapchat.com
app.snapchat.com
Main server-side application hosted on Google App Engine under the hostname feelinsonice-hrd.appspot.com and app.snapchat.com.
blog.playcanvas.com
business.snapchat.com
Snapchat\'s Business Manager.
businesshelp.snapchat.com
Snapchat\'s Salesforce instance
code.playcanvas.com
com.bitstrips.imoji
[iOS App Store](https://itunes.apple.com/us/app/bitmoji-keyboard-your-avatar/id868077558)
[Google Play Store](https://play.google.com/store/apps/details?id=com.bitstrips.imoji)
com.snapchat.android
[Google Play Store](https://play.google.com/store/apps/details?id=com.snapchat.android)
com.toyopagroup.picaboo
[iOS App Store](https://itunes.apple.com/us/app/snapchat/id447188370?mt=8)
create.snapchat.com
Snapchat\'s Geofilter creation tool.
developer.playcanvas.com
forum.playcanvas.com
geofilters.snapchat.com
Snapchat\'s on-demand Geofilters purchase website.
https://lensstudio.snapchat.com/api/
kit.snapchat.com
SNAPKIT web application and SDKs
launch.playcanvas.com
login.playcanvas.com
map.snapchat.com
msg.playcanvas.com
my.snapchat.com
Snapchat\'s Spotlight on the web.
playcanv.as
playcanvas.com
relay.playcanvas.com
rt.playcanvas.com
scan.snapchat.com
Snapcode creation website
snappublisher.snapchat.com
Snapchat\'s publisher tool.
spectacles.com
Snapchat\'s spectacles purchase website.
store.playcanvas.com
store.snapchat.com
Snapchat\'s Bitmoji Merch Store
story.snapchat.com
web.snapchat.com
www.bitmoji.com
www.bitstrips.com
336381998
[Priceline iOS App](https://apps.apple.com/us/app/priceline-hotel-travel-deals/id336381998)
Penny
https://www.priceline.com/penny
admin.rezserver.com
**Policy Guidance**
We are not currently providing credentials for this asset.
**Rules of Engagement**
- In request headers use \'hackerone-{your username}\' for user-agent
- Keep low volume of requests - Automated testing is not permitted
- Do not Fuzz Contact forms
- Do not Fuzz "Request Account Activation" & "Request Product Activation"
- Do not Fuzz request for "Change Request under Sites"
- Do not modify other hacker_* user accounts under Hacker one test account
**Non-Qualifying Vulnerabilities and Exclusions**
- CSRF
api.rezserver.com
**Rezserver API**
_Policy Guidance_
_Rules_
- Don\'t use automated tools or scanners
- Don\'t DDoS
_Out of scope vulnerabilities_
- Missing best practices in HTTP header configuration.
- Any activity that could lead to the disruption of our service (DoS)
- Missing best practices in SSL/TLS configuration
- Account/email enumeration issues
- Disclosure of software version numbers (we maintain forks of several tools, and apply security patches accordingly)
- Content Spoofing/Text Injection that cannot be leveraged for XSS or sensitive data disclosure
_Endpoints out of scope_
- Hotel: BookRequest
- Air: All endpoints
- Car: All endpoints
- Custom: All endpoints
com.priceline.android.negotiator
cruises.priceline.com
flyiin.com
press.priceline.com
priceline.com
reservations.rezserver.com
secure.rezserver.com
www.bookingholdings.com
www.getaroom.com
www.priceline.com
*.uberinternal.com
*ubereats.com
Includes all subdomains (*.ubereats.com) except subdomains listed in out of scope.
Recon Data
Uber provides endpoints to determine whether an asset belongs to Uber:
https://appsec-analysis.uber.com/public/bugbounty/ListDomains
https://appsec-analysis.uber.com/public/bugbounty/ListIPs
All of the endpoints support offset and limit as optional parameters.
Example: https://appsec-analysis.uber.com/public/bugbounty/ListDomains?offset=0&limit=100.
The public endpoints for asset information are for recon purposes. Information returned by those endpoints (or not) does not mean a bounty is guaranteed.
uber.com
Includes all subdomains (*.uber.com) except subdomains listed in out of scope.
*.yelp-support.com
*.yelp.com
*.yelpwifi.com
284910350
Yelp Mobile
542767785
Restaurant Manager iOS app
936983378
Yelp for Business Owners
com.yelp.android
Yelp Mobile for Android
com.yelp.android.biz
yelptop100.com
*.cloud.vimeo.com
Upload endpoints such as \\ *.cloud.vimeo.com
*.livestream.com
*.magisto.com
**EXCEPTION** - Subdomains owned/controlled/managed/etc by a 3rd party.
*.new.livestream.com
*.vhx.tv
**EXCEPT for community.vhx.tv, 3rd party sites and EXCEPT a single-customer configured site**
The vulnerability must affect every site in order to be valid.
*.vimeo.com
See scope/program for more definitive information. Does not include 3rd parties under vimeo.com domain names. Subject to realization we missed one.
1491791513
425194759
486781045
493086499
Livestream software (Producer, Studio)
Out of scope: any attacks of the install process, that require additional configuration files, dll, etc that are put onto the machine via virus, malware, confidence, etc.
VHX Branded Customer Android Apps
**Vulnerabilities must affect ANY/ALL VHX branded Android apps and not just a single VHX customer app**
VHX Branded Customer Roku Apps
**Vulnerabilities must affect ANY/ALL VHX branded Roku apps and not just a single VHX customer app**
VHX Branded Customer iOS Apps
**Vulnerabilities must affect ANY/ALL VHX branded iOS apps and not just a single VHX customer app**
api.vhx.tv
api.vimeo.com
applause1.magisto.com
channelstore.roku.com/details/48061/vhx
Roku App
checkout.vimeo.com
This is an S3 bucket behind a CDN. We will be responsible for things WE can control about this (Content, S3 permissions, CDN headers, etc). For items beyond our control, those are not in scope.
com.livestream.livestream
com.magisto
com.vimeo.android.videoapp
com.vimeocreate.videoeditor.moviemaker
donations.livestream.com
embed.vhx.tv
http://vimeo.com/api
Legacy API endpoints such as vimeo.com/api
http://vimeo.com/create
http://vimeo.com/ondemand
Vimeo On Demand hosted sites: https://vimeo.com/ondemand
magisto.com,www.magisto.com
player.vimeo.com
staging.magisto.com
vhx.tv
The VHX homepage at vhx.tv redirects to a login page at ott.vimeo.com. Please submit these reports to the VHX program.
vimeo.magisto.com
Only as it integrates with Vimeo. For anything about it itself, please report on the Magisto program
vimeopro.com
Vimeo Pro portfolios hosted on vimeopro.com
www.livestream.com
www.vimeo.com
288429040
api.linkedin.com
business.linkedin.com
com.linkedin.android
www.linkedin.com
api.greenhouse.io
Documentation:
https://developers.greenhouse.io/harvest.html
https://developers.greenhouse.io/job-board.html#retrieve-a-department
app.greenhouse.io
app.interseller.io
Please do not spam the payment form as this is manage by a third party and is out of scope for testing. Vulnerabilities related to paywall bypass are out of scope.
boards.greenhouse.io
interseller.io
This is a Marketing website and will produce less bounties than the actual product application
jss.greenhouse.io
onboarding.greenhouse.io
support.greenhouse.io
www.greenhouse.io
*.gitlab.net
Hosts owned and operated by GitLab.
*.gitlab.org
*.gitlap.com
Hosts owned and operated by GitLab. gitla**p** with a p!
GitLab for Jira Cloud
Other non-production infrastructure
Hosts owned and operated by GitLab other than gitlab.com itself and our static websites.
Your Own GitLab Instance
about.gitlab.com
There is no user data therefore no confidentiality impact is possible, however we want to know if you can modify the content or make it unavailable.
advisories.gitlab.com
customers.gitlab.com
Server-side Denial of Service is out of scope as per our Policy.
design.gitlab.com
docs.gitlab.com
gitlab.com
https://gitlab.com/gitlab-org/gitaly
https://gitlab.com/gitlab-org/gitlab
https://gitlab.com/gitlab-org/gitlab-pages
https://gitlab.com/gitlab-org/gitlab-runner
https://gitlab.com/gitlab-org/gitlab-shell
https://gitlab.com/gitlab-org/gitlab-vscode-extension
https://gitlab.com/gitlab-org/opstrace/opstrace
registry.gitlab.com
*.twimg.com
*.twitter.com
*.vine.co
*.x.ai
*.x.com
com.atebits.Tweetie2
com.twitter.android
gnip.com
x.com
GitHub repositories
[Any _**source**_ repository on my Github account](https://github.com/iandunn?tab=repositories&type=source), _**except**_ for the ones marked as **archived**.
Forks are not in-scope, please report any issues with those upstream. Archived repos are not maintained.
This refers to the source code in the repositories listed on that page, **not** to the github.com website itself. You can report potential vulnerabilities in github.com to [them](https://github.com/security).
WordPress.org plugins
[Any plugin listed on my WordPress.org profile](https://profiles.wordpress.org/iandunn#content-plugins) is within scope, **except** for these:
* Email Post Changes and Jetpack should be submitted to [Automattic](https://hackerone.com/automattic) instead.
* CampTix, CampTix Network Tools, P2 New Post Categories, Tagregator, and SupportFlow should be submitted to [WordPress](https://hackerone.com/wordpress) instead, because they\'re [Meta team](https://make.wordpress.org/meta/) projects.
* Manage Tags Capabilities is not covered, since I don\'t have commit access to it.
This refers to the source code of the plugins listed on that page, **not** to the wordpress.org website itself. You can report potential vulnerabilities in wordpress.org to [their program](/wordpress).
*.cloudflare.com
Excluding support.cloudflare.com, community.cloudflare.com and other SaaS applications
*.cloudflarepartners.com
*.teams.cloudflare.com
1.1.1.1 Resolver
A blazing fast DNS resolver built for private browsing.
https://1.1.1.1/
https://developers.cloudflare.com/1.1.1.1/what-is-1.1.1.1/
https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
AI Gateway
https://developers.cloudflare.com/ai-gateway/
AMP Real URL
https://developers.cloudflare.com/speed/optimization/other/amp-real-url/
API Shield
https://developers.cloudflare.com/api-shield/
Area 1
Bot Management
Cloudflare enables you to manage bots with speed and accuracy by applying several detection methods: Behavioral analysis, machine learning, and fingerprinting.
https://www.cloudflare.com/products/bot-management/
Browser Isolation
https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/
CDNJS
CDNJS is a free and open source project to organize and provide popular front-end web development resources to developers via a fast CDN infrastructure without usage limitations and fees.
https://github.com/cdnjs/cdnjs
https://blog.cloudflare.com/an-update-on-cdnjs/
China Network
https://developers.cloudflare.com/china-network/
Cloudflare Access
Cloudflare Access is an application that controls access to your sites and integrates with social and enterprise identity providers (IdP) for managing user credentials.
https://www.cloudflare.com/products/cloudflare-access/
Cloudflare Analytics
https://developers.cloudflare.com/analytics/
Cloudflare CASB
Cloudflare\'s cloud access security broker (CASB) service gives comprehensive visibility and control over SaaS apps, so you can easily prevent data leaks and compliance violations. With Zero Trust security, block insider threats, Shadow IT, risky data sharing, and bad actors.
https://www.cloudflare.com/products/zero-trust/casb/
Cloudflare Cache
https://developers.cloudflare.com/cache/
Cloudflare D1
https://blog.cloudflare.com/introducing-d1/
Cloudflare DNS
Cloudflare Durable Objects
https://developers.cloudflare.com/durable-objects/
Cloudflare Pages
https://developers.cloudflare.com/pages
Cloudflare R2
https://blog.cloudflare.com/r2-open-beta/
Cloudflare Tunnel
Cloudflare Tunnel offers an easy way to expose web servers securely to the internet, without opening up firewall ports and configuring ACLs.
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
Cloudflare Workers CI
Cloudflare Zaraz
https://developers.cloudflare.com/zaraz/
Cloudflare Zero Trust/Cloudflare One
Data Loss Prevention (DLP)
https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/
Gateway
https://developers.cloudflare.com/cloudflare-one/policies/gateway/
Hyperdrive
https://developers.cloudflare.com/hyperdrive/
Images
https://developers.cloudflare.com/speed/optimization/images/#image-optimization
Load Balancing
Cloudflare\'s Load Balancing automatically reduces latency by directing visitors to infrastructure closest to them.
https://www.cloudflare.com/load-balancing/
Magic Firewall
https://developers.cloudflare.com/magic-firewall/
Magic Transit
Magic Transit is a software-defined networking product that offers IP transit with DDoS protection, next-gen firewall, traffic acceleration and more for your on-premise and data center networks from a single, easy-to-use interface.
https://www.cloudflare.com/magic-transit/
Magic WAN
https://developers.cloudflare.com/magic-wan/
Open source tools from Cloudflare
https://github.com/cloudflare
SSL/TLS
https://developers.cloudflare.com/ssl/
Spectrum
Spectrum extends the power of Cloudflare\'s DDoS, TLS, and IP Firewall to TCP and UDP-based services, keeping them online and secure.
https://www.cloudflare.com/products/cloudflare-spectrum/
Stream
Cloudflare Stream is an easy-to-use, affordable, on-demand video streaming platform. Stream seamlessly integrates video storage, encoding, and a customizable player with Cloudflare’s fast, secure, and reliable global network.
https://www.cloudflare.com/products/cloudflare-stream/
Turnstile
https://developers.cloudflare.com/turnstile/
Vectorize
https://developers.cloudflare.com/vectorize/
WARP Mobile Apps
Download on Android: https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone
Download on iOS: https://itunes.apple.com/us/app/1-1-1-1-faster-internet/id1423538627
WARP is a free VPN for mobile phones. The app can be used as a 1.1.1.1 DNS resolver or VPN or our premium paid service Warp+. It works on wireguard protocol. See documentation section for more details.
Areas of interest:
Can other apps snoop with Warp
Downgrade of connections
Misconfiguration in the apps or backend
MITM attacks
Using WARP+ features without paying
WARP desktop client
Cloudflare Zero Trust client applications releases on Windows, Linux and MacOS
Waiting Room
https://developers.cloudflare.com/waiting-room/
Workers
https://developers.cloudflare.com/workers/
Workers AI
https://developers.cloudflare.com/workers-ai/
Workers KV
https://developers.cloudflare.com/kv/
api.cloudflare.com
cloudflareworkers.com
This is a Cloudflare Workers test site.
Cloudflare Workers provides a lightweight JavaScript execution environment that allows developers to augment existing applications or create entirely new ones without configuring or maintaining infrastructure.
https://www.cloudflare.com/products/cloudflare-workers/
dash.cloudflare.com
The Cloudflare dashboard (https://dash.cloudflare.com/) and any direct calls from the dashboard to other Cloudflare owned resources are considered in scope.
http://github.com/cloudflare
https://github.com/cloudflare/workerd
one.dash.cloudflare.com
waf.cumulusfire.net
This domain must be used for testing WAF bypasses.
*.srvcs.tumblr.com
*.tumblr.com
**The Blog Network**
*Note: Blogs are cached for 1 minute after first request (60s from first request); content is re-loaded into cache when a new request is submitted after the 61st second.*
How to identify you are looking at the Blog Network:
* Header: `X-tumblr-user` can be used to identify if the domain is a blog on the Blog Network
* View the domain in a browser, there will be a Tumblr banner visible.
Exclusions for this asset:
* JavaScript is allowed; XSS is excluded from eligibility.
* Pages can be framed; Clickjacking or other X-Frame-Options attacks are excluded from eligibility.
Crowdsignal
Any issues on https://crowdsignal.com/, and or Crowdsignal WordPress plugins
Jetpack
Any issues related to the Jetpack plugin https://github.com/Automattic/jetpack and/or https://jetpack.com/
WooCommerce
Any security issues on the WordPress WooCommerce plugin (https://wordpress.org/plugins/woocommerce/) and/or https://woocommerce.com/
WordPress Plugins & Themes
Any security issue found on any WordPress plugin or theme that\'s **maintained/created by Automattic**.
This includes but is not limited to
- WP-Supercache (https://wordpress.org/plugins/wp-super-cache/)
- WP-Job-Manager (https://github.com/Automattic/WP-Job-Manager)
- Sensei LMS (https://github.com/Automattic/sensei)
See https://profiles.wordpress.org/automattic/ for more details
WordPress.com VIP
Any issue in the WordPress.com VIP infrastructure, WordPress plugins, or client sites.
akismet.com
Any issues on https://akismet.com/, or the Akismet WordPress plugin.
api.tumblr.com
assets.tumblr.com
com.tumblr
- Minimum OS version: API 21
- API keys in code
- Certificate pinning
com.tumblr.tumblr
- Minimum OS version: iOS 11
embed.tumblr.com
gravatar.com
intensedebate.com
mailpoet.com
Any issue in https://www.mailpoet.com/, or the MailPoet WordPress plugin.
my.pressable.com
safe.tumblr.com
secure.tumblr.com
simperium.com
simplenote.com
t.umblr.com
wordpress.com
www.tumblr.com
*.irccloud-cdn.com
Please note that this domain hosts user-uploaded files which are intentionally public for sharing on IRC. These do not constitute an information disclosure vulnerability and reports will be closed as "Not Applicable".
*.irccloud.com
In particular IRC connection hosts listed here: https://www.irccloud.com/networks
api.irccloud.com
blog.irccloud.com
com.irccloud.IRCCloud
The iOS app is open source, decompilation issues are not eligible https://github.com/irccloud/ios
Vulnerabilities requiring local or root access to a device are also not eligible.
com.irccloud.android
The Android app is open source, decompilation issues are not eligible https://github.com/irccloud/android
https://github.com/irccloud/android
https://github.com/irccloud/ios
irc.irccloud.com
Support IRC network.
irccloud.com
team-irc.irccloud.com
Private team IRC servers
www.irccloud.com
*.base.org
*.cbhq.net
*.coinbase.com
54.175.255.192/27
Coinbase WaaS (Wallet as a Service)
Documentation: https://www.coinbase.com/cloud/products/waas
Applications that may have been missed as a part of our standard scope; this will be assessed on a by submission basis.
Web3 Smart Contracts
api.coinbase.com
api.custody.coinbase.com
Please see the instructions for the custody.coinbase.com asset on how to get an account.
cloud.coinbase.com
coinbase.com
com.coinbase.android
com.coinbase.ios
com.coinbase.wallite
commerce.coinbase.com
custody.coinbase.com
* **[Coinbase Custody - Institutional User Roles Overview](https://hackerone.app.box.com/s/l8rqfuv0xgaf15nwdzmffvsrxjm6vr8n)**
* **[Custody API Documentation](https://docs.custody.coinbase.com/)**
http://coinbase.com
https://base.org
https://chrome.google.com/webstore/detail/coinbase-wallet-extension/hnfanknocfeofbddgcijnmhnfnkdnaad
institutional.coinbase.com
international.coinbase.com
nft.coinbase.com
org.toshi
org.toshi.distribution
prime.coinbase.com
pro.coinbase.com
*.quip.com
Only accepting Critical reports 2023-12-01 to 2025-02-01
647922896
itunes.apple.com/us/app/quip-docs-chat-sheets/id647922896
Slack Desktop Application
api.slack.com
The Slack API
app.slack.com
com.Slack
com.quip.quip
Only accepting Critical reports 2023-12-01 to 2025-02-01.
com.slack.slackmdm
Reports are accepted for vulnerabilities specific to the [Slack EMM/MDM version of the app](https://apps.apple.com/us/app/slack-for-emm/id1254292716).
EMM client vulnerabilities in the absence of a valid MDM configuration via a supported MDM provider, (such as MobileIron), on an EMM-enabled Slack team are excluded.
com.tinyspeck.chatlyio
The main Slack app is included: [Slack iOS App](https://apps.apple.com/us/app/slack/id618783545)
Other versions of the app, such as the EMM and Intune versions, are not included.
edgeapi.slack.com
https://github.com/slackhq/nebula
https://salesforce.quip.com/blog/desktop
slack-imgs.com
slack-redir.net
slack-status.com
slack.com
The slack.com site and application.
slackatwork.com
slackb.com
spaces.pm
www.quip.com
https://github.com/rails/rails
*.vpn.hackerone.net
The HackerOne hacker VPN is used by hackers and HackerOne personnel. We\'d be most interested in vulnerabilities that allow you to route traffic to other clients (lack of client isolation), routing traffic to internal HackerOne / Amazon networks, and bypassing [sslsplit](https://github.com/droe/sslsplit). Traffic routed through the VPN will originate from `66.232.20.0/23` or `206.166.248.0/23` (HackerOne netblocks). The VPN is based on OpenVPN.
206.166.248.0/23
This net block is the origin of all traffic routed through the HackerOne hacker VPN. See the description for *.vpn.hackerone.net for the stack and vulnerabilities we\'re interested in.
66.232.20.0/23
a5s.hackerone-ext-content.com
This domain is used to serve static marketing assets. No confidential information is stored on these systems. However, it is important to us that these assets cannot be updated by an unauthorized third-party.
api.hackerone.com
This is our public API that customers use to read and interact with reports. To look for vulnerabilities in this asset, create a sandboxed program, select HackerOne Professional or HackerOne Enterprise in the Product Edition settings page, and create an API token. This system’s backend is written in Ruby, converts the request to a GraphQL query, and serializes the GraphQL result to JSON.
app.pullrequest.com
Please use your `@wearehackerone.com` email address when signing up.
b5s.hackerone-ext-content.com
cover-photos-us-east-2.hackerone-user-content.com
This is an Amazon S3 bucket that contains profile and cover photos of users and programs. It does not contain any highly confidential information and would not impact the main application if it would be unreachable. A signed request is required to download an object.
cover-photos.hackerone-user-content.com
ctf.hacker101.com
The Hacker101 CTF domain, ctf.hacker101.com, is not connected to HackerOne\'s production environment. It is hosted on Amazon AWS. Users authenticate through HackerOne.com (OAuth). The maximum bounty for any vulnerability on this asset is $500 right now. The CTF challenges itself are not in scope for our bug bounty program.
errors.hackerone.net
A separate domain that we use to capture information of client and server side exceptions.
hackathon-photos-us-east-2.hackerone-user-content.com
hackathon-photos.hackerone-user-content.com
hackerone-ext-content.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
This is an Amazon S3 bucket that contains attachments of reports and activities. These attachments may contain confidential information. A signed request is required to download an object.
hackerone-user-content.com
hackerone.com
This is our main application that hackers and customers use to interact with each other. It connects with a database that contains information about vulnerability reports, users, and programs. This system’s backend is written in Ruby and exposes data to the client through GraphQL, rendered pages, and JSON endpoints.
hackerone.live
https://*.hackerone-ext-content.com
https://*.hackerone-user-content.com/
mta-sts.wearehackerone.com
profile-photos-us-east-2.hackerone-user-content.com
profile-photos.hackerone-user-content.com
reviewer.pullrequest.com
www.hackerone.com
This is our marketing website. It does not contain any report or customer information. It may store information about hackers, such as information collected through the [penetration tester sign up form](https://www.hackerone.com/hackers/pentest-community-application). The website runs Drupal with a few customizations.
www.wearehackerone.com
*.agilebits.com
null
All other domains, subdomains, and 1Password Accounts that are not owned by you, including accounts where you are a user but not the owner, are out of scope.
https://support.1password.com
https://www.1password.com/
*.zipbooks.com
Zipbooks related assets
blog.ishosting.com
help.ishosting.com
https://*.amazonaws.com/*
db.*.supabase.co
Supabase database domains belonging to our customers.
Test only domains belonging to your own account. Domains that are part of your account are in-scope
https://*.supabase.co
Supabase Product APIs and database domains belonging to our customers.
https://api.supabase.com/platform/pg-meta/project_id/query
This is intended to take raw SQL queries. This end-point is not "SQL injectable". The ability to escalate privileges via this end-point is a valid issue, but executing SQL is not.
https://github.com/supabase-community/
https://supabase.dev/
Supabase Contributor Portal - Guide for contributing to Supabase
https://supabase.productions/
The official Supabase album
auth.finnair.com
Please note, that this assets is out of the program scope.
x.com
Anything discovered with any of Circle\'s published media is out of scope.
youtube.com
www.advisoryworld.com
The specific URL www.advisoryworld.com is out of scope. However, reports on other AdvisoryWorld sites are welcome.
Security vulnerabilities that are identified in Peloton products or in website domains owned, operated, or controlled by Peloton that are not listed above are OOS
*.varonis-preprod.com
All other assets
issue-management.iontrading.com
*.nimiq.com
Blockchain testnet
https://github.com/nimiq/core-js/
https://github.com/nimiq/core-rs/
https://github.com/nimiq/ledger-app-nimiq
https://keyguard.nimiq.com/
https://miner.nimiq.com/
www.lowesprosupply.com/
Please do not request a user account for this asset.
Testing is to be performed as an unauthenticated user.
*.rentals.rei.com
This is an out of scope asset since it is owned and managed by a 3rd party.
desktop.rei.com
destinations.rei.com
foryourbenefit-rei.com/
future-login.rei.com
greenvestrentals.rei.com
http://rei.com/blog
http://rei.com/rei-garage
http://rei.com/rentals
http://rei.com/used
partners2.rei.com
rei.jobs
reia.my.site.com
reiadventures.force.com
reifund.org
test-login.rei.com
vpn.rei.com
wpvip.rei.com
*.3cx.com
blog.privy.io
demo.privy.io
docs.privy.io
privy.io
The primary Privy site where you can learn about products & services, get support, etc.
Set-top-boxes, smart TVs, streaming sticks Out of Scope
**Out of Scope**
Third party websites or systems hosted by non-Netflix entities Out of Scope
ir.netflix.com
ir.netflix.net
netflixinvestor.com
*.security.neustar
http://customertest.drivershistory.com/dr3/api/dr30/getcombined
https://customertest.drivershistory.com/currentversion5/wsdhilookup.asmx
https://customertest.drivershistory.com/currentversion6/wssubjectprescreenplus.asmx
www.wellhive.com
WellHive\'s marketing website.
*www.aeromexico.com
https://www.aeromexico.com
support.lighstpark.com
www.tilismtechservices.com
This is a third-party service; therefore, issues related to this asset are out of scope for our program.
https://api-3.xverse.app
https://api.xverse.app
https://inscribe.xverse.app/
https://ord.xverse.app
https://pool.xverse.app/
https://sponsor.xverse.app
https://xverse.app
http://support.wonder.com
www.greenfly.com
*.ionity.eu
www.cleverreach.com
*dhcp*.gobrightspeed.net
dhcp.embarqhsd.net
https://www.*.nba.com
nba.net
**Only subdomains listed in the policy are eligible for submission**.
https://visayanelectric.com/
iflex.snaboitiz.com/wp-content/*
support.worldcoin.com
https://api-test.nicex.com
https://test.nicex.com
test.nicex.com
*.envira.es
While Eurofins Group has acquired parts of ENVIRA, the domain *.envira.es (and others, e.g. envira.global) are not Eurofins Assets and therefore are not in scope of this program.
*.eurofins-digitaltesting.com
Eurofins Digital Testing has been divested in 2022 and is not part of the Eurofins Group anymore. Please refrain from any security testing on any former Eurofins Digital Testing Asset.
*.sgs.com
While Eurofins Group has acquired parts of SGS Group, the domain *.sgs.com is not an Eurofins Asset and therefore not in scope of this program.
samplekinect.eurofins.com
This application is out of scope. Please refrain from any security testing until further notice.
Anything not in scope
Devices
Placeholder for the Rewards modal
Services, Apps, Mobile
*.truist.com
Only exception is www.truist.com
Other: Out-of-Scope
Scope item added for the Bounty Modal
gnltn.com
ldry.com
This asset is temporarily out of scope.
api.redoxengine.com
Please ensure all testing is performed against the staging instance at testapi.redoxengine.com
candi.redoxengine.com
Please ensure all testing is performed against the staging instance at testapp.redoxengine.com
dashboard.redoxengine.com
Please ensure all testing is performed against the staging instance at 10x.redoxengine.com
gamma.redoxengine.com
Please ensure all testing is performed against the staging instance at gamma.redoxstage.com
https://redoxengine.atlassian.net
Internal Jira is out of scope
redox.slack.com
Internal Slack is out of scope
sso.redoxengine.com
Website 3rd Party/Chat Systems
Chat bot and contact forms on www.egress.com
wisdomtree.com
Wisdomtree.com and Wisdomtree.eu are out of scope of this project. If you find something that you wish to report please reach out to security@wisdomtree.com.
wisdomtree.eu
defenceshare.mod.uk
Please use vdp.kahootz.com
affiliate.napoleongames.be
3rd party
affiliates.superbet.com
affiliates.superbet.rs
https://legacy-web.superbet.ro/session/login
All our LOGIN services are out of scope for the moment.
Any bruteforce attempt on our login services will be considered misbehavior and you will be banned from the program. We won\'t reward any credentials identified using bruteforce attacks.
Thank you!
https://retail.prod.incubator.superbet.ro/ssbt-api/
out of scope
blog.magiceden.io
This service is done through substack and they are unwilling to fix reported bugs
cdn.magiceden.dev
http://ord-mirror.magiceden.dev
img-cdn.magiceden.dev
mainframe.magiceden.io
*.pramericalife.in
*.prudential.co.kr
*.prudentialagf.cl
*.prudentialplc.com
Prudential Joint Ventures
afphabitat.cl
pramericalife.in
prudentialagf.cl
analytics.boozt.com
bmp.boozt.com
www.kronor.io
We are not interested in issues found in the www.kronor.io website.
api.frontegg.com
portal.frontegg.com
servicos.indrive.com
sinet.startup.inDriver
"Contact Us" Functionality
Placeholder for the top Rewards modal
Services and Apps
engineering.rei.com
login.rei.com
rei.gladly.com
Spamming the Gladly chat bot widget is considered out of scope.
reicasting.com
blog.mergify.com
We do not manage our blogging infrastructure directly.
mergify.com
We do not manage the infrastructure of our Web hosting service.
https://blog.zabbix.com/
This website out of the scope of this program.
https://cloud.zabbix.com/
https://exam.zabbix.com/
https://git.zabbix.com/
https://space.zabbix.com/
https://support.zabbix.com/
https://translate.zabbix.com/
https://www.zabbix.com/
developer.arkoselabs.com
This site is managed by a 3rd party provider.
https://status.arkoselabs.com/
https://careers.abb/global/en
https://hub.electrification.us.abb.com/wcc/eh/
https://www.stringsizer.abb.com
billing.dynamic.xyz
docs.moderntreasury.com
help.moderntreasury.com
trust.moderntreasury.com
www.moderntreasury.com
*.daimler.com
*.fuso.com
*.thomasbuildbuses.com
3rd party integrations
bigstockphoto.fr
ofcourse.com
Support chat
Please do not submit reports related to the chat function in the application.
*.api.cx.metamask.io
**All reports regarding this asset should be submitted to the Consensys program at https://hackerone.com/consensys. Reports will be subject to the rules and conditions listed there.**
_Note: Consensys is the company that owns MetaMask, and is not a third party._
Core Tier Assets
MetaMask\'s Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Core Tier bounty table. This table can be found on our program page, and includes the following assets:
* MetaMask SDK
* metamask.io
* `https://metamask.github.io/phishing-warning/<vX.Y.Z>`
* Authentication component
* `https://authentication.api.cx.metamask.io/`
* `https://oidc.api.cx.metamask.io`
* `https://user-storage.api.cx.metamask.io`
* Message signing snap
Metamask Flask Extension
Installation Link: https://chrome.google.com/webstore/detail/metamask-flask-developmen/ljfoeinjpaedjfecbmggjgodbgkmjkjk
This is an experimental playground for developers, where new or proposed features can be rolled out and tested before deploying them to the broader public.
Non-Core Tier Assets
MetaMask\'s Non-Core Tier Assets are specific MetaMask assets which are paid out in accordance with our Non-Core Tier bounty table. This table can be found on our program page, and includes the following assets:
* https://snaps.metamask.io
* *.metamask.io (with exceptions)
* Snaps Development Packages
Wallet Tier Assets
MetaMask\'s Wallet Tier Assets are specific MetaMask assets which are paid out in accordance with our Wallet Tier bounty table. This table can be found on our program page, and includes the following assets:
* MetaMask Extension
* MetaMask Mobile (io.metamask.Metamask, io.metamask)
* MetaMask Snaps
community.metamask.io
Vulnerability reports related to this domain should be directed to the Discourse bug bounty program: https://hackerone.com/discourse
developer.metamask.io
_Please note that MetaMask part of Consensys, and the MetaMask developer dashboard (previously known as infura) is considered a first party Consensys product._
https://metamask.github.io/
This domain is the root of various static GitHub pages applications which range from test sites, to development tools, to production security controls. Vulnerabilities which can be used to have impact on an in-scope asset will still be considered for a bounty.
https://mmi-support.metamask.io/
https://support.metamask.io/
https://www.npmjs.com/search?q=%40metamask
Vulnerabilities within npm packages in the @metamask namespace that do not pose a risk to MetaMask users
permissionless.snaps.metamask.io
An experimental directory for permissionless snaps. Is currently under development, and may potentially be put in scope in the future.
*.skinport.com
*.floqast.com
FloQast\'s Marketing Website
*.floqast.studio
FloQast\'s Marketing Website for our Digital Entertainment Division
Any Asset Not Specifically Listed as In-Scope
Any domain, device, or asset not specifically listed as "In-Scope" for this program.
s3://floqast
The "floqast" S3 bucket is not owned by us. We have static code analysis tools that prevent developers from connecting any of our services to it.
connector.callsign.com
dashboard.callsign.com
pathway.callsign.com
portal.callsign.com
programs.callsign.com
support.callsign.com
www.callsign.com
Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions.
blog.palantir.com
certification.palantir.com
community.palantir.com
explore.palantir.com
gear.palantir.com
go.palantir.com
info.palantir.com
investors.palantir.com
learn.palantir.com
3rd-party certification website/service.
palantirfedstart.com
Any domain related to FedStart or Palantir FedStart.
palantirpacusa.com
Any domain related to the Palantir PAC.
sandbox.training.palantir.com
store.palantir.com
training.palantir.com
community.modernfertility.com
https://*.ro.co/api/members
https://login.ro.co/authorize
https://ro.co/api/account-exists
https://ro.co/api/presigned-upload-url
https://ro.co/messages/*
https://ro.co/weight-loss/glp1-insurance-checker/*
https://ro.co/weight-loss/supply-tracker/*
*.Windstreambundledeals.com
This site is off limits.
*.getwindstream.com
*.orderwindstream.com
*.windstreamdeals.com
*.windstreamoffers.com
Allworx
*.account.mongodb.com/*
*.atlas.mongodb.com/*
*.cloud.mongodb.com/*
All Evergreen Assets (including staging)
Please note that all evergreen endpoints (including staging) are out of scope of this program and not eligible for bounty
Enterprise Edition Products and Tools
Drivers, cloud tools, enterprise cloud and enterprise server
MongoDB Community Edition Cloud Manager
Please note this includes: cloud.mongodb.com
MongoDB Driver: Swift
Please note as per https://www.mongodb.com/docs/drivers/swift/
The Swift driver is no longer under active development as of 2022.
MonogoDB Community Server
auth.mongodb.com/
http://*.auth.mongodb.com/*
https://www.mongodb.com/community/forums/*
https://www.mongodb.com/community/forums/*
Is out of scope, please refrain from testing this site.
*.chattest.deribit.com
deribit.zendesk.com
office.deribit.com
veriscope.deribit.com
activate.fidelity.com
activate1.fidelity.com
alertmanagerams.streetscape.com
alertstreaming.fidelity.com
alertstreaming.streetscape.com
alumni.fidelity.com
boundless.fidelity.com
china.fidelity.com
dmt.fidelity.com
dmtfi.fidelity.com
esgpro.fidelity.com
event.fidelity.com
fcone.fidelity.com
fctms.fidelity.com
https://api-stage.fidelity.com/brokerage-debit-card-order/v1
https://api-test.fidelity.com/brokerage-account-checking-stop-payment/v1
https://api.fidelity.com/brokerage-account-checking-stop-payment/v1
https://api.fidelity.com/brokerage-debit-card-order/v1
india.fidelity.com
jobs.fidelity.com
metrics.fidelity.com
reviews.fidelity.com
reviews.retail.fidelity.com
sitecatalyst.fidelity.com
social.fidelity.com
social.retail.fidelity.com
testjobs.fidelity.com
www.boundless.fidelity.com
www.fidelityworkplace.com
www.india.fidelity.com
www.jobs.fidelity.com
www.myfidelitysolutions.com
dolimg.com
dwss-ptp.disney.com
espnbet.com
magicalfloralandgifts.com
tokyodisneyresort.jp
This licensing partnership site is OUT of scope of the VDP.
www.enchantedfinejewelry.com
*.hiltonhotels.jp
eis.hilton.com
https://jobs.hilton.com
creators.gymshark.com
gymshark.okta.com
onboarding.gymshark.com
slack.moov.io
support.moov.io
support.moov.io is not in scope for reporting as this is not our application.
tools.cards.moov.io
tools.moov.io
help.strongdm.com
Our support site is hosted externally by Zendesk. No security testing should be done against the platform itself. Any security issues found within the platform should be reported [directly to Zendesk](https://hackerone.com/zendesk).
security.strongdm.com
Our Security Portal is hosted externally by SafeBase. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to security@safebase.io
status.strongdm.com
Our Status Page site is hosted externally by Atlassian. No security testing should be done against the platform itself. Any security issues found within the platform should be reported directly to [Atlassian](https://bugcrowd.com/atlassian).
@properties
*.attorneyskeytitle.com
*.chartwellescrow.com
*.ctccal.com
*.firstalliancetitle.com
*.kvstitle.com
*.legacytexastitle.com
*.sqstitle.com
Chartwell
Christie’s International Real Estate
Consumer’s Title of California
Glide
KVS Title
LegacyTexas Title
SQS Square Settlements
glide.com
http://www.compass.com/api/v3/lead_forms/agent_profile
http://www.compass.com/contact/
staebapp01.allegion.com
Out of scope
stczpisupplier.allegion.com
Not in scope
stisupplier.allegion.com
support.wickr.com
community.pagerduty.com
http://www.pagerduty.com/support/
The Support Form and ticketing system is owned by a third party.
university.pagerduty.com
www.pagerduty.com/contact-us/
The "Contact Us" form is operated by a third party.
affiliates.payoneer.com
blog.payoneer.com
brand.payoneer.com
community.payoneer.com
duediligence.payoneer.com
explore.payoneer.com
investorday.payoneer.com
register.payoneer.com
skuad.io
tracks.payoneer.com
Dunnhumby
Please report any vulnerabilities here:
https://www.dunnhumby.com/security.txt
Tesco Bank
Tesco Mobile
https://www.tescomobile.com/.well-known/security.txt
*.plexlabs.io
clicks.moonpay.com
docs.hypermint.com
docs.moonpay.com
ethpass.xyz
Don\'t report for this domain as will be not rewarded
help.moonpay.com
page.moonpay.com
plexlabs.io
qr.moonpay.com
request-headers-no-proxy.moonpay.com
request-headers.moonpay.com
storefront.hypermint.com
support.moonpay.com
*.koho.ca/cdn-cgi
Customer Support Request Forms
Customer support request forms (i.e. - Veeam Customer Portal Cases and Case Escalation Forms) are not in scope for this program.
Virtual Chat Assistants
Virtual chat assistants on our websites are provided by an out of scope 3rd party and are not in scope for this program.
https://www.mavieencouleurs.fr
autodiscover.apnic.net
Out of scope because it\'s a CNAME to a 3rd party.
enterpriseenrollment.apnic.net
enterpriseregistration.apnic.net
help.apnic.net
info.apnic.net
login.apnic.net
lyncdiscover.apnic.net
sip.apnic.net
upload.apnic.net
*.app.cloud.gov
Domains of the form *.app.cloud.gov are customer domains, and are out of scope.
*.cloud.gov
Only the subdomains of `cloud.gov` explicitly listed are in scope; all other subdomains are excluded.
*.data.gov
18f.gov
18f.gsa.gov
all-sorns.app.cloud.gov
data.gov applications
Please do not perform any testing on third-party applications that happen to be powered by data.gov (i.e. https://data.gov/applications/)
http://github.com/18f/identity-saml-java
http://github.com/18f/identity-saml-python
manage.data.gov
vote.gov
careers.tenable.com
cloud.tenable.com
community.tenable.com
de.tenable.com
developers.tenable.com
docs.tenable.com
fr.tenable.com
go.tenable.com
login.tenable.com
partners.tenable.com
static.tenable.com
suggestions.tenable.com
university.tenable.com
www.tenable.com
Assets operated by, but not owned by, Snowplow.
We would like to focus your attention on our own estate, not the solutions we spin up for our customers or the technology of our partners. Starting your journey at https://snowplowanalytics.com should keep you in the right zone.
segashop.co.uk
http://*.neweggbusiness.com
jobs.newegg.com
Site content on this subdomain hosted by 3rd party
sellerportal.newegg.com
sellingpilot.newegg.com
*.maconsotempsreel.octopusenergy.fr
*.fastly.net
community.fastly.com
connect.fastly.com
Adagio
Adagio is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Barista Bros
Barista Bros is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Cafe Punta Del Cielo
Cafe Punta Del Cielo is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Cinnabon
Cinnabon is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Emerils
Emerils is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Evian
Evian is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Gloria Jean\'s
Gloria Jean\'s is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Hollys Coffee
Hollys Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand.
Kahlua
Kahlua is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Krispy Kreme
Krispy Kreme is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Laughing Man
Laughing Man is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Margaritaville
Margaritaville is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Newman\'s Own
Newman\'s Own is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Panera Bread
Panera Bread is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Peet\'s Coffee
Peet\'s Coffee is not a wholly owned brand by Keurig Dr Pepper. KDP does not own the web assets related to this brand
RC Cola International
RC Cola International is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Swiss Miss
Swiss Miss is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Timothy\'s World Coffee
Timothy\'s World Coffee is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
Vitacoco
Vitacoco is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
support.commercial.keurig.com
support.keurig.ca
support.keurig.com
support.keurigdrpepper.com
www.diedrichroasters.com
Diedrich is an Allied brand of Keurig Dr Pepper. KDP does not own the web assets related to this brand
*dev*.krisp.ai
Development environment
metabase.krisp.ai
sdk-docs.krisp.ai
url5145.krisp.ai
voice-ai-newsletter.krisp.ai
whatsnew.krisp.ai
DMARC Policy
DMARC Policy for all services is not in-scope for the bug bounty program.
HSTS & CAA Configuration
Strict Transport Security & Certification Authority Authorization for all services is not in-scope for the bug bounty program.
Hedera Mainnet API Endpoints
https://docs.hedera.com/guides/mainnet/mainnet-nodes#mainnet-node-address-book
Hedera Owned Domains & Subdomains
_.hedera.com_
_.hederacouncil.org_
_.hedera.io_
_.hederahashgraph.com_
_.hashgraph.com_
Mainnet Mirror Node APIs
https://mainnet.mirrornode.hedera.com
https://hcs.mainnet.mirrornode.hedera.com
The testnet mirror node REST API offers the ability to query transaction information
Services Hosted by 3rd Party
Example: shop.hedera.com, members.hedera.com, status.hedera.com, docs.hedera.com, netki.hedera.com, etc.
Weak Password Policy
Weak Password Policy for all services is not in-scope for the bug bounty program.
api-2.khealth.io
careers.khealth.com
This asset is out of scope. Submissions relating to this asset will not be rewarded.
http://*.hydrogenhealth.com
All assets within this scope item containing the strings "dev" and / or "staging" are excluded from the scope.
https://khealth.com/careers
khealth-test.com
This asset is included here in order to indicate its out-of-scope status
support.smtp2go.com
Vendor/Partner
Any services not expressly listed above, such as any connected services, are excluded from scope and are not authorized for testing.
Additionally, vulnerabilities found in JetBlue systems from our business partners fall outside of this policy’s scope and should be reported directly to the business partner according to their disclosure policy (if any).
*.awards.slotomania.com
com.youdagames.gop3multiplayer
This App belongs to our Tier 3 category of rewards system.
id877638937
sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com
Reflected Cross-Site-Scripting (RXSS) vulnerabilities in the following assets are temporarily out of scope.
dev-proxy-ci-centralus.agrisync.com
http://www.deere.com/assets/pdfs
account-reader.tide.co
admin.tide.co
bot-*.bo.tide.co
community.tide.co
domains.tide.co
http://*-staging.tide.co
http://*-wip.tide.co
http://*.staging.tide.co
http://*.stg-tideplatform.in
http://*.wip-tideplatform.in
http://*.wip.tide.co
mi.tide.co
portaldesign.tide.co
status-*.tide.co
status.tide.co
www.tidecharity.org.uk
ceros.leafnow.com
com.mts.webtrading
https://bids.acqcenter.com
https://dp.acqcenter.com
https://eiamd-eis.com
https://frtcmodernization.com
https://nicmontereyea.com
https://nwtteis.com
https://pmsr-eis.com
https://sealbeachea.com
https://uat1.acqcenter.com
https://uat2.acqcenter.com
Globalpaymentsinc.com and Globalpayments.com - OUT OF SCOPE
Globalpaymentsinc.com and Globalpayments.com are out of scope for the Vulnerability Disclosure Program. Research on these assets are only allowed in our private bug bounty program with specific testing instructions.
Leaked Credentials
UCS
blog.clubhouse.com
wvcorp.tva.com
This site has a very weak auth page in front of it and was done as a matter of "requirement" at the time. This site is being modified to remove the auth page as the data is public and nonsensitive.
signin.costco.com
consensys-solutions.net
consensys.net
events.on-running.com
events.on.com
https://shz64n.on-running.com/
partners.on-running.com
partners.on.com
shz64n.on.com/
help.hypr.com
partners.hypr.com
support.hypr.com
*.who.int
covid19app.who.int
*.getbouncer.com
Onboarding Verification Link Crawling
Stripe has a project in place to revamp its crawling infrastructure for onboard verification links. Until that work is completed reports related to this feature will be reviewed but closed as informative.
Stripe Third Party Apps and Integrations
Vulnerabilities found in third party apps, integrations, and their infrastructure should be reported to the responsible developer. This includes third parties that insecurely implement Stripe components or API methods.
Reporters should only report vulnerabilities in Stripe third party apps and integrations to Stripe under this program if they do not receive a satisfactory response from the responsible developer. These types of reports are not eligible for a bounty. Please include specifics regarding steps taken to communicate with the third party.
Freshsales-iOS-App
Freshsales iOS app can be downloaded from https://apps.apple.com/us/app/freshsales/id1073125057
com.freshdesk.freshsales.mobile
Freshsales Android app can be downloaded from https://play.google.com/store/apps/details?id=com.freshdesk.helpdesk
freshworks.atlassian.net
We don\'t use this Atlassian JIRA instance.
http://yourdomain.myfreshworks.com/crm/marketer
Due to a product revamp, we have decided to remove Freshmarketer product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team.
Freshmarketer Endpoint - yourdomain.myfreshworks.com/crm/marketer
http://yourdomain.myfreshworks.com/crm/sales
Due to a product revamp, we have decided to remove Freshsales product from the HackerOne "In-scope" items. This policy will be effective from Nov 26th, 2024. Any bugs reported by HackerOne researchers before Nov 26th,2024 will be considered by the team.
Freshsales Endpoint - yourdomain.myfreshworks.com/crm/sales
wchat.freshchat.com
www.freshworks.com
The domain www.freshworks.com is a static webpage containing no sensitive information.
yourdomain.freshping.io
yourdomain.freshstatus.io
yourdomain.freshsurvey.io
www.corda.net
www.r3.com
aem-prod.brookfieldproperties.com
aem-qa.brookfieldproperties.com
aem-test.brookfieldproperties.com
apts.brookfieldproperties.com
auexpe.brookfieldproperties.com
autodiscover.brookfieldproperties.com
azuebtpblu0501d.brookfieldproperties.com
bamazaubtaap01p.brookfieldproperties.com
bfpl30clpcc01.brookfieldproperties.com
bfpl30clpcs01.brookfieldproperties.com
bpoazusmpsap01p.brookfieldproperties.com
bpoazusmpsap02p.brookfieldproperties.com
brexpc.cluster.brookfieldproperties.com
brexpe.brookfieldproperties.com
brookfieldproperties.com
brospf.brookfieldproperties.com
camkm-pvwa01.brookfieldproperties.com
canrpc.brookfieldproperties.com
captive.brookfieldproperties.com
causash-pvwa02.brookfieldproperties.com
click.b.brookfieldproperties.com
click.e.brookfieldproperties.com
cloud.b.brookfieldproperties.com
cloud.e.brookfieldproperties.com
collab-edge.brookfieldproperties.com
conteudo.brookfieldproperties.com
cuc-bf-1-p-au9-01-ms.brookfieldproperties.com
cuc-bf-1-p-au9-01.brookfieldproperties.com
cuc-bf-1-p-br1-01-ms.brookfieldproperties.com
cuc-bf-1-p-br1-01.brookfieldproperties.com
cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com
cuc-bf-1-p-eu8-01.brookfieldproperties.com
cuc-bf-1-p-na9-01-ms.brookfieldproperties.com
cuc-bf-1-p-na9-01.brookfieldproperties.com
cuc-bf-1-s-au9-02.brookfieldproperties.com
cuc-bf-1-s-br1-02.brookfieldproperties.com
cuc-bf-1-s-ca2-01.brookfieldproperties.com
cuc-bf-1-s-eu8-02.brookfieldproperties.com
cyberark.brookfieldproperties.com
expc-bf-1-p-au9-01.brookfieldproperties.com
expc-bf-1-p-br1-01.brookfieldproperties.com
expc-bf-1-p-br1-02.brookfieldproperties.com
expc-bf-1-p-ca2-01.brookfieldproperties.com
expc-bf-1-p-eu8-01.brookfieldproperties.com
expc-bf-1-p-na9-01.brookfieldproperties.com
files.brookfieldproperties.com
google.brookfieldproperties.com
hello.rent.brookfieldproperties.com
icdworkspace.brookfieldproperties.com
image.b.brookfieldproperties.com
image.e.brookfieldproperties.com
imp-bf-1-p-br1-01-ms.brookfieldproperties.com
imp-bf-1-p-br1-01.brookfieldproperties.com
imp-bf-1-p-eu8-01.brookfieldproperties.com
imp-bf-1-p-na9-01.brookfieldproperties.com
imp-bf-1-s-br1-02.brookfieldproperties.com
imp-bf-1-s-ca2-01.brookfieldproperties.com
imp-bf-1-s-eu8-02.brookfieldproperties.com
investors.brookfieldproperties.com
iotservices.brookfieldproperties.com
link.agency.brookfieldproperties.com
link.bp.brookfieldproperties.com
lyncdiscover.brookfieldproperties.com
lyncdiscoverinternal.brookfieldproperties.com
na1bthyb01.brookfieldproperties.com
na1bthyb02.brookfieldproperties.com
na2btled01.brookfieldproperties.com
na2btlfe01.brookfieldproperties.com
nac1m-s1.brookfieldproperties.com
nac1m-t1.brookfieldproperties.com
nac1m-t2.brookfieldproperties.com
nac1m-t3.brookfieldproperties.com
nac225l-s1.brookfieldproperties.com
nac225l-t1.brookfieldproperties.com
naexpe.brookfieldproperties.com
oncite.brookfieldproperties.com
pam.brookfieldproperties.com
rent.brookfieldproperties.com
rooms.brookfieldproperties.com
roomsicd.brookfieldproperties.com
secure.brookfieldproperties.com
staging.brookfieldproperties.com
staging.rent.brookfieldproperties.com
staging.webadmin.brookfieldproperties.com
thycotic.brookfieldproperties.com
tsbazusaudit01p.brookfieldproperties.com
tsbazussqldb01s.brookfieldproperties.com
tsbazuswdsdc01p.brookfieldproperties.com
tsgazauwdsdc01p.brookfieldproperties.com
tsgazsgwdsdc01p.brookfieldproperties.com
tsgazsgwdsdc02p.brookfieldproperties.com
tsgazusexhyb01p.brookfieldproperties.com
tsgazusexhyb02p.brookfieldproperties.com
tsgazusipmap01p.brookfieldproperties.com
tsgwsusexhyb01p.brookfieldproperties.com
tsgwsusexhyb02p.brookfieldproperties.com
ucm-bf-1-p-au9-01-ms.brookfieldproperties.com
ucm-bf-1-p-au9-01.brookfieldproperties.com
ucm-bf-1-p-br1-01-ms.brookfieldproperties.com
ucm-bf-1-p-br1-01.brookfieldproperties.com
ucm-bf-1-p-eu8-01.brookfieldproperties.com
ucm-bf-1-p-na9-01-ms.brookfieldproperties.com
ucm-bf-1-p-na9-01.brookfieldproperties.com
ucm-bf-1-s-au9-02.brookfieldproperties.com
ucm-bf-1-s-br1-02.brookfieldproperties.com
ucm-bf-1-s-ca2-01.brookfieldproperties.com
ucm-bf-1-s-ca2-02.brookfieldproperties.com
ucm-bf-1-s-eu8-02.brookfieldproperties.com
ucm-bf-1-s-na9-02.brookfieldproperties.com
ucm-bf-1-s-na9-03.brookfieldproperties.com
ucm-bf-1-s-na9-04.brookfieldproperties.com
ukexpe.brookfieldproperties.com
usarpc.brookfieldproperties.com
usash-pvwa02.brookfieldproperties.com
view.b.brookfieldproperties.com
view.e.brookfieldproperties.com
webadmin.brookfieldproperties.com
webmail.brookfieldproperties.com
workspace.brookfieldproperties.com
workspaceicd.brookfieldproperties.com
workspaceportal.brookfieldproperties.com
www.azuebtpblu0501d.brookfieldproperties.com
www.bamazaubtaap01p.brookfieldproperties.com
www.bfpl30clpcs01.brookfieldproperties.com
www.brexpc.cluster.brookfieldproperties.com
www.brookfieldproperties.com
www.captive.brookfieldproperties.com
www.cuc-bf-1-p-au9-01-ms.brookfieldproperties.com
www.cuc-bf-1-p-br1-01-ms.brookfieldproperties.com
www.cuc-bf-1-p-eu8-01-ms.brookfieldproperties.com
www.expc-bf-1-p-au9-01.brookfieldproperties.com
www.expc-bf-1-p-br1-01.brookfieldproperties.com
www.expc-bf-1-p-eu8-01.brookfieldproperties.com
www.na2btled01.brookfieldproperties.com
www.pam.brookfieldproperties.com
www.secure.brookfieldproperties.com
www.thycotic.brookfieldproperties.com
www.tsgazauwdsdc01p.brookfieldproperties.com
www.tsgazsgwdsdc01p.brookfieldproperties.com
www.tsgazusipmap01p.brookfieldproperties.com
www.ucm-bf-1-p-au9-01-ms.brookfieldproperties.com
www.ucm-bf-1-p-br1-01-ms.brookfieldproperties.com
www.ucm-bf-1-p-eu8-01-ms.brookfieldproperties.com
community.doppler.com
This is our community hub hosted on Discourse.
docs.doppler.com
This subdomain points to our docs hosted on ReadMe.
doppler.com
This is our marketing website built on Webflow.
http://calendly.com/doppler/enterprise
Please do not attempt to test the Doppler calendly integration
https://github.com/DopplerHQ/awesome-bots
This is a public collection of resources maintained by the community.
support.doppler.com
This is our support hub hosted on Zendesk.
*.grindrads.com
This site is hosted by a third-party, Bucksense. Please contact security@bucksense.com to report security vulnerabilities.
*.intomore.com
Any databases, Wordpress instances, web infrastructure related to INTO is out of scope
blog.grindr.com
The site is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here:
https://www.squarespace.com/vulnerability-reporting
github.com/thesokrin/vfd
Known issue; this repo describes staging systems that are no longer in use. Please do not submit reports unless you are able to demonstrate a connection between this code and live infrastructure.
go.grindr.com
This site is hosted by a third-party, GoLinks. Please contact them at https://www.golinks.io/contact.php
grindr.atlassian.net
This site is hosted by a third-party; please direct security vulnerabilities to Atlassian at https://bugcrowd.com/atlassian
grindrbloop.com
This is hosted by a third-party, Squarespace. Please report security issues on their HackerOne account. Instructions here:
grindrtogo.grindr.com
This site is hosted by a third-party, Shopify. Please report security issues on their HackerOne account:
https://hackerone.com/shopify
help.grindr.com
The site is hosted by a third-party, ZenDesk. Please report security issues on their HackerOne account: https://hackerone.com/zendesk?type=team
https://github.com/grindrlabs
investors.grindr.com
This is Grindr\'s Investor Relations site. The site is hosted by a third-party, Q4 inc.
As recommended on https://www.q4inc.com/contact-us/default.aspx, submit security related issues or concerns to support@q4inc.com
kindr.grindr.com
This site is hosted by a third-party, Wix. Please report security issues on their HackerOne account:
https://support.wix.com/en/article/reporting-a-security-issue
selfservice.grindr.com
shop.grindr.com
shop.grindrbloop.com
*.browser.cloud.com
*.citrix*.com
*.cloudburrito.com
Staging Environment for Citrix Cloud
*.podio.com
*.securevdr.com
*.xmdev.cloud.com
Dev Environment for CEM (XenMobile)
*.xmqa.cloud.com
QA Environment for Citrix Endpoint Management (XenMobile)
*.xmtest.cloud.com
Test Environment for CEM (XenMobile)
accounts-internal.cloud.com
citrix.cloud.com
launch.cloud.com
www.cloud.com
c21.hk
century21.hk
*.afadvantage.gov
*.cio.gov
*.itdashboard.gov
alpha.sam.gov
fbo.gov
fdms.gov
fedidcard.gov
fsrs.gov
gobiernousa.gov
gsaauctions.gov
info.gov
innovation.gov
itdashboard.gov
kids.gov
performance.gov
pic.gov
pif.gov
plainlanguage.gov
presidentialinnovationfellows.gov
realestatesales.gov
www.openmage.org
This asset is hosted by Github Pages. Please observe [Github\'s security program](https://hackerone.com/github) and report directly to them if any issues are found with the underlying technologies. Only issues directly affecting the security or privacy of the OpenMage organization should be submitted to this program.
### Email services for the openmage.org domain are not in scope! Reports relating to SPF and DMARC will be closed immediately as N/A.
*cars.aerlingus.com
aerlingus.estore.iagl.digital
Replaced with https://www.shopping.ba.com (same code base)
ba.estore.iagl.digital
buyavios.iberia.com
Replaced with https://pgt.shopping.ba.com/ (same code base)
https://*.iagloyalty.com
This asset is hosted by Hubspot, and as such these reports should be submitted to them directly.
https://docs-next.apiportal.dev.iagl.digital/docs
Replaced with https://docs.iagloyalty.com
https://docs.iagloyalty.com
https://shop.ba.com/
https://www.iagcargo.com/en/page/claims-process
https://www.iagcargo.com/en/page/critical-performance-guarantee-refund-request
https://www.iagcargo.com/en/page/prioritise-performance-guarantee-refund-request
https://www.iagcargo.com/en/page/product/live-animals
https://www.iagcargo.com/en/page/product/pets
https://www.iagcargo.com/en/page/product/relocation
https://www.iagcargo.com/en/page/tracking-devices-enquiry
https://www.iagcargo.com/es/page/claims-process
https://www.iagcargo.com/es/page/critical-performance-guarantee-refund-request
https://www.iagcargo.com/es/page/prioritise-performance-guarantee-refund-request
https://www.iagcargo.com/es/page/product/live-animals
https://www.iagcargo.com/es/page/product/pets
https://www.iagcargo.com/es/page/product/relocation
https://www.iagcargo.com/es/page/tracking-devices-enquiry
https://www.iberia.com/*/*.do*
https://www.iberia.com/cs/satellite*
iberia.estore.iagl.digital
pgt.estore.aerlingus.com
vueling.estore.iagl.digital
www.hangar51.com
This asset is hosted by Webflow, and as such these reports should be submitted to them directly at https://webflow.com/security
8x8-meeting-rooms
8x8 Spaces -
https://apps.apple.com/us/app/8x8-meeting-rooms/id1468264023
While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions
8x8.wavecell.com
(webmail.wavecell.com)
Powered by [Hubspot](https://bugcrowd.com/hubspot).
Jitsi Meet Desktop
https://desktop.jitsi.org/Main/Download.html
Jitsi Desktop is the heritage of Jitsi Meet. While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions.
accountmanager.8x8.com
com.atlassian.JitsiMeet.ios
https://apps.apple.com/us/app/jitsi-meet/id1165103905
While some components are still used in e.g. Jigasi, the project is not actively developed anymore. Improvements, bugfixes and builds are entirely based on community contributions.
com.spot8x8.spot
8x8 Spaces - https://play.google.com/store/apps/details?id=com.spot8x8.spot
express.8x8.com
feedback.wavecell.com
Powered by [Canny](https://canny.io/security).
get8x8.com
http://*.callstats.io
Sold to Spearline. No longer owned by 8x8.
http://*.contactnow.8x8.com
http://*.jitsi.org
http://*.sameroom.io
investors.8x8.com
mobileidentity.8x8.com
also api.mobileidentity.8x8.com
(more info to come soon)
org.jitsi.meet
https://play.google.com/store/apps/details?id=org.jitsi.meet
supersite.8x8.com
support-portal.8x8.com
support.8x8.com
vm.8x8.com
www.8x8.com
www.wavecell.com
eflow.watsons.com.tw/
form.watsons.com.my
https://www.watsons.com.my/blog
Any feedback form
MarketPlace Submission process.
community.miro.com
developers.miro.com
events.miro.com
help.miro.com
miro.com/api/stream/v1/*
miro.com/careers/vacancy/*
miro.com/contact/*
status.miro.com
*.corebridgefinancial.com
*.travelguard.com
travel.aig.co.jp
Subdomains maintained by third parties, other than AIG, are not in scope for this program.
www-1008.aig.com
www.corebridgefinancial.com
*.fip.finra.org
https://ews.finra.org/*
*.pantheonsite.io
careers.chime.com
3rd-party vendor
nd.chime.com
blog.launchdarkly.com
launchdarkly.com
This is our static marketing site.
sandbox.launchdarkly.com
slack.launchdarkly.com
status.launchdarkly.com
*.matic.network
https://github.com/maticnetwork/contracts
#Contracts
This repository contains the smart contracts that power Matic Network
*.skale.network
https://github.com/skalenetwork/skale-node-cli
https://github.com/skalenetwork/validator-cli
Spamming of forms and APIs with automated vulnerability scanners are strictly out of scope
help.yesware.com
roadmap.vendasta.com
Uses a third-party content management system so it is ineligible for VDP.
t.yesware.com
This subdomain is used for generated email tracking links. **We do not accept open-redirect issues for this subdomain**.
www.vendasta.com
www.yesware.com
www.designsystems.com
event.us-east-1.sws.siemens.com
http://o0pv3l7chl.execute-api.us-east-1.amazonaws.com/dev
https://react.vis.pre2.usea1.devops.sws.siemens.com/sample/dist/index.html
poh0v3odoi.execute-api.eu-central-1.amazonaws.com
*.aws.*
*.dev
.*a2z*.
AWS and AWS customer assets are strictly out of scope
Amazon Web Services (AWS)
Currently, anything related to AWS should be considered out of scope and should be reported directly to AWS: https://aws.amazon.com/security/vulnerability-reporting/
Anything considered a non-prod asset
Anything which redirects to AWS
amazongames.com
learning.logistics.amazon.com
CS.Money Antiscam
This is our Google Chrome extension, which protects our users from potential scams. No longer supported and thus out of scope.
[Chrome Web Store](https://chrome.google.com/webstore/detail/csmoney-antiscam/bocdepodnagbohblgjmooobalmcojkpg)
grafana.cs.money
Out of scope. This is our instance of Grafana.
old.cs.money
Out of scope. This was the old version of our primary web application.
Any assets not listed
\\*.[any-domain].[or.id|com|net|org|id|web.id]:[2082|2083|2086|2087|2095|2096]/any backend we not manage
\\*.1337.or.id, wiki.1337.or.id, news.1337.or.id
Browser extensions/add-ons
\\- XSSRush (Chrome/Firefox)
access-dr.navient.com
access.navient.com
altaccess.navient.com
assist.navient.com
clientaccess.citrixcloud.navient.com
filegateway.navient.com
fms.navient.com
jobs.navient.com
m.jobs.navient.com
militaryadvisorchatbot-qa.navient.com
militaryvirtualassist-public.navient.com
mynavientwellbeing.com
navientlogin.b2clogin.com
navientpath.com
news.navient.com
o8.studentloan.navient.com
pcx.navient.com
rsa.citrixcloud.navient.com
services.navient.com
services2.navient.com
ssp.navient.com
studentloan.navient.com
tableau-prod.navient.com
tableau-test.navient.com
adsmanager.truecaller.com
community.truecaller.com
support.truecaller.com
www.investnext.com
com.evernote.android
help.evernote.com
https://svn.filezilla-project.org/svn/filezilla3/trunk/src/storj/
This also includes the libstorj dependency.
Tier 1
Bounty table header
Tier 2
Tier 3
account.clario.co
api-ne.clario.co
api.account.opendoor.ltd
old
*.hcltechsw.com
*.atp-exodus.com
We do not own atp-exodus.com assets hence it should be considered out of scope.
exodus.atlassian.net
We do not own Atlassian instance at https://exodus.atlassian.net . Any reports containing this out-of-scope asset will be marked as N/A
exodusstore.blob.core.windows.net
This azure bucket does not belong to us please refrain from submitting.
get.exodus.*
This subdomain is hosted on a 3rd party dataset
http://exodus.com/keybase.txt
intentionally public. Any report related to this will be marked Not-Applicable
http://www.exodus.com/contact-support
https://exodus.atlassian.net
We do not own this instance, Any report related to this will be marked as `Not-Applicable`
slack-invite.exodus.com
Invite link to our public Slack, there are no vulnerabilities.
support-helpers.a.exodus.io
This subdomain points to our support and hiring services which are hosted on 3rd party dataset
support.exodus.com
Domain is not in scope for testing
www.exodus.com/job-application/*
3rd party service installed on the endpoint
Out Of Scope
#### Out of Scope:
* admin.topcoder.com
* api-work.topcoder.com
* dev.arena.topcoder.com
* qa.arena.topcoder.com
* arenaws.topcoder.com
* asteroids.topcoder.com
* beta.topcoder.com
* beta-community-app.topcoder.com
* blitz.topcoder.com
* bluehost.topcoder.com
* bluehost-test01.topcoder.com
* bluehost-test02.topcoder.com
* cmap-leaders.topcoder.com
* coder.topcoder.com
* codeyourwayin.topcoder.com
* dtn.topcoder.com
* epa.topcoder.com
* hphaven.topcoder.com
* ideas.topcoder.com
* info.topcoder.com
* internal-api.topcoder.com
* jp.topcoder.com
* lightning.topcoder.com
* link.topcoder.com
* mediasharedev.topcoder.com
* mediasharepoc.topcoder.com
* mobile.topcoder.com
* predix.topcoder.com
* qa.topcoder.com
* software.qa.topcoder.com
* studio.qa.topcoder.com
* site.topcoder.com
* smtp.topcoder.com
* swift.topcoder.com
* talk.topcoder.com
* tcdev1.topcoder.com
* tcdev3.topcoder.com
* topgear.topcoder.com
* training.topcoder.com
* tunnel1.topcoder.com
* vorbote.topcoder.com
* wiki.topcoder.com
* x-receiver.topcoder.com
www.gmelius.com
Gmelius\' www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider.
api.outpost.co
app.outpost.co
www.mplans.com
www.outpost.co
www.teamoutpost.com
*.mtnfootball.com
HI we no longer are in ownership of this domain or subdomains.
41.189.179.249
41.216.67.108
41.216.78.13
41.216.80.172
achom.ir
areeba.com.gh
areeba.com.gn
electricityservices.mtn.com.sy
faulucareers.co.ke
gameplus.mtnonline.com
games.mtnonline.com
h14de.n2.ips.mtn.co.ug
h1576.n2.ips.mtn.co.ug
h163e.n2.ips.mtn.co.ug
h18e.n1.ips.mtn.co.ug
h19f2.n2.ips.mtn.co.ug
h19f6.n2.ips.mtn.co.ug
h1b24.n2.ips.mtn.co.ug
h1b6e.n2.ips.mtn.co.ug
h1c1c.n2.ips.mtn.co.ug
h1c5b.n1.ips.mtn.co.ug
h1f7.n1.ips.mtn.co.ug
h1fa.n1.ips.mtn.co.ug
h2252.n1.ips.mtn.co.ug
h2276.n1.ips.mtn.co.ug
h22d.n1.ips.mtn.co.ug
h22eb.n1.ips.mtn.co.ug
h2302.n1.ips.mtn.co.ug
h234e.n1.ips.mtn.co.ug
h235.n1.ips.mtn.co.ug
h245a.n1.ips.mtn.co.ug
h2472.n1.ips.mtn.co.ug
h254e.n1.ips.mtn.co.ug
h27d.n2.ips.mtn.co.ug
h27d6.n1.ips.mtn.co.ug
h27da.n1.ips.mtn.co.ug
h2826.n1.ips.mtn.co.ug
h2a36.n1.ips.mtn.co.ug
h2a8.n1.ips.mtn.co.ug
h2cf3.n1.ips.mtn.co.ug
h2cf3.n1.ips.mtn.co.ug:8070
h2d.n1.ips.mtn.co.ug
h2d5.n1.ips.mtn.co.ug
h2dea.n1.ips.mtn.co.ug
h30e.n1.ips.mtn.co.ug
h341b.n1.ips.mtn.co.ug
h3426.n1.ips.mtn.co.ug
h37d.n1.ips.mtn.co.ug
h3b5.n1.ips.mtn.co.ug
h3b68.n1.ips.mtn.co.ug
h3b7.n1.ips.mtn.co.ug
h3e5.n1.ips.mtn.co.ug
h456.n1.ips.mtn.co.ug
h62a.n1.ips.mtn.co.ug
h652.n2.ips.mtn.co.ug
h696.n2.ips.mtn.co.ug
h69a.n2.ips.mtn.co.ug
h6a2.n2.ips.mtn.co.ug
h6a6.n2.ips.mtn.co.ug
h6b6.n2.ips.mtn.co.ug
h6ba.n2.ips.mtn.co.ug
h6c6.n2.ips.mtn.co.ug
h6ca.n2.ips.mtn.co.ug
h6ce.n1.ips.mtn.co.ug
h6d2.n2.ips.mtn.co.ug
h6d6.n2.ips.mtn.co.ug
h6fa.n1.ips.mtn.co.ug
h742.n1.ips.mtn.co.ug
h7c2.n1.ips.mtn.co.ug
h80e.n1.ips.mtn.co.ug
h82e.n1.ips.mtn.co.ug
h862.n1.ips.mtn.co.ug
h93e.n1.ips.mtn.co.ug
hb16.n1.ips.mtn.co.ug
hb56.n1.ips.mtn.co.ug
hb92.n1.ips.mtn.co.ug
hbce.n1.ips.mtn.co.ug
hd65.n2.ips.mtn.co.ug
he2.n1.ips.mtn.co.ug
hfa.n4.ips.mtn.co.ug
hfe.n1.ips.mtn.co.ug
http://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331
https://www.evod.co.za/
https://www.mtn.com/contact/become-supplier/
Aware of the fucntion and tested via pentest teams
https://www.mtn.com/investors/sign-up-for-investor-information/
Not in scope aware of this and we have tested and happy with results from external pen testing firm
https://www.mtn.com/wp-json/
HI,
Hosted WordPress site, this is enabled on the hosted environment, other mitigation in place to prevent ddos and brute force from happening
https://www.mtn.com/wp-json/wp/v2/users/
https://www.mtn.com/wp-login.php
https://www.mtn.com/xmlrpc.php
https://www.mtnbusiness.co.za/en/pages/msteams-direct-routing.aspx/43331
irancel.ir
irancell.ir
jolie.ir
lonestarcell.org
m-game.mtnonline.com
move2mtn.com
mtn-bissau.com
Domain does not belong to MTN Bissau.
mtn-eschool.com
mtn-ic.com
mtn-weca.com
mtn.com.cy
This is from an entity that was sold off
mtn.com.ye
This forms part of an entity that was sold off
mtnblog.co.za
mtnbusiness.tel
mtnfootball.com
mtngame.net
mtngb.com
mtnhostedservices.com
mtnhostedservices.net
mtnlibmusic.com
mtnmail.org
mtnmail.tel
mtnmailsync.com
mtnmmo.com
mtnmobad.mtnbusiness.com.ng
mtnmobilemoney.us
mtnmobility.net
mtnonlineservices.com
mtnpulse.tel
mtnrechargelink.com
mtnspotlight.com
mtnsyr.com
mtnvoicemail.com
mtnzakhele.tel
mwstatic-game.mtnonline.com
novafone.com.lr
ptldynamic-game.mtnonline.com
ptlstatic-game.mtnonline.com
sharehub.co.ke
wap-game.mtnonline.com
wapstatic-game.mtnonline.com
www.evod.co.za
www.mtnbusiness.co.za
yellomonitoring.ir
https://github.com/kubernetes/ingress-gce
https://github.com/kubernetes/ingress-nginx
api-staging.gocardless.com
Staging version of the Dashboard API. Please test the Sandbox deployment instead.
api.gocardless.com
Production version of the Merchant Dashboard API component.
Please test the Sandbox deployment instead.
brand.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Webflow". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report.
connect.gocardless.com
Production version of the Merchant Dashboard OpenID authentication component.
gocardless-status.com, status.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Atlassian".
learn.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "PayTo University".
manage.gocardless-staging.io
Staging version of the Merchant Dashboard application. Please test the Sandbox deployment instead.
manage.gocardless.com
Production version of the Merchant Dashboard application.
oauth-staging.gocardless.com
Staging version of the OAuth API. Please test the Sandbox deployment instead.
oauth.gocardless.com
Production version of the authentication component of the GC4X application.
outgrow.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Outgrow".
partnerportal.gocardless.com, gocardless.my.site.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Salesforce". However, if you think there may be issues related to the configuration of the asset that may be under our control, we will consider the report.
pay.gocardless.com
Production version of the API used to process billing requests, related to the Merchant Dashboard application.
privacy.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Transcend".
qbo-api.gocardless.com
This is an API endpoint for a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks".
qbo.gocardless.com
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Quickbooks".
storybook.gocardless.io
This is a third-party application, which is not developed or maintained by us. Please report vulnerabilities related to this asset directly to "Storybook".
support.gocardless.com
This is our Zendesk instance. However, it is not under our control, and vulnerabilities should reported directly to Zendesk. If you think there is an issue that is caused specifically by our implementation of Zendesk that is not present in other instances, do let us know, and we can consider issuing a reward.
xero-sandbox.gocardless.com
GoCardless integration with Xero (GC4X). Users and permissions are managed through the Dashboard application (manage.gocardless). ReadOnly users cannot access GC4X; ReadWrite and Admin users have the same level of access on GC4X.
xero-staging.gocardless.com
Testing environment for the GoCardless integration with Xero. Frequently used by merchants for testing implementations.
xero.gocardless.com
Production version of the GoCardless integration with Xero.
*.acordocerto.com.br
preview.midigator.com
This is a demo site hosting exclusively test data to preview the functionality of the production website.
CounterAct 8.3
This is a new device type being introduced to the bug bounty program. Those with access to a counteract device / image are welcome to submit their findings!
datapod-1-100-ingest.development.forescoutcloud.net
* Expanded Datapod Host Range to 100 nodes
** Naming convention is datapod-[1-100]-ingest.development.forescoutcloud.net
** Example: datapod-1-ingest.development.forescoutcloud.net
** Example: datapod-10-ingest.development.forescoutcloud.net
and so on.
datapod-1-100-ingest.testing.forescoutcloud.net
** Naming convention is datapod-[1-100]-ingest.testing.forescoutcloud.net
** Example: datapod-1-ingest.testing.forescoutcloud.net
** Example: datapod-10-ingest.testing.forescoutcloud.net
datapod-1-100-query.development.forescoutcloud.net
** Naming convention is datapod-[1-100]-query.development.forescoutcloud.net
** Example: datapod-1-query.development.forescoutcloud.net
** Example: datapod-10-query.development.forescoutcloud.net
datapod-1-100-query.testing.forescoutcloud.net
** Naming convention is datapod-[1-100]-query.testing.forescoutcloud.net
** Example: datapod-1-ingest.query.forescoutcloud.net
** Example: datapod-10-ingest.query.forescoutcloud.net
datapod-1-ingest.acceptance.forescoutcloud.net
datapod-1-query.acceptance.forescoutcloud.net
forescout.service-now.com
mgmtpod-1-100-dashboard.development.forescoutcloud.net
* Expanded Mgmtpod Host Range to 100 nodes
** Naming convention is mgmtpod-[1-100]-dashboard.development.forescoutcloud.net
** Example: mgmtpod-1-dashboard.development.forescoutcloud.net
** Example: mgmtpod-10-dashboard.development.forescoutcloud.net
mgmtpod-1-100.development.forescoutcloud.net
** Naming convention is mgmtpod-[1-100].development.forescoutcloud.net
** Example: mgmtpod-1.development.forescoutcloud.net
** Example: mgmtpod-10.development.forescoutcloud.net
*nvapis.line.me
URLs that contain `nvapis.line.me` will be out of scope.
Example: `dev-nvapis.line.me`, `kr-nvapis.line.me` etc
DEMAE-CAN
LINE BANK
LINE FINANCIAL
LINE Pay
Please refrain from testing any functionality that is related to financial transactions. **This includes LINE Pay functionality within the LINE Application and Rabbit Pay for Thailand.**
LINE TAXI
LINEMAN
Yahoo Japan
https://entry.line.me/
livedoor
prod-fido-fido2-server.line-apps.com
This domain is a FIDO API endpoint for testing integrations. It has no user data and is purely for testing implementations. As such, it is out of scope for this program.
*.sky.com.mx
This is out of scope for submission.
12.0.1.28
accbusinesspricing.att.com
attdashboard.wireless.att.com
attpurchasing.com
This is out of scope for submission
attsuppliers.com
authkeysmx01.att.com.mx
c2m-projectone.att.com
https://clec.att.com/clec/
prod-taxexempt.att.com
projectone.att.com
rcloud.social
wf-projectone.att.com
*solidus.io
academy.datastax.com
*Automated Scanning Prohibited*
Sign ups are open, you may use any email address that can be verified to sign up for the academy.
community.datastax.com
https://*cla.datastax.com/
*.dev.dynatracelabs.com
*.dynatrace.com
This is our corporate website and it is out of scope of this program.
EasyTrade demo application
This is a demo application which helps you fill your testing environment with data.
For more details please have a look at the "Useful tips" section of the policy or the [github repo](https://github.com/Dynatrace/easytrade)
easyTravel demo application
This is a demo application which helps you fill your testing environment with data. For more details please have a look at the "Useful tips" section of the policy or our [community page](https://community.dynatrace.com/t5/Start-with-Dynatrace/easyTravel-Documentation-and-Download/m-p/181271).
https://github.com/Dynatrace-oss-contrib
Please be aware that only analysis of our source code is allowed. Do not perform any tests against [https://github.com.](https://github.com/).
*.citymapper.com/
*.drivewithvia.com
citymapper.com
remix.com
ridewithvia.com
ridewithvia.okta.com
status.coda.io
*.criticalstack.com
When creating accounts on this asset, please use the following information. If you need multiple accounts, please use {username}+1@wearehackerone.com etc.
Email:
{username}@wearehackerone.com
First Name: Bug Bounty
Last Name: Tester
DOB: 7/27/1994
Phone Number: 123-456-7890
Business Name: Bug Bounty Program
Address: 1680 Capital One Drive
State: VA
City: McLean
Country: USA
*.intelstack.com
*.unitedincome.com
414607046
asos-idcheck.capitalone.co.uk
3rd Party Asset
com.yinzcam.facilities.verizon
idcheck.capitalone.co.uk
jamfproqa.capitalone.com
littlewoods-idcheck.capitalone.co.uk
luma-idcheck.capitalone.co.uk
ocean-idcheck.capitalone.co.uk
postoffice-idcheck.capitalone.co.uk
thinkmoney-idcheck.capitalone.co.uk
travel-qa.capitalone.com
travel.capitalone.com
very-idcheck.capitalone.co.uk
reddit.secure.force.com
[Non-core asset]
Reddit maintains a SFDC tenant for customer management for our advertisers. SFDC bugs aren\'t eligible for payout, but misconfigurations that are Reddit\'s responsibility are.
*bc.earlywarning.com
ccpa*.zellepay.com
ccpa.zellepay.com
demo.earlywarning.com
docs.earlywarning.com
flip0717.earlywarning.com
toolkit.zellepay.com
zellepay.earlywarning.com
Out of scope per Salesforce policy
*.email.instacart.com
brand.instacart.com
careers.instacart.com
carrotstore.instacart.com
corporate.instacart.com
covidresponse.instacart.com
design.instacart.com
enterprise-status.instacart.com
Third-party system - [Atlassian Statuspage](https://www.atlassian.com/software/statuspage)
instacart.careers
life.instacart.com
news.instacart.com
tech.instacart.com
www.phpbb.com
Please limit your reports to the phpBB git repository for now.
developers.fortmatic.com
Out of scope third-party hosted integration
docs.fortmatic.com
email.fortmatic.com
static.fortmatic.com
china.airasiago.com
thailand.airasiago.com
www.expediapartnersolutions.com
api-portal.etoro.com
etorox.com
templates.etoro.com
*.netlify.app
Except for the in scope subdomains listed as in scope.
*.netlify.com
*.netlifycms.org
answers.netlify.com
docs.netlify.com
https://github.com/netlify/
webpop.com
This is an old asset and will be deprecated in the near future.
www.netlify.com
This is Netlify\'s marketing website.
*.canada.fanduel.com
*.fndl.dev
appsflyer.com
crashlytics.com
help.creditkarma.com
SalesForce owned-endpoint. Manual Testing only. No Automated Scanning.
• No automated scanning on this endpoint.
• Overnight hours only (10PM - 2AM PT)
• Please note during any cases and/or chat session , please indicate that you are performing a Bug Bounty test from HackerOne and that this case is a Spam PenTesting Ticket and any follow-up questions can be forwarded to Vivi.Langga.
https://www.creditkarma.com/all/advice
https://www.creditkarma.com/article/*
socialverification.creditkarma.com
socialverification.stage.creditkarma.com
taplytics.com
tax.creditkarma.com
taxsupport.creditkarma.com
.*mercadolibre.*
Redelcom
Any other asset related to redelcom
ajuda.kangu.com.br
developersforum
Any asset related to developersforum
Including but not limited to:
https://developersforum.mercadolibre.com.ar/
https://developersforum.mercadolibre.com.co/
https://developersforum.mercadolibre.cl/
https://developersforum.mercadolibre.com.mx/
https://developersforum.mercadolibre.com.ve/
Other urbancompany.com subdomains except for the ones in-scope
Examples of out-of-scope subdomains include but not limited to:
- careers.urbancompany.com
- careers.urbanclap.com
- blog.urbancompany.com
- blog.urbanclap.com
- sherlock.urbanclap.com
- sherlock.urbancompany.com
- ops.urbanclap.com
- ops.urbancompany.com
- configs.urbanclap.com
- configs.urbancompany.com
- jarvis.urbanclap.com
- jarvis.urbancompany.com
- pro.urbanclap.com
- dev*.urbanclap.com
- All staging and dev subdomains
https://www.remitly.com/blog
*.egadvertising.com
*.hoteis.com
*.hoteles.com
events.nutanix.com
frame.nutanix.com
karbon.nutanix.com
This domain and its sub-domains are out of scope.
mops.nutanix.com
next.nutanix.com
webex.nutanix.com
*.flickr.net
amt.flickr.com
appletv.flickr.com
blog.flickr.com
blogtest.flickr.com
bluebird.flickr.com
code.flickr.com
csp.flickr.com
flickrhelp.com
Please don\'t research or file reports against our customer support features
guce.flickr.com
health.flickr.com
help.flickr.com
links.flickr.com
This asset is used for emails and is out of scope.
parkorbird.flickr.com
stage.guce.flickr.com
trunk.guce.flickr.com
api.matomo.org
forum.matomo.org
Please don\'t post test posts on the forum.
The forum is using discourse, so please report any security issues [on their bug bounty](https://hackerone.com/discourse)
matomo.org
Project website
plugins.matomo.org
The Matomo Marketplace Platform is excluded from this bug bounty
shop.matomo.org
*.capturis.com
Submissions for noncredentialed access only. NISC does not issue credentials for its public vulnerability disclosure program.
*.igear.coop
*.nisc-mic.coop
*.nisc.coop
*.saitek-fr.com
*.saitek.com
*.saitekforum.com
*.wilife.com
Logitech Alert Cameras
Logitech Alert cameras and the Commander software were EOL\'ed many years ago and are not in scope for submission.
Squeezebox Products
Squeezebox products were EOL\'ed many years ago and aren\'t eligible for submissions.
*.phunware.com
*.ritzcarltonyachtcollection.com
We need to handle some internal ownership details until we can support this asset as part of our scope. Please do not test it.
*moxymix*.marriott.com
Any domains or infrastructure pertaining to Moxy Mix projects are OOS until further notice. Thanks for working with our policy changes!
Not-Listed Assets
## Any asset *not* listed in-scope is *ineligible* for bounty and will be marked N/A
Phoenix Platform
apps.ritzcarlton.com
element-hotels.marriott.com
hotelexcellence.marriott.com
luxurybrands.marriott.com
marriott.tech
marriottlearnourbrands.com
meetings-excellence.marriott.com
mi.bookmarriott.com
milux.marriott.com
springhillsuites.marriott.com
towneplacesuites.marriott.com
This is a vanity site
vacations.marriott.com
We do not own this site.
www.github.com
We do not own this domain but we wish to receive notice of repositories on here that may contain our data.
www.travelagents.marriott.com
learn.acronis.com
Intercom
Intercom is a 3rd party add-on and is not in scope.
blog.chain.link
chainlinklabs.com
The asset chainlinklabs.com is out of scope for this program.
create.smartcontract.com
docs.chain.link
github.com/smartcontractkit/chainlink/contracts/src/*/dev
The contracts in the chainlink/contracts/src/*/dev directory are currently in development and not considered production-ready.
github.com/smartcontractkit/chainlink/examples
The Chainlink Examples directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development.
https://github.com/smartcontractkit/chainlink/tree/master/core/internal
The internal directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development.
https://github.com/smartcontractkit/chainlink/tree/master/core/sgx
The Chainlink SGX directory contains tools and private keys in order to test the Chainlink\'s SGX compatibility in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development.
https://github.com/smartcontractkit/chainlink/tree/master/integration
The Chainlink Integration directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development.
https://github.com/smartcontractkit/chainlink/tree/master/tools
The Chainlink Tools directory contains tools and private keys in order to test the Chainlink client in an end-to-end, deterministic way. It contains private keys and passwords which are only for use in development.
*.atlassian.net
*.paypal.cn
**Please submit all `https://www.paypal.cn/` reports to the associated bounty program:**
- Paypal.vulbox.com
braintree.com
Please note braintree.com does not belong to PayPal, and as such is out of scope.
com.paypal.here
com.paypal.herehd
www.gopay.com
**Please submit all `Gopay` reports to:**
cbswag.com
This is a Shopify store, we recommend you submit any shopify bugs to their program: https://hackerone.com/shopify
status.chaturbate.com
This is a 3rd party site and therefore ineligible.
support.chaturbate.com
The support site is 3rd party and therefore not part of the bounty program.
*.pixiv.co.jp
factory.pixiv.net
* This site is in Japanese.
* This site uses pixiv account (signup at https://accounts.pixiv.net).
*.affirm.com
https://github.com/crypto-com/chain-desktop-wallet
https://github.com/crypto-com/cro-staking
https://github.com/crypto-com/swap-contracts-core
https://github.com/crypto-com/swap-contracts-periphery
com.goodrx.doctors
iOS Download: https://itunes.apple.com/app/id1122105489
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.doctors
com.goodrx.gold
iOS Download: https://itunes.apple.com/app/id1249717355
Playstore Download: https://play.google.com/store/apps/details?id=com.goodrx.gold
Gold workflow and features are being migrated into the primary GoodRx consumer app. Bounties for the Gold application must be replicated within the core GoodRx application to qualify for a bounty.
investors.goodrx.com
This subdomain is not managed by GoodRx.
sso.identity.goodrx.com
This sub-domain is manged by Auth0. Bugs hosted on this domain would be covered by Auth0\'s bug bounty program and not GoodRx\'s.
support.goodrx.com
This subdomain is managed by Zendesk. Any issues on this page would be covered by Zendesk\'s bug bounty program.
admin.pingone.com
api.pingone.com
authenticator.pingone.com
console.pingone.com
desktop.pingone.com
https://*.pingidentity.com
https://*.pingidentity.io
https://*.pingidentity.net
https://developer.pingidentity.com/*
test-desktop.pingone.com
test-sso.connect.pingidentity.com
uploads-staging.pingone.com
uploads.pingone.com
*.betfair.com.au
Betfair Australia is not part of Flutter UK&I division
*.email.skybet.com
This domain is out of scope.
*.s6.sbgservices.com
*.sbagmail.skybettingandgaming.com
*.sbg.life
*.sbga.me
*.sbgcolab.com
*.sbgdataintl.com
*.sbggraduates.com
*.sbgmail.skybettingandgaming.com
*.sbgpeople.com
*.sbpartner.it
*.skybet-it.info
*.skybet.de
*.skybet.it
*.skybetcareers.com
*.skybetchiusuraconto.it
*.skybetgraduates.com
*.skybetpartner.de
*.skybettingandgamingresearch.com
*.skybusinessemail.com
This domain is not is not owned or managed by Flutter UK&I division
*.technology.skybettingandgaming.com
*.us.betfair.com
Betfair US is not part of the Flutter UK&I division
affiliatehub.skybet.com
community.betfair.com
This domain is temporarily out of scope.
community.skypoker.com
community.staging.skypoker.com
email1.skybet.com
online.*.skybingo.com
https://online.<x>.skybingo.com/<y> is just a proxy to https://<x>.virtuefusion.com/<y> which is a third party website not owned or operated by Flutter UK&I, and as such we can neither give your permission to test it, not is it ieligable for bounty payments.
Findings for this domain should be forwarded to www.playtech.com
partners.skybet.com
sbagmail.skybettingandgaming.com
skymail.sky.com
skyrgs.blueprintgaming.com
support.developer.betfair.com
technology.skybettingandgaming.com
www.betfair.com.co
Betfair Colombia is not part of the Flutter UK&I division
*.iovlabs.org
IOV Labs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
*.rif.technology
RIF websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
*.rifos.org
RIF OS websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
*.rootstock.io
Rootstock websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
*.rootstocklabs.com
Rootstocklabs websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
*.rsk.co
RSK websites, infrastructure, and assets are NOT part of the bounty program unless they are listed in scope.
academy.bitmex.com
The academy subdomain and its subdomains are deprecated and therefore out of scope.
affiliates.bitmex.com
bitmex-org.freshworks.com
bitmex.freshdesk.com
blog.bitmex.com
public-testnet.bitmex.com
public.bitmex.com
research.bitmex.com
status.bitmex.com
support.bitmex.com
**Do not use automated tools on support.bitmex.com.**
*.azuredatabricks.net
*.cloud.databricks.com
Other subdomains of *.azuredatabricks.net and other ‘o’ parameters
feedback.databricks.com
forums.databricks.com
go.databricks.com
https://databricks-prod-cloudfront.cloud.databricks.com/public/*
blog.thecoalition.com
Coalition\'s blog is hosted by Ghost. Security bugs in Ghost may be reported per https://github.com/TryGhost/Ghost/blob/master/SECURITY.md
help.thecoalition.com
Coalition\'s help site is hosted by Intercom. Security bugs in Intercom may be reported directly to the vendor.
www.thecoalition.com
Coalition\'s www site is hosted by Webflow. Security bugs in Webflow may be reported to the service provider.
*.elasticsearch.cn
This domain is not affiliated with Elastic.
buy.elastic.co
community.elastic.co
discuss.elastic.co
elasticon.elastic.co
go.es.co
https://github.com/elastic/*/wiki
Our wikis are public on purpose
https://github.com/swiftype/*/wiki
Our wikis are meant to be public
info.elastic.co
jobs.elastic.co
learn.elastic.co
link.email.elastic.co
partners.elastic.co
sendgrid.elastic.co
track.email.elastic.co
training.elastic.co
wiki.elastic.co
*.clientevents.gs.com
*.communicatie.vennhypotheken.nl
*.events.gs.com
Any similar events pages are also all out of scope. These are all usually hosted by a vendor and as such we can\'t authorize testing on these assets. Please check in with us at bugbounty@gs.com when in doubt about an asset being in scope
*.overrules.vennhypotheken.nl
*.rocaton.com,secure.rocaton.com
www.rocaton.com is in scope, but other subdomains are not.
*.scripts.vennhypotheken.nl
*.subscriptions.gs.com
10ksbv.eo.gs.com
18098.nextcapital.com
All .cn domains
Please note that all GS assets with .cn domains are Out of scope
billpay.goldman.com
blackinbusiness.gs.com
deb.nextcapital.com
email.nextcapital.com
gset.gs.com
gsg-uk.goldman.com
Do not pentest
gsg.goldman.com
gspf.goldman.com
npm-new.nextcapital.com
npm.nextcapital.com
qa-billpay.goldman.com
repo.nextcapital.com
rubygems.nextcapital.com
Personal email
Please do not report issues concerning my personal email addresses unless the severity is very high.
Personal machine
edoverflow.keybase.pub
https://keybase.io/edoverflow
https://keybase.pub/edoverflow/
https://twitter.com/edoverflow
Yoti liveness detection campaign
developers.yoti.com
Please DO NOT test this domain - it is a third party hosted documentation site for developers, and not of concern to us. The third-party service DO NOT want this site tested. Thank you!
www.yoti.com
Please DO NOT report items from this website, unless you deem them to be critical in nature. WPSCAN findings will not be accepted.
list.valvesoftware.com
This site is run by a 3rd party.
translation.steampowered.com
valvestore.forfansbyfans.com,store.valvesoftware.com
www.steamgames.com
Pending cleanup from engineering.
www.steampowered.com
This subdomain is out of scope pending code cleanup
*.bandcamp.com
Bandcamp is no longer affiliated with Epic Games.
*.bcbits.com
*.jellychat.com
*.popjam.com
*.rukkaz.com
Only Critical submissions are accepted
*.superawesome.com
*.superawesome.tv
*.superbeatsports.com
Adobe Flash related submissions
FortniteClient-Mac-Shipping.app
Popjam Android application
Rukkaz Android application
admin-dev.harmonixmusic.com
admin.harmonixmusic.com
answers.unrealengine.com
This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical.
Examples of severe findings:
- Personal Data Exposure
- Data Integrity Issues
- RCE
app.playwonderbox.com
artportal.epicgames.com
audica-live-admin.hmxwebservices.com
audica-prod-admin.hmxwebservices.com
audica-prod-api.hmxwebservices.com
autodiscover.harmonixmusic.com
azure-int-proxy.hmxservices.com
communities.unrealengine.com
This is generally considered out of scope. In some rare instances we may accept submissions for this asset if the finding is highly critical.
* Personal Data Exposure
* Data Integrity Issues
* RCE
communityportal.epicgames.com
confluence.harmonixmusic.com
damascushelp.epicgames.com
dcvr-live-admin.hmxwebservices.com
dcvr-prod-admin.hmxwebservices.com
detroitlabs.epicgames.com
docs.superawesome.tv
docs.unrealengine.com
dropmix-dev-admin.hmxwebservices.com
dropmix-prod-admin.hmxwebservices.com
eoshelp.epicgames.com
epicsupport.force.com
epicswag.com
facebook.aquiris.com.br
forums.unrealengine.com
fuser-admin-dev-external.hmxservices.com
fuser-admin-live-external.hmxservices.com
http://brand.epicgames.com
http://superawesome.com/contact-us/
Contact form will be considered out of scope
hype-dev-admin.hmxwebservices.com
isitbandcampfriday.com
issues.unrealengine.com
jira.harmonixmusic.com
learn.unrealengine.com
locustus.harmonixmusic.com
login.epicgames.com
This is explicitly out of scope.
logstash-shipper-azure.hmxservices.com
looneytuneswom.com
maestro.io
mail.harmonixmusic.com
marketplacehelp.epicgames.com
mediaspace.unrealengine.com
merch.fortnite.com
mithrilhelp.epicgames.com
mon.hmxservices.com
msoid.harmonixmusic.com
msoid.hmxservices.com
news.capturingreality.com
public-web-swarm-cluster.hmxservices.com
rb4-admin.hmxservices.com
rb4ca-prod-admin.hmxwebservices.com
rb4ca-staging-admin.hmxwebservices.com
senior.aquiris.com.br
skookum.chat
sompmgr-admin.hmxservices.com
sompmgr-dev-proxy-aws.hmxservices.com
sompmgr-dev-proxy-azure.hmxservices.com
sompmgr-dev.hmxservices.com
sompmgr-frontend.hmxservices.com
sompmgr-int-dev.hmxservices.com
sompmgr-int.hmxservices.com
sompmgr-proxy-ext-dev.hmxservices.com
sompmgr-proxy-ext.hmxservices.com
sompmgr-proxy-int-dev.hmxservices.com
sompmgr-proxy-int.hmxservices.com
sompmgr.hmxservices.com
songsdb.harmonixmusic.com
stadiahelp.epicgames.com
support.capturingreality.com
support.harmonixmusic.com
swarm-monitoring-node-01.hmxservices.com
swarm.harmonixmusic.com
tableau.harmonixmusic.com
teamcity-external.harmonixmusic.com
teamcity.hmxservices.com
twinmotionhelp.epicgames.com
udn.unrealengine.com
vimeo.aquiris.com.br
watch.fortnite.com
web-admin.harmonixmusic.com
webinars.unrealengine.com
www-api.hmxservices.com
So-net (Sony Network Communications Inc.)
So-net is a Japanese internet service provider, operated by Sony Network Communications Inc., a wholly owned subsidiary of Sony. IPs and website domains that utilize So-net are Out-of-scope if the website domains owned, operated, or controlled also not directly owned by Sony.
estore.malwarebytes.com
This subdomain is operated by a third party, therefore, submissions will not be eligible for a bounty. However, valid reports will still be addressed and reputation will possibly be awarded.
pages.malwarebytes.com
store.malwarebytes.com
view.malwarebytes.com
Grammarly Editor for MacOS
[Download link](https://download-editor.grammarly.com/osx/Grammarly.dmg):
Only **remotely exploitable** issues in Grammarly Editor are eligible for reporting.
Grammarly Editor for Windows
[Download link](https://download-editor.grammarly.com/windows/GrammarlySetup.exe)
Grammarly for Developers Text Editor SDK
[Text editor SDK](https://developer.grammarly.com/) allows application developers to enhance their apps with writing assistant from Grammarly.
- [Developer Documentation](https://developer.grammarly.com/docs/)
- [Getting Started](https://developer.grammarly.com/docs/quick-start)
- [Developer Console](https://developer.grammarly.com/apps)
[NPM packages](https://developer.grammarly.com/docs/api/):
- [@grammarly/editor-sdk](https://developer.grammarly.com/docs/api/editor-sdk/)
- [@grammarly/editor-sdk-react](https://developer.grammarly.com/docs/api/editor-sdk-react/)
- [@grammarly/editor-sdk-vue](https://developer.grammarly.com/docs/api/editor-sdk-vue/)
Notable features:
- **[Connected Accounts](https://developer.grammarly.com/docs/connected-accounts)**
- **[Trusted Authentication](https://developer.grammarly.com/docs/trusted-authentication)**
Grammarly for Developers and the Text Editor SDK were discontinued on January 10, 2024. The SDK will no longer work in applications.
Third party external services
- `send.grammarly.com`
- `calendar.grammarly.com`
- `support.grammarly.com`
- `status.grammarly.com`
- `brand.grammarly.com`
- `partners.grammarly.com`
Any submissions on these domains and their subdomains are out of scope for bounty.
chat.hyperledger.org
https://github.com/hyperledger/blockchain-explorer
https://github.com/hyperledger/cello
https://github.com/hyperledger/cello-analytics
https://github.com/hyperledger/cello-k8s-operator
https://github.com/hyperledger/composer
https://github.com/hyperledger/composer-atom-plugin
https://github.com/hyperledger/composer-sample-applications
https://github.com/hyperledger/composer-sample-networks
https://github.com/hyperledger/composer-tools
https://github.com/hyperledger/composer-vscode-plugin
https://github.com/hyperledger/education
https://github.com/hyperledger/fabric-docs
https://github.com/hyperledger/fabric-docs-i18n
https://github.com/hyperledger/fabric-rfcs
https://github.com/hyperledger/fabric-test
https://github.com/hyperledger/fabric-test-resources
https://github.com/hyperledger/hyperledger
https://github.com/hyperledger/hyperledger.github.io
https://github.com/hyperledger/hyperledgerwp
https://github.com/hyperledger/indy-anoncreds
https://github.com/hyperledger/indy-crypto
https://github.com/hyperledger/indy-node
https://github.com/hyperledger/indy-plenum
https://github.com/hyperledger/indy-sdk
https://github.com/hyperledger/iroha
https://github.com/hyperledger/iroha-android
https://github.com/hyperledger/iroha-api
https://github.com/hyperledger/iroha-dotnet
https://github.com/hyperledger/iroha-ios
https://github.com/hyperledger/iroha-javascript
https://github.com/hyperledger/iroha-network-tools
https://github.com/hyperledger/iroha-python
https://github.com/hyperledger/iroha-scala
https://github.com/hyperledger/sawtooth-core
https://github.com/hyperledger/slack-archive
identity.linuxfoundation.org
jira.hyperledger.org
lists.hyperledger.org
www.hyperledger.org
www.linuxfoundation.org
*.teston.io
*.usertesting.com
help.usertesting.com
http://www.usertesting.com/blog
https://apps.apple.com/us/app/usertesting/id1485452102
https://chrome.google.com/webstore/detail/usertestingcom-screen-rec/onlhphabpmijgblopkcjmphbbmeliagn
https://play.google.com/store/apps/details?id=com.usertesting.recorder.krsna
qa.usertesting.com
1660741163
blog.bumble.com
com.sgiggle.Mango
com.studio.projects.zodia
heyfiesta.com
honey.bumble.com
shop.bumble.com
thebeehive.bumble.com
zodia.studio
Findaway
Findaway was acquired by Spotify in June 2022.
No Findaway assets are currently in scope. Including:
```
findawayvoices.com
findaway.com
findawayworld.com
Preact
Preact was acquired by Spotify in 2016.
preact.io is no longer owned by Spotify and is out of scope for this program
Soundtrap
Soundtrap was acquired by Spotify in 2017.
Soundtrap is no longer owned by Spotify and is out of scope for this program.
The Ringer
The Ringer was acquired by Spotify in February 2020 but has not been onboarded to its Bug Bounty Program.
~~~
99music.theringer.com
besttv.theringer.com
fantasyfootball.theringer.com
fastfood.theringer.com
heists.theringer.com
inflight.theringer.com
nbadraft.theringer.com
nfldraft.theringer.com
superheroes.theringer.com
theringer.com
thrones.theringer.com
tradevalue.theringer.com
com.soundtrap.studioapp
Soundtrap
https://itunes.apple.com/us/app/soundtrap/id991031323
Soundtrap - Make Music Online
https://play.google.com/store/apps/details?id=com.soundtrap.studioapp
everynoise.com
example.com
*.dynsystem.kr
*central.dyson.com
*dyson-demo.com
30secondbleeps.com
aio.shop.china-dyson.com
api.q.dyson.cn
auth.dysonrecall.com
bounce.dyson*
Asset out of scope as it is pending internal review.
careers.dyson.com
central-test.dyson.com
centraltest.dyson.com
comm.dyson*
This also includes:
* comms.*
community.dyson.com
dysontherapie.fr
fsc.dyson.com
jamesdysonfoundation.*
jobs.dyson.com
m.shop.dyson.cn
mail.register-dyson.co.kr
on.dyson.co.uk
q.dyson.cn
register-dyson.co.kr
reviews.dyson*
sakti3.com
shop.dyson.co.kr
shop.dyson.ru
sm2.dyson.com
sm3.dyson.com
svn.dyson.com
test.oepay.dyson.cn
view.dyson.com
www.dyson.ovh
github.com
The GitHub wiki is intentionally open to public.
hg.weblate.org
This site has intentional setup this way to allow mercurial client to clone the repository.
help.lyst.com
*._domainkey.kiwi.com
Out of scope, 3rd party assets that are under our domains.
*.coupons.kiwi.com
Managed by third party.
*_domainkey.skypicker.com
Out of scope: 3rd party asset that is linked under our domain.
*cars.kiwi.com
**3rd-party target** - Operated by [rentalcars.com](https://rentalcars.com).
*citi-sign.kiwi.com
*code.kiwi.com
**3rd-party target** - Hosted on [medium.com](https://medium.com) (see [this help page](https://help.medium.com/hc/en-us/articles/213481308-Bug-Bounty-Disclosure-Program)).
*experiences.kiwi.com
Out of scope, managed by a third party.
*learn.kiwi.com
**3rd-party target** - Operated by [northpass.com](https://www.northpass.com).
*ov.kiwi.com
*parking.kiwi.com
**3rd-party target** - Operated by [travelcar.com](https://travelcar.com).
*sg.kiwi.com
email*kiwi.com
email*skypicker.com
kiwistore.kiwi.com
Out of scope, 3rd party asset hosted under our domain.
link.kiwi.com
mail.skypicker.com
nyrujhhu3yuk.nest.skypicker.com
outbound.intercom.kiwi.com
packages.kiwi.com
retool.skypicker.com
**3rd-party target** - Operated by [retool.com](https://retool.com). Please contact retool directly on security@retool.com.
rooms.kiwi.com
**3rd-party target** - Operated by [booking.com](https://booking.com) (see https://hackerone.com/bookingcom).
status.kiwi.com
**3rd-party target** - Hosted on [statuspage.io](https://statuspage.io) (see https://bugcrowd.com/statuspage).
vacation.kiwi.com
3rd party, out of scope.
assets.enjin.io
This asset is out-of-scope as a third-party service is responsible for the running and maintenance of this website.
cdn.enjin.io
cdn.nft.io
docs.enjin.io
This asset is out-of-scope as a third-party service (ReadMe) is responsible for the running and maintenance of this website.
enj.in
enjin.io
This asset is out-of-scope as a third-party service (Webflow) is responsible for the running and maintenance of this website.
faucet.canary.enjin.io
The Canary Faucet can be used to acquire cENJ that is used for testing on the Canary Blockchain.
support.enjin.io
This asset is out-of-scope. Testing on this asset is strictly prohibited.
support.nft.io
Nintendo 3DS System
Nintendo 3DS applications for which Nintendo is the publisher worldwide
advocates.semrush.com
email.semrush.com
com.linkbubble.playstore
LinkBubble is no longer in scope
https://github.com/brave/brave-ios
https://github.com/brave/browser-ios
https://github.com/brave/browser-laptop
Brave has moved from the Muon-based `browser-laptop` codebase to a Chromium-based `brave-browser` codebase. Muon-based Brave is no longer available for download from <brave.com> and everyone will be migrated to the Chromium-based Brave in a few weeks.
https://github.com/brave/link-bubble
https://github.com/brave/muon
Since Brave is moving from Muon to Chromium, we will no longer be maintaining the Muon codebase.
*.portswigger.net
Subdomains of portswigger.net that are not explicitly whitelisted are out of scope.
*.web-security-academy.net
The Academy contains numerous intentional vulnerabilities, and is completely isolated from our other infrastructure.
blog.rubygems.org
gem server command
`gem server` command has been deprecated since rubygems [3.2.0](https://github.com/rubygems/rubygems/blob/master/CHANGELOG.md#320--2020-12-07)
guide.rubygems.org
help.rubygems.org
http://rubygems.org/names
https://s3-us-west-2.amazonaws.com/rubygems-dumps
These database dumps are deliberately public.
stats.rubygems.org
status.rubygems.org
support.rubygems.org
uptime.rubygems.org
developers.files.com
https://developers.files.com/ is a documentation site and is out of scope for the bounty program.
mail.files.com
mail.files.com is an old domain and is out of scope for this program
status.files.com
https://status.files.com/ is a status site hosted by StatusPage and is out of scope for this bounty program.
bamboo.scopely.io
confluence.scopely.io
jira.scopely.io
scopely.okta.com
*.wordpress.com
All WordPress.com vulnerabilities should be reported to [Automattic\'s HackerOne program](https://hackerone.com/automattic).
**WordPress.com vulnerabilities reported here will be marked as `Not Applicable`.**
335703880
**Please, report vulnerabilities for the WordPress mobile apps through the [Automattic HackerOne page](/automattic).**
Archived GitHub repositories
Archived code repositories (e.g. in GitHub) are out of scope, unless you have verified that code from it is imported and actively being used.
Digital Ocean, AWS, etc
Unless otherwise noted, we own and operate dedicated servers, rather than using services like AWS, Digital Ocean, etc. Third-parties frequently create S3 buckets, droplets, etc that have security issues, and have "WordPress" in the name. These are not ours, and reports about them will be closed as `Not Applicable`.
https://github.com/wordpress-mobile/
org.wordpress.android
status.wordpress.org,glotpress.blog,wordpress.tv
These are hosted on WordPress.com and we don\'t have access to modify the code, servers, etc. Check [Automattic\'s HackerOne program](https://hackerone.com/automattic) for details on reporting vulnerabilities with WordPress.com sites.
*.gocd.org
Please do not raise issues regarding docs.gocd.org, www.gocd.org etc.
cloud.nextcloud.com
[https://cloud.nextcloud.com](https://cloud.nextcloud.com "https://cloud.nextcloud.com") is our internal production Nextcloud instance. Please limit testing to your own testing instances.
conf.nextcloud.com
This is a legacy system now redirecting to our [eventyay page](https://eventyay.com/e/de88e486/). Please report issues within eventyay directly to [the responsible contacts](https://eventyay.com/imprint/).
demo.nextcloud.com
[https://demo.nextcloud.com](https://demo.nextcloud.com "https://demo.nextcloud.com") is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting.
drone.nextcloud.com
Our Drone server contains no sensitive data and we would ask you to not test against our development environments. If you discover a security issue in Drone please report this to [https://github.com/drone/drone](https://github.com/drone/drone "https://github.com/drone/drone") instead.
https://nextcloud.atlassian.net/jira/dashboard
⛔ Please note that the JIRA instance running at https://nextcloud.atlassian.net/jira/dashboard is not ours.
It is not operated on our infrastructure, we do not own/host the domain nor are we in any way related to the JIRA instance.
🔒 Any reports regarding this will be closed as N/A!
sentry.nextcloud.com
We would ask you to not test against our development environments. If you discover a security issue in Sentry please report this to https://sentry.io/security/ instead.
try.nextcloud.com
https://try.nextcloud.com is running on dedicated machines. While you can try to find security vulnerabilities in the demo instances there please verify that they are also exploitable in the current Nextcloud source code. Select then the proper component while reporting.
*.ruby-lang.org
anomotion.com
any-invalid-domains.rockstargames.com
Any subdomain that does NOT contain its own valid content and instead redirects to \'rockstargames.com/?domain-check-failed\', UNLESS you can demonstrate an impact to a valid domain or subdomain.
bomgar.rockstargames.com
This subdomain is ineligible for bounty at this time.
emailcontent.rockstargames.com
We do not have direct control over this subdomain and will not be accepting submissions for it.
faspex.rockstargames.com
lifeinvader.com
*.github.io
Individual sites which are hosted on GitHub Pages are out-of-scope.
Atom
[https://atom.io](https://atom.io "https://atom.io")
Electron
Electron vulnerabilities which do not directly affect GitHub Desktop are out-of-scope and should be [reported](https://electronjs.org/community) to the Electron developers.
GitHub Classroom Assistant
The [GitHub Classroom Assistant application](https://classroom.github.com/assistant) is currently out-of-scope.
blog.github.com
The GitHub Blog is not in-scope and ineligible for rewards.
community.github.com
The GitHub Community forum is not in-scope and ineligible for rewards.
enterprise.github.com
`enterprise.github.com` is commonly confused with the [GitHub Enterprise Server product](https://github.com/enterprise) which is an on-premise instance of GitHub.
git.io
The [git.io](https://git.io) URL shortener is out-of-scope.
github.blog
[github.blog](https://github.blog) is out-of-scope.
http://education.github.com/forum
The [GitHub Education Community forum](https://education.github.com/forum) is not in-scope and ineligible for rewards.
shop.github.com
The GitHub Shop is not in-scope and ineligible for rewards.
spectrum.chat
[Spectrum](https://spectrum.chat) is currently out-of-scope.
help.wealthsimple.com
support.wealthsimple.com
tldr-archive.wealthsimple.com
work.wealthsimple.com
*.ali.zomans.com
*.bstro.io
*.zomatoportugal.com
blog.zomato.com
business-blog.zomato.com
com.application.zomato.ordering
community.zomato.com
dev.hyperpure.com
devapi.hyperpure.com
devpod.hyperpure.com
http://*.blinkit.support
send.zomato.com
staging*.runnr.in
Please don\'t test on staging/dev instances. Instead, we have created a dedicated environment `bugbounty.runnr.in` which is a replica of the same for testing.
success.zomato.com
www.zomatobook.com
*.binary.*
We will only accept reports for the **.com** TLD, all other TLDs like **.sx**, **.me** etc. will be marked out of scope.
Any 3rd party managed domain
besquare.deriv.com
com.binary.ticktrade
https://ticktrade.binary.com/download/ticktrade-app.apk
community.deriv.com
deriv.slack.com
http://admin.binary.com
http://community.deriv.com
https://deriv.atlassian.net/servicedesk/customer/user/signup
The asset is not owned by Deriv Ltd
trade.mql5.com
tradingview.deriv.com
guide.glassdoor.com
Note: This site is hosted on Wix. Unless you are able to show direct impact to Glassdoor via a Wix related vulnerability, we will be treating this out of scope.
AppsFlyer Subdomains
The following assets are managed by AppsFlyer and are considered out of scope:
* party.tinder.com
* open.tinder.com
* matchmaker.tinder.com
* invite.tinder.com
* click.tinder.com
console.gotinder.com
This asset is not owned by us.
dig console.gotinder.com
... CNAME app6.creatoriq.com.
go.tinder.com
`go.tinder.com` is an asset belonging to Branch.io. - You can submit reports directly to Branch here: https://branch.io/security/
gotinder.imgix.net
www.help.tinder.com
`www.help.tinder.com` is an asset belonging to Zendesk - You can submit reports directly to Zendesk here: https://hackerone.com/zendesk
*.bitlove.co
For an issue to be classified as \'Low severity\', it must be very significant and have risk implications that affects users across our primary domains
Requests to our ad endpoints (on any server): `/ads/serve`, `/ads/application_serve*`, and `/ads/click/*`
bitlove.co
co.bitlove.opensource.FetLife
com.bitlove.fetlife
Open-source FetLife Android App (https://github.com/fetlife/android)
fetlifemail.com
fetlifestatus.com
mail.fetlife.com
n2.fetlife.com
CNAME to 3rd Party email Vendor
status.fetlife.com
*.qms.grab.com
www.revive-adserver.com
about.udemy.com
affiliates.udemy.com
blog.udemy.com
business.udemy.com
coding-exercises.udemy.com
Powered by GitBook, a third-party vendor
community.udemy.com
copyright.udemy.com
design.udemy.com
government.udemy.com
helpdesk.udemy.com
keeplearning.udemy.com
legalteam.udemy.com
mi.udemy.com
people-innovators.udemy.com
research.udemy.com
support.udemy.com
teach.udemy.com
theupskillingimperative.com
translate.udemy.com
ufbsupport.udemy.com
affiliates.kayak.com
https://*.kayakairplanemode.com
kayak.com/guides/*
Anything related to /guides/ on any domain is ineligible for submission since this feature will be removed soon.
kayak.com/hotelowner/*
Including local versions
kayak.com/moira/ehoe/*
including local versions
klassereise.checkfelix.com
*.basecamphq.com
Basecamp Classic
*.highrisehq.com
Highrise
basecamp.com
Basecamp 2
*.email.shopify.com
Operated by a third party.
Other
academy.shopify.com
cdn.shopify.com
Shopify allows merchants to upload any file they want on our content delivery network. Being able to upload a file is not a vulnerability, this is the intended functionality.
community.shopify.com
community.shopify.com is a third party service and not in scope of our bug bounty program. Please do not test this subdomain.
community.shopify.dev
community.shopify.dev is a third party service and not in scope of our bug bounty program. Please do not test this subdomain.
investors.shopify.com
livechat.shopify.com
Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed.
supplier-portal.shopifycloud.com
Includes invoices.shopify.io, factures.shopify.io, invoices.shopify.cn, invoices.shopify.de, invoices.shopify.fr, invoices.shopify.jp
Submissions on out-of-scope assets listed below will be closed as N/A
- `status.mapbox.com` - please instead report to the [StatusPage.io bug bounty program](https://bugcrowd.com/statuspage)
- `email.mapbox.com`
- [Mapbox Studio Classic](https://docs.mapbox.com/help/glossary/mapbox-studio-classic/)
- [Tilemill](https://www.mapbox.com/tilemill/)
- [Legacy iOS SDK](https://github.com/mapbox/mapbox-ios-sdk-legacy)
- [Legacy Android SDK](https://github.com/mapbox/mapbox-android-sdk-legacy)
- [decrypt-kms-env](https://github.com/mapbox/decrypt-kms-env) - not actively maintained
- [tilelive](https://github.com/mapbox/tilelive) - not actively maintained
- [osm-navigation-map](https://github.com/mapbox/osm-navigation-map)(deprecated)
geojson.io
Geojson.io is considered deprecated and no longer maintained. The original developer has forked the code and maintains <https://geojson.net> . As such, Mapbox considers <https://geojson.io> to be out of scope for our security program.
admin.demo.urbandoor.com
demo.urbandoor.com
luckey.app
luckey.fr
luckey.in
luckey.partners
luckeyhomes.com
provider.demo.urbandoor.com
business.booking.com/
*.business.booking.com is out of scope until further notice.
reports submitted prior to 06/11/2024 will still be accepted
desk-demo-api.fareharbor.engineering
desk-demo.fareharbor.engineering
https://fareharbor.com/demo/
https://secure.booking.com/companyjoin.html
https://secure.booking.com/enterprise/signon.en-gb.html
https://ugcupload.booking.com/upload_bbtool_company_logo
https://www.booking.com/bbm.html
jobs.booking.com
partnerfeedback.booking.com
recruitmentsurveys.booking.com
secure.booking.com/company/*
secure.booking.com/orgnode/*
spadmin.booking.com/
www.booking.com/bbmanage/*
www.booking.com/bbmanage/data/*
Airtable Windows app
The Airtable Windows app is available for download at: https://staging.airtable.com/downloads
Airtable macOS app
The Airtable macOS app is available for download at: https://staging.airtable.com/downloads
airtable.com
This is production environment. All testing should be performed against staging.airtable.com.
blog.airtable.com
com.FormaGrid.Hyperbase
Airtable\'s iOS is not in-scope for bounties.
com.formagrid.airtable
community.airtable.com
dl.airtable.com
dl.getforma.com
guide.airtable.com
support.airtable.com
Magento 1 Enterprise (Commerce) and Community (Open Source) Editions
Support for Magento 1 software ended on June 30, 2020, and it is no longer eligible for bounty.
*.formassembly.com
*.tfaforms.com
*.tfaforms.net
*.veerwest.com
blog.blockchain.com
email-clicks.blockchain.com
institutional.blockchain.com
partners.blockchain.com
support.blockchain.com
track.blockchain.com
why.blockchain.com
*.go.ubnt.com
AirControl
UniFi Talk Conference Speaker - UT-Conference
UniFi Video
UniFi Video Cloud
UniFi Video Server
UniFi Voip
com.ubnt.mpower
com.ubnt.unifi.edu
com.ubnt.unifivideo
forum-es.ui.com
forum-pt.ui.com
mFi
security.community.ui.com
Spectacles
Spectacles charging case
dev.playcanv.as
http://dev*.playcanvas.com
returns.spectacles.com
returns.spectacles.com application is owned and managed by Netsuite. Please consider reporting vulnerabilities directly to them.
support.snapchat.com
Static support website
*.roomvaluesteam.com
Everything under roomvaluesteam.com is current not in scope. Please do not test anything in or under this domain.
*.testaroom.cloud
Everything under testaroom.cloud is current not in scope. Please do not test anything in or under this domain.
*.testaroom.com
Everything under testaroom.com is current not in scope. Please do not test anything in or under this domain.
1psb.priceline.com
ace-qa.corp.priceline.com
api-gnae1-poc.priceline.com
api-guse4-poc.priceline.com
availability.getaroom.com
booking.priceline.com
breadcrumb.getaroom.com
careers.priceline.com
customerservice-ccp.priceline.com
dashboard.corp.priceline.com
dev.customerservice-ccp.priceline.com
dev.sales-ccp.priceline.com
employeedeals.flightdeals.priceline.com
experiences.priceline.com
extranet.getaroom.com
google.corp.priceline.com
groupdeals.priceline.com
guse4-rc-qa.priceline.com
help.corp.priceline.com
ids-dev.priceline.com
ids-too.priceline.com
img1.priceline.com
itsupport.corp.priceline.com
jira.corp.priceline.com
links.deals.priceline.com
localdealsemail.priceline.com
mail.corp.priceline.com
offers.priceline.com
qaa.booking.priceline.com
remotecontrol.corp.priceline.com
stockroom.production.getaroom.com
supply.getaroom.com
tools-qaa.corp.priceline.com
tools.corp.priceline.com
url5932.travel.priceline.com
weatherstatus.priceline.com
www.airportrentalcars.com
Airportrentalcars.com is current *not* in scope. Please do not test it.
www.priceline.com/vp-web/*
Path www.priceline.com/vp-web/* will be decommissioned soon so it is not eligible for bounty
*.ubercarshare.com
*.uberscoot.us
This asset is not eligible for Uber bounty programs.
*.ubertransit.io
Fraud Reports
Fraud reports are out of scope and ineligible for bounties. This includes reports detailing the ability to take free rides and evade payment.
bizblog.uber.com
drive.uber.com
eng.uber.com
et.uber.com
https://assets.uber.com
https://brand.uber.com
love.uber.com
newsroom.uber.com
people.uber.com
uber.com.cn
Any asset under *.uber.com.cn is not eligible for Uber bounty programs. This and any other asset related to Uber in China belongs to Didi Chuxing.
uber.onelogin.com
blog.yelp.com
cloud.e.yelp-business.com
This is a product provided by Salesforce. Please report bugs to the Salesforce Security Team
https://www.salesforce.com/company/disclosure/
engineeringblog.yelp.com
www.yelp-ir.com
yelp-press.com
yelp.careers
*.boost.livestream.com,boost.livestream.com
This is a 3rd party (AMP.LIVE).
*.cdn.magisto.com
This domain is out-of-scope for testing and bounty effective 6/26/2020 11:30 EDT
*.dev.magisto.com
*.email.vimeo.com
*.test.magisto.com
*.wibbitz.com
Do not perform any testing on these assets.
*.wirewax.app
*.wirewax.com
935740658
The base VHX app is no longer in scope as of 3/15/2019. Please test on branded apps.
All
No MS versions will be accepted.
Any previously owned/sold hardware
The hardware side of Livestream has been sold to a non-Vimeo company. Even though we have integrations with much of it still, we can not take reports for it.
applause2.magisto.com
delta.magisto.com
epsilon.magisto.com
eta.magisto.com
gamma.magisto.com
help.livestream.com
This is Zendesk, 3rd party.
http://www.magisto.com/blog
int001.vimeo.magisto.com
int002.vimeo.magisto.com
int003.vimeo.magisto.com
int004.vimeo.magisto.com
int005vimeo.magisto.com
livestream.com/blog, *.livestream.com/blog, blog.livestream.com
WPEngine requires a different contract if you include it on a bug bounty program
livestreamapis.com
omega.magisto.com
publishing-api.livestream.com
Even though its a Livestream name, and goes to Livestream Fastly, the backend is a 3rd party vendor.
s3://static.intercast-livestream.com
Its a 3rd party owned bucket, AMP.LIVE, publicly available. The content in there is made to be publicly available.
status.livestream.com
store.livestream.com
This is 3rd party/Shopify.
tv.vhx
This is out of scope effective 3/15/2019. Please use branded apps for testing.
vimeo.atlassian.net
Although it has the name VIMEO, this is not our instance.
community.greenhouse.io
resources.greenhouse.io
store.greenhouse.io
*.gitlab.cn
`gitlab.cn` and the JiHu-specific GitLab distribution which are property of GitLab Information Technology (Hubei) Co., Ltd. (JiHu), security issues in those products should be reported to `security@gitlab.cn`
*.runway.gitlab.net
*.service-now.com
alerts.gitlab.com
aptly.gitlab.com
dashboards.gitlab.com
federal-support.gitlab.com
forum.gitlab.com
gitlab.biterg.io
This is a third-party website that aggregates public data from GitLab.com. It is out of scope and the data hosted there is not meant to be confidential. https://contributors.gitlab.com/ redirects to this website.
gitlabdemo.cloud
gitlabsandbox.net
gitlabtraining.cloud
https://gitlab.com/gitlab-org/cli/
This is a community project that is [now officially maintained by GitLab](https://about.gitlab.com/blog/2022/12/07/introducing-the-gitlab-cli/). It will be in scope at a later time but it is not ready yet.
https://gitlab.com/gitlab-org/opstrace/opstrace-ui
ir.gitlab.com
levelup.gitlab.com
packages.gitlab.com
partners.gitlab.com
shop.gitlab.com
status.gitlab.com
support.gitlab.com
translate.gitlab.com
us-federal-gitlab.com
status.twitter.com
This is hosted by a third party, status.io.
iandunn.name
172.65.0.0/16
These are customer applications protected by Cloudflare Spectrum, hence out of scope
community.cloudflare.com
events.www.cloudflare.com
support.cloudflare.com
This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @Zendesk
support.cloudflarewarp.com
This asset is hosted by Zendesk, and as such these reports should be submitted to their program instead via @zendesk.
*.crowdsignal.net
This cookieless domain contains user generated content. While we might decide to fix XSS issues, reports for this domain will not be eligible for a bounty.
*.poll.fm
*.survey.fm
*.txmblr.com
*/xmlrpc.php
The sole presence of `xmlrpc.php` in `wordpress.com` and all the domains hosted under our platform doesn\'t constitute a vulnerability. If you report an issue related to this file, please make sure to provide a working proof of concept that clearly shows the impact.
afterthedeadline.com,*.afterthedeadline.com
atavist.com
happy.tools
learnboost.com,*.learnboost.com
polishmywriting.com,*.polishmywriting.com
scrollkit.com,*.scrollkit.com
try.pressable.com
This is only a demo site. Security issues that don\'t affect the integrity of `my.pressable.com` or `pressable.com` will most likely be closed as `N/A`.
*.blockspring.com
N/A - Not Coinbase owned or operated
This asset labelling is used to signal to a reporter that the asset in question is not owned or operated by Coinbase in any capacity.
blog.coinbase.com
com.coinbase.pro
developers.coinbase.com
engineering.coinbase.com
paradex.io
status.coinbase.com
support.coinbase.com
support.pro.coinbase.com
tagomi.com
*.concrete5.org
Please send reports of issues with concrete5.org the website to `security@concrete5.org`.
*.concretecms.com
Please send reports of issues with concretecms.com the website to `security@concrete5.org`.
*.concretecms.org
Please send reports of issues with concretecms.org the website to `security@concrete5.org`.
*.glitchthegame.com
This domain was part of a prior company.
3rd Party Quip Apps
3rd Party Quip App are not eligible for bug bounty program.
com.Slack.intune
com.slack.slackintune
slackhq.com
This site runs on WordPress, so if you find vulnerabilities in the WordPress service, please see [WordPress bounty program](https://hackerone.com/wordpress) for reporting details
status.slack.com
The Slack status site
*.rubyonrails.org
go.hacker.one
This asset is hosted by Marketo, and as such these reports should be submitted to them directly.
h1.community
info.hacker.one
This asset is hosted by Unbounce, and as such these reports should be submitted to them via https://unbounce.com/security/.
ma.hacker.one
support.hackerone.com
This asset is hosted by Freshdesk (as of 2023-04-28), and as such these reports should be submitted to the appropriate program: https://hackerone.com/freshworks
www.h1.community
www.hackeronestatus.com
This asset is hosted by Atlassian, and as such these reports should be submitted to their program instead via https://bugcrowd.com/statuspage.
Hardware
Firmware
Software
app.aikido.dev
myaccount.ad.nl
webwinkel.ad.nl
www.ad.nl
www.ad.nl/abonnementen
*.ad.nl
*.allegro.cz.allegrosandbox.pl
*.allegro.pl.allegrosandbox.pl
*.allegro.sk.allegrosandbox.pl
FPGA Solution Development Tools and Utilities
*.bild.de
*.bild.tv
*.computerbild.de
*.welt.de
https://dealer.prod.ps.axelspringer.de/api/v1/partners/{partnerId}/activation
https://dealer.prod.ps.axelspringer.de/purchases/004/bild/*
https://dealer.prod.ps.axelspringer.de/purchases/004/welt/*
https://secure.mypass.de/
*.autobild.de
*.bz-berlin.de
*.spring-media.de
*.springtools.de
*.ein-herz-fuer-kinder.de
*.fitbook.de
*.myhomebook.de
*.petbook-magazine.com/
*.petbook.de
*.stylebook.de
*.techbook.de
*.travelbook.de
*.wissen-sie-mehr.de
*.bmc.nl
www.bmw-motorrad.de
www.bmw.de
www.mini.de
configure.bmw.de
configure.mini.de
konfigurator.bmw-motorrad.de
de.bmw.connected.mobile20.row
1519034860
Functions dealing with vehicle access and immobilizer
Remaining functions
imove.bpost.cloud
login.cm.com
*.ticketing.cm.com
api.cm.com
api.cmtelecom.com
cm.com/[locale]/app/*
cm.com/[locale]/register
cm.com/app/messagingtrial/
www.cm.com
appmiral.com
building-blocks.com
cmcom.atlassian.net
payment.backend-capital.com
*.backend-capital.com
capital.com/*
com.capital.trading
open-api.capital.com
*.capital.com
*.itcapital.io
*.cloudways.com
api.cloudways.com
developers.cloudways.com
platform.cloudways.com
unified.cloudways.com
www.cloudways.com
css-tricks.com
https://justonweb.be/fines/
*.dpgmedia.be
*.dpgmedia.nl
Any related DPG media domain
assessment-api.datacamp.com
app.datacamp.com/certification
app.datacamp.com/groups
app.datacamp.com/learn
assessment-v2.datacamp.com
assessment.datacamp.com
campus.datacamp.com
com.datacamp
https://apps.apple.com/au/app/datacamp-learn-data-science/id1263413087
practice.datacamp.com
projects.datacamp.com
www.datacamp.com
www.datacamp.com/datalab
*.datacamp.com
myaccount.demorgen.be
shop.demorgen.be
www.demorgen.be
www.demorgen.be/abonnementen
*.demorgen.be
myaccount.volkskrant.nl
shop.volkskrant.nl
webwinkel.volkskrant.nl
www.volkskrant.nl
www.volkskrant.nl/abonnementen
*.volkskrant.nl
www.delen.bank
api.digital.delen.be
api.digital.delen.lu
app.delen.be
app.delen.ch
app.delen.lu
auth.digital.delen.be
auth.digital.delen.lu
be.delen.digital
delen/id1064839588
login.delen.be
login.delen.ch
login.delen.lu
login.oyens.com
status.delen.be
sts.delen.be
www.cadelam.be
www.cadelux.lu/en
www.delen.be/en
*.vlaanderen.be
*.digitalocean.com
169.254.169.254
api.digitalocean.com
cloud.digitalocean.com
https://github.com/digitalocean/do-agent
https://github.com/digitalocean/doctl
https://github.com/digitalocean/droplet-agent
https://github.com/digitalocean/go-nbd
https://github.com/digitalocean/terraform-provider-digitalocean
marketplace.digitalocean.com
snapshooter.com
www.digitalocean.com
digitaloceanmirrors.com
digitaloceanpartners.com
digitaloceanstatus.com
digitaloceantest.com
do.co
hackathon-tracker.digitalocean.com
hacktoberfest.com
https://github.com/digitalocean/do-markdownit
https://apps.apple.com/us/app/donorbox-live/id1668808097
https://donorbox.org/admin
https://play.google.com/store/apps/details?id=org.donorbox.cardreader&hl=en&gl=US
https://donorbox.org
https://donorbox.org/embed/potato
https://donorbox.org/org_admin
https://donorbox.org/potato
my.eurid.eu
*.das.eu
*.dns.eu
*.eurid.eu
*.nic.eu
*.registry.eu
*.whois.eu
*.yadifa.eu
YADIFA authoritative name server
service.fing.com
app.fing.com
Fing desktop
Grafana Loki
Grafana Mimir
Grafana OSS
Grafana Pyroscope
Grafana Tempo
https://github.com/grafana/*
*.account.api.here.com
*.account.here.com
*.mobilitygraph.hereapi.com
*.router.hereapi.com
*.scbe.api.here.com
*.subp-router.hereapi.com
955837609
com.here.app.maps
https://jaguar.here.com
https://landrover.here.com
Leaked/compromised employee accounts *.here.com
*.here.com
*.hereapi.com
* hln.be/inloggen
* hln.be/login
* hln.be/registreren
hln.be
myaccount.hln.be
www.hln.be
*.hln.be
myaccount.parool.nl
shop.parool.nl
webwinkel.parool.nl
www.parool.nl
www.parool.nl/abonnementen
*.parool.nl
https://www.kuleuven.be/sapredir/huisvesting
* humo.be/registreren
myaccount.humo.be
shop.humo.be
www.humo.be
www.humo.be/abonnementen
*.humo.be
949829216
950680989
950693949
be.gamma.app.android
kassa.gamma.be/*
kassa.gamma.nl/*
kassa.karwei.nl/*
mijn.gamma.be/*
mijn.gamma.nl/*
mijn.karwei.nl/*
nl.gamma.app.android
nl.karwei.app.android
www.gamma.be/*
www.gamma.nl/*
www.karwei.nl/*
*.gamma.be/*
*.gamma.nl/*
*.intergamma.cloud
*.intergamma.nl/*
*.karwei.nl/*
*.restintergamma.nl
1558129454
*.intergamma-test.nl
*.werkenbijgamma.be
*.werkenbijgamma.nl
*.werkenbijkarwei.nl
*.klubcinema.fr
*.megatix.be
booking.mjrtheatres.com
extras.landmarkcinemas.com
identityserver.landmarkcinemas.com
kinepolis.megatix.be
luxfilmfestfilms.megatix.be
luxfilmfestproducts.megatix.be
luxfilmfesttickets.megatix.be
movieapi.kinepolis.megatix.be
tickets.kinepolis.be
tickets.kinepolis.ch
tickets.kinepolis.es
tickets.kinepolis.fr
tickets.kinepolis.lu
tickets.kinepolis.nl
userprofile-ui.landmarkcinemas.com
www.kinepolis.be
www.kinepolis.ch
www.kinepolis.com
www.kinepolis.es
www.kinepolis.fr
www.kinepolis.lu
www.kinepolis.nl
www.landmarkcinemas.com
www.mjrtheatres.com
business.kinepolis.be
business.kinepolis.lu
business.kinepolis.nl
com.inthepocket.kinepolis
extras-acc.landmarkcinemas.com
https://movieclub-int.kinepolis.com
https://movienow-int.kinepolis.be/admin
https://shop-acc.kinepolis.be/
identityserver-acc.landmarkcinemas.com
kinepolis-studio.be
kinepolis/id368204284
nz.co.vista.android.movie.mjrtheatres
stage.landmarkcinemas.com
userprofile-acc.landmarkcinemas.com
www.kinepolis.biz
*.kinepolis.be
*.kinepolis.ch
*.kinepolis.com
*.kinepolis.fr
*.kinepolis.lu
*.kinepolis.nl
*.landmarkcinemas.com
*.mjrtheatres.com
522089287
edge.lansweeper.com
api.lansweeper.com
app.lansweeper.com
backoffice.lansweeper.com
https://lsagentrelay.lansweeper.com/
app.lansweeper.com/trial
autoupdateapi.lansweeper.com
docs.lansweeper.com
login.lansweeper.com
Modernized Discovery
on-premises software
www.lansweeper.com
www.libelle.nl
*.libelle.nl
mobilevikings.be
api.unleashed.be
jimmobile.be
mgm.mobilevikings.be
uwa.mobilevikings.be
vpn.mobilevikings.be
*.mas.mobilevikings.be
*.mobilevikings.be
*.prd-pub.mobilevikings.be
*.prd.mobilevikings.be
vikingco.be
vikingdeals.be
*.monzo.com
*.monzo.me
*.prod-ffs.io
1052238659
co.uk.getmondo
134.58.179.82
be.nexuzhealth.mobile.cpv
be.nexuzhealth.mobile.kws
be.nexuzhealth.mobile.mynexuz
forms.nexuzhealth.be
idp-mobile.nexuzhealth.be
kws-companion/id1342124012
mobile.nexuzhealth.be
mynexuz.be
mynexuz.be/myUZ/
mynexuzhealth/id1459856321
idp-contact.nexuzhealth.be
media.nexuzhealth.be/patient/
1079537578
https://oda.com
no.kolonial.tienda
*.oda.com
*.prod.nube.tech
1076840480
https://mathem.se
se.mathem.mathem
https://associatie.kuleuven.be/inschrijvingen/oli_login_50000050
https://webwsp.aps.kuleuven.be/sap/bc/ui5_ui5/sap/zc_oi_appl/
https://a.simplemdm.com/
https://auth2.pdq.tools/
https://library-staging.pdq.tools/
https://houston-staging.pdq.tools
https://portal-staging.pdq.tools/
https://*.personiowhistleblowing.com
*.personio-internal.de
*.personio.tools
https://*.personio.de
https://hug.personio.com
https://sec-test-<intigriti handle>-<nn>.personio.de
https://www.personio.com/free-trial/
https://www.personio.de/kostenlos-testen/
Other assets owned by Personio
*.c-point.be
188.118.8.0/25
94.107.237.192/26
api-accpt.portofantwerp.com
api-accpt.portofantwerpbruges.com
api.portofantwerp.com
api.portofantwerpbruges.com
apps-accpt.portofantwerp.com
apps-accpt.portofantwerpbruges.com
apps.portofantwerp.com
apps.portofantwerpbruges.com
as2-accpt.portofantwerp.com
as2-accpt.portofantwerpbruges.com
as2.portofantwerp.com
as2.portofantwerpbruges.com
digitalspecs.portofantwerpbruges.com
login-accpt.portofantwerpbruges.com
login-test.portofantwerpbruges.com/poam/XUI/
login.portofantwerpbruges.com
maximo-accpt.portofantwerp.com
maximo-accpt.portofantwerpbruges.com
maximo.portofantwerp.com
maximo.portofantwerpbruges.com
my-accpt.portofantwerp.com
my-accpt.portofantwerpbruges.com
my.portofantwerp.com
my.portofantwerpbruges.com
notula-accpt.portofantwerpbruges.com
oprc.portofantwerpbruges.com
register-accpt.portofantwerp.com
register-accpt.portofantwerpbruges.com
servicedesk-accpt.portofantwerp.com
servicedesk-accpt.portofantwerpbruges.com
servicedesk.portofantwerp.com
servicedesk.portofantwerpbruges.com
share-accpt.portofantwerp.com
share-accpt.portofantwerpbruges.com
share.portofantwerp.com
share.portofantwerpbruges.com
webapps-accpt.portofantwerp.com
webapps-accpt.portofantwerpbruges.com
webapps-test.portofantwerpbruges.com/xui
webapps.portofantwerp.com
webapps.portofantwerpbruges.com
wiki-accpt.portofantwerp.com
wiki-accpt.portofantwerpbruges.com
wiki.portofantwerp.com
wiki.portofantwerpbruges.com
www.oursustainableport.com
www.portofantwerpbruges.com
erpx.unit4cloud.com/u4erx_pab_acp1
erpx.unit4cloud.com/u4erx_pab_prev
erpx.unit4cloud.com/u4erx_pab_prod
access.ripe.net
https://github.com/RIPE-NCC/rpki-commons
https://github.com/RIPE-NCC/rpki-core
https://github.com/RIPE-NCC/whois
lirportal.ripe.net
*.ripe.net
193.0.0.0/19 and 2001:67c:2e8::/48
https://github.com/RIPE-NCC/rpki-monitoring
https://github.com/RIPE-NCC/rpki-publication-server
https://github.com/RIPE-NCC/rpki-ta-0
https://github.com/RIPE-NCC/rsyncit
*.randstad.*
*.randstadrisesmart.*
*.risesmart.*
Any related Randstad domain
*.rhinternal.net
*.robinhood.com
*.robinhood.net
1634080733
6462308655
938003185
com.robinhood.android
com.robinhood.gateway
com.robinhood.money
Mobile Apps
*.swisspass.ch
www.sbb.ch
*.sbb.ch
Mobile Apps
www.elvetino.ch
www.sbbcargo.com
www.transsicura.ch
All other Web and mobile APPs owned by SBB
https://*.say.rocks
https://*.saytechnologies.com
SimScale API
SimScale Platform
SimScale Forum
SimScale Website
1632202810
cz.skodaauto.myskoda
910898851
app.nl.socialdeal
http://socialdeal.nl/inspirations/bluemonday/
http://www.whynot.com/
https://www.socialdeal.nl/orderlist/5e834ae0bed5c/63d772e2ed277/
www.socialdeal.nl
1114799709
1114800186
api.soundtrackyourbrand.com
billing.api.soundtrackyourbrand.com
builds.soundtrackyourbrand.com
business.soundtrackyourbrand.com
com.soundtrackyourbrand.soundtrack.player
https://auth.api.soundtrackyourbrand.com/
https://builds.soundtrackyourbrand.com/download/WIN32SOUNDTRACK/latest
https://radio.api.soundtrackyourbrand.com/
https://www.soundtrackyourbrand.com
macOS app
*.sqills.com
*.sqills.team
aweb.suivo.com
asupport.suivo.com
*.tempo-team.*
Any related Tempo-Team domain
www.tempo-team.be
www.tempo-team.com
www.tempo-team.nl
Brand Sites
Corporate Sites
Hindustan Coca-Cola Beverages
Mobile Applications
Publicly Facing Assets Related to The Coca-Cola Company
*.weareone.world
*.stag.weareone.world
artists.tomorrowland.com/production-website/33117
belgium.tomorrowland.com
brasil.tomorrowland.com
com.tomorrowland.oneworldradio
globaljourney.tomorrowland.com
my.tomorrowland.com
one-world-radio-tomorrowland/id1485778856
oneworldradio.tomorrowland.com
sp1y1tpaf1.execute-api.eu-west-1.amazonaws.com
tlbe.prod.tomorrowland.com
tlbr.prod.tomorrowland.com
tlfr.prod.tomorrowland.com
winter.tomorrowland.com
winterpackages.tomorrowland.com
www.tomorrowland.com
*.stag.tomorrowland.com
*.tomorrowland.com
components.stag.tomorrowland.com
components.tomorrowland.com
winkels.torfs.be
www.schoenentorfs.be
www.schoenentorfs.nl
www.torfs.be
www.torfs.nl
www.samenfittorfs.be
myaccount.trouw.nl
shop.trouw.nl
webwinkel.trouw.nl
www.trouw.nl
www.trouw.nl/abonnementen
*.trouw.nl
api.truelayer[-sandbox].com
auth.truelayer[-sandbox].com
login-api.truelayer[-sandbox].com
login.truelayer[-sandbox].com
onboarding-api.truelayer.com
pay-api.truelayer[-sandbox].com
pay.truelayer[-sandbox].com
paydirect.truelayer[-sandbox].com
payment.truelayer[-sandbox].com
payouts.truelayer[-sandbox].com
users-api.truelayer.com
C# SDK
console-backend.truelayer[-sandbox].com
console.truelayer[-sandbox].com
hpp.truelayer[-sandbox].com
Java SDK
PHP SDK
TrueLayer for Magento (Magento plugin)
TrueLayer for WooCommerce (WordPress plugin)
truelayer-signing
webhooks.truelayer[-sandbox].com
*.truelayer.cloud
*.truelayer.com
*.truelayer.io
iOS SDK
React Native SDK
Web SDK
*.itprojects.talent-community.com
*.tweakblogs.net
*.tweakers.net
*.tweakimg.net
134.58.179.102-103
autodiscover.uzleuven.be
ecrf.uzleuven.be
extranet-asa.uzleuven.be
extranet.uzleuven.be
liquidfiles.uzleuven.be
mx1.uzleuven.be
mx2.uzleuven.be
pcrstudioruzb.uzleuven.be
prddsplunkhf.uzleuven.be
sts.uzleuven.be
www.uzleuven.be
dns1.uzleuven.be
dns2.uzleuven.be
liquidfilestest.uzleuven.be
random.uzleuven.be/random/
teststs.uzleuven.be
uzlcm12cmg1.uzleuven.be
w1.uzleuven.be
*.kwsdose.be
*.playuzleuven.be
*.uzleuven.*
Ubisoft
1101145849
6444005221
api.uphold.com
com.uphold.labs.uphodl.android
com.uphold.wallet
graphql.topperpay.com/graphql
wallet.uphold.com
api-sandbox.uphold.com
api.sandbox.topperpay.com
api.topperpay.com
graphql.sandbox.topperpay.com/graphql
wallet-sandbox.uphold.com
www.uphold.com
*.uphold.com
API\'s
cds.vrt.radio
player.vrt.be
profiel.vrt.be
sporza.be
vrt.be/vrtmax
vrt.be/vrtnws
myaccount.vtm.be
vtm.be/vtmgo
vtmgo.be
*.vtm.be
*.vtmgo.be
api-wallet.venly.io
api.arkane.network
connect.arkane.network
connect.venly.io
login.arkane.network
login.venly.io
wallet.venly.io
api-wallet-sandbox.venly.io
564141518
accountsettings.connect.identity.stagaws.visma.com
admin.stage.vismaonline.com
ai-testing.maventa.com
aiassistant.stage.vismaonline.com
api.workbox.dk
app.workbox.dk
authz.workbox.dk
autointerface.stag.visma.net
ax-stage.maventa.com
com.visma.blue
connect.identity.stagaws.visma.com
eaccounting.stage.vismaonline.com
eaccountingprinting.stage.vismaonline.com
identity.stage.vismaonline.com
myservices-api.stage.vismaonline.com
myservices.stage.vismaonline.com
oauth.developers.stagaws.visma.com
testing.maventa.com
1395921017
https://api.voiapp.io/
io.voiapp.voi
mds.voiapp.io
*.voiscooters.com
report.voi.com
voi.com
www.voiscooters.com
https://desktop.water-link.be/
https://pit.water-link.be/
*.water-link.be/
https://www.water-link-jaarverslag.be
https://www.water-link.be
https://www.waterstoring.be/
authentication.wolt.com
wolt.com
corporate.wolt.com
drive.wolt.com
merchant.wolt.com
ops.wolt.com
restaurant-api.wolt.com
*.wolt.com
1477299281
943905271
com.wolt.android
com.wolt.courierapp
*.yacht.nl
*ensemble*.yahoo.com
*omega*.yahoo.com
7 News
AOL (misc)
AOL Help
AOL Homepage
AOL Mail
AOL Search
apis.mail.yahoo.com
data.mail.yahoo.com
Engadget
Gemini
Low Cost Access
Membership
onepush.query.yahoo.com
Online Marketplace
Other (Misc)
proddata.xobni.yahoo.com
Social Media Accounts
Techcrunch
TW eCommerce: Auctions
TW eCommerce: Shopping
TW eCommerce: Used Car
TW Media: Front Page
TW Media: News
TW Media: Stock
Yahoo Calendar
Yahoo Finance
Yahoo HK News
Yahoo Mail
Yahoo News
Yahoo Open Source Projects
Yahoo Search
Yahoo Sports: Best Ball
Yahoo Sports: Daily Fantasy
Yahoo Sports: Editorial
Yahoo Sports: Fantasy Games
Yahoo Sports: Fantasy Slate/PicknWin
Yahoo Sports: Fantasy Sports
Yahoo Sports: Fantasy Wallet
Yahoo Sports: Mobile
Yahoo Sports: Rivals
Yahoo Sports: Rivals Forums
Yahoo Video
Yahoo Weather
Yahoo! (Misc)
yimg.com
hub.vznkul.be/*
hub.vznkul.be/services/interhub/InterHubService
hub.vznkul.be/services/intrahub/IntraHubService
hubacc.vznkul.be/*
hubacc.vznkul.be/services/acceptance/interhub/InterHubService
hubacc.vznkul.be/services/acceptance/intrahub/IntraHubService
*pwn.intigriti.rocks
www.intigriti.com
api.vidaxl.com
ar.vidaxl.sa.com
b2b.vidaxl.com
cms.woger-cdn.com
customer-services.vidaxl.org
en.vidaxl.ae
en.vidaxl.ca
fps-extr-services.vidaxl.org
fr.vidaxl.ch
is.vidaxl.is
nexus.vidaxl.org
nl.vidaxl.be
serviceportal.vidaxl.com
shops-services.vidaxl.org
tracking.vidaxl.com
uk.vidaxl.com.ua
vidaxl.zendesk.com
www.dropshippingxl.com
www.vidaxl.<TLD>
apigateway.vidaxl.io
app.vidaxl.io
corporate.vidaxl.com
drone.vidaxl.io
qa-db.vidaxl.io
qa.vidaxl.io
qa1-apigateway.vidaxl.io
staging-apigateway.vidaxl.io
staging-db.vidaxl.io
staging.vidaxl.io
*.9altitudes.*
*.adultimagroup.*
*.birds.bi
*.birds.com
*.dynamics.com
*.jobmanager.dk
Out of Scope
*.aikido.dev
*.allegro.sk
*.allegro.cz
*.allegro.pl
*.allegrogroup.com
Any production website owned by Allegro not listed in Domains
technik.autobild.de
technik.beta.autobild.de
Automotive Security
Domains from independent BMW Dealers, Resellers or Fanclubs
*.info.buhlergroup.com
*.virtualworld.buhlergroup.com
*.virtualworld-portal.buhlergroup.com
imap.buhlergroup.cn
pop.buhlergroup.cn
smtp.buhlergroup.cn
channel.buhlergroup.com
bestbuy.buhlergroup.com
*.webinars.buhlergroup.com
*.learnhub.buhlergroup.com
*/scripts/cgiip.exe/*
help.capital.com
*affiliates.backend-capital.com
*eduapp.backend-capital.com
*education.backend-capital.com
31.31.132.0/24
31.31.141.0/26
*.citymesh.recruitee.com
*.digi-mobile.be
*.insky.be
31.31.128.128/26
31.31.128.192/27
31.31.128.64/26
31.31.130.0/23
31.31.134.0/23
31.31.139.0/24
31.31.140.0-87
31.31.140.92-254
31.31.143.0-71
*.it.datacamp.com
app.datacamp.com/recruit
ast-viewer.datacamp.com
confluence.datacamp.com
intranet.datacamp.com
jira.datacamp.com
links.datacamp.com
rdocumentation.datacamp.com
signature.datacamp.com
status.datacamp.com
support.datacamp.com
talent-jobs-api.datacamp.com
abonnement.demorgen.be
* demorgen.be/service
* demorgen.be/inloggen
* demorgen.be/login
* demorgen.be/registreren
https://www.vlaanderen.be/vlaamse-overheid/contact/stuur-een-e-mail
https://www.vlaanderen.be/aanmelden/help/mail.html
https://www.vlaanderen.be/aanmelden/help/mail.html?*
bibis*.vlaanderen.be
cdn.vlaanderen.be
codex.opendata.api.vlaanderen.be
ets*.omgeving.vlaanderen.be
natura2000.vlaanderen.be
opibus*.onderwijs*.vlaanderen.be
*.db.ondigitalocean.com
*.digitaloceanspaces.com
*.doserverless.co
*.k8s.ondigitalocean.com
*.ondigitalocean.app
Assets created by other DigitalOcean customers
Marketplace Apps and Add-Ons
Other DigitalOcean open source projects not listed
registry.digitalocean.com/*
www.driessen.nl/contact
www.driessen.nl/mijn/solliciteren/
*.grafana.com
*.grafana.net
https://hotelservice.hrs.com/
https://jobs.hrs.com/
https://www.hrs.com/deals/
* hln.be/service
abonnement.parool.nl
* parool.nl/service
* parool.nl/inloggen
* parool.nl/login
* parool.nl/registreren
*.swop.com/*
houseofhr.com/contact-us
houseofhr.com/your-career/jobs
rebel.houseofhr.com
abonnement.humo.be
* humo.be/service
* humo.be/inloggen
* humo.be/login
Everything related to configurators, both on primary as other domains
*.configuratoren.nl/*
afspraakmaken.gamma.nl
api.afspraakmaken.gamma.be
api.afspraakmaken.gamma.nl
api.maakafspraak.karwei.nl
horrenconfigurator-fr.gamma.be
horrenconfigurator-nl.gamma.be
horrenconfigurator.karwei.nl
karwei-2018.hetmooistegordijn.nl
maakafspraak.karwei.nl
mail.gamma.be
mail.gamma.nl
mail.karwei.nl
www.trismegistos.org
shop.kinepolis.be
shop.kinepolis.es
shop.kinepolis.fr
shop.kinepolis.lu
*.cineramabios.nl
dev.kinepolis.com
jobs.kinepolis.com
l.kinepolis.com
openx.kinepolis.com
https://careers.kiwa.com/
https://qr.kiwa.com/
https://www.kiwa.com/en/contact/
lsrunase2.0 and lsencrypt2.0
careers.lansweeper.com
www.lansweeper.com/forum
* libelle.nl/service
* libelle.nl/inloggen
* libelle.nl/login
* libelle.nl/registreren
login.internal.monzo.com
community.monzo.com
academy.moralis.io
docs.moralis.io
forum.moralis.io
merch.moralis.io
roadmap.moralis.io
status.moralis.io
studygroup.moralis.io
talent.moralis.io
https://www.nexuzhealth.com/nl/mynexuzhealthpro
ovo.itgcanopy.com
*.oisl.gg
appsfwd.ovoenergy.com
askovo.net
auth-retail.ovoenergy.com
auth-www.ovoenergy.com
cctv-mgr.ovoenergy.com
cev.ovoenergy.com
documentum.ovoenergy.com
ecomms.ovoenergy.com
fortivpn.ovoenergy.com
forum.ovoenergy.com
greeninstaller.co.uk
hackable-lenny.com
hackable-sarge.com
hackable-slink.com
hackable-woody.com
learn.ovo.com
lightning.ovoenergy.com
ovo-comms-uat.co.uk
ovo-comms.co.uk
ovobyus.com
ovocards.com
ovocommunity.com
ovofoundation.org.uk
ovomyrewards.com
paybylink.ovoenergy.com
pma.ovoenergy.com
survey.ovoenergy.com
tech.ovoenergy.com
testrailapp.ovoenergy.com
thirdpartyassurance.ovoenergy.com
tracking.ovo.com
*.vectus.in
https://*.pdq.com/
https://*.simplemdm.com/
https://*.smartdeploy.com/
https://detect.pdq.tools/
www.personio.de
personio.slack.com
statuspage.personio.de
support.personio.de
www.personio.com
www.personio.es
future.portofantwerp.com
future.portofantwerpbruges.com
jobs.portofantwerp.com
jobs.portofantwerpbruges.com
media.portofantwerp.com
media.portofantwerpbruges.com
register.portofantwerp.com
register.portofantwerpbruges.com
*.brightplus.be
*.career.be
*.entrili.com
*.expressmedical.be
*.jobinson.be
*.public-sourcing.be
*.rgfstaffing.be
*.solvus.be
*.startpeople.be
*.unique.be
*.uniqueselect.be
*.usgprofessionals.be
https://pen-app.entrili.com
*.probes.atlas.ripe.net
*.anchors.atlas.ripe.net
RIPE Meeting network (2001:67c:64::/48 and 193.0.24.0/21)
Any of the beta/dev environments
Any *.ripe.net host that is located outside of the in-scope IP ranges
193.0.0.160/27
2001:67c:2e8:3::/64
ripe(1to87).ripe.net
exams.ripe.net
workplace.randstad.in
apps.randstad.in
cz.randstad.com
*.newyorkredbulls.com
shop.robinhood.com
https://www.saytechnologies.com/contact/sales
https://www.simscale.com/api/v1/projects/*
www.simscale.com/forum/users/*.json
https://sixt-leasing
https://siemens.smc.sixt.com/
https://s004-px01.s004.smc.sixt.com/
https://s004-px02.s004.smc.sixt.com/
https://p001-slweb-px.p001.slweb.smc.sixt.com
s003-lb-siemens-stage.s003.smc.sixt.com
s002-lb-siemens-test.s002.smc.sixt.com
s004-lb-siemens.s004.smc.sixt.com
app.rental-images.sixt.com
b2cleasing.typo3.sixt.de
corporate.typo3.sixt.de
domainparking.sixt.com
fleetcheck.sixt.com
intranet.sixt.com
lacb2c.typo3.sixt.de
lkw.sixt.com
lkw.sixt.de
logistics.sixt.com
partner.sixt.de
partner.typo3.sixt.de
promo.sixt.com
promo.typo3.sixt.de
reporting.sixt.de
rproxy-firenze1.sixt.de
rproxy-firenze2.sixt.de
sixtbook.sixt.com
webservices.sixt.com
drying-little-tears.org
185.97.224.12
185.97.224.13
booking.*.sqills.com
booking.*.cloud.sqills.com
careers.sqills.com
*.red.sqills.team
Assets that allow end user input (other than login)
Stravito branded sites provided by partners or service providers
*.tempo-team.de
All Coke Stores
Assets Related to China
Coke One North America (CONA)
Food and Beverage Dispensing Devices
abonnement.trouw.nl
* trouw.nl/service
* trouw.nl/inloggen
* trouw.nl/login
* trouw.nl/registreren
ok.truelayer.com
banks.truelayer.com
careers.truelayer.com
docs.truelayer.com
https://truelayer.com/contact/
index.truelayer.com
info.truelayer.com
signin.truelayer.com
statuspage.truelayer.com
support.truelayer.com
truelayer.zendesk.com
elect.tweakers.net
uzleuven.atlassian.net
jobs.uzleuven.be
vacatures.uzleuven.be
suppliers-ivalua.ubisoft.com
ivalua.ubisoft.com
innovatie.vrt.be
shop.*.be
shop.vtm.be
* vtmgo.be/service
* vtmgo.be/inloggen
* vtmgo.be/login
* vtmgo.be/registreren
https://enterprise.vlerick.com
https://enterprise2.vlerick.com
https://mastersblog.vlerick.com/
https://repository.vlerick.com
https://spoc.myshopify.com/
https://vlerick.myshopify.com/
https://webform.vlerick.com
https://getflywheel.com/schedule-a-demo/
https://wpengine.com/contact/
aquawardsspatial.water-link.be
gisacc(*).water-link.be
https://aquawardsoperate.water-link.be/
https://aquawardsoperateacc.water-link.be
https://feedback.water-link.be
https://gis.water-link.be
https://gis1.water-link.be
https://gis2.water-link.be
https://jobs.water-link.be
https://wl_acc.water-link.be/
https://wl_dev.water-link.be/
blog.wolt.com
gettest.wolt.com
press.wolt.com
wolt.atlassian.net
Flurry
TW eCommerce: Store
www.vznkul.be
*.intigriti.io
*.intigriti.me
*.intigriti.net
any intigriti CTF or challenge
api.intercom.io
autodiscover.intigriti.com
blog.intigriti.com
careers.intigriti.com
click.intigriti.com
go.intigriti.com
kb.intigriti.com
mail.intigriti.com
newsletter.intigriti.com
our hubspot pages (/hs-fs/, /hubfs/, /hs/, /_hcms/, landing/, report/, webinar/, /datasheet, /customer/, /video/...)
status.intigriti.com
swag.intigriti.com
t.intigriti.com
trust.intigriti.com
welcome.intigriti.com
partners.vidaxl.com
https://cockpit-eu-west-2.outscale.com/
https://fcu.eu-west-2.outscale.com
https://lbu.eu-west-2.outscale.com
https://osu.eu-west-2.outscale.com
https://eim.eu-west-2.outscale.com
https://icu.eu-west-2.outscale.com
https://directlink.eu-west-2.outscale.com
Any resource created or accessed with the Outscale Cloud, on all regions
*.atg.se
www.atg.se
api.atg.se
iam.atg.se
https://apps.apple.com/se/app/atg/id1434660322
https://apps.apple.com/se/app/atg-live/id1608156355
https://play.google.com/store/apps/details?id=se.atg.live&hl=en&gl=SE
app.alasco.de
api.alasco.de
*.alasco.de
*.alasco.rocks
In-Scope Applications can be found here: https://mysrc.group/project_detail?id=11
Log4j 2.x
Log4j API for Kotlin
Log4j API for Scala
Log4cxx
Log4net
Agora for Android (see dowload link for APK file and mobile app GitHub repository in description)
Agora for iOS (see dowload link for IPA file and mobile app GitHub repository in description)
https://app.sandbox.agora.incubateur.net
https://api.sandbox.agora.incubateur.net (source code available on GitHub, see description)
https://content.agora.beta.gouv.fr
https://www.bookbeat.com
https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua))
https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
https://play.google.com/store/apps/details?id=com.comuto&hl=en
https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8
https://api.blablalines.com
https://daily.blablacar.fr
https://blablacardaily.com
https://play.google.com/store/apps/details?id=com.blablalines
https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288
https://www.sncf-connect.com
https://sncf-connect.com
https//monidentifiant.sncf
https://www.sncf-connect.com/bff
*.coindcx.com
api.coindcx.com
https://play.google.com/store/apps/details?id=com.coindcx.btc
https://apps.apple.com/in/app/coindcx-trade-bitcoin-crypto/id1517787269
*.contentsquare.com
https://mobile-production.content-square.net/
https://m.csqtrk.net
https://s.contentsquare.net
Contentsquare SDK (cf : Program Description)
https://bounty.cryptobox.com
https://play.google.com/store/apps/details?id=com.ercom.cryptobox.release&hl=fr
https://apps.apple.com/fr/app/cryptobox/id972602802
https://pprd.cybermalveillance.gouv.fr
cyclonedx-bom
cargo-cyclonedx
https://play.google.com/store/apps/details?id=id.dana&hl=en
https://apps.apple.com/id/app/dana/id1437123008
https://appgallery.huawei.com/#/app/C100570215
mgs-gw.m.dana.id
api-saas.dana.id
sec.m.dana.id
m.dana.id
https://www.demarches-simplifiees.fr
https://www.demarches-simplifiees.fr/graphql
https://www.demarches-simplifiees.fr/api/v2/graphql
https://static.demarches-simplifiees.fr
DS proxy (see https://github.com/demarches-simplifiees/ds_proxy)
Specific scenarios (see program description)
AgentConnect (see program description for github link)
FranceConnect+ (see program description for github link)
FranceConnect (see program description for github link)
eIDAS Bridge (see program description for github link)
User Dashboard (see program description for github link)
https://www.tchap.gouv.fr
https://matrix.agent.tchap.gouv.fr
https://matrix.agent.*.tchap.gouv.fr
https://github.com/tchapgouv
https://play.google.com/store/apps/details?id=fr.gouv.tchap.a&hl=fr
https://apps.apple.com/fr/app/tchap/id1446253779
https://www.beta.tchap.gouv.fr
https://matrix.i.tchap.gouv.fr
https://matrix.e.tchap.gouv.fr
https://bounty-cloud.dracoon.app/api
https://bounty-cloud.dracoon.app/oauth
https://0-2744452194.s3.nbg01.de.dracoon.io
https://bounty-cloud.dracoon.app/mediaserver
https://bounty-cloud.dracoon.app/reporting/api
https://bounty-cloud.dracoon.app/webdav
https://bounty-cloud.dracoon.app/
https://bounty-server.dracoon.app/api
https://bounty-server.dracoon.app/oauth
https://bounty-server.dracoon.app/reporting/api
https://bounty-server.dracoon.app/webdav
https://bounty-server.dracoon.app/
*.dailymotion.com
*.api.dailymotion.com
developer.dailymotion.com
*.dmcdn.net
https://play.google.com/store/apps/details?id=com.dailymotion.dailymotion&hl=fr&gl=US
https://apps.apple.com/fr/app/dailymotion/id336978041
ifttt-adaptor.pub.kube.dm.gg
AS41690
dmxleo.com
*.dm.gg
Google Cloud Plateform Instances
https://bounty-nodejs.datashield.co
https://bounty-fastly.datashield.co
https://bounty-nginx.datashield.co
*.captcha-delivery.com
js.datadome.co
api-js.datadome.co
https://app.datadome.co
https://customer-api.datadome.co
https://api.datadome.co
https://api-js.datadome.co
https://*.captcha-delivery.com
https://auth.datadome.co
https://datadome.co
https://bot-tester.datadome.co/
www.deezer.com
connect.deezer.com
api.deezer.com
payment.deezer.com
https://play.google.com/store/apps/details?id=deezer.android.app
https://apps.apple.com/fr/app/deezer-musique-podcast/id292738169
zen.deezer.com
wellbeing.deezer.com
wellbeing.dzcdn.net
https://play.google.com/store/apps/details?id=com.deezer.zen
https://apps.apple.com/be/app/zen-by-deezer-m%C3%A9ditation/id1597326355
account.deezer.com
pipe.deezer.com
www.doctolib.(fr|de|it)
pro.doctolib.(fr|de|it) (see "Free features for healthcare professionals"))
Special scenarios (see description)
*.doctolib.(fr|de|it|com|net)
https://apps.apple.com/fr/app/doctolib/id925339063
http://play.google.com/store/apps/details?id=fr.doctolib.www
*.siilo.com
https://apps.apple.com/ie/app/doctolib-siilo/id1083002150
https://play.google.com/store/apps/details?id=com.siilo.android&hl=en
Dovecot IMAP Server and Pigeonhole SIEVE (see "Software packages" and "Source code")
Hardware found on https://www.ezviz.com/category/security-wifi-cameras
Hardware found on https://www.ezviz.com/category/smart-home
i.ys7.com
open.ys7.com
auth.ys7.com
api.ys7.com
api.ezvizlife.com
usauth.ezvizlife.com
ius.ezvizlife.com
*.ys7.com
GLib
glib-networking
libsoup
*.gov.sg
Domains where GovTech is the registrar
*.jbl.com
*.harmanaudio.com
*.harmankardon.com
*.support.jbl.com
*.jbl.nl
*.jbl.ru
*.uk.jbl.com
*.uk.harmanaudio.com
*.de.jbl.com
*.in.jbl.com
*.jp.jbl.com
*.jbl.com.br
Device: JBL Bar 300
Device: JBL Bar 500
Device: JBL Bar 700
Device: JBL Bar 800
Device: JBL Bar 1000
Device: JBL Bar 1300
a1ttqkupgmaxeg-ats.iot.us-east-1.amazonaws.com
a1ttqkupgmaxeg-ats.iot.ap-east-1.amazonaws.com
lsaconsumerevents2.onecloud.harman.com
lsaconsumerevents3.onecloud.harman.com
lsaconsumerevents1.onecloud.harman.com
events.onecloud.harman.com
ota-staging.onecloud.harman.com
ota.onecloud.harman.com
apis.onecloud.harman.com
edgeapis.onecloud.harman.com
things.onecloud.harman.com
JBL Authentics 200
JBL Authentics 300
JBL Authentics 500
JBL Boombox 3 Wi-Fi
JBL Charge 5 Wi-Fi
JBL PartyBox Ultimate
https://apps.apple.com/fr/app/jbl-one/id1610239857
https://play.google.com/store/apps/details?id=com.jbl.oneapp&hl=fr&gl=US
JBL Flip 6
JBL Charge 5
*.kdrive.infomaniak.com
api.infomaniak.com
login.infomaniak.com
manager.infomaniak.com/v3/*
shop.infomaniak.com
*.kchat.infomaniak.com
calendar.infomaniak.com
contacts.infomaniak.com
etickets.infomaniak.com
mail.infomaniak.com
swiss-backup*.infomaniak.com
vod.infomaniak.com
*.vod2.infomaniak.com
player-radio.infomaniak.com
welcome.infomaniak.com
www.swisstransfer.com
www.infomaniak.com
chk.infomaniak.com
ai-tools.infomaniak.com
kmeet.infomaniak.com
kpaste.infomaniak.com
sync.infomaniak.com
storage*.infomaniak.com
ix2smbdyjt.infomaniak.site
5k8vrbdyje.infomaniak.site
fv3lfbdyjh.infomaniak.site
l75pvbdyjo.infomaniak.site
infomaniak.events
sms.infomaniak.com
developer.infomaniak.com
invitation.infomaniak.com
https://play.google.com/store/apps/details?id=com.infomaniak.drive
https://apps.apple.com/app/infomaniak-kdrive/id1482778676
https://github.com/Infomaniak/desktop-kDrive
https://apps.apple.com/fr/app/infomaniak-mail/id1622596573
https://play.google.com/store/apps/details?id=com.infomaniak.mail&hl=en_US
https://www.hpr.kiwai-normandie.fr/
https://www.api.hpr.kiwai-normandie.fr/
https://www.ppr.kiwai-enr.fr/
https://www.kiwai-enr.fr/
https://www.api.kiwai-normandie.fr
https://www.kiwai-normandie.fr/
https://bounty.legapass.com
hack1.mtrx.ovh
https://hackme.matrixreq.com
https://play.google.com/store/apps/details?id=com.paymaya
https://apps.apple.com/am/app/maya-your-all-in-one-money-app/id991673877
https://appgallery.huawei.com/app/C101186357
https://api.paymaya.com/
https://pg.paymaya.com
https://payoutapi.maya.ph/
https://op.paymaya.com/
https://connect.paymaya.com/
https://paymayabiller-prod.paymaya.com/
www.monespacesante.fr
admincms.monespacesante.fr
adminstore.monespacesante.fr
api.monespacesante.fr
auth.monespacesante.fr
cms.monespacesante.fr
editeur.api.monespacesante.fr
editeurs.monespacesante.fr
knowage.monespacesante.fr
support.monespacesante.fr
api.editeur.preprod.monespacesante.fr
api.preprod.monespacesante.fr
auth.preprod.monespacesante.fr
preprod.api.monespacesante.fr
preprod.auth.monespacesante.fr
preprod.editeur.api.monespacesante.fr
preprod.monespacesante.fr
preprod1.monespacesante.fr
preprod2.monespacesante.fr
securite.monespacesante.fr
am.monespacesante.fr
editeur.am.monespacesante.fr
am.editeur.preprod.monespacesante.fr
am.preprod.monespacesante.fr
preprod.am.monespacesante.fr
preprod.editeur.am.monespacesante.fr
www.preprod.monespacesante.fr
www.preprod1.monespacesante.fr
www.preprod2.monespacesante.fr
www.am.monespacesante.fr
www.editeur.am.monespacesante.fr
www.editeur.api.monespacesante.fr
apps.apple.com/fr/app/mon-espace-sant%C3%A9/id1589255019 (iOS)
play.google.com/store/apps/details?id=fr.assurancemaladie.monespacesante&showAllReviews=true (Android)
https://api.moneyboxapp.com/
https://admin.moneyboxapp.org/
https://admin-roundups.moneyboxapp.org/
https://apps.apple.com/gb/app/moneybox-save-and-invest/id1049797239
https://play.google.com/store/apps/details?id=com.moneyboxapp
https://sycamore.moneyboxapp.org/
https://www.otto.de
https://www.otto.de/jobs
https://play.google.com/store/apps/details?id=de.cellular.ottohybrid&hl=de
https://apps.apple.com/de/app/otto-shopping-m%C3%B6bel/id404844644
https://www.lascana.de/
https://teleoptiprd.otto.de
https://mmp.otto.de
https://partnerprogramm.otto.de
https://orbidder.otto.de
https://supplier-connect.otto.de
https://retail-api.otto.de
api.ovh.com
www.ovh.com/manager
www.ovh.com
https://sandbox.open-xchange.com
GitLab and GitHub repos listed on this page
https://apps.apple.com/in/app/okto-wallet/id6450688229
https://play.google.com/store/apps/details?id=com.coindcx.okto
*.okto.tech
https://www.ooredoo.qa
https://mobile.ooredoo.qa
https://play.google.com/store/apps/details?id=qa.ooredoo.android&hl=en&gl=US
https://apps.apple.com/qa/app/ooredoo-qatar/id619828745
Security Vulnerability in OpenPGP.js\'s high-level API
Security Vulnerability in the OpenPGP Standard
Interoperability Issue in OpenPGP.js
https://billingserver.pinelabs.com/
dashboard.pluralonline.com
https://lounge.pinelabs.com/loungeui/login
https://pinepgconsole.in:9099
https://paymentoptimizerdashboard.pinepg.in/
analytics.pinelabs.com
corporate.pineperks.in
www.pineperks.in
https://myplutus.pinelabs.my/
trm.pinepaymentsolutions.com
https://trm.pinelabs.ae
https://www.pinelabs.ae/
https://www.letspaylater.ph/
https://apps.apple.com/in/app/pineperks/id908644471
https://play.google.com/store/apps/details?id=com.pinegift
https://credit.pinelabs.com
https://play.google.com/store/apps/details?id=com.pinelabs.pinelabsone
https://apps.apple.com/in/app/pine-labs-one/id6444654068
https://one.pinelabs.com/
https://plmcixt.pinelabs.com/
https://play.google.com/store/apps/details?id=com.pinelabs.emicatalogue.pinelabs&hl=uz
https://emistores.pinelabs.com/
PowerDNS authoritative server, recursor and DNSdist (see "Software packages" and "Source-code")
https://reptox.cnesst.gouv.qc.ca
https://profile.pentest.clicsante.ca
https://clients3.pentest.clicsante.ca
https://portal3.pentest.clicsante.ca
https://api3.pentest.clicsante.ca
https://admin3.pentest.clicsante.ca
https://poc-op-ywh.it.authentification.si.gouv.qc.ca
https://auth-ywh.it.authentification.si.gouv.qc.ca
https://www.cyber.gouv.qc.ca
https://pab.donneesquebec.ca
https://gap.citizenportal-test.bugbounty.akinox.dev
https://test.m4sv.bugbounty.akinox.dev
https://pbgq.upac.gouv.qc.ca/
https://pbgq-pes.upac.gouv.qc.ca/denonciation/
https://pbgq-pes.upac.gouv.qc.ca/nous-joindre/
https:/pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-acces-info/
https://pbgq-pes.deontologie-policiere.gouv.qc.ca/demande-revision/
https://pbgq-pes.deontologie-policiere.gouv.qc.ca/reponses-questions/
www.qwant.com
api.qwant.com
s.qwant.com
s1.qwant.com
s2.qwant.com
qwantjunior.com
https://my.salt.ch
https://eshop.salt.ch
https://login.salt.ch
buffered-reader
nettle-sys
nettle-rs
SHA1-CD
sequoia-openpgp
sequoia-autocrypt
sequoia-ipc
sequoia-net
Shared OpenPGP Certificate Directory
sequoia-cert-store
sequoia-wot
sequoia-policy-config
rpm-sequoia
sqv
sq
sqop
octopus
sequoia-git
OpenPGP Cert Directory Specification
Web of Trust Specification
Sequoia git Specification
https://my.sogexia.com
https://play.google.com/store/apps/details?id=io.gonative.android.xjndrq&hl=fr
itmss://apps.apple.com/us/app/id1510360750?ign-mscache=1
https://spacelift.dev/
https://*.app.spacelift.dev
Native K8S workers and operator
OIDC-based API keys
MFA
api.swapcard.com
chat-api.swapcard.com/graphql
developer.swapcard.com/event-admin/graphql
login.swapcard.com
studio-api.swapcard.com
app.swapcard.com
studio.swapcard.com
team.swapcard.com
https://apps.apple.com/fr/app/swapcard/id879488719
https://play.google.com/store/apps/details?id=com.swapcard.apps.android&hl=fr
img.swapcard.com
t.swapcard.com
(*.post.ch:80|*.post.ch:443) AND 194.41.128.0/17
https://account.post.ch
https://shop.post.ch/shop
https://service.post.ch/ekp-web/
https://service.post.ch/zopa/app/
https://play.google.com/store/apps/details?id=com.nth.swisspost&hl=de_CH&gl=US
https://apps.apple.com/ch/app/die-post/id378676700
https://billingonline.post.ch/OnlinePayment/Web/v1/BOI
https://service.post.ch/ele-klp/ele/
Source Code
System Specification
Scenarios with Special Bounties
Protocol of the Swiss Post Voting System
https://www.teamviewer.com/en/products/teamviewer/
https://web.teamviewer.com
https://account.teamviewer.com
https://login.teamviewer.com
https://play.google.com/store/apps/details?id=com.teamviewer.teamviewer.market.mobile&hl=en&gl=US
https://play.google.com/store/apps/details?id=com.teamviewer.quicksupport.market&hl=en&gl=US
https://play.google.com/store/apps/details?id=com.teamviewer.host.market&hl=en&gl=US
https://apps.apple.com/de/app/teamviewer-remote-control/id692035811
https://apps.apple.com/de/app/teamviewer-quicksupport/id661649585
*.telenor.se
*.bredbandsbolaget.se
*.europolitan.se
*.ownit.se
*.vimla.se
*.vimla.work
*.vimla.io
In-Scope Products (for the full list please visit https://en.security.tencent.com/index.php/policy)
https://thueringer-foerderportal.eu
https://ecohesion.aufbaubank.de
https://login.aufbaubank.de
*.vfsglobal.(com|co.uk|ca)
*.vfsevisa.com
*.onevasco.com
*.vascoworldwide.net
www.vfsvisaonline.com
www.dvpc.net
www.vfsvisaservicesrussia.com
*.directverify.in
*.docswallet.com
biometservices.com
agents.tasheer.com
https://gaadmin.vfsglobal.com/GlobalAdmin/
https://gaadmin.vfsglobal.com/Global-Admin/
https://rusadminappt.vfsglobal.com/Global-Admin/
https://gaadmin.vfsglobal.com/AustraliaApptAdmin/
https://gaadmin.vfsglobal.com/GAR1Ph1ApptAdmin/
https://onlinena.vfsglobal.dz/AppointmentAdmin/
https://gaadmin.vfsglobal.com/DHAAppointmentAdmin
https://equatorialguinea-evisa.com
https://online.srilankaevisa.lk/lka/en/login
https://online.mustaqel.qa/qat/en/login
https://appointment.vfsglobal.com.dz/forms/FRDZ/
https://vfs.mioot.com/
https://vfseu.mioot.com/
https://www.vfsvisaservice.com/
https://indonesiavoa.vfsevisa.id/
https://www.vfsglobalservices-germany.com/Global-Appointment/
https://www.vfsvisaservice.com/IHC-SouthKorea-Appointment
https://vc.tasheer.com/
*.vfsglobal.by
*. vfsevisa.id
www.vinci.com
leonard.vinci.com
castor.vinci.com
survey.vinci.com
www.fondation-vinci.com
www.lafabriquedelacite.com
www.lab-recherche-environnement.org
vœux.vinci.com
www.vinci-vie.fr
www.trajeoh.com
actionnaires.vinci.com
emag.vinci.com
boost.vinci.com
vinci-groupe.profils.org
jobs.vinci.com
solutions-environnement.vinci.com
essentiel.vinci.com
essentials.vinci.com
www.chaire-arpenter.fr
https://wbsapi.withings.net
https://healthmate.withings.com
https://account.withings.com
https://app.withings.com
https://developer.withings.com/dashboard/
https://scalews.withings.com
Body Scan scale
Body Comp scale
Scanwatch Light
Scanwatch 2
Scanwatch Nova
Scanwatch
https://yeswehack.com
https://api.yeswehack.com
https://apps.yeswehack.com
https://www.yeswehack.com
https://dojo-yeswehack.com/challenge-of-the-month/dojo-38
serveur12.notebleue.com
ywh.comptage.zecible.fr
ywh.static.zecible.fr
ywh.fichiers.zecible.fr
ywh.mydata.zecible.fr
ywh.admin.zecible.fr
ywh.api.zecible.fr
ywh.dev.zecible.fr
ywh.crons.zecible.fr
ywh.routage.zecible.fr
ywh.update.zecible.fr
odoo14.notebleue.pro
registre.notebleue.pro
svn.notebleue.pro
todo.notebleue.pro
webtoolbox.notebleue.pro
cam.notebleue.pro
https://github.com/pendulum-project/ntpd-rs
https://github.com/pendulum-project/timestamped-socket
https://github.com/pendulum-project/clock-steering
https://owncloud.org/install/#install-clients
https://play.google.com/store/apps/details?id=com.owncloud.android
https://apps.apple.com/app/id1359583808
https://github.com/owncloud/customgroups
https://github.com/owncloud/guests
https://github.com/owncloud/richdocuments
https://github.com/owncloud/notifications
https://github.com/owncloud/client
https://github.com/owncloud/core
https://github.com/owncloud/gallery
https://github.com/owncloud/ocis
https://github.com/owncloud/web
https://github.com/owncloud/web-extensions
https://github.com/owncloud/user_ldap
https://github.com/owncloud/oauth2
https://github.com/owncloud/openidconnect
https://github.com/owncloud/activity
https://github.com/owncloud/impersonate
https://github.com/owncloud/updater
https://github.com/owncloud/core/tree/master/apps/files
https://github.com/owncloud/android
https://github.com/owncloud/ios-app
systemd (the manager itself)
systemd-boot
systemd-stub
systemd-udev
systemd-journald
systemd-logind
systemd-networkd
libsystemd
systemd-timesyncd
systemd-hostnamed
systemd-resolved
systemd-cryptenroll
systemd-cryptsetup
systemd-veritysetup
systemd-fstab-generator
systemd-gpt-auto-generator
systemd-ask-password
https://toom.de
https://api.toom.de
Other subdomains on outscale.com (wiki.outscale.net, fr.outscale.com, en.outscale.com... )
Social engineering of Outscale employees and contractors
Attack against Outscale offices (malware, backdoor, DoS, etc.)
Denial of service attacks
Vulnerabilities on products or services other than Cockpit or APIs
Issues in our DNS and NTP
Issues not leading to confidentiality, traceability or integrity problems. You can report it to support@outscale.com.
Same behavior as Amazon Web Services
E-mail server configuration (DKIM/SPF/DMARC)
Dataleaks or 3DS OUTSCALE-related vulnerabilities outside the scope of the IaaS Cloud Service.
fraga.atg.se (external supplier)
hittabutik.atg.se (external supplier)
kundo.atg.se (external supplier)
shop.atg.se (external supplier)
r124.news.atg.se (external supplier)
r123.news.atg.se (external supplier)
r122.news.atg.se (external supplier)
r121.news.atg.se (external supplier)
webbshop.atg.se (external supplier)
All other domains or subdomains not listed in the above list of \'Scopes\'.
explore.alasco.com
explore.alasco.de
www.alasco.de
alasco.de
Please note that all non-authenticated areas of our systems are in scope for this program. This means that any vulnerability discovered in a system or service that does not require a login to access is eligible for a reward.
However, any vulnerability discovered in a system or service that requires a login to access is outside the scope of this program.
Alasco will not provide access credentials to any system, not for testing and also not for issue validation.
All domains or subdomains not listed in the above list of \'Scopes\'.
Third-party applications and websites
Not Belonging to Ant Group’s Products or Systems.
https://logging.apache.org
Anything related to mailing lists or other ASF infrastructure topics.
Cassandra Appender
Kafka Appender
CouchDB components
JSP Tag library
Everything which is excluded on this page is also out-of-scope: https://logging.apache.org/security.html
All assets not listed as in scope must be considered as out of the scope of this program
Production environments are out of the scope of this program
agora.beta.gouv.fr
Web application\'s Github repository (https://github.com/agora-gouv/agora-webapp), you may refer to the mobile app\'s repository
All domains not listed In-Scope
Please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope.
Any website that is not listed explicitly in the scope.
However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty.
Finally, fraud related reports are out-of-scope if they do not exploit a security vulnerability. Therefore, fraud activity enabled by bug or incomplete business rules enforcement are out-of-scope. However, a fraud activity enabled by a CSRF exploit for example is valid.
Please note sncf-connect.com doesn\'t own the SNCF.com domains.
Anything that is not listed as part of the scope, example :
- https://www.sncf.com/
- https://tgvinoui.sncf/
- https://www.sncf-voyageurs.com/
- https://www.maxjeune-tgvinoui.sncf/
- https://www.malocationavis.sncf-connect.com/
The SNCF Connect mobile applications (Android and Apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by \'https://www.sncf-connect.com/bff\').
All domains or subdomains not listed in the above list of \'Scopes\'
Zendesk and other third parties
CMS websites own by Coindcx (Anything related to Wordpress etc)
coindcx.com/blog
info.coindcx.com
otcdesk.coindcx.com
careers.coindcx.com
partnerportal.contentsquare.com
uxawards.contentsquare.com
www.contentsquare.com
community.contentsquare.com
brand.contentsquare.com
blog.contentsquare.com
csquad.contentsquare.com
csd-*.contentsquare.com
go.contentsquare.com
hackathon.contentsquare.com
security.contentsquare.com
support.contentsquare.com
learn.contentsquare.com
university.contentsquare.com
foundation.contentsquare.com
content.contentsquare.com
partners.contentsquare.com
incident.contentsquare.com
*.wwko*.contentsquare.com
explore.contentsquare.com
get.contentsquare.com
trust.contentsquare.com
loyalty.contentsquare.com
Testing any other system than https://bounty.cryptobox.com, in particular *.cryptobox.com or *.ercom.fr.
https://www.cybermalveillance.gouv.fr
Anything that is not explicitely listed in scope section
webdev.dana.id
wp.dana.id
fiat.dana.id
cmsdev.dana.id
techops.dana.id
dm.dana.id
encrypt.dana.id
All domains or subdomains not listed in the above list of "Scopes" are considered out of scope
https://doc.demarches-simplifiees.fr
https://beta.gouv.fr/startups/demarches-simplifiees.fr
\'démarches\' other than the two provided for the prupose of your tests
AgentConnect/FranceConnect authentication feature
All partners and all mocks are out of scope (but you can use the deployed mocks at your discretion to attack the scope).
The local stack (*.docker.dev-franceconnect) is a powerful tool for you to understand the internals processes but is out of scope (the exploit should as well work in the scope to qualify).
The production environment (*.gouv.fr) is out of scope.
https://fcp.integ01.dev-franceconnect.fr
https://tableaudebord.integ01.dev-franceconnect.fr
Everything that not listed as in scope is to be considered as out of scope of this program
Please note that Tchap is hosted by a third party and thus vulnerabilities related to the host are out of the scope
Any other host, tenant or service than the ones explicitly stated.
www.dracoon.com
*.dracoon.com
*.dracoon.net
*.dracoon.team
*.dracoon.app (with the exceptions of bounty-cloud.dracoon.app and bounty-server.dracoon.app)
*.dracoon.io (with the exception of https://0-2744452194.s3.nbg01.de.dracoon.io)
*.fp-sign.com
*.usersnap.com
*.gdata.com
*.retarus.com
Anything not specifically listed as in-scope is out-of-scope.
Distributed attacks (scraping must be done using only 1 IP at a time).
Third-party widgets on www.datadome.co and app.datadome.co
developers.deezer.com
partners.deezer.com
cdn-files.deezer.com
cdn-content.deezer.com
support.deezer.com
deezercommunity.com
deezer-blog.com
deezer-brandsolutions.com
deezerjobs.com
desktop apps (electron)
Note: should you discover a critical issue within an asset that falls outside the program\'s scope, we would appreciate it and may choose to offer a reward at our discretion.
community.doctolib.com|.fr|.de|.it
doctocommit.doctolib.fr
doctolib.atlassian.net
doctolib.zendesk.com
store.doctolib.com
share.doctolib.net
All content which is not listed as "Scopes", especially any production system operated by customers
"Scopes" in this program refer to the binary packages and source-code provided there, the systems providing those artefacts are out of scope
Everything that is not directly related to the application or source-code in scope (e.g. GitHub, domain settings)
scc-chat.ys7.com
Test environment (for example: test.ys7.com)
Pre-release environment (for example: pb.ys7.com)
Only the list of modules in the description is in scope. We may add more modules in the future such as
json-glib
libxml2
libxslt
gdk-pixbuf
librsvg
vte
gtk
flatpak
xdg-desktop-portal
xdg-desktop-portal-gnome
GNOME Shell (particularly lock screen)
gdm
tracker-miners
libsecret
oo7
Anything apart from valid subdomains or otherwise explicitly listed entries in the Scope section is Out-Of-Scope.
cloud.cloud2.harmanaudio.com
cloud.cloud1.harmanaudio.com
cloud.cloud3.harmanaudio.com
https://secondchance.jbl.com/module/stripe_official/createIntent
Anything not explicitly listed in the Scope section is Out-Of-Scope. For example, our e-commerce websites are out of scope in this program.
Assets not listed in the in scope section are to be considered as out of the scope of this program and won\'t be eligible for reward
https://api.pub1.infomaniak.cloud
We do not manage Open Stack dashboard which is therefore out of scope
newsletter.infomaniak.com
ov-XX.infomaniak.ch and od-XX.infomaniak.ch sub domains
This domain https://drive.infomaniak.com/app/office/:folder:/:file: is out of scope. This is only office application, an external app to open MS office documents.
FTP credentials from our customers, like *.ftp.infomaniak.com
VPS instances from our customers, like *.vps.infomaniak.com
MySQL credentials from our customers, like *.myd.infomaniak.com
Jelastic subdomains : *.jcloud.ik-server.com, *.jpc.infomaniak.com, *.jpe.infomaniak.com
User email verification
Any security issue on Yousign & mangopay not related with Kiwai
https://legapass.com
app.legapass.com
mailing.legapass.com
url1490.legapass.com
29544328.legapass.com
mato.legapass.com
https://matrixreq.com
https://demo.matrixreq.com
Any domain not explicitely listed in scope
Other subdomain of paymaya.com that has no direct integration/part of the mobile application
Non-Production environments (test, dev, staging, or sandbox)
Anything that is not explicitely listed as part of the Scope
The Moneybox public website https://www.moneyboxapp.com/ and other moneyboxapp.com / moneyboxapp.org domains not listed are out of scope.
Content served by the Cloudflare Access service (https://moneyboxapp.cloudflareaccess.com/*) is out of scope. These pages intentionally do not set a CORS Allow-Origin policy. We have seen this reported several times as a vulnerability, but it is intended behaviour and is considered out of scope.
Security concerns originating from https://moneyboxapp.onelogin.com/ are typically considered out of scope. These pages and their content are served by OneLogin, and any issues should be reported to them directly. However, if an exploit explicitly enables bypassing OneLogin to access Moneybox systems or leaking Moneybox sensitive data, it is crucial to raise the concerns to both OneLogin and Moneybox.
Out-Of-Scope are also other applications hosted under the www.otto.de domain but have a different path, that is not part of our core online shop itself (you will notice, since the design of the page is completely different)
Those include but are not limited to (if unsure, contact us before executing the tests):
https://www.otto.de/reblog
https://www.otto.de/roombeez
https://www.otto.de/twoforfashion
https://www.otto.de/soulfully
https://www.otto.de/updated
https://www.otto.de/newsroom
https://www.otto.de/kundenchat
https://www.otto.de/clara
https://www.otto.de/user/sendcallbackrequest
https://www.otto.de/user/contactFormSubmit
https://keycloak.apps.otto.de
/apps-messenger (the chatbot in general is out of scope)
/tracking
Please let us know if you have any questions regarding the scope.
Vulnerabilities reported on other services or applications are not allowed.
Vulnerabilities reported on client services
*.osp.ovh.com
All domains which are not listed as "Scopes", especially any production system operated by customers
Antivirus and anti-spam filtering on the sandbox environment, this has been disabled to avoid research disruption
The components "imageconverter", "documentconverter", "spellchecker" and "cacheservice" are temporarily out of scope.
CMS websites own by Okto (Anything related to Wordpress etc)
Customer support form (https://help-okto.sprinklr.com/help/)
All other third parties
Security Vulnerabilities that can only be caused by using OpenPGP.js\'s low-level API, or by using OpenPGP.js\'s high-level API in an incorrect or unintended way
Security Vulnerabilities in the OpenPGP Standard that are not possible to fix or work around in OpenPGP.js (without causing interoperability issues)
Interoperability Issues that are caused by other OpenPGP implementations\' non-compliance with the OpenPGP Standard
All other Pine Labs assets that are not listed above are to be treated as out of scope
All domains not listed In-Scope.
chameleon: https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg
Anything related to https://sequoia-pgp.org
all domains not listed in scopes, noteworthy:
www.sogexia.com
support.sogexia.com
www.sogexiaclub.com
Social media accounts
Session keeps using old user group permissions if user group permissions are changed during a given session\'s lifespan
Contact form (especially HubSpot ones)
Any other Spacelift assets not specifically listed as in-scope.
Any communication with Spacelift colleagues.
Attacks against any account other than the specified target accounts.
Data breaches or credential dumps.
Third-party companies that perform business transactions for Spacelift
By default all the endpoints that are not listed in the allowed scopes are out of scope of the program.
*dev.swapcard.com
page.swapcard.com
blog.swapcard.com (Hubspot)
aide.swapcard.com (Zoho)
help.swapcard.com (Zoho)
books.swapcard.com (Zoho)
l.swapcard.com
c.swapcard.com
sentry.swapcard.com (Except if you notice a miss-configuration)
survey.swapcard.com
www.swapcard.com (static corporate website)
Anything that has not been described as in scope in the previous section is automatically out of scope.
Attacks on administrative and surrounding systems that are not used for the in-scope services are not permitted (this includes DNS, NTP, routers, systems of the ISP, etc.).
The alternative login (https://login.swissid.ch) is out of scope. It also leads to the in-scope service, (https://account.post.ch) but we have designated it as out of scope.
Any services related to Incamail (for example https://incamail-dev.post.ch (194.41.248.224) and https://incamail-test.post.ch (194.41.248.58))
Please note that some of the applications may contain links or redirect you away from the URIs described in the scope section. This means you are leaving the scope if you follow these links / redirects.
Anything that is not explicitely listed in the ‘Scope’ section.
*.bbcust.telenor.se
*.cust.telenor.se
*.sme.telenor.se
*.cust.bredbandsbolaget.se
*.customers.ownit.se
*.cust.ownit.se
stage-vimla-se.vimla.io
Any domain that looks like it\'s owned by a third party or customer due customer\'s privacy
Mobile services and devices provided by Telenor Sweden and subsidiaries not reachable from Internet
Connect ID - Hosted by Telenor Group
Other business units of the Telenor Group - including *.telenor.com
Please note that the vulnerabilities reported for the following assets will not be eligible for bounties.
*.qzoneapp.com
*. myqcloud.com
*Notes about Tencent Cloud (cloud.tencent.com as included in *.tencent.com)
Only vulnerabilities affecting the platform itself and IP owned by Tencent will be accepted. If an IP belongs to Tencent Cloud external customer, it is not considered in scope.
All 3rd parties are out of scope
All other VFS assets that are not listed above as in scope are automatically out of scope
https://india-usa.vfsglobal.com
https://vire.vfsglobal.com
vfsglobal.com.ru
myeasydocs.co.il
nssr-7.vfsglobal.com
https://uat-lift.vfsglobal.com/_angular/main.8dbd1aa97c38b188.js?v=6.0.29
https://liftassets.vfsglobal.com/_nuxt/46217fc777819548fddb.js
https://ukvitest.vfsglobal.com/_angular/main.3ca04c44a2718f71.js?v=1.0.22
https://online.vfsevisa.com/main-es2015.521ef2e1d9f68fd1bb90.js
https://online.vfsevisa.com/main-es5.521ef2e1d9f68fd1bb90.js?v=3.1.6
https://portal.vfsevisa.com/main-es2015.987b1b526aa8041bfdee.js
https://portal.vfsevisa.com/main-es5.987b1b526aa8041bfdee.js?v=3.1.6
https://uat-lift.vfsglobal.com/_angular/main.c05c54e8703c3a9f.js?v=6.0.36
https://online.vfsevisa.com/main-es2015.6d514e86ec7c6492aafc.js?v=3.1.2
https://portal.vfsevisa.com/main-es2015.7857657af609ca5e4bc5.js?v=3.1.4
https://egonline.vfsevisa.com/main-es2015.c7bb991442356b23f23e.js?v=3.1.3
!! Links pointing to other FQDNs are always out of scope !!
only exception: wishes.vinci.com (english version of voeux.vinci.com) is included in the scope
All PDF documents published or served on castor.vinci.com are public, thank you for not reporting any bug linked to the accessibility of these documents.
All domains, devices and mobile Apps not listed In-Scope.
Any issues with Wallet or KYC features (There are third party services)
Everything that\'s out of the scope root URL
Anything that is not listed explicitly in the scope.
Known protocol limitations related to the NTP protocol
Anything related to the NTPv5 and/or NTS Pool KE features (both disabled by default), unless it impacts other parts of the software
Anything related to *.ntpd-rs.pendulum-project.org
Anything related to the CI pipeline or GitHub related hosting
*.owncloud.org
*.owncloud.com
journal sealing in systemd-journald: there are known issue that need to be solved first, before this feature can be included in the program
Anything related to https://systemd.io
';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php