netflix

HackerOneView on HackerOne
RawAI Enhanced
30
In Scope
9
Out of Scope

In-Scope Assets (30)

AssetCategoryBountyQuick Links
*.nflxext.comWILDCARDYes
*.nflximg.netWILDCARDYes
*.nflxso.netWILDCARDYes
*.nflxvideo.netWILDCARDYes
*.prod.cloud.netflix.comWILDCARDYes
*.prod.dradis.netflix.comWILDCARDYes
*.prod.ftl.netflix.comWILDCARDYes
Affiliates or entities such as recently acquired companiesOTHERNo-
Content Authorization TargetsOTHERYes-
Content authorization vulnerabilities affecting only the in-browser playerOTHERNo-
Corporate AssetsOTHERYes-
Low impact, individually exposed Google Docs with no common root cause (see “Publicly accessible Google Document or Drive Links” in the “Corporate Targets” section)OTHERNo-
MicrositesOTHERYes-
Netflix Gaming TargetOTHERNo-
Netflix Mobile Application for AndroidANDROIDYes-
Netflix Mobile Application for iOSIOSYes-
Open Source - AtlasCODEYes-
Open Source - SpectatorOTHERYes-
Open Source - ZuulOTHERYes-
Secondary AssetsOTHERYes-
api*.netflix.comWILDCARDYes
beacon.netflix.comURLYes
customerevents.netflix.comURLYes
help.netflix.comURLYes
ichnaea.netflix.comURLYes
meechum.netflix.comURLYes
nmtracking.netflix.comURLYes
presentationtracking.netflix.comURLYes
secure.netflix.comURLYes
www.netflix.comURLYes
Out-of-Scope Assets (9)
AssetCategoryBounty
Assets associated with ReadyPlayerMeOTHERNo
Open Source - ConsolemeOTHERNo
Open Source - DispatchOTHERNo
Open Source - WeepOTHERNo
Set-top-boxes, smart TVs, streaming sticks Out of ScopeOTHERNo
Third party websites or systems hosted by non-Netflix entities Out of ScopeOTHERNo
ir.netflix.comURLNo
ir.netflix.netURLNo
netflixinvestor.comURLNo