Scope Data

In Scope Assets:

• URL: rei.com
• OTHER: Any public cloud resource or infrastructure operated and managed by REI.
• OTHER: Android & iOS App for REI Customers
• URL: login.rei.com
• URL: http://www.rei.com/learn/expert-advice
• URL: http://collaboration.rei.com

Out of Scope Assets:

• URL: http://rei.com/used (OOS)
• URL: http://rei.com/blog (OOS)
• URL: http://rei.com/rentals (OOS)
• URL: http://rei.com/rei-garage (OOS)
• URL: rei.jobs (OOS)
• URL: reifund.org (OOS)
• URL: destinations.rei.com (OOS)
• URL: partners2.rei.com (OOS)
• URL: greenvestrentals.rei.com (OOS)
• URL: reicasting.com (OOS)
• URL: engineering.rei.com (OOS)
• URL: test-login.rei.com (OOS)
• WILDCARD: *.rentals.rei.com (OOS)
• URL: wpvip.rei.com (OOS)
• URL: vpn.rei.com (OOS)
• URL: desktop.rei.com (OOS)
• URL: foryourbenefit-rei.com/ (OOS)
• URL: rei.gladly.com (OOS)
• URL: http://rei.com/lists (OOS)

In Scope Assets:

• URL: remitly.com
• URL: blog.remitly.com
• ANDROID: com.remitly.androidapp
• IOS: 674258465
• URL: api.remitly.io
• URL: cards.remitly.io
• URL: rewire.com
• URL: app.rewire.to
• URL: rates.rewire.com
• URL: app3.rewire.to
• WILDCARD: *.dev.remitly.com
• WILDCARD: *.int.remitly.com
• URL: funding-webhooks.remitly.io
• URL: media.remitly.io
• URL: hub-api-sandbox.remitly.io
• URL: cardpayments.remitly.io
• URL: partner-webhook.remitly.io
• URL: ablink.info.remitly.com
• URL: careers.remitly.com
• URL: ir.remitly.com
• URL: metrics.int.remitly.com
• URL: news.remitly.com
• URL: access.remitly.com
• URL: access-sandbox.remitly.com
• URL: auth.remitly.com
• URL: site.rewire.com

Out of Scope Assets:

• OTHER: https://www.remitly.com/blog (OOS)

In Scope Assets:

• IOS: 657777015
• ANDROID: via.rider
• IOS: 469463298
• ANDROID: com.citymapper.app.release
• URL: global-api.citymapper.com
• URL: eu.remix.com
• URL: platform.remix.com
• URL: https://metroconnect.app.ridewithvia.com
• ANDROID: ridewithvia.neoridelittlerock
• IOS: 6449737830
• URL: https://pt-runner.app.ridewithvia.com
• IOS: 6464473474
• ANDROID: ridewithvia.par.piercetransit

Out of Scope Assets:

• URL: ridewithvia.okta.com (OOS)
• WILDCARD: *.drivewithvia.com (OOS)
• URL: ridewithvia.com (OOS)
• WILDCARD: *.citymapper.com/ (OOS)
• URL: citymapper.com (OOS)
• URL: remix.com (OOS)

In Scope Assets:

• OTHER: https://ring.com/*
• OTHER: https://api.ring.com/*
• OTHER: https://fw.ring.com/*
• OTHER: https://app.ring.com/*
• OTHER: https://admin.ring.com/*
• OTHER: https://nw.ring.com/*
• OTHER: https://oauth.ring.com/*
• OTHER: https://billing.ring.com/*
• URL: prd-ring-web-us.prd.rings.solutions
• WILDCARD: https://*.immedia-semi.com/*
• WILDCARD: https://*.blinkforhome.com/*
• HARDWARE: Video Doorbell
• HARDWARE: Peephole Cam
• HARDWARE: Indoor Cam
• HARDWARE: Stickup Cam
• HARDWARE: Chime
• HARDWARE: Ring Alarm
• HARDWARE: Ring Smart Lighting Bridge
• HARDWARE: Blink Outdoor
• HARDWARE: Blink Indoor
• HARDWARE: Blink Sync Module 2
• HARDWARE: Blink Mini
• HARDWARE: Blink Video Doorbell
• ANDROID: com.immediasemi.android.blink
• ANDROID: com.ring.neighborhoods
• ANDROID: com.ringapp
• IOS: 1013961111
• IOS: 1218902777
• IOS: 926252661
• URL: publicsafety.ring.com

Out of Scope Assets:

• OTHER: Devices (OOS)
• OTHER: Services, Apps, Mobile (OOS)
• OTHER: Anything not in scope (OOS)

In Scope Assets:

• EXECUTABLE: Roblox Client
• EXECUTABLE: Roblox Studio
• WILDCARD: *.roblox.com
• WILDCARD: *.rbx.com
• WILDCARD: *.ra.roblox.com
• WILDCARD: *.guilded.gg
• URL: blox.link
• EXECUTABLE: Roblox Engine

In Scope Assets:

• URL: socialclub.rockstargames.com
• URL: rockstarnorth.com
• URL: prod.ros.rockstargames.com
• URL: support.rockstargames.com
• EXECUTABLE: Rockstar Games Launcher
• URL: *.rockstargames.com
• URL: store.rockstargames.com
• URL: circolocorecords.com/
• URL: www.rockstargames.com

Out of Scope Assets:

• URL: lifeinvader.com (OOS)
• URL: faspex.rockstargames.com (OOS)
• URL: emailcontent.rockstargames.com (OOS)
• URL: bomgar.rockstargames.com (OOS)
• URL: any-invalid-domains.rockstargames.com (OOS)
• URL: anomotion.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/rsksmart/rskj
• SOURCE_CODE: https://github.com/rsksmart/tokenbridge
• SOURCE_CODE: https://github.com/rsksmart/powpeg-node
• URL: https://github.com/rsksmart/rsk-powhsm/
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet-services
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet-libs
• SOURCE_CODE: https://github.com/rsksmart/2wp-app
• SOURCE_CODE: https://github.com/rsksmart/2wp-api
• SOURCE_CODE: https://github.com/rsksmart/liquidity-provider-server
• SOURCE_CODE: https://github.com/rsksmart/liquidity-bridge-contract
• SOURCE_CODE: https://github.com/rsksmart/bridges-core-sdk
• SOURCE_CODE: https://github.com/rsksmart/flyover-sdk

Out of Scope Assets:

• WILDCARD: *.rsk.co (OOS)
• URL: bounty-node.rsk.co (OOS)
• WILDCARD: *.iovlabs.org (OOS)
• WILDCARD: *.rifos.org (OOS)
• WILDCARD: *.rootstocklabs.com (OOS)
• WILDCARD: *.rootstock.io (OOS)
• WILDCARD: *.rif.technology (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/ruby/ruby

Out of Scope Assets:

• WILDCARD: *.ruby-lang.org (OOS)

In Scope Assets:

• URL: rubygems.org
• SOURCE_CODE: https://github.com/rubygems/rubygems

Out of Scope Assets:

• URL: help.rubygems.org (OOS)
• OTHER: gem server command (OOS)
• URL: support.rubygems.org (OOS)
• URL: uptime.rubygems.org (OOS)
• URL: blog.rubygems.org (OOS)
• URL: guide.rubygems.org (OOS)
• URL: stats.rubygems.org (OOS)
• URL: status.rubygems.org (OOS)
• URL: https://s3-us-west-2.amazonaws.com/rubygems-dumps (OOS)
• URL: http://rubygems.org/names (OOS)

In Scope Assets:

• URL: online.s-pankki.fi
• URL: www.s-pankki.fi
• URL: https://crosskey.io/stores/s-pankki/apis
• IOS: 740514933
• ANDROID: fi.spankki
• URL: mobile.s-pankki.fi
• URL: www.s-kaupat.fi
• URL: extranet.s-pankki.fi
• URL: tunnistus.s-ryhma.fi
• URL: digili.s-cloud.fi
• URL: www.prisma.fi
• URL: www.sokos.fi
• URL: api.sokos.fi
• URL: api.s-kaupat.fi

In Scope Assets:

• WILDCARD: *.scopely.io
• WILDCARD: *.scopely.com
• IOS: com.pieyel.scrabble
• ANDROID: com.pieyel.scrabble
• IOS: com.withbuddies.dice.free
• ANDROID: com.withbuddies.dice.free
• IOS: com.scopely.yux
• ANDROID: com.scopely.yux
• WILDCARD: *.withbuddies.com
• ANDROID: com.foxnextgames.m3
• IOS: com.foxnextgames.m3
• ANDROID: com.scopely.monopolygo
• ANDROID: com.scopely.startrek
• IOS: id1427744264
• ANDROID: com.kitkagames.fallbuddies
• IOS: id1541153375
• OTHER: Games Tier 1
• OTHER: Games Tier 2
• IOS: id1621328561
• OTHER: Games Tier 3

Out of Scope Assets:

• URL: confluence.scopely.io (OOS)
• URL: jira.scopely.io (OOS)
• URL: scopely.okta.com (OOS)
• URL: bamboo.scopely.io (OOS)

In Scope Assets:

• URL: hackerone.com
• URL: api.hackerone.com
• URL: www.hackerone.com
• URL: https://*.hackerone-user-content.com/
• URL: errors.hackerone.net
• URL: https://*.hackerone-ext-content.com
• OTHER: *.vpn.hackerone.net
• CIDR: 66.232.20.0/23
• CIDR: 206.166.248.0/23
• URL: app.pullrequest.com
• URL: reviewer.pullrequest.com
• URL: ctf.hacker101.com
• URL: hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
• URL: a5s.hackerone-ext-content.com
• URL: b5s.hackerone-ext-content.com
• URL: hackerone-ext-content.com
• URL: hackathon-photos.hackerone-user-content.com
• URL: cover-photos.hackerone-user-content.com
• URL: hackathon-photos-us-east-2.hackerone-user-content.com
• URL: profile-photos.hackerone-user-content.com
• URL: hackerone-user-content.com
• URL: profile-photos-us-east-2.hackerone-user-content.com
• URL: cover-photos-us-east-2.hackerone-user-content.com
• URL: hackerone.live
• URL: www.wearehackerone.com
• URL: mta-sts.wearehackerone.com

Out of Scope Assets:

• URL: support.hackerone.com (OOS)
• URL: www.hackeronestatus.com (OOS)
• URL: go.hacker.one (OOS)
• URL: info.hacker.one (OOS)
• URL: ma.hacker.one (OOS)
• URL: h1.community (OOS)
• URL: www.h1.community (OOS)
• URL: hackerone-swag.com (OOS)

In Scope Assets:

• WILDCARD: *.semrush.com
• WILDCARD: *.semrush.net
• WILDCARD: *.seoquake.com
• WILDCARD: *.seoab.io
• WILDCARD: *.scatec.io
• WILDCARD: *.sellzone.com
• WILDCARD: *.myinsights.io
• OTHER: Other Semrush Related Asset
• OTHER: Leaked/Сompromised Employee accounts

Out of Scope Assets:

• URL: advocates.semrush.com (OOS)
• URL: email.semrush.com (OOS)

In Scope Assets:

• URL: www.sheer.com
• URL: my.sheer.com

In Scope Assets:

• WILDCARD: *.shein.com
• IOS: 878577184
• ANDROID: com.zzkko
• WILDCARD: *.romwe.com
• ANDROID: com.romwe
• IOS: 1080248000
• WILDCARD: *.sheingsp.com

In Scope Assets:

• URL: your-store.myshopify.com
• URL: partners.shopify.com
• URL: accounts.shopify.com
• WILDCARD: *.shopify.io
• WILDCARD: *.shopify.com
• OTHER: Shopify Developed Apps
• OTHER: Shopify Mobile Applications
• WILDCARD: *.shopifykloud.com
• WILDCARD: *.shopifycloud.com
• URL: linkpop.com
• URL: shopifyinbox.com
• URL: shop.app
• URL: shopify.plus
• URL: arrive-server.shopifycloud.com
• URL: admin.shopify.com
• SOURCE_CODE: https://github.com/Shopify/*
• WILDCARD: *.shopifycs.com
• WILDCARD: *.pci.shopifyinc.com

Out of Scope Assets:

• URL: investors.shopify.com (OOS)
• WILDCARD: *.email.shopify.com (OOS)
• OTHER: Other (OOS)
• URL: cdn.shopify.com (OOS)
• URL: livechat.shopify.com (OOS)
• URL: community.shopify.com (OOS)
• OTHER: supplier-portal.shopifycloud.com (OOS)
• URL: academy.shopify.com (OOS)
• URL: community.shopify.dev (OOS)

In Scope Assets:

• WILDCARD: *.sidefx.com

In Scope Assets:

• HARDWARE: Gecko SDK
• SOURCE_CODE: https://github.com/SiliconLabsSoftware/matter_extension
• SOURCE_CODE: https://github.com/SiliconLabsSoftware/matter_sdk
• SOURCE_CODE: https://github.com/SiliconLabsSoftware/simplicity-device-manager
• HARDWARE: SiW917
• HARDWARE: Arduino Nano
• EXECUTABLE: Simplicity Studio Development Platform
• HARDWARE: Wireless Microcontrollers (MCUs)

Out of Scope Assets:

• SOURCE_CODE: https://github.com/SiliconLabsSoftware/z-wave-protocol-controller (OOS)

In Scope Assets:

• URL: www.six-group.com
• URL: www.bolsasymercados.es
• CIDR: 153.46.96.0/20
• CIDR: 193.110.154.0/24
• IOS: https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB
• IOS: https://apps.apple.com/mx/app/debix/id1581440132
• IOS: https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871
• IOS: https://apps.apple.com/mx/app/six-id/id1620496931
• IOS: https://apps.apple.com/us/app/bme-conecta/id6443938949
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.debixplus
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1
• ANDROID: https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta
• ANDROID: https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps
• URL: https://web3.sdx.com
• URL: https://www.sdx.com/
• CIDR: 193.109.229.0/24
• CIDR: 153.46.240.0/20
• CIDR: 153.46.108.0/22
• CIDR: 62.192.20.16/29
• CIDR: 153.46.111.0/24
• CIDR: 153.46.104.0/22
• CIDR: 146.109.8.0/22
• CIDR: 194.209.121.0/24
• CIDR: 153.46.30.0/23
• CIDR: 153.46.32.0/23
• CIDR: 153.46.34.0/23
• CIDR: 174.44.253.152/29
• CIDR: 153.46.0.0/16
• CIDR: 146.109.2.0/24
• CIDR: 146.109.3.0/24
• CIDR: 146.109.4.0/24

Out of Scope Assets:

• IP_ADDRESS: 153.46.254.150 (OOS)
• URL: saferpay.com (OOS)
• URL: 193.109.229.71 (OOS)
• WILDCARD: *.sixidmobile.com (OOS)

In Scope Assets:

• URL: slack.com
• URL: api.slack.com
• URL: slackb.com
• URL: app.slack.com
• SOURCE_CODE: https://github.com/slackhq/nebula
• URL: edgeapi.slack.com
• URL: slackatwork.com
• URL: slack-redir.net
• URL: slack-imgs.com
• URL: spaces.pm
• ANDROID: com.Slack
• IOS: com.tinyspeck.chatlyio
• IOS: com.slack.slackmdm
• URL: www.quip.com
• URL: *.quip.com
• EXECUTABLE: https://salesforce.quip.com/blog/desktop
• URL: slack-status.com
• OTHER: Slack Desktop Application
• IOS: https://apps.apple.com/us/app/quip-docs-chat-sheets/id647922896

Out of Scope Assets:

• URL: status.slack.com (OOS)
• URL: slackhq.com (OOS)
• ANDROID: com.Slack.intune (OOS)
• IOS: com.slack.slackintune (OOS)
• URL: *.glitchthegame.com (OOS)
• OTHER: 3rd Party Quip Apps (OOS)

In Scope Assets:

• URL: smtp2go.com
• URL: app.smtp2go.com
• URL: api.smtp2go.com

Out of Scope Assets:

• URL: support.smtp2go.com (OOS)

In Scope Assets:

• IOS: com.bitstrips.imoji
• ANDROID: com.bitstrips.imoji
• IOS: com.toyopagroup.picaboo
• ANDROID: com.snapchat.android
• URL: www.bitmoji.com
• URL: www.bitstrips.com
• URL: scan.snapchat.com
• URL: kit.snapchat.com
• URL: snappublisher.snapchat.com
• URL: geofilters.snapchat.com
• URL: spectacles.com
• URL: accounts.snapchat.com
• URL: app.snapchat.com
• EXECUTABLE: Lens Studio
• URL: map.snapchat.com
• URL: story.snapchat.com
• URL: ads.snapchat.com
• URL: *.sc-core.net
• URL: create.snapchat.com
• URL: business.snapchat.com
• URL: my.snapchat.com
• URL: businesshelp.snapchat.com
• SOURCE_CODE: https://lensstudio.snapchat.com/api/
• URL: store.snapchat.com
• URL: web.snapchat.com
• URL: blog.playcanvas.com
• URL: code.playcanvas.com
• URL: developer.playcanvas.com
• URL: forum.playcanvas.com
• URL: launch.playcanvas.com
• URL: login.playcanvas.com
• URL: msg.playcanvas.com
• URL: playcanvas.com
• URL: relay.playcanvas.com
• URL: rt.playcanvas.com
• URL: store.playcanvas.com
• URL: playcanv.as
• OTHER: *.sc-corp.net
• OTHER: Tier A - Core Assets
• OTHER: Tier B - Non Core (Bitmoji, Playcanvas)

Out of Scope Assets:

• URL: returns.spectacles.com (OOS)
• URL: support.snapchat.com (OOS)
• HARDWARE: Spectacles charging case (OOS)
• HARDWARE: Spectacles (OOS)
• WILDCARD: http://dev*.playcanvas.com (OOS)
• URL: dev.playcanv.as (OOS)

In Scope Assets:

• URL: sorare.com
• URL: api.sorare.com
• URL: ws.sorare.com

In Scope Assets:

• URL: assets.spotify.com
• IOS: com.spotify.client
• IOS: com.spotify.s4a
• ANDROID: com.spotify.tv.android
• ANDROID: com.spotify.s4a
• SOURCE_CODE: Spotify SDKs
• OTHER: Other Spotify websites
• ANDROID: com.spotify.music
• EXECUTABLE: Spotify desktop application (Windows and Mac)
• OTHER: Anchor
• ANDROID: com.spotify.lite
• IOS: com.spotify.kids
• SOURCE_CODE: iOS SDK
• SOURCE_CODE: Android SDK
• SOURCE_CODE: Web Playback SDK
• URL: backstage.io
• SOURCE_CODE: Backstage source code
• ANDROID: com.spotify.kids
• IOS: com.anchorfminc.Anchor
• ANDROID: fm.anchor.android
• OTHER: Megaphone
• OTHER: Podsights
• OTHER: Sonantic
• WILDCARD: *.withspotify.com
• WILDCARD: *.byspotify.com
• WILDCARD: *.atspotify.com
• WILDCARD: *.avecspotify.com
• WILDCARD: *.enspotify.com
• WILDCARD: *.forspotify.com
• WILDCARD: *.fromspotify.com
• WILDCARD: *.tospotify.com
• OTHER: Core Assets
• OTHER: Non-Core Assets
• OTHER: GHE
• OTHER: Jira
• OTHER: Okta
• OTHER: VPN
• WILDCARD: *.spotify.com
• WILDCARD: *.spotify.net
• URL: api.spotify.com
• URL: api-partner.spotify.com

Out of Scope Assets:

• IOS: com.soundtrap.studioapp (OOS)
• ANDROID: com.soundtrap.studioapp (OOS)
• OTHER: Preact (OOS)
• OTHER: Soundtrap (OOS)
• OTHER: The Ringer (OOS)
• URL: example.com (OOS)
• OTHER: Findaway (OOS)
• URL: everynoise.com (OOS)

In Scope Assets:

• IOS: com.starbucks.mystarbucks
• ANDROID: com.starbucks.mobilecard
• URL: www.starbucksreserve.com
• URL: www.starbucks.ca
• URL: www.starbucks.com
• URL: app.starbucks.com
• OTHER: Subdomain Takeover (SDTO)
• URL: openapi.starbucks.com
• URL: secureui.starbucks.com

Out of Scope Assets:

• URL: apply.starbucks.com (OOS)
• URL: careers.starbucks.com (OOS)

In Scope Assets:

• URL: www.starbucks.com.cn/
• IOS: Starbucks China iOS
• ANDROID: Starbucks China Android

In Scope Assets:

• URL: www.starbucks.co.jp
• IOS: Starbucks Japan iOS
• ANDROID: Starbucks Japan Android
• URL: www.cart.starbucks.co.jp/
• URL: cart.starbucks.co.jp
• URL: gift.starbucks.co.jp
• URL: login.starbucks.co.jp

In Scope Assets:

• URL: api.stripe.com
• URL: *.stripe.com
• ANDROID: com.stripe.android.dashboard
• IOS: 978516833
• URL: js.stripe.com
• OTHER: Stripe Payments
• OTHER: Stripe Checkout
• OTHER: Stripe Connect
• OTHER: Stripe Terminal
• OTHER: Stripe Billing
• OTHER: Stripe Elements
• OTHER: Stripe Dashboard
• OTHER: Stripe Issuing
• OTHER: Stripe Radar
• OTHER: Stripe Sigma
• OTHER: Stripe Atlas
• OTHER: Stripe SDKs
• OTHER: Stripe Open Source
• URL: api.taxjar.com
• URL: app.taxjar.com
• URL: *.recko.io
• URL: *.reckoproduction.com
• URL: *.reckostaging.com
• URL: *.link.co
• OTHER: Stripe Apps
• OTHER: Stripe Payment Links
• OTHER: Stripe Invoicing
• OTHER: Stripe Financial Connections
• OTHER: Stripe Revenue Recognition
• OTHER: Stripe Identity
• OTHER: Stripe Climate
• OTHER: Stripe Data Pipeline
• OTHER: Stripe Tax
• OTHER: Stripe Capital
• OTHER: Stripe Treasury
• WILDCARD: *.lemonsqueezy.com
• OTHER: Stripe for Visual Studio Code
• OTHER: Tap to Pay (Android)
• OTHER: Tap to Pay (iOS)
• OTHER: Sandboxes
• OTHER: Organizations
• WILDCARD: *.bridge.xyz

Out of Scope Assets:

• URL: *.getbouncer.com (OOS)
• OTHER: Stripe Third Party Apps and Integrations (OOS)
• OTHER: Onboarding Verification Link Crawling (OOS)

In Scope Assets:

• WILDCARD: *.superbet.ro
• WILDCARD: *.superbet.rs
• WILDCARD: *.superbet.com
• WILDCARD: *.magicjackpot.ro
• WILDCARD: *.spinaway.com
• ANDROID: ro.superbet.sport
• ANDROID: ro.superbet.games
• WILDCARD: *.luckydays.com
• WILDCARD: *.luckydays.ca
• WILDCARD: *.napoleoncasino.be
• WILDCARD: *.napoleondice.be
• WILDCARD: *.napoleongames.be
• WILDCARD: *.napoleonsports.be
• WILDCARD: *.superbet.pl
• URL: superbet.bet.br
• URL: https://napoleoncasino.be/en-be/game/hogamba-crash?demo=false
• URL: https://superbet.ro
• URL: https://superbet.pl
• URL: https://napoleoncasino.be
• URL: https://napoleonsports.be
• URL: https://napoleondice.be
• URL: https://napoleongames.be
• URL: https://superbet.rs
• OTHER: WGP Slot Games

Out of Scope Assets:

• URL: https://legacy-web.superbet.ro/session/login (OOS)
• URL: affiliates.superbet.com (OOS)
• URL: affiliates.superbet.rs (OOS)
• URL: affiliate.napoleongames.be (OOS)
• URL: https://retail.prod.incubator.superbet.ro/ssbt-api/ (OOS)
• URL: http://surveys.superbet.com (OOS)

In Scope Assets:

• URL: uat-bugbounty.nonprod.syfe.com
• URL: api-uat-bugbounty.nonprod.syfe.com
• URL: www.syfe.com
• URL: api.syfe.com
• URL: alfred.syfe.com
• URL: mark8.syfe.com
• ANDROID: com.syfe
• IOS: https://apps.apple.com/sg/app/syfe-stay-invested/id1497156434

In Scope Assets:

• URL: www.temu.com
• ANDROID: com.einnovation.temu
• IOS: 1641486558
• URL: seller.temu.com

In Scope Assets:

• IOS: co.tide
• ANDROID: com.tideplatform.banking
• ANDROID: co.tide.tideplatform.in
• URL: api.tideplatform.in
• WILDCARD: *.tide.co

Out of Scope Assets:

• URL: account-reader.tide.co (OOS)
• URL: community.tide.co (OOS)
• URL: status.tide.co (OOS)
• URL: admin.tide.co (OOS)
• WILDCARD: http://*-wip.tide.co (OOS)
• WILDCARD: http://*-staging.tide.co (OOS)
• WILDCARD: http://*.wip.tide.co (OOS)
• WILDCARD: http://*.staging.tide.co (OOS)
• URL: www.tidecharity.org.uk (OOS)
• URL: portaldesign.tide.co (OOS)
• URL: domains.tide.co (OOS)
• WILDCARD: http://*.stg-tideplatform.in (OOS)
• WILDCARD: http://*.wip-tideplatform.in (OOS)
• URL: mi.tide.co (OOS)
• WILDCARD: bot-*.bo.tide.co (OOS)
• WILDCARD: status-*.tide.co (OOS)

In Scope Assets:

• ANDROID: com.zhiliaoapp.musically
• IOS: 835599320
• URL: *.tiktok.com
• URL: business.tiktok.com
• IOS: 1235601864
• ANDROID: com.ss.android.ugc.trill
• URL: ads.tiktok.com
• URL: tiktok.com
• URL: careers.tiktok.com
• URL: creatormarketplace.tiktok.com
• URL: *.tiktokv.com
• URL: developers.tiktok.com
• URL: effecthouse.tiktok.com
• ANDROID: com.ss.android.ugc.now
• IOS: 641062073
• URL: partner.tiktokshop.com
• ANDROID: com.tiktok.tv
• URL: shop.tiktok.com
• ANDROID: com.zhiliao.musically.livewallpaper
• URL: live-backstage.tiktok.com
• URL: academy-outbound-ads.tiktok.com
• URL: www.pangleglobal.com
• IOS: 1591003012
• ANDROID: com.tiktokshop.seller
• URL: fp-sg.tiktokv.com
• URL: affiliate-id.tokopedia.com
• URL: seller-id.tokopedia.com
• URL: shop-id.tokopedia.com
• URL: pay.tokopediax.com

In Scope Assets:

• WILDCARD: *.tinder.com
• WILDCARD: *.gotinder.com
• IOS: 547702041
• ANDROID: com.tinder
• WILDCARD: *.tinderops.net
• WILDCARD: *.tstaging.com
• WILDCARD: *.tstaging.tools
• WILDCARD: *.tinderwebstaging.com

Out of Scope Assets:

• URL: go.tinder.com (OOS)
• URL: www.help.tinder.com (OOS)
• URL: gotinder.imgix.net (OOS)
• URL: console.gotinder.com (OOS)
• OTHER: AppsFlyer Subdomains (OOS)

In Scope Assets:

• WILDCARD: *.worldcoin.org
• WILDCARD: *.consumer.worldcoin.org
• URL: toolsforhumanity.com
• URL: getworldcoin.com
• WILDCARD: *.worldcoin-distributors.com
• URL: bioid-management.app
• WILDCARD: *.worldcoin.dev
• IOS: https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847
• ANDROID: https://play.google.com/store/apps/details?id=com.worldcoin
• SOURCE_CODE: https://github.com/worldcoin
• URL: worldcoin.org
• WILDCARD: *.toolsforhumanity.com
• OTHER: Secondary Assets
• OTHER: Primary Assets
• URL: developer.worldcoin.org
• URL: id.worldcoin.org
• SMART_CONTRACT: https://docs.world.org/world-chain/reference/address-book
• URL: world.org

Out of Scope Assets:

• URL: support.worldcoin.com (OOS)
• URL: support.world.org (OOS)

In Scope Assets:

• OTHER: Tor
• OTHER: Tor Browser

In Scope Assets:

• URL: www.trendyol.com
• URL: m.trendyol.com
• URL: www.dolap.com
• IOS: 524362642
• IOS: 1127881507
• ANDROID: trendyol.com
• ANDROID: com.dolap.android
• URL: www.trendyol-milla.com
• IOS: 6467634418
• ANDROID: com.trendyol.milla.android

In Scope Assets:

• WILDCARD: *.trip.com
• OTHER: <locale>.trip.com
• IOS: com.trip.ios
• ANDROID: com.trip.android
• WILDCARD: *.travix.com
• WILDCARD: *.travix.io
• WILDCARD: *.trainpal.com,*.mytrainpal.com
• WILDCARD: *.cheaptickets.nl
• WILDCARD: *.triplinkintl.com
• WILDCARD: *.tyo-masters.co.jp
• URL: app.blueskytravelvietnam.com
• WILDCARD: *.budgetair.com
• WILDCARD: *.flugladen.de
• WILDCARD: *.vayama.com
• WILDCARD: *.vliegwinkel.nl
• WILDCARD: *.trip.biz

Out of Scope Assets:

• WILDCARD: *.stg.travix.com (OOS)
• WILDCARD: *.dev.travix.com (OOS)
• WILDCARD: *.development.travix.com (OOS)
• WILDCARD: *.playground.travix.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/tronprotocol/java-tron

In Scope Assets:

• ANDROID: com.truecaller
• IOS: 448142450
• URL: business.truecaller.com
• URL: web.truecaller.com
• URL: www.truecaller.com
• URL: business-resources.truecaller.com
• WILDCARD: *-asia-south1.truecaller.com
• WILDCARD: *-eu.truecaller.com
• WILDCARD: *-noneu.truecaller.com

Out of Scope Assets:

• URL: adsmanager.truecaller.com (OOS)
• URL: support.truecaller.com (OOS)
• URL: community.truecaller.com (OOS)

In Scope Assets:

• OTHER: uber.com
• OTHER: Recon Data
• OTHER: *.uberinternal.com
• OTHER: *ubereats.com

Out of Scope Assets:

• URL: *.uberscoot.us (OOS)
• OTHER: Fraud Reports (OOS)
• URL: *.ubertransit.io (OOS)
• URL: bizblog.uber.com (OOS)
• URL: et.uber.com (OOS)
• URL: newsroom.uber.com (OOS)
• URL: eng.uber.com (OOS)
• URL: people.uber.com (OOS)
• URL: love.uber.com (OOS)
• URL: drive.uber.com (OOS)
• URL: uber.onelogin.com (OOS)
• URL: uber.com.cn (OOS)
• OTHER: *.ubercarshare.com (OOS)
• URL: https://assets.uber.com (OOS)
• URL: https://brand.uber.com (OOS)

In Scope Assets:

• URL: www.udemy.com
• URL: yourcompany.udemy.com

Out of Scope Assets:

• URL: about.udemy.com (OOS)
• URL: affiliates.udemy.com (OOS)
• URL: blog.udemy.com (OOS)
• URL: business.udemy.com (OOS)
• URL: community.udemy.com (OOS)
• URL: teach.udemy.com (OOS)
• URL: research.udemy.com (OOS)
• URL: support.udemy.com (OOS)
• URL: mi.udemy.com (OOS)
• URL: helpdesk.udemy.com (OOS)
• URL: copyright.udemy.com (OOS)
• URL: design.udemy.com (OOS)
• URL: government.udemy.com (OOS)
• URL: keeplearning.udemy.com (OOS)
• URL: legalteam.udemy.com (OOS)
• URL: people-innovators.udemy.com (OOS)
• URL: theupskillingimperative.com (OOS)
• URL: translate.udemy.com (OOS)
• URL: ufbsupport.udemy.com (OOS)
• URL: coding-exercises.udemy.com (OOS)

In Scope Assets:

• WILDCARD: *.ubnt.com
• URL: store.ui.com
• URL: community.ui.com
• HARDWARE: airMAX
• HARDWARE: UniFi
• HARDWARE: EdgeMAX
• HARDWARE: airFiber
• HARDWARE: UFiber
• OTHER: UniFi Cloud
• EXECUTABLE: UniFi Network Application
• ANDROID: com.ubnt.easyunifi
• ANDROID: com.ubnt.umobile
• ANDROID: com.ubnt.discovery.app
• EXECUTABLE: UCRM
• EXECUTABLE: UNMS
• HARDWARE: AmpliFi
• WILDCARD: *.ui.com
• HARDWARE: UniFi Talk
• HARDWARE: UniFi Protect
• HARDWARE: UniFi Switches
• HARDWARE: UniFi Wireless Access Points
• HARDWARE: UniFi Gateways (UDM, UXG, USG)
• HARDWARE: Cloudkey
• HARDWARE: UniFi LED
• HARDWARE: UniFi Access
• URL: account.ui.com
• URL: fw-update.ubnt.com
• URL: rma.ui.com
• URL: design.ui.com
• URL: uisp.com
• URL: unifi.ui.com
• URL: careers.ui.com
• URL: ispdesign.ui.com
• OTHER: UID
• HARDWARE: UniFi Connect
• EXECUTABLE: UISP
• WILDCARD: *.uisp.com

Out of Scope Assets:

• URL: forum-es.ui.com (OOS)
• URL: forum-pt.ui.com (OOS)
• HARDWARE: UniFi Video (OOS)
• OTHER: UniFi Video Cloud (OOS)
• EXECUTABLE: AirControl (OOS)
• EXECUTABLE: UniFi Video Server (OOS)
• HARDWARE: mFi (OOS)
• ANDROID: com.ubnt.unifivideo (OOS)
• ANDROID: com.ubnt.unifi.edu (OOS)
• ANDROID: com.ubnt.mpower (OOS)
• HARDWARE: UniFi Voip (OOS)
• URL: security.community.ui.com (OOS)
• WILDCARD: *.go.ubnt.com (OOS)
• HARDWARE: UniFi Talk Conference Speaker - UT-Conference (OOS)

In Scope Assets:

• URL: www.urbancompany.com
• ANDROID: com.urbanclap.provider
• ANDROID: com.urbanclap.urbanclap
• IOS: 1032480595
• IOS: 982922982
• URL: www.urbanclap.com

Out of Scope Assets:

• OTHER: Other urbancompany.com subdomains except for the ones in-scope (OOS)

In Scope Assets:

• URL: www.dota2.com
• OTHER: Steam Servers
• URL: support.steampowered.com
• URL: partner.steampowered.com
• IOS: com.valvesoftware.Steam
• ANDROID: com.valvesoftware.Steam
• URL: store.steampowered.com
• URL: www.valvesoftware.com
• URL: api.steampowered.com
• URL: partner.steamgames.com
• URL: steamcommunity.com
• URL: www.teamfortress.com
• URL: www.counter-strike.net
• URL: developer.valvesoftware.com
• URL: playartifact.com
• URL: help.steampowered.com
• OTHER: Steam Client

Out of Scope Assets:

• URL: valvestore.forfansbyfans.com,store.valvesoftware.com (OOS)
• URL: www.steampowered.com (OOS)
• URL: translation.steampowered.com (OOS)
• URL: www.steamgames.com (OOS)
• URL: list.valvesoftware.com (OOS)

In Scope Assets:

• WILDCARD: *.varonis.com
• WILDCARD: *.varonis.io
• WILDCARD: *.varonis.net

Out of Scope Assets:

• WILDCARD: *.varonis-preprod.com (OOS)
• OTHER: All other assets (OOS)
• WILDCARD: *.cyral.com (OOS)

In Scope Assets:

• WILDCARD: https://*.verily.com/
• WILDCARD: https://*.onduo.com/
• WILDCARD: https://*.projectbaseline.com/
• WILDCARD: https://*.signalpath.com/
• IOS: https://apps.apple.com/us/app/verily-me/id6448808133
• IOS: https://apps.apple.com/us/app/onduo/id1138490045
• ANDROID: https://play.google.com/store/apps/details?id=com.verily.me
• ANDROID: https://play.google.com/store/apps/details?id=com.google.android.apps.diabetes

In Scope Assets:

• URL: www.vimeo.com
• URL: player.vimeo.com
• URL: api.vimeo.com
• WILDCARD: *.cloud.vimeo.com
• URL: vimeopro.com
• URL: http://vimeo.com/ondemand
• URL: http://vimeo.com/api
• IOS: 425194759
• ANDROID: com.vimeo.android.videoapp
• WILDCARD: *.vimeo.com
• URL: checkout.vimeo.com
• URL: http://vimeo.com/create
• URL: vimeo.magisto.com
• ANDROID: com.vimeocreate.videoeditor.moviemaker
• IOS: 1491791513
• URL: vhx.tv
• URL: embed.vhx.tv
• URL: api.vhx.tv
• WILDCARD: *.vhx.tv
• OTHER: channelstore.roku.com/details/48061/vhx
• OTHER: VHX Branded Customer iOS Apps
• OTHER: VHX Branded Customer Android Apps
• OTHER: VHX Branded Customer Roku Apps
• URL: magisto.com,www.magisto.com
• WILDCARD: *.magisto.com
• URL: staging.magisto.com
• URL: applause1.magisto.com
• ANDROID: com.magisto
• IOS: 486781045
• WILDCARD: *.livestream.com
• URL: www.livestream.com
• WILDCARD: *.new.livestream.com
• URL: donations.livestream.com
• OTHER: Livestream software (Producer, Studio)
• ANDROID: com.livestream.livestream
• IOS: 493086499

Out of Scope Assets:

• WILDCARD: *.email.vimeo.com (OOS)
• WINDOWS APP: All (OOS)
• URL: vimeo.atlassian.net (OOS)
• WILDCARD: *.wirewax.com (OOS)
• WILDCARD: *.wirewax.app (OOS)
• WILDCARD: *.wibbitz.com (OOS)
• ANDROID: tv.vhx (OOS)
• IOS: 935740658 (OOS)
• WILDCARD: *.test.magisto.com (OOS)
• WILDCARD: *.dev.magisto.com (OOS)
• URL: applause2.magisto.com (OOS)
• URL: gamma.magisto.com (OOS)
• URL: delta.magisto.com (OOS)
• URL: int001.vimeo.magisto.com (OOS)
• URL: int002.vimeo.magisto.com (OOS)
• URL: int003.vimeo.magisto.com (OOS)
• URL: int004.vimeo.magisto.com (OOS)
• URL: int005vimeo.magisto.com (OOS)
• URL: eta.magisto.com (OOS)
• URL: epsilon.magisto.com (OOS)
• URL: http://www.magisto.com/blog (OOS)
• URL: omega.magisto.com (OOS)
• WILDCARD: *.cdn.magisto.com (OOS)
• URL: livestreamapis.com (OOS)
• WILDCARD: *.boost.livestream.com,boost.livestream.com (OOS)
• URL: store.livestream.com (OOS)
• URL: publishing-api.livestream.com (OOS)
• URL: help.livestream.com (OOS)
• URL: status.livestream.com (OOS)
• OTHER: s3://static.intercast-livestream.com (OOS)
• OTHER: livestream.com/blog, *.livestream.com/blog, blog.livestream.com (OOS)
• HARDWARE: Any previously owned/sold hardware (OOS)
• URL: billing-account.vimeo.com (OOS)

In Scope Assets:

• URL: aw.visa.com
• URL: bb.visa.com
• URL: bd.visa.com
• URL: bm.visa.com
• URL: bq.visa.com
• URL: cw.visa.com
• URL: ht.visa.com
• URL: www.visa.com.br
• URL: www.visa.com.mx
• URL: www.visa.com.tw
• URL: visa.com.ru
• URL: visa.com.au
• URL: www.visa.com.az
• URL: www.visa.com.cn
• URL: www.visa.com.cy
• URL: www.visa.com.ge
• URL: www.visa.com.hk
• URL: www.visa.com.hr
• URL: visa.com.jm
• URL: www.visa.com.kh
• URL: www.visa.com.kz
• URL: www.visa.com.lc
• URL: www.visa.com.lk
• URL: www.visa.com.ms
• URL: www.visa.com.my
• URL: www.visa.com.ng
• URL: www.visa.com.ph
• URL: www.visa.com.sg
• URL: www.visa.com.tr
• URL: visa.com.ua
• URL: www.visa.com.vn
• URL: www.visa.co.ao
• URL: visa.co.cr
• URL: www.visa.co.id
• URL: www.visa.co.il
• URL: www.visa.co.in
• URL: www.visa.co.jp
• URL: www.visa.co.ke
• URL: visa.co.ni
• URL: www.visa.co.nz
• URL: www.visa.co.th
• URL: www.visa.co.uk
• URL: www.visa.co.ve
• URL: visa.co.za
• URL: www.cybersource.com
• URL: www.authorize.net
• URL: www.cardinalcommerce.com
• URL: www.currencycloud.com
• URL: www.yellowpepper.com
• URL: www.fraedom.com
• URL: usa.visa.com
• URL: www.tink.com
• URL: www.practicalmoneyskills.com
• URL: www.practicalbusinessskills.org
• URL: www.practicalmoneyskills.org
• URL: sandbox.secure.checkout.visa.com
• URL: www.visainfinite.ca
• URL: http://myvisainfinite.com/suntrust/en_us/home.html
• URL: http://www.myvisacardportal.com/welcome/enbd/product/#
• URL: ebctest.cybersource.com
• URL: developer.cybersource.com
• URL: sandbox.authorize.net
• URL: developer.authorize.net
• URL: developer.visa.com
• URL: test.payworks.io
• URL: console.tink.com
• URL: developer.currencycloud.com
• URL: direct-demo.currencycloud.com
• URL: https://www.visa.com.az/az_az/account/registration
• URL: https://ebctest.cybersource.com/merchant-mgmt/
• URL: https://ebctest.cybersource.com/ums
• URL: visa.com.bo
• URL: https://ebctest.cybersource.com/cds/

In Scope Assets:

• URL: www.vodafone.om
• URL: apix.vodafone.om
• URL: vfo01.vodafone.om
• URL: vfo02.vodafone.om
• URL: vfo03.vodafone.om
• IOS: 1589071345
• ANDROID: om.vodafone.mva