Scope Data

In Scope Assets:

• OTHER: Bitdefender Total Security
• URL: *.bitdefender.net
• OTHER: Bitdefender Antimalware Engines
• URL: *.bitdefender.com
• OTHER: https://www.bitdefender.com/business/smb-products/business-security.html?cid=ppc|b|google|smb&s_kwcid=AL!6076!3!514235572261!p!!g!!bitdefender%20business&utm_term=bitdefender%20business&utm_campaign=USA+SMB+Branded+30&utm_source=adwords&utm_medium=ppc&hsa_acc=8155205354&hsa_cam=7848657822&hsa_grp=124745713150&hsa_ad=514235572261&hsa_src=g&hsa_tgt=kwd-308396066873&hsa_kw=bitdefender%20business&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwqIiFBhAHEiwANg9szk-Rr3iSn4mrwsvAUOn-pzrO12ufWDmyCLopWigaLQW0t_xtlBE65RoCr6kQAvD_BwE

Out of Scope Assets:

• URL: partner-marketing.bitdefender.com/ (OOS)
• URL: businessinsights.bitdefender.com (OOS)
• URL: businessemail.bitdefender.com (OOS)
• URL: businessresources.bitdefender.com (OOS)
• URL: oemhub.bitdefender.com (OOS)
• URL: oemresources.bitdefender.com (OOS)
• URL: community.bitdefender.com/ (OOS)
• URL: resellerportal.bitdefender.com/ (OOS)
• URL: brand.bitdefender.com/ (OOS)
• URL: stats.bitdefender.com/ (OOS)
• URL: sstats.bitdefender.com/ (OOS)
• URL: lsems.gravityzone.bitdefender.com/ (OOS)
• URL: ssems.gravityzone.bitdefender.com/ (OOS)
• URL: https://crp.bitdefender.com (OOS)
• URL: https://telcosuccess.bitdefender.com (OOS)
• URL: demo.bitdefender.com (OOS)
• URL: translate.bitdefender.com (OOS)

In Scope Assets:

• IOT: Bitdefender BOX v2

Out of Scope Assets:

• IOS: Bitdefender Central (iOS App) (OOS)
• ANDROID: Bitdefender Central (Android App) (OOS)
• URL: central.bitdefender.com (OOS)

In Scope Assets:

• URL: https://www.bitgo.com
• URL: https://app.bitgo.com
• URL: https://app.bitgo-test.com

In Scope Assets:

• URL: https://web.bitpanda.com
• URL: https://www.bitpanda.com/
• URL: https://api.bitpanda.com
• URL: wss://socket.bitpanda.com
• OTHER: All the Blockchain Infrastructure
• URL: https://account.bitpanda.com
• ANDROID: https://play.google.com/store/apps/details?id=com.bitpanda.bitpanda
• IOS: https://apps.apple.com/app/bitpanda-buy-bitcoin-crypto/id1449018960
• URL: https://blog.bitpanda.com/en
• URL: https://www.bitpanda.com/academy/en/

Out of Scope Assets:

• URL: https://support.bitpanda.com (OOS)
• URL: https://maintenance.bitpanda.com (OOS)
• URL: https://beta.bitpanda.com (OOS)
• URL: https://developers.bitpanda.com (OOS)
• URL: http://partners.whitelabel.bitpanda.com/ (OOS)
• URL: http://status.bitpanda.com (OOS)
• URL: https://requests.bitpanda.com (OOS)
• URL: https://*.exchange.bitpanda.com (OOS)

In Scope Assets:

• URL: https://bitso.com
• URL: https://nvio.mx/
• URL: https://nvio.ar/
• IOS: https://apps.apple.com/us/app/bitso-buy-bitcoin-easily/id1292836438
• IOS: https://apps.apple.com/us/app/bitso-alpha-crypto-trade-pro/id1539469172
• ANDROID: https://play.google.com/store/apps/details?id=com.bitso.wallet&pcampaignid=web_share
• ANDROID: https://play.google.com/store/apps/details?id=com.bitso.alpha

Out of Scope Assets:

• URL: help.bitso.com (OOS)
• URL: status.bitso.com (OOS)
• URL: dev.bitso.com (OOS)
• URL: blog.bitso.com (OOS)
• URL: stage.bitso.com (OOS)
• URL: landing.bitso.com (OOS)
• URL: devmalta.bitso.com (OOS)
• URL: edu.bitso.com (OOS)
• URL: sandbox.bitso.com (OOS)
• URL: api-dev.bitso.com (OOS)
• URL: api-stage.bitso.com (OOS)
• URL: api-sandbox.bitso.com (OOS)
• URL: stagemalta.bitso.com (OOS)
• URL: *.otc.bitso.com (OOS)
• URL: *.efx.bitso.com (OOS)
• URL: quetzal.bitso.com (OOS)
• URL: login.bitso.io (OOS)
• URL: bitsohelp.zendesk.com (OOS)
• URL: support.bitso.com (OOS)

In Scope Assets:

• URL: https://www.bitstamp.net/
• URL: *.bitstamp.net - Bitstamp Supporting Services
• IOS: https://apps.apple.com/us/app/bitstamp/id1406825640
• ANDROID: https://play.google.com/store/apps/details?id=net.bitstamp.app
• ANDROID: https://play.google.com/store/apps/details?id=net.bitstamp.appgo

Out of Scope Assets:

• URL: https://perps-test.bitstamp.net (OOS)

In Scope Assets:

• IOS: https://apps.apple.com/ee/app/bolt-fast-affordable-rides/id675033630
• ANDROID: https://play.google.com/store/apps/details?id=ee.mtakso.client
• IOS: https://apps.apple.com/ee/app/bolt-food/id1451492388
• ANDROID: https://play.google.com/store/apps/details?id=com.bolt.deliveryclient
• URL: https://taxify.eu/
• URL: https://bolt.eu/

Out of Scope Assets:

• ANDROID: https://play.google.com/store/apps/details?id=ee.mtakso.driver (OOS)
• IOS: https://apps.apple.com/ee/app/bolt-driver/id897442736 (OOS)
• URL: *.test.bolt.eu (OOS)
• URL: *.test.taxify.eu (OOS)
• URL: business-old.bolt.eu (OOS)

In Scope Assets:

• URL: REDACTED
• URL: REDACTED

Out of Scope Assets:

• OTHER: REDACTED (OOS)
• OTHER: REDACTED (OOS)
• OTHER: REDACTED (OOS)
• OTHER: REDACTED (OOS)

In Scope Assets:

• URL: https://docs.bugcrowd.com/
• URL: https://bugcrowd.com/programs
• URL: https://tracker.bugcrowd.com
• URL: https://api.bugcrowd.com
• URL: https://identity.bugcrowd.com/
• URL: *.bugcrowd.com/auth/*

Out of Scope Assets:

• URL: bugcrowd*.freshdesk.com (OOS)
• URL: https://www.bugcrowd.com (OOS)
• URL: blog.bugcrowd.com (OOS)
• URL: researcherdocs.bugcrowd.com (OOS)
• URL: pages.bugcrowd.com (OOS)
• URL: forum.bugcrowd.com (OOS)
• URL: email.bugcrowd.com (OOS)
• URL: email.forum.bugcrowd.com (OOS)
• URL: https://go.bugcrowd.com (OOS)
• URL: events.bugcrowd.com (OOS)
• URL: https://assetinventory.bugcrowd.com (OOS)
• URL: https://community.bugcrowd.com (OOS)
• URL: trust.bugcrowd.com (OOS)
• OTHER: Social Engineering (OOS)

In Scope Assets:

• URL: https://bullish.com/
• URL: https://investor.bullish.com/

Out of Scope Assets:

• URL: https://*.bullish.com (OOS)
• URL: https://simnext.bullish-test.com (OOS)

In Scope Assets:

• URL: https://simnext.bullish-test.com
• URL: https://api.simnext.bullish-test.com

Out of Scope Assets:

• URL: *.bullish.com/ (OOS)

In Scope Assets:

• URL: https://www.canva.com
• URL: https://www.canva.com/developers/
• OTHER: Apps SDK Sandboxing
• URL: https://api.canva.com
• URL: *.canva.com
• URL: *.canva-apps.com
• URL: https://*.canva.tech
• URL: https://www.canva.com/en_au/help/chatgpt-templates/
• URL: https://www.canva.com/integrations/slack/
• OTHER: Canva Desktop (macOS / Windows)
• IOS: Canva (iOS)
• ANDROID: Canva (Android)
• OTHER: Canva (Chrome Extension)
• URL: *.canva.cn
• URL: *.canva-apps.cn
• OTHER: Leaked Credentials and Secrets (Canva Employee/Contractor)
• OTHER: Leaked Credentials and Secrets (Canva User)
• OTHER: 3rd-Party Provider Vulnerability

In Scope Assets:

• IOS: https://itunes.apple.com/app/carrefour-uae/id626805470
• ANDROID: https://play.google.com/store/apps/details?id=com.aswat.carrefouruae
• URL: https://www.carrefouruae.com/
• URL: https://api-prod.retailsso.com

Out of Scope Assets:

• URL: https://cwingsfe.mafrservices.com/login (OOS)

In Scope Assets:

• IOS: https://itunes.apple.com/us/app/cash-app/id711923939?mt=8
• ANDROID: https://play.google.com/store/apps/details?id=com.squareup.cash
• URL: https://cash.app
• URL: *.cashstaging.app

In Scope Assets:

• URL: http://data-api.coindesk.com/

Out of Scope Assets:

• URL: https://www.coindesk.com/ (OOS)
• URL: https://uat.coindesk.com/ (OOS)
• URL: https://events.coindesk.com (OOS)
• URL: https://consensus2025.coindesk.com/ (OOS)
• URL: https://consensus-hongkong2025.coindesk.com/ (OOS)
• URL: https://data.coindesk.com/ (OOS)
• URL: https://developers.coindesk.com (OOS)

In Scope Assets:

• URL: https://www.foreignaffairs.com/
• URL: https://www.cfr.org/
• URL: https://thinkglobalhealth.org
• URL: https://education.cfr.org/

Out of Scope Assets:

• URL: https://subs.foreignaffairs.com (OOS)
• URL: https://subscribe.foreignaffairs.com (OOS)
• URL: https://world101.cfr.org/ (OOS)
• URL: https://modeldiplomacy.cfr.org (OOS)

In Scope Assets:

• URL: All Chime Assets
• URL: *.chimepayments.com
• URL: https://*.chime.com
• URL: *.1debit.com
• URL: *.chimecard.com
• URL: *.chmfin.com
• URL: *.chimebank.com
• URL: https://www.chime.com
• URL: https://app.chime.com
• ANDROID: https://play.google.com/store/apps/details?id=com.onedebit.chime
• IOS: https://apps.apple.com/us/app/chime-mobile-banking/id836215269
• IOS: https://app.bitrise.io/app/5bec038cb1e318cd/build/0e56ea84-4683-4ef6-8d3e-60eb0a012c25/artifact/cf0e6abc6528df88/p/85802412acd014f154decf14e4bb8c57
• ANDROID: https://app.bitrise.io/app/5bec038cb1e318cd/build/e071d2ed-1b34-41d7-88ac-78d683fce9c7/artifact/4edf32abe1b497ea/p/2f6cacc3a3ca02df5fc194248bfb15b7
• URL: http://member-qa.chime.com/enroll
• URL: http://app-qa.chime.com/users/sign_in
• URL: *.saltlabs.com
• URL: https://app.saltlabs.com/
• ANDROID: https://play.google.com/store/apps/details?id=com.saltlabs.app
• IOS: https://apps.apple.com/us/app/salt-work-and-get-rewarded/id1668462142
• URL: https://app.staging.saltlabs.com/

Out of Scope Assets:

• URL: Non Chime Owned Assets (see list at the bottom) (OOS)
• URL: https://chime.financial (OOS)
• URL: https://chimescholars.org (OOS)

In Scope Assets:

• URL: *.meraki.com
• URL: *.ikarem.io
• OTHER: Cisco Meraki Systems Manager
• OTHER: Cisco Meraki Virtual Security Appliances
• URL: *.network-auth.com
• IOS: Cisco Meraki Dashboard Mobile Application (iOS and Android)
• HARDWARE: Cisco Meraki MX Security Appliances
• HARDWARE: Cisco Meraki MS Switches
• HARDWARE: Cisco Meraki MR Access Points
• HARDWARE: Cisco Meraki MV Security Cameras
• HARDWARE: Cisco Meraki Z Series (Z1,Z3(C))
• URL: https://meraki.cisco.com
• URL: apps.meraki.io

Out of Scope Assets:

• URL: merakipartners.com (OOS)
• URL: developers.meraki.com (OOS)
• URL: smhelp.meraki.com (OOS)
• URL: community.meraki.com (OOS)
• URL: community-staging.meraki.com (OOS)
• URL: *.cisco.com (OOS)
• URL: meraki.cisco.com/form/contact (OOS)
• URL: Customer API Keys (OOS)
• HARDWARE: Meraki MC Phones (OOS)
• URL: documentation.meraki.com (OOS)

In Scope Assets:

• IOS: https://apps.apple.com/us/app/classdojo/id552602056
• URL: https://api.classdojo.com
• ANDROID: https://play.google.com/store/apps/details?id=com.classdojo.android
• URL: https://teach.classdojo.com
• URL: https://student.classdojo.com
• URL: https://www.classdojo.com
• URL: https://home.classdojo.com
• URL: https://dev.tutoring.classdojo.com
• URL: https://ws.multiplayer.classdojo.com/
• URL: https://ticket.multiplayer.classdojo.com
• URL: https://clients.multiplayer.classdojo.com/launcher/prod/latest
• URL: https://monster-customizer.classdojo.com/cf6dfa68-1a81-4c6d-bc0b-38f3666b37d6/index.html
• URL: *.classdojo.com
• URL: *.classdojo.co.uk
• URL: *.doj.io
• URL: *.dojo.me

In Scope Assets:

• URL: https://clickhou.se/bugcrowd
• OTHER: ClickHouse Cloud environment hosted by ClickHouse
• OTHER: https://github.com/ClickHouse/ClickHouse

Out of Scope Assets:

• URL: New support cases, Chat, Request new integration form (OOS)
• URL: Share feedback form (OOS)
• URL: Vulnerability scanners (OOS)
• URL: https://learn.clickhouse.com/ (OOS)

In Scope Assets:

• URL: https://cloudinary.com/console
• URL: https://api.cloudinary.com
• URL: https://res.cloudinary.com
• URL: https://mediaflows.cloudinary.com/
• URL: https://dimensions.cloudinary.com

Out of Scope Assets:

• URL: https://support.cloudinary.com (OOS)
• URL: wiki.cloudinary.com (OOS)

In Scope Assets:

• URL: https://marketplace.atlassian.com/apps/1218652/deep-clone-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219514/merge-agent-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1220136/quick-filters-for-jira-dashboards?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219476/comment-custom-fields-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1221733/external-data-for-confluence?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219288/comment-history-log-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1215055/slack-for-confluence?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219807/version-sync-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1218211/secure-google-calendar-for-confluence?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219994/external-data-for-jira-fields?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1232630/external-data-for-jira-fields-extension?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1222978/dynamic-fields-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1223455/advanced-bulk-edit-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1226627/prime-custom-fields-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1230689/easy-confluence-gadget-for-jira-dashboards?hosting=cloud

In Scope Assets:

• URL: https://adhoc-bugcrowd.cdn-code.org
• URL: https://adhoc-bugcrowd-studio.cdn-code.org

Out of Scope Assets:

• URL: https://hourofcode.com (OOS)
• URL: advocacy.code.org (OOS)

In Scope Assets:

• URL: staging.coindesk.com
• URL: staging.auth.coindesk.com

Out of Scope Assets:

• URL: https://www.coindesk.com/ (OOS)
• URL: https://uat.coindesk.com/indices (OOS)
• URL: https://uat.coindesk.com/events (OOS)
• URL: https://events.coindesk.com (OOS)
• URL: https://consensus2023.coindesk.com/ (OOS)
• URL: https://consensus2024.coindesk.com/ (OOS)
• URL: https://consensus2025.coindesk.com/ (OOS)
• URL: https://consensus-hongkong2025.coindesk.com/ (OOS)
• URL: https://uat.coindesk.com/ (OOS)
• URL: https://uat.accounts.coindesk.com (OOS)

In Scope Assets:

• IOS: https://apps.apple.com/us/app/coindesk-crypto-bitcoin-news/id6502816903
• ANDROID: https://play.google.com/store/apps/details?id=com.coindesk.mobile

In Scope Assets:

• URL: *.xfinity.com
• URL: *.comcast.com
• URL: *.xcal.tv
• URL: Staging, QA, Dev, and Test Environments

Out of Scope Assets:

• URL: *.hfc.comcastbusiness.net (OOS)
• URL: *.hsd1.*.comcast.net (OOS)
• URL: *business.comcast.com (OOS)
• CIDR: 10.0.0.0/8 (OOS)
• CIDR: 50.128.0.0/12 (OOS)
• CIDR: 50.152.0.0/13 (OOS)
• CIDR: 96.201.0.0/16 (OOS)
• CIDR: 96.202.128.0/17 (OOS)
• CIDR: 96.203.0.0/16 (OOS)
• CIDR: 172.26.128.0/18 (OOS)
• CIDR: 184.112.0.0/13 (OOS)
• CIDR: 184.122.0.0/15 (OOS)
• URL: NBC Universal (OOS)
• URL: Sky (OOS)
• URL: *.sys.comcast.net (OOS)
• URL: admin.selectwifi.xfinity.com (OOS)

In Scope Assets:

• URL: *.sys.comcast.net
• URL: https://business.comcast.com/account
• HARDWARE: TV - Xfinity hardware and services
• HARDWARE: Flex - Xfinity hardware and services
• HARDWARE: Voice - Hardware and service
• OTHER: https://www.xfinity.com/apps

Out of Scope Assets:

• URL: https://www.comcastbiz.net/ (OOS)

In Scope Assets:

• URL: https://consensus2024.sandbox.events.coindesk.com/

Out of Scope Assets:

• URL: https://uat.coindesk.com/ (OOS)
• URL: https://uat.coindesk.com/indices (OOS)
• URL: https://uat.coindesk.com/events (OOS)
• URL: https://events.coindesk.com (OOS)
• URL: https://uat.accounts.coindesk.com (OOS)
• URL: https://consensus-hongkong2025.coindesk.com/ (OOS)
• URL: https://consensus2023.coindesk.com/ (OOS)
• URL: https://consensus2024.coindesk.com/ (OOS)
• URL: https://consensus2025.coindesk.com/ (OOS)

In Scope Assets:

• URL: https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?hosting=cloud&tab=overview
• URL: https://marketplace.atlassian.com/apps/1223249/mailto-wiki-send-emails-to-confluence?tab=overview&hosting=server
• URL: https://marketplace.atlassian.com/apps/1223249/mailto-wiki-email-for-confluence?hosting=datacenter&tab=overview

In Scope Assets:

• URL: https://www.cyberghostvpn.com/
• URL: *.cyberghost.com
• URL: https://cyberghost.com
• URL: cyberghost.app
• OTHER: https://www.cyberghostvpn.com/vpn-server
• URL: CyberGhost APIs
• IOS: https://apps.apple.com/us/app/id583009522
• ANDROID: https://play.google.com/store/apps/details?id=de.mobileconcepts.cyberghost
• OTHER: https://www.cyberghostvpn.com/en_US/apps/macos-vpn
• OTHER: https://www.cyberghostvpn.com/en_US/apps/windows-vpn
• OTHER: https://www.cyberghostvpn.com/en_US/apps/linux-vpn
• OTHER: https://addons.mozilla.org/en-US/firefox/addon/cyberghost-vpn-free-proxy/
• OTHER: https://chrome.google.com/webstore/detail/stay-secure-with-cybergho/ffbkglfijbcbgblgflchnbphjdllaogb
• CIDR: polymoon.it
• OTHER: Employee Email
• OTHER: Internal chat messages
• OTHER: Vulnerabilities compromising the privacy of our employees
• OTHER: Source code hosting

In Scope Assets:

• URL: *.dell.com/*
• URL: *.delltechnologies.com/*
• URL: https://console.delltechnologies.com/nav/administration
• URL: https://console.delltechnologies.com/nav/invoice
• URL: https://console.delltechnologies.com/nav/billing
• OTHER: Any Verified Dell-Controlled Endpoint (domains/IP space/etc.)

Out of Scope Assets:

• URL: https://console.delltechnologies.com/ (OOS)
• URL: https://console.delltechnologies.com/nav/catalog (OOS)
• URL: https://console.delltechnologies.com/nav/support (OOS)
• URL: https://console.delltechnologies.com/nav/subscriptions (OOS)
• URL: educate.dell.com (OOS)
• URL: console.dell.com (OOS)
• URL: console-test.dell.com (OOS)
• URL: salesproductivity.dell.com (OOS)

In Scope Assets:

• OTHER: Actively Supported, Bounty Eligible Dell Products
• HARDWARE: Actively Supported, Non-Reward Eligible Dell Products

Out of Scope Assets:

• URL: *.dell.com/* (OOS)
• URL: *.delltechnologies.com/* (OOS)
• OTHER: Virtual Appliance (vApp) Manager (OOS)
• OTHER: Dell ObjectScale (OOS)
• OTHER: Dell Digital Delivery (OOS)

In Scope Assets:

• URL: app.sandbox.directly.com
• URL: *.sandbox.directly.com/
• URL: https://sandbox.directly.com/dashboard/index

Out of Scope Assets:

• URL: www.directly.com (OOS)
• URL: resources.directly.com/* (OOS)
• URL: *.sandbox.directly.com/schedule-a-demo/* OR /product/* OR /careers/* OR /about/* OR /legal/* OR /trust/* (OOS)

In Scope Assets:

• URL: api.dropboxapi.com
• URL: *.dropbox.com
• URL: *.hellosign.com
• URL: *.helloworks.com
• URL: *.hellofax.com
• URL: *.dropboxforum.com
• URL: *.docsend.com
• URL: *.dropboxer.net
• URL: https://www.dash.ai/
• URL: https://dropboxpartners.com
• URL: https://reclaim.ai
• ANDROID: https://play.google.com/store/apps/details?id=com.dropbox.paper&hl=en_US&gl=US
• IOS: https://apps.apple.com/us/app/dropbox-secure-cloud-storage/id327630330
• IOS: https://apps.apple.com/us/app/paper-by-dropbox/id1126623662
• IOS: https://apps.apple.com/us/app/dropbox-emm/id1080074001
• OTHER: https://www.dropbox.com/desktop
• OTHER: https://www.dropbox.com/capture
• OTHER: https://www.dropbox.com/capture
• ANDROID: https://play.google.com/store/apps/details?id=com.dropbox.android&hl=en_US&gl=US
• ANDROID: https://play.google.com/store/apps/details?id=com.dropbox.app.hellosign&hl=en_US&gl=US
• OTHER: https://www.dropbox.com/paper
• OTHER: https://dropbox.com/dash/download
• URL: https://app.reclaim.ai

In Scope Assets:

• OTHER: https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=server
• URL: https://marketplace.atlassian.com/apps/1211051/eazybi-reports-and-charts-for-jira?hosting=datacenter
• OTHER: https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=cloud
• URL: https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=server
• URL: https://marketplace.atlassian.com/apps/1219504/eazybi-reports-and-charts-for-confluence?hosting=datacenter
• URL: https://docs.eazybi.com/

In Scope Assets:

• URL: https://my.electroneum.com/
• URL: https://electroneum.com/
• URL: https://api.electroneum.com/
• ANDROID: https://play.google.com/store/apps/details?id=com.electroneum.mobile&hl=en_US
• IOS: https://apps.apple.com/us/app/electroneum/id1270774992
• URL: https://api.anytask.com/
• URL: https://www.anytask.com/
• OTHER: https://github.com/electroneum/electroneum-sc/
• URL: https://blockexplorer.electroneum.com
• URL: https://my.thesecurityteam.rocks/
• URL: https://anytask.thesecurityteam.rocks/

In Scope Assets:

• URL: https://elementor.com/
• URL: https://my.elementor.com/
• URL: https://go.elementor.com/
• URL: https://translate.elementor.com/
• URL: https://developers.elementor.com/
• URL: https://he.elementor.com/
• URL: https://code.elementor.com/
• URL: https://library.elementor.com/
• URL: https://app.strattic.com

In Scope Assets:

• URL: https://casino.partycasino.com
• URL: https://casino.bwin.com
• URL: https://casino.sportingbet.com
• URL: https://www.ladbrokes.com/en/games
• URL: https://www.coral.co.uk/en/games
• URL: https://casino.*.betmgm.com/en/games (read "Find a Game to test on our targets")

In Scope Assets:

• URL: https://www.partypoker.com
• URL: https://www.ladbrokes.com
• URL: https://www.coral.co.uk
• URL: https://www.galabingo.com
• URL: https://www.partycasino.com
• URL: https://www.bwin.com
• ANDROID: http://media.itsfogo.com/media/upload/mobile/android/apk/partycasino_com.apk
• IOS: https://apps.apple.com/gb/app/bwin-poker-and-casino-games/id410242773
• IOS: https://apps.apple.com/gb/app/bwin-sports-betting/id393760245
• IOS: https://apps.apple.com/gb/app/partycasino-play-casino-games/id818432894
• IOS: https://apps.apple.com/gb/app/partypoker-texas-holdem-poker/id687740281
• URL: https://www.galacasino.com

In Scope Assets:

• OTHER: https://*.epam.com
• URL: https://www.epam.com/
• URL: https://projects.epam.com
• URL: https://lab.epam.com
• URL: https://opensource.epam.com
• URL: *.emakina.nl
• URL: *.emakina.group
• URL: *.emakina.com
• URL: *.emakina.ch
• URL: *.emakina.fr
• URL: *.emakina.us
• URL: *.emakina.at
• URL: open redirect at *.epam.com
• URL: Open redirect at *.projects.epam.com, *.lab.epam.com, *.opensource.epam.com
• OTHER: In Scope - Points only

Out of Scope Assets:

• URL: https://ethics.epam.com/ (OOS)
• URL: https://profile.epam.com (OOS)
• URL: https://carbon.epam.com/ (OOS)
• URL: https://www.infongen.com/ (OOS)
• URL: http://ebn.epam.com/ (OOS)
• URL: https://solutionshub.epam.com/ (OOS)
• URL: https://www.telescopeai.com/ (OOS)
• URL: https://wearecommunity.io/ (OOS)
• URL: https://cami.lab.epam.com/ (OOS)
• URL: https://ellie.lab.epam.com/ (OOS)
• URL: https://apex.lab.epam.com/ (OOS)
• URL: https://investors.epam.com/ (OOS)
• URL: https://ecsd00300769.epam.com/ (OOS)
• URL: https://display.epam.com/ (OOS)
• URL: https://info.epam.com (OOS)
• URL: https://admin-ui.preship.gcp.gnrg-osdu.projects.epam.com (OOS)
• URL: https://support.epam.com/ (OOS)
• URL: https://customersupport.epam.com/ (OOS)
• URL: https://supportnow.epam.com/ (OOS)
• URL: https://anywhere.epam.com/ (OOS)

In Scope Assets:

• URL: https://www.etsy.com
• ANDROID: https://www.etsy.com/mobile
• IOS: https://www.etsy.com/mobile
• URL: https://www.etsy.com/developers/documentation/getting_started/api_basics
• OTHER: https://etsypayments.com
• URL: https://blog.etsy.com
• URL: https://careers.etsy.com
• URL: https://help.etsy.com
• URL: https://community.etsy.com
• URL: *.etsy.com

Out of Scope Assets:

• URL: icht.etsysecure.com (OOS)

In Scope Assets:

• URL: https://portal.exoscale.com/
• URL: https://api-ch-gva-2.exoscale.com/v2
• URL: https://sos-ch-gva-2.exo.io/
• URL: https://internal.exoscale.ch
• URL: https://api-ch-gva-2.exoscale.com/v2
• URL: https://api-ch-gva-2.exoscale.com/v2
• OTHER: https://sks-ch-gva-2.exo.io
• OTHER: Virtualisation layer

Out of Scope Assets:

• URL: https://www.exoscale.com (OOS)
• URL: https://community.exoscale.com (OOS)
• OTHER: Marketplace products (OOS)
• URL: https://academy.exoscale.com (OOS)
• URL: CDN service (OOS)
• URL: https://jobs.exoscale.com (OOS)
• URL: https://changelog.exoscale.com (OOS)
• URL: https://openapi-v2.exoscale.com/ (OOS)
• URL: http://zammad.internal.exoscale.ch/ (OOS)
• URL: https://exoscalestatus.com/ (OOS)

In Scope Assets:

• URL: *.expressvpn.com
• OTHER: *.xvtest.net
• OTHER: *.xvservice.net
• URL: https://www.expressvpn.com
• URL: ExpressVPN APIs
• OTHER: https://www.expressvpn.com/vpn-server
• OTHER: ExpressVPN Router
• OTHER: MediaStreamer DNS servers
• IOS: https://apps.apple.com/us/app/expressvpn-fast-secure-vpn/id886492891?mt=8
• ANDROID: https://apps.apple.com/us/app/expressvpn-fast-secure-vpn/id886492891?mt=8
• OTHER: https://www.expressvpn.com/latest#linux
• OTHER: https://www.expressvpn.com/latest#mac
• OTHER: https://www.expressvpn.com/latest#windows
• OTHER: https://chromewebstore.google.com/detail/expressvpn-vpn-proxy-for/fgddmllnllkalaagkghckoinaemmogpe?pli=1
• OTHER: https://addons.mozilla.org/en-US/firefox/addon/expressvpn/
• OTHER: https://chromewebstore.google.com/detail/expressvpn-keys-password/blgcbajigpdfohpgcmbbfnphcgifjopc
• OTHER: https://github.com/expressvpn/lightway-core
• OTHER: https://github.com/expressvpn/lightway
• CIDR: polymoon.it
• OTHER: Employee Email
• OTHER: Internal chat messages
• OTHER: Source code hosting
• OTHER: Vulnerabilities compromising the privacy of our employees

In Scope Assets:

• URL: https://financialforce.com
• URL: https://*.certinia.com

Out of Scope Assets:

• URL: gslink.financialforce.com (OOS)

In Scope Assets:

• URL: Any FIS asset is in scope

Out of Scope Assets:

• URL: https://apuat-aaa.fisglobal.com (OOS)

In Scope Assets:

• URL: https://fivetran.com/login

In Scope Assets:

• URL: https://flo.uri.sh
• URL: https://flourish.studio/
• URL: https://xyzbmojn.net/
• URL: flourish-user-templates.com
• URL: flourish-user-preview.com
• URL: https://*.kiln.it

Out of Scope Assets:

• URL: https://training.flourish.studio (OOS)

In Scope Assets:

• OTHER: REDACTED
• URL: REDACTED
• URL: REDACTED
• URL: REDACTED
• URL: REDACTED
• OTHER: REDACTED

In Scope Assets:

• OTHER: https://github.com/freedomofpress/securedrop
• OTHER: https://github.com/freedomofpress/securedrop-log
• OTHER: https://github.com/freedomofpress/securedrop-proxy
• OTHER: https://github.com/freedomofpress/securedrop-sdk
• OTHER: https://github.com/freedomofpress/securedrop-workstation
• OTHER: https://github.com/freedomofpress/securedrop-client
• OTHER: https://github.com/freedomofpress/securedrop-export
• OTHER: https://github.com/freedomofpress/securedrop-debian-packaging

In Scope Assets:

• URL: https://staging.gearset.com/
• URL: https://staging.gearset.com/
• URL: https://hipaa.staging.gearset.com/

Out of Scope Assets:

• URL: api.gearset.com (OOS)
• URL: app.gearset.com (OOS)
• URL: us.app.gearset.com (OOS)
• URL: eu.app.gearset.com (OOS)
• URL: ap.app.gearest.com (OOS)
• URL: gearset.com (OOS)