| + | https://hackerone.com/faraday_inc | 4 | 0 | HackerOne |
In Scope Assets:- OTHER: s3://faraday-uploads
- OTHER: s3://faraday-secret
- URL: app.faraday.ai
- URL: api.faraday.ai
|
| + | https://hackerone.com/fetlife | 3 | 9 | HackerOne |
In Scope Assets:- URL: fetlife.com
- WILDCARD: *.fetlife.com
- URL: fetlifemail.com
Out of Scope Assets:- URL: status.fetlife.com (OOS)
- ANDROID: com.bitlove.fetlife (OOS)
- URL: mail.fetlife.com (OOS)
- URL: n2.fetlife.com (OOS)
- URL: fetlifestatus.com (OOS)
- IOS: co.bitlove.opensource.FetLife (OOS)
- OTHER: Requests to our ad endpoints (on any server): `/ads/serve`, `/ads/application_serve*`, and `/ads/click/*` (OOS)
- WILDCARD: *.bitlove.co (OOS)
- URL: bitlove.co (OOS)
|
| + | https://hackerone.com/figma | 7 | 1 | HackerOne |
In Scope Assets:- URL: www.figma.com
- URL: api.figma.com
- OTHER: Figma Atlassian App
- OTHER: Figma Desktop App
- OTHER: Figma iOS and Android apps
- OTHER: Figma Slack App
- OTHER: Figma for Microsoft Teams
Out of Scope Assets:- URL: www.designsystems.com (OOS)
|
| + | https://hackerone.com/files | 10 | 3 | HackerOne |
In Scope Assets:- URL: app.files.com
- URL: your-assigned-subdomain.files.com
- URL: www.files.com
- OTHER: FIles.com REST API
- OTHER: Files.com SDK's
- EXECUTABLE: Files.com Command Line Interface (CLI) App
- EXECUTABLE: Files.com Desktop v4 App (previously known as Desktop App)
- EXECUTABLE: Files.com Desktop v6 App
- OTHER: Files.com Mobile App
- EXECUTABLE: Files.com On-Premise Agent
Out of Scope Assets:- URL: developers.files.com (OOS)
- URL: status.files.com (OOS)
- URL: mail.files.com (OOS)
|
| + | https://hackerone.com/fireblocks | 4 | 1 | HackerOne |
In Scope Assets:- URL: sandbox.fireblocks.io
- URL: http://sb-mobile-api.fireblocks.io
- URL: http://sb-console-api.fireblocks.io
- URL: http://sandbox-api.fireblocks.io
Out of Scope Assets:- OTHER: 3rd party integrations (OOS)
|
| + | https://hackerone.com/fireblocks_mpc | 1 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/fireblocks/mpc-lib
|
| + | https://hackerone.com/flickr | 3 | 16 | HackerOne |
In Scope Assets:- WILDCARD: *.flickr.com
- IOS: 328407587
- ANDROID: com.yahoo.mobile.client.android.flickr
Out of Scope Assets:- URL: blog.flickr.com (OOS)
- URL: amt.flickr.com (OOS)
- URL: appletv.flickr.com (OOS)
- URL: blogtest.flickr.com (OOS)
- URL: bluebird.flickr.com (OOS)
- URL: code.flickr.com (OOS)
- URL: csp.flickr.com (OOS)
- URL: guce.flickr.com (OOS)
- URL: stage.guce.flickr.com (OOS)
- URL: trunk.guce.flickr.com (OOS)
- URL: health.flickr.com (OOS)
- URL: help.flickr.com (OOS)
- URL: parkorbird.flickr.com (OOS)
- URL: links.flickr.com (OOS)
- WILDCARD: *.flickr.net (OOS)
- URL: flickrhelp.com (OOS)
|
| + | https://hackerone.com/flipkart | 6 | 4 | HackerOne |
In Scope Assets:- URL: https://api.myntra.com
- URL: https://payments.myntra.com
- URL: https://www.myntra.com
- URL: https://www.flipkart.com
- URL: https://pay.payzippy.com
- URL: https://uiscoop.payzippy.com
Out of Scope Assets:- URL: https://apps.apple.com/in/app/flipkart-online-shopping-app/id742044692 (OOS)
- URL: https://play.google.com/store/apps/details?id=com.flipkart.android (OOS)
- ANDROID: https://play.google.com/store/apps/details?id=com.myntra.android (OOS)
- IOS: https://apps.apple.com/in/app/myntra-fashion-shopping-app/id907394059 (OOS)
|
| + | https://hackerone.com/floqast | 4 | 4 | HackerOne |
In Scope Assets:- WILDCARD: *.eu.floqast.app
- URL: api-eu.floqast.app
- WILDCARD: *.floqast.app
- WILDCARD: https://*.floqast.engineering
Out of Scope Assets:- WILDCARD: *.floqast.com (OOS)
- WILDCARD: *.floqast.studio (OOS)
- OTHER: Any Asset Not Specifically Listed as In-Scope (OOS)
- OTHER: s3://floqast (OOS)
|
| + | https://hackerone.com/flutteruki | 42 | 36 | HackerOne |
In Scope Assets:- WILDCARD: *.betfair.com
- WILDCARD: *.paddypower.com
- WILDCARD: *.betfair.es
- WILDCARD: *.betfair.it
- WILDCARD: *.betfair.ro
- WILDCARD: *.betfair.se
- WILDCARD: *.paddypower.it
- ANDROID: com.paddypower.sportsbook.u.inhouse
- ANDROID: com.betfair.sportsbook
- ANDROID: com.betfair.exchange
- WILDCARD: *.skygamingcontent.com
- WILDCARD: *.skycasino.com
- WILDCARD: *.sbgcdn.com
- WILDCARD: *.skybet.com
- WILDCARD: *.betviewapi.com
- WILDCARD: *.skypoker.com
- WILDCARD: *.skyvegas.com
- WILDCARD: *.skybingo.com
- WILDCARD: *.sbgcore.com
- WILDCARD: *.platformservices.io
- WILDCARD: *.skybetservices.com
- WILDCARD: *.sbgorigin.com
- WILDCARD: *.sbgservices.com
- WILDCARD: *.bonne-terre-data-layer.com
- WILDCARD: *.skybettingandgaming.com
- WILDCARD: *.msgsvc.io
- WILDCARD: *.operationstechnology.io
- WILDCARD: *.securityservices.io
- WILDCARD: *.skybet.net
- WILDCARD: *.skybet.co.uk
- WILDCARD: *.sbgtest.net
- WILDCARD: *.skybettest.net
- WILDCARD: *.skybettingandgaming.design
- WILDCARD: *.skybettingandgaming.info
- WILDCARD: *.betsharedservices.io
- WILDCARD: *.sportinglife.com
- URL: super6.skysports.com
- URL: itv7.itv.com
- WILDCARD: *.paddypartners.com
- WILDCARD: *.ppbdev.com
- WILDCARD: *.dibz.co.uk
- ANDROID: com.flutter.bem.release
Out of Scope Assets:- WILDCARD: *.us.betfair.com (OOS)
- URL: community.betfair.com (OOS)
- WILDCARD: *.betfair.com.au (OOS)
- WILDCARD: *.sbpartner.it (OOS)
- URL: affiliatehub.skybet.com (OOS)
- URL: partners.skybet.com (OOS)
- WILDCARD: *.skybet.de (OOS)
- WILDCARD: *.skybet.it (OOS)
- WILDCARD: *.skybetcareers.com (OOS)
- URL: technology.skybettingandgaming.com (OOS)
- WILDCARD: *.skybetpartner.de (OOS)
- WILDCARD: *.skybettingandgamingresearch.com (OOS)
- URL: email1.skybet.com (OOS)
- URL: skymail.sky.com (OOS)
- WILDCARD: *.sbgpeople.com (OOS)
- WILDCARD: *.sbga.me (OOS)
- WILDCARD: *.sbg.life (OOS)
- URL: skyrgs.blueprintgaming.com (OOS)
- WILDCARD: *.skybet-it.info (OOS)
- WILDCARD: *.skybetchiusuraconto.it (OOS)
- WILDCARD: *.sbgdataintl.com (OOS)
- WILDCARD: *.sbgcolab.com (OOS)
- WILDCARD: *.skybetgraduates.com (OOS)
- WILDCARD: *.sbggraduates.com (OOS)
- URL: community.skypoker.com (OOS)
- URL: community.staging.skypoker.com (OOS)
- URL: sbagmail.skybettingandgaming.com (OOS)
- WILDCARD: *.s6.sbgservices.com (OOS)
- WILDCARD: *.sbgmail.skybettingandgaming.com (OOS)
- WILDCARD: *.email.skybet.com (OOS)
- WILDCARD: *.skybusinessemail.com (OOS)
- WILDCARD: online.*.skybingo.com (OOS)
- URL: www.betfair.com.co (OOS)
- WILDCARD: *.sbagmail.skybettingandgaming.com (OOS)
- WILDCARD: *.technology.skybettingandgaming.com (OOS)
- URL: support.developer.betfair.com (OOS)
|
| + | https://hackerone.com/forescout_technologies | 64 | 9 | HackerOne |
In Scope Assets:- URL: www.forescout.com
- URL: datapod-2-ingest.acceptance.forescoutcloud.net
- URL: datapod-2-query.acceptance.forescoutcloud.net
- URL: datapod-1-ingest.production.forescoutcloud.net
- URL: datapod-1-query.production.forescoutcloud.net
- URL: mgmtpod-1-dashboard.production.forescoutcloud.net
- URL: mgmtpod-1.production.forescoutcloud.net
- CIDR: 38.140.238.56/29
- CIDR: 97.105.243.96/28
- CIDR: 64.47.18.80/29
- CIDR: 194.90.25.80/29
- CIDR: 194.90.151.192/28
- CIDR: 194.90.89.165/32
- CIDR: 212.143.112.81/29
- URL: logstash-props.devicecloud.acceptance.forescoutcloud.net
- URL: datapod-1-100-druid-ingest.development.forescoutcloud.net
- URL: datapod-1-100-druid-query.development.forescoutcloud.net
- URL: datapod-1-100-druid-ingest.testing.forescoutcloud.net
- URL: a360f0bcc63ca11ea92550aeac091f3d-1101372245.us-east-1.elb.amazonaws.com
- URL: datapod-1-druid-ingest.production.forescoutcloud.net
- URL: datapod-1-100-druid-query.production.forescoutcloud.net
- CIDR: 64.84.60.0/24
- URL: datapod-2-druid-ingest.production.forescoutcloud.net
- URL: https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/upload
- URL: https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/polling
- URL: https://telemetry-polling.devicecloud.acceptance.forescoutcloud.net/v1/package
- URL: http://logstash-props.devicecloud.production.forescoutcloud.net/api/v1/properties
- URL: http://backend-api.devicecloud.production.forescoutcloud.net/api/v1/settings
- URL: http://datapod-1-druid-ingest.production.forescoutcloud.net/v1/upload
- URL: http://mgmtpod-1.production.forescoutcloud.net/oauth/token
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/grouptogroup
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/firstreporttimeentry
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/iplist
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v3/matrixoverview
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/overlappingzones
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v1/query/agg
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v1/polling
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/overlappinggroups
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/matrixoverview
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v3/query/zonetozone
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/deletestatus
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bysrc
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/service-list
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/query/ips/bydst/details
- URL: http://datapod-1-druid-query.production.forescoutcloud.net/v2/services
- URL: iris-testing-us-east-1-nlb-4df4bbde6f6e2bbb.elb.us-east-1.amazonaws.com
- URL: updates.forescout.com
- URL: streaming.iris.acceptance.forescoutcloud.net
- URL: mgmt-sensors.iris.acceptance.forescoutcloud.net
- URL: obs-sensors.iris.acceptance.forescoutcloud.net
- URL: streaming-api.iris.acceptance.forescoutcloud.net
- URL: aebddc74953f248bc8455665b0f7d47b-78af959a11e5d0c1.elb.us-east-1.amazonaws.com
- URL: streaming.iris.production.forescoutcloud.net
- URL: mgmt-sensors.iris.production.forescoutcloud.net
- URL: obs-sensors.iris.production.forescoutcloud.net
- URL: streaming-api.iris.production.forescoutcloud.net
- URL: ab2b0c50cdc7b445391f99d4957850c5-cd4ccfdb37dfafad.elb.us-east-1.amazonaws.com
- URL: streaming-gw.iris.production.forescoutcloud.net
- URL: community.forescout.com
- URL: us.forescout.cloud
- URL: uk.forescout.cloud
- URL: de.forescout.cloud
- HARDWARE: CounterAct 8.4
- URL: cloud.forescout.com
Out of Scope Assets:- URL: datapod-1-100-ingest.development.forescoutcloud.net (OOS)
- URL: datapod-1-100-query.development.forescoutcloud.net (OOS)
- URL: mgmtpod-1-100-dashboard.development.forescoutcloud.net (OOS)
- URL: mgmtpod-1-100.development.forescoutcloud.net (OOS)
- URL: datapod-1-100-ingest.testing.forescoutcloud.net (OOS)
- URL: datapod-1-100-query.testing.forescoutcloud.net (OOS)
- URL: datapod-1-ingest.acceptance.forescoutcloud.net (OOS)
- URL: datapod-1-query.acceptance.forescoutcloud.net (OOS)
- HARDWARE: CounterAct 8.3 (OOS)
|
| + | https://hackerone.com/freshworks | 16 | 10 | HackerOne |
In Scope Assets:- URL: yourdomain.freshdesk.com
- URL: yourdomain.freshservice.com
- URL: yourdomain.freshchat.com
- URL: yourdomain.freshcaller.com
- URL: yourdomain.myfreshworks.com
- OTHER: Freshservice Discovery Agent and Probe
- ANDROID: com.freshservice.helpdesk
- ANDROID: com.freshdesk.helpdesk
- ANDROID: com.freshchat.agent.android
- ANDROID: com.freshworks.freshcaller
- ANDROID: com.freshservice.helpdesk.intune
- IOS: Freshdesk-iOS-App
- IOS: Freshservice-iOS-App
- IOS: Freshchat-iOS-App
- IOS: Freshcaller-iOS-App
- IOS: Freshservice-Intune-iOS-App
Out of Scope Assets:- ANDROID: com.freshdesk.freshsales.mobile (OOS)
- IOS: Freshsales-iOS-App (OOS)
- URL: wchat.freshchat.com (OOS)
- URL: www.freshworks.com (OOS)
- URL: freshworks.atlassian.net (OOS)
- URL: yourdomain.freshsurvey.io (OOS)
- URL: yourdomain.freshstatus.io (OOS)
- URL: yourdomain.freshping.io (OOS)
- URL: http://yourdomain.myfreshworks.com/crm/sales (OOS)
- URL: http://yourdomain.myfreshworks.com/crm/marketer (OOS)
|
| + | https://hackerone.com/frontegg | 2 | 2 | HackerOne |
In Scope Assets:- URL: api.au.frontegg.com
- URL: portal.au.frontegg.com
Out of Scope Assets:- URL: portal.frontegg.com (OOS)
- URL: api.frontegg.com (OOS)
|
| + | https://hackerone.com/fronthq | 6 | 0 | HackerOne |
In Scope Assets:- URL: app.frontapp.com
- URL: api2.frontapp.com
- IOS: com.frontapp.mobile
- ANDROID: com.frontapp.mobile
- EXECUTABLE: Front for Mac
- EXECUTABLE: Front for Windows
|
| + | https://hackerone.com/github | 24 | 12 | HackerOne |
In Scope Assets:- URL: github.com
- URL: api.github.com
- URL: gist.github.com
- HARDWARE: GitHub Enterprise Server
- EXECUTABLE: GitHub Desktop
- URL: classroom.github.com
- URL: *.githubapp.com
- OTHER: GitHub CSP
- URL: *.github.net
- OTHER: GitHub Enterprise Cloud
- OTHER: GitHub Pages
- URL: education.github.com
- OTHER: GitHub Production Credentials
- OTHER: Dependabot
- OTHER: GitHub for mobile
- EXECUTABLE: GitHub CLI
- URL: *.githubusercontent.com
- URL: npmjs.com
- URL: npmjs.org
- EXECUTABLE: npm CLI
- OTHER: Copilot
- OTHER: Copilot Chat on dotcom
- OTHER: Copilot for Business
- OTHER: GitHub Enterprise Cloud with Data Residency (GHEC-DR)
Out of Scope Assets:- URL: enterprise.github.com (OOS)
- EXECUTABLE: Atom (OOS)
- EXECUTABLE: Electron (OOS)
- URL: *.github.io (OOS)
- URL: git.io (OOS)
- URL: spectrum.chat (OOS)
- URL: github.blog (OOS)
- EXECUTABLE: GitHub Classroom Assistant (OOS)
- URL: http://education.github.com/forum (OOS)
- URL: blog.github.com (OOS)
- URL: community.github.com (OOS)
- URL: shop.github.com (OOS)
|
| + | https://hackerone.com/gitlab | 20 | 24 | HackerOne |
In Scope Assets:- URL: customers.gitlab.com
- URL: registry.gitlab.com
- URL: gitlab.com
- OTHER: Your Own GitLab Instance
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitlab
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitlab-runner
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitaly
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitlab-pages
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitlab-shell
- SOURCE_CODE: https://gitlab.com/gitlab-org/gitlab-vscode-extension
- OTHER: Other non-production infrastructure
- WILDCARD: *.gitlab.net
- WILDCARD: *.gitlab.org
- WILDCARD: *.gitlap.com
- URL: about.gitlab.com
- URL: docs.gitlab.com
- URL: design.gitlab.com
- URL: advisories.gitlab.com
- SOURCE_CODE: https://gitlab.com/gitlab-org/opstrace/opstrace
- OTHER: GitLab for Jira Cloud
Out of Scope Assets:- URL: dashboards.gitlab.com (OOS)
- URL: alerts.gitlab.com (OOS)
- URL: support.gitlab.com (OOS)
- URL: shop.gitlab.com (OOS)
- URL: forum.gitlab.com (OOS)
- URL: status.gitlab.com (OOS)
- URL: partners.gitlab.com (OOS)
- URL: aptly.gitlab.com (OOS)
- URL: translate.gitlab.com (OOS)
- URL: federal-support.gitlab.com (OOS)
- URL: us-federal-gitlab.com (OOS)
- URL: ir.gitlab.com (OOS)
- URL: levelup.gitlab.com (OOS)
- URL: gitlab.biterg.io (OOS)
- SOURCE_CODE: https://gitlab.com/gitlab-org/cli/ (OOS)
- SOURCE_CODE: https://gitlab.com/gitlab-org/opstrace/opstrace-ui (OOS)
- WILDCARD: *.gitlab.cn (OOS)
- URL: gitlabsandbox.net (OOS)
- URL: gitlabdemo.cloud (OOS)
- URL: gitlabtraining.cloud (OOS)
- WILDCARD: *.service-now.com (OOS)
- WILDCARD: *.runway.gitlab.net (OOS)
- URL: packages.gitlab.com (OOS)
- WILDCARD: *.gitlab-private.org (OOS)
|
| + | https://hackerone.com/glassdoor | 11 | 3 | HackerOne |
In Scope Assets:- WILDCARD: https://www.glassdoor.com/*
- IOS: 589698942
- ANDROID: com.glassdoor.app
- WILDCARD: https://api.glassdoor.com/*
- WILDCARD: https://help.glassdoor.com/*
- WILDCARD: https://www.fishbowlapp.com/*
- WILDCARD: https://api.fishbowlapp.com/*
- IOS: 1005070636
- ANDROID: com.fishbowlmedia.fishbowl
- WILDCARD: https://*.glassdoor.com/*
- WILDCARD: https://design.glassdoor.com/*
Out of Scope Assets:- URL: guide.glassdoor.com (OOS)
- OTHER: https://www.glassdoor.com/employers/ec/ (OOS)
- OTHER: glassdoor.com cache (OOS)
|
| + | https://hackerone.com/gocardless_bbp | 14 | 22 | HackerOne |
In Scope Assets:- URL: www.gocardless.com
- URL: manage-sandbox.gocardless.com
- URL: pay-sandbox.gocardless.com
- URL: api-sandbox.gocardless.com
- URL: connect-sandbox.gocardless.com
- WILDCARD: *.gocardless.io,*.gocardless-banking.io
- WILDCARD: *.gocardless-cicd.io
- URL: oauth-sandbox.gocardless.com
- WILDCARD: *.gocardless.com
- URL: ob.gocardless.com
- OTHER: bankaccountdata.gocardless.com
- URL: auth0.gocardless.com
- URL: https://ob-sandbox.gocardless.io
- URL: payer-details-sandbox.gocardless.com
Out of Scope Assets:- URL: xero-staging.gocardless.com (OOS)
- URL: api.gocardless.com (OOS)
- URL: manage.gocardless.com (OOS)
- URL: connect.gocardless.com (OOS)
- URL: pay.gocardless.com (OOS)
- URL: xero.gocardless.com (OOS)
- URL: xero-sandbox.gocardless.com (OOS)
- URL: oauth.gocardless.com (OOS)
- URL: manage.gocardless-staging.io (OOS)
- URL: api-staging.gocardless.com (OOS)
- URL: oauth-staging.gocardless.com (OOS)
- URL: support.gocardless.com (OOS)
- URL: learn.gocardless.com (OOS)
- URL: outgrow.gocardless.com (OOS)
- URL: qbo.gocardless.com (OOS)
- URL: privacy.gocardless.com (OOS)
- URL: brand.gocardless.com (OOS)
- URL: storybook.gocardless.io (OOS)
- OTHER: partnerportal.gocardless.com, gocardless.my.site.com (OOS)
- OTHER: gocardless-status.com, status.gocardless.com (OOS)
- URL: qbo-api.gocardless.com (OOS)
- URL: payer-details.gocardless.com (OOS)
|
| + | https://hackerone.com/goldmansachs | 46 | 19 | HackerOne |
In Scope Assets:- URL: *.goldmansachs.com
- URL: *.gs.com
- URL: *.goldman.com
- URL: *.marcus.com
- URL: *.honestdollar.com
- URL: *.marcus.co.uk
- URL: research.gs.com
- URL: *.gsam.com
- URL: *.gsselect.com
- URL: *.gs-mosaic.qa.gs.com
- URL: *.gs-mosaic.gs.com
- URL: *.qaglobal-liquidity.gs.com
- URL: *.global-liquidity.gs.com
- URL: developer.gs.com
- URL: goldmansachsindices.com
- URL: marquee.gs.com
- URL: *.ayco.com
- URL: *.gspublishing.com
- URL: *.gs.de
- URL: *.goldmanpfm.com
- URL: apigw.foliofn.com
- URL: api.foliofn.com
- OTHER: *.advisorsolutions.gs.com
- OTHER: *.folioclient.com
- OTHER: *.foliodigitalwealth.com
- OTHER: *.foliofirst.com
- OTHER: *.foliofn.com
- OTHER: *.folioidentity.com
- OTHER: *.folioinstitutional.com
- OTHER: *.folioinvesting.com
- OTHER: *.nnip.com
- OTHER: *.vennhypotheken.nl
- IOS: com.marcus.ios-us
- IOS: com.marcus.ios-uk
- ANDROID: com.marcus.android.uk
- ANDROID: com.marcus.android
- ANDROID: com.gs.pwmdigital.external.android
- IOS: com.gs.pwmdigital.external
- ANDROID: com.gs.pfmg.wellness
- ANDROID: com.gs.mobile.trader
- IOS: com.gs.gstrader.external
- ANDROID: com.gs.mobile.gsnow
- IOS: com.gs.gsnow.external
- IOS: GS Select iOS app
- OTHER: *.nextcapital.com
- URL: www.fitvermogen.nl
Out of Scope Assets:- URL: gsg.goldman.com (OOS)
- URL: gspf.goldman.com (OOS)
- URL: gsg-uk.goldman.com (OOS)
- URL: *.rocaton.com,secure.rocaton.com (OOS)
- OTHER: All .cn domains (OOS)
- URL: qa-billpay.goldman.com (OOS)
- URL: billpay.goldman.com (OOS)
- OTHER: *.scripts.vennhypotheken.nl (OOS)
- OTHER: *.overrules.vennhypotheken.nl (OOS)
- OTHER: *.communicatie.vennhypotheken.nl (OOS)
- URL: 18098.nextcapital.com (OOS)
- URL: deb.nextcapital.com (OOS)
- URL: email.nextcapital.com (OOS)
- URL: npm-new.nextcapital.com (OOS)
- URL: npm.nextcapital.com (OOS)
- URL: repo.nextcapital.com (OOS)
- URL: rubygems.nextcapital.com (OOS)
- WILDCARD: *.events.gs.com (OOS)
- OTHER: 3rd party hosted assets (OOS)
|
| + | https://hackerone.com/goodrx | 3 | 7 | HackerOne |
In Scope Assets:- IOS: com.goodrx.iphone
- ANDROID: com.goodrx
- URL: www.goodrx.com
Out of Scope Assets:- URL: support.goodrx.com (OOS)
- IOS: com.goodrx.doctors (OOS)
- ANDROID: com.goodrx.doctors (OOS)
- IOS: com.goodrx.gold (OOS)
- ANDROID: com.goodrx.gold (OOS)
- URL: sso.identity.goodrx.com (OOS)
- URL: investors.goodrx.com (OOS)
|
| + | https://hackerone.com/grab | 33 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.grabtaxi.com
- WILDCARD: *.myteksi.com
- WILDCARD: *.myteksi.net
- WILDCARD: *.grab.co
- WILDCARD: *.grab.com
- URL: p.grabtaxi.com
- URL: gamma.grab.co
- URL: manage.grab.co
- URL: jira.grab.com
- URL: wiki.grab.com
- IOS: 647268330
- IOS: 1257641454
- ANDROID: com.grabtaxi.passenger
- ANDROID: com.grabtaxi.driver2
- URL: grab.careers
- URL: api.grabpay.com
- WILDCARD: *.grabpay.com
- ANDROID: com.grabpay.merchant
- IOS: 1343620481
- URL: xtramile.grabpay.com
- ANDROID: com.grab.merchant
- OTHER: C100447517
- OTHER: C103149579
- URL: kartaview.org
- WILDCARD: *.grab-sure.com
- URL: gifts.grab.com
- WILDCARD: *.ovo.id
- IOS: 1142114207
- ANDROID: ovo.id
- URL: hungrygowhere.com
- IOS: 1481198245
- ANDROID: com.moveit.app.customer
- WILDCARD: *.ovofinansial.com
Out of Scope Assets:- WILDCARD: *.qms.grab.com (OOS)
|
| + | https://hackerone.com/grammarly | 18 | 4 | HackerOne |
In Scope Assets:- WILDCARD: *.grammarly.io
- OTHER: MS Office Add-In
- OTHER: Browser Extensions
- URL: grammarly.ai
- WILDCARD: *.grammarlyaws.com
- IOS: com.grammarly.keyboard
- ANDROID: com.grammarly.android.keyboard
- EXECUTABLE: Grammarly for Microsoft Word
- EXECUTABLE: Grammarly Desktop for Windows
- EXECUTABLE: Grammarly Desktop for macOS
- WILDCARD: *.grammarly.com
- OTHER: Capture the Flag
- OTHER: AppActions
- AI_MODEL: Grammarly AI Assistant
- OTHER: Grammarly Business Features
- URL: capi.grammarly.com
- URL: app.grammarly.com
- OTHER: Grammarly Auth Services
Out of Scope Assets:- EXECUTABLE: Grammarly Editor for MacOS (OOS)
- EXECUTABLE: Grammarly Editor for Windows (OOS)
- OTHER: Third party external services (OOS)
- SOURCE_CODE: Grammarly for Developers Text Editor SDK (OOS)
|
| + | https://hackerone.com/greenhouse | 9 | 3 | HackerOne |
In Scope Assets:- URL: app.greenhouse.io
- URL: www.greenhouse.io
- URL: boards.greenhouse.io
- URL: api.greenhouse.io
- URL: onboarding.greenhouse.io
- URL: support.greenhouse.io
- URL: jss.greenhouse.io
- URL: interseller.io
- URL: app.interseller.io
Out of Scope Assets:- URL: community.greenhouse.io (OOS)
- URL: resources.greenhouse.io (OOS)
- URL: store.greenhouse.io (OOS)
|
| + | https://hackerone.com/grindr | 6 | 15 | HackerOne |
In Scope Assets:- WILDCARD: *.grindr.io
- WILDCARD: *.grindr.com
- WILDCARD: *.grindr.mobi
- IOS: 319881193
- ANDROID: com.grindrapp.android
- URL: web.grindr.com
Out of Scope Assets:- URL: selfservice.grindr.com (OOS)
- WILDCARD: *.intomore.com (OOS)
- WILDCARD: *.grindrads.com (OOS)
- URL: go.grindr.com (OOS)
- SOURCE_CODE: github.com/thesokrin/vfd (OOS)
- URL: grindr.atlassian.net (OOS)
- URL: blog.grindr.com (OOS)
- URL: help.grindr.com (OOS)
- URL: grindrbloop.com (OOS)
- URL: shop.grindrbloop.com (OOS)
- URL: kindr.grindr.com (OOS)
- URL: https://github.com/grindrlabs (OOS)
- URL: shop.grindr.com (OOS)
- URL: investors.grindr.com (OOS)
- URL: grindrtogo.grindr.com (OOS)
|
| + | https://hackerone.com/gsa_bbp | 46 | 11 | HackerOne |
In Scope Assets:- URL: federalist-proxy.app.cloud.gov
- URL: account.fr.cloud.gov
- URL: ci.fr.cloud.gov
- URL: dashboard.fr.cloud.gov
- URL: login.fr.cloud.gov
- URL: logs.fr.cloud.gov
- URL: www.data.gov
- URL: federation.data.gov
- URL: sdg.data.gov
- URL: labs.data.gov
- URL: catalog.data.gov
- URL: inventory.data.gov
- URL: admin-catalog-bsp.data.gov
- URL: idp.fr.cloud.gov
- URL: admin.fr.cloud.gov
- URL: alertmanager.fr.cloud.gov
- URL: diagrams.fr.cloud.gov
- URL: grafana.fr.cloud.gov
- URL: logs-platform.fr.cloud.gov
- URL: nessus.fr.cloud.gov
- URL: opslogin.fr.cloud.gov
- URL: prometheus.fr.cloud.gov
- URL: ssh.fr.cloud.gov
- URL: api.fr.cloud.gov
- URL: api.data.gov
- URL: *.login.gov
- URL: dashboard-beta.fr.cloud.gov
- URL: tock.18f.gov
- URL: *.code.gov
- URL: www.fedramp.gov
- URL: marketplace.fedramp.gov
- URL: *.search.gov
- URL: www.usa.gov
- URL: federalist.18f.gov
- URL: cloud.gov
- URL: federalist-docs.18f.gov
- SOURCE_CODE: https://github.com/18f/federalist-proxy
- SOURCE_CODE: https://github.com/18f/federalist
- SOURCE_CODE: https://github.com/18f/federalist-builder
- SOURCE_CODE: https://github.com/18f/federalist-docker-build
- SOURCE_CODE: https://github.com/18f/identity-idp
- SOURCE_CODE: https://github.com/18f/identity-saml-sinatra
- SOURCE_CODE: https://github.com/18f/identity-saml-rails
- SOURCE_CODE: https://github.com/gsa/datagov-deploy
- SOURCE_CODE: https://github.com/gsa/data.gov
- SOURCE_CODE: https://github.com/18f/docker-ruby-ubuntu
Out of Scope Assets:- URL: manage.data.gov (OOS)
- URL: vote.gov (OOS)
- URL: 18f.gsa.gov (OOS)
- URL: *.app.cloud.gov (OOS)
- URL: *.cloud.gov (OOS)
- URL: *.data.gov (OOS)
- SOURCE_CODE: http://github.com/18f/identity-saml-python (OOS)
- SOURCE_CODE: http://github.com/18f/identity-saml-java (OOS)
- OTHER: data.gov applications (OOS)
- URL: all-sorns.app.cloud.gov (OOS)
- URL: 18f.gov (OOS)
|
| + | https://hackerone.com/hilton | 17 | 7 | HackerOne |
In Scope Assets:- URL: hilton.com
- URL: hilton.io
- CIDR: 167.187.0.0/16
- CIDR: 192.251.123.0/24
- CIDR: 192.251.124.0/24
- CIDR: 192.251.125.0/24
- CIDR: 192.251.126.0/24
- CIDR: 82.196.42.196/28
- CIDR: 203.79.37.2/29
- CIDR: 62.216.152.46/29
- CIDR: 121.200.237.36/29
- URL: hiltonbusinessonline.com
- URL: hiltonlocalbiz.com
- WILDCARD: *.hilton.com
- WILDCARD: *.hilton.io
- WILDCARD: *.hiltonbusinessonline.com
- WILDCARD: *.hiltonlocalbiz.com
Out of Scope Assets:- WILDCARD: *.hiltonhotels.jp (OOS)
- URL: eis.hilton.com (OOS)
- URL: https://jobs.hilton.com (OOS)
- URL: hiltongrandvacations.com (OOS)
- URL: guestfeedback.hilton.com (OOS)
- URL: hiltonnet.hilton.com (OOS)
- URL: onqinsider.hilton.com (OOS)
|
| + | https://hackerone.com/hiro | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/hostinger | 7 | 0 | HackerOne |
In Scope Assets:- URL: www.hostinger.com
- URL: cpanel.hostinger.com
- URL: hpanel.hostinger.com
- URL: payments.hostinger.com
- URL: builder.hostinger.com
- OTHER: H5G
- URL: horizons.hostinger.com
|
| + | https://hackerone.com/hubspot | 15 | 6 | HackerOne |
In Scope Assets:- URL: app.hubspot.com
- URL: api.hubspot.com
- URL: api.hubapi.com
- URL: app-eu1.hubspot.com
- URL: chatspot.ai
- WILDCARD: *.hubspotemail.net
- WILDCARD: *.hs-sites(-eu1)?.com
- WILDCARD: *.hubspotpagebuilder.com
- WILDCARD: *.hubspotpagebuilder.eu
- OTHER: Customer Portal
- OTHER: Customer Connected Domain
- ANDROID: HubSpot Android Mobile App
- IOS: HubSpot iOS Mobile App
- OTHER: HubSpot Sales Office 365 add-in
- OTHER: Other HubSpot-owned (sub)domains not listed as Out of Scope
Out of Scope Assets:- URL: connect.com (OOS)
- URL: shop.hubspot.com (OOS)
- URL: trust.hubspot.com (OOS)
- URL: thespot.hubspot.com (OOS)
- URL: ir.hubspot.com (OOS)
- URL: events.hubspot.com (OOS)
|
| + | https://hackerone.com/hyatt | 73 | 0 | HackerOne |
In Scope Assets:- URL: hyatt.com
- URL: www.hyatt.com
- IOS: 476639005
- ANDROID: com.Hyatt
- URL: world.hyatt.com
- URL: assets.hyatt.com
- CIDR: 140.95.0.0/16
- URL: newsroom.images.hyatt.com
- CIDR: 213.139.133.32/28
- URL: salesportal.hyatt.com
- URL: meetings.hyatt.com
- URL: ebsext.oft.hyatt.com
- URL: mobileapp.hyatt.com
- URL: plannerrequest.hyatt.com
- URL: public.hyatt.com
- URL: roominglist.hyatt.com
- URL: soaext.oft.hyatt.com
- URL: sso.oft.hyatt.com
- URL: upsell.hyatt.com
- URL: www.hyattconnect.com
- URL: jira.hyattdev.com
- URL: confluence.hyattdev.com
- URL: scapegoat.hyatt.com
- URL: book.cheapcaribbean.com
- URL: holidays-au.fijiairways.com
- URL: holidays-fj.fijiairways.com
- URL: holidays-hk.fijiairways.com
- URL: holidays-sg.fijiairways.com
- URL: holidays-us.fijiairways.com
- URL: res.nowresorts.com
- URL: res.treasureisland.globalbookingsolutions.com
- URL: res.vacations.buschgardens.com
- URL: res.vacations.sesameplace.com
- URL: vacations.travelimpressions.com
- URL: www.blueskytours.com
- URL: www.cheapcaribbean.com
- URL: www.triseptsolutions.com
- URL: blueskytours.globalbookingsolutions.com
- URL: booking.cheapcaribbean.com
- URL: booking.beachbound.com
- URL: book.beachbound.com
- URL: holidays-nz.fijiairways.com
- URL: res.funjet.com
- URL: res.secretsresorts.com
- URL: res.skyteam.com
- URL: res.vacations.discoverycove.com
- URL: res.vacations.seaworld.com
- URL: vacations.universalstudioshollywood.com
- URL: vacations.us.palladiumhotelgroup.com
- URL: www.funjet.com
- URL: www.universalorlandovacations.com
- URL: www.wynnvacations.com
- URL: www.beachbound.com
- URL: book.applevacations.com
- URL: book.booktandl.com
- URL: login.www.vaxvacationaccess.com
- URL: new.www.vaxvacationaccess.com
- URL: res.blueskytours.globalbookingsolutions.com
- URL: res.southwestvacations.com
- URL: res.universalorlandovacations.com
- URL: res.vacations.united.com
- URL: res.vacations.universalstudioshollywood.com
- URL: reservations.wynnvacations.com
- URL: rezagent.triseptsolutions.com
- URL: shop.wyndhamvacationownership.trisept.travel
- URL: www.triseptapi.com
- URL: www.triseptdemo.com
- URL: vacations.united.com
- URL: www.applevacations.com
- CIDR: 199.66.248.0/22
- URL: res.hyattinclusivecollection.com
- URL: www.hyattinclusivecollection.com
- URL: booking.applevacations.com
|
| + | https://hackerone.com/hyperledger | 26 | 41 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/hyperledger/fabric
- SOURCE_CODE: https://github.com/hyperledger/fabric-ca
- SOURCE_CODE: https://github.com/hyperledger/fabric-sdk-node
- SOURCE_CODE: https://github.com/hyperledger/fabric-sdk-java
- SOURCE_CODE: https://github.com/hyperledger/fabric-chaincode-java
- SOURCE_CODE: https://github.com/hyperledger/fabric-chaincode-node
- SOURCE_CODE: https://github.com/hyperledger/fabric-samples
- SOURCE_CODE: https://github.com/hyperledger/fabric-sdk-go
- SOURCE_CODE: https://github.com/hyperledger/fabric-sdk-py
- SOURCE_CODE: https://github.com/hyperledger/fabric-amcl
- SOURCE_CODE: https://github.com/hyperledger/fabric-cli
- SOURCE_CODE: https://github.com/hyperledger/fabric-chaincode-go
- SOURCE_CODE: https://github.com/hyperledger/fabric-config
- SOURCE_CODE: https://github.com/hyperledger/fabric-contract-api-go
- SOURCE_CODE: https://github.com/hyperledger/fabric-gateway-java
- SOURCE_CODE: https://github.com/hyperledger/fabric-gateway
- SOURCE_CODE: https://github.com/hyperledger/fabric-lib-go
- SOURCE_CODE: https://github.com/hyperledger/fabric-private-chaincode
- SOURCE_CODE: https://github.com/hyperledger/fabric-protos-go-apiv2
- SOURCE_CODE: https://github.com/hyperledger/fabric-protos-go
- SOURCE_CODE: https://github.com/hyperledger/fabric-protos
- SOURCE_CODE: https://github.com/hyperledger/besu
- SOURCE_CODE: https://github.com/hyperledger/fabric-admin-sdk
- SOURCE_CODE: https://github.com/hyperledger/besu-errorprone-checks
- SOURCE_CODE: https://github.com/hyperledger/besu-native
- SOURCE_CODE: https://github.com/hyperledger/besu-verkle-trie
Out of Scope Assets:- SOURCE_CODE: https://github.com/hyperledger/fabric-docs (OOS)
- SOURCE_CODE: https://github.com/hyperledger/fabric-test (OOS)
- SOURCE_CODE: https://github.com/hyperledger/fabric-test-resources (OOS)
- SOURCE_CODE: https://github.com/hyperledger/blockchain-explorer (OOS)
- SOURCE_CODE: https://github.com/hyperledger/cello (OOS)
- SOURCE_CODE: https://github.com/hyperledger/cello-analytics (OOS)
- SOURCE_CODE: https://github.com/hyperledger/cello-k8s-operator (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer (OOS)
- SOURCE_CODE: https://github.com/hyperledger/indy-plenum (OOS)
- SOURCE_CODE: https://github.com/hyperledger/sawtooth-core (OOS)
- SOURCE_CODE: https://github.com/hyperledger/indy-node (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer-vscode-plugin (OOS)
- SOURCE_CODE: https://github.com/hyperledger/indy-sdk (OOS)
- SOURCE_CODE: https://github.com/hyperledger/hyperledgerwp (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer-sample-networks (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer-tools (OOS)
- SOURCE_CODE: https://github.com/hyperledger/hyperledger.github.io (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-api (OOS)
- SOURCE_CODE: https://github.com/hyperledger/indy-crypto (OOS)
- SOURCE_CODE: https://github.com/hyperledger/education (OOS)
- SOURCE_CODE: https://github.com/hyperledger/indy-anoncreds (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer-sample-applications (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-network-tools (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-android (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-dotnet (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-scala (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-javascript (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-ios (OOS)
- SOURCE_CODE: https://github.com/hyperledger/iroha-python (OOS)
- SOURCE_CODE: https://github.com/hyperledger/hyperledger (OOS)
- SOURCE_CODE: https://github.com/hyperledger/composer-atom-plugin (OOS)
- SOURCE_CODE: https://github.com/hyperledger/slack-archive (OOS)
- URL: www.hyperledger.org (OOS)
- URL: www.linuxfoundation.org (OOS)
- URL: jira.hyperledger.org (OOS)
- URL: chat.hyperledger.org (OOS)
- URL: identity.linuxfoundation.org (OOS)
- URL: lists.hyperledger.org (OOS)
- SOURCE_CODE: https://github.com/hyperledger/fabric-docs-i18n (OOS)
- SOURCE_CODE: https://github.com/hyperledger/fabric-rfcs (OOS)
|
| + | https://hackerone.com/hypr-corp | 6 | 3 | HackerOne |
In Scope Assets:- WILDCARD: *.hypr.com
- IOS: com.hypr.one
- ANDROID: com.hypr.one
- EXECUTABLE: HyprUnlock.exe
- EXECUTABLE: HYPR Workforce Access.app
- WILDCARD: *.gethypr.com
Out of Scope Assets:- URL: support.hypr.com (OOS)
- URL: help.hypr.com (OOS)
- URL: partners.hypr.com (OOS)
|
| + | https://hackerone.com/iandunn-projects | 2 | 1 | HackerOne |
In Scope Assets:- SOURCE_CODE: WordPress.org plugins
- SOURCE_CODE: GitHub repositories
Out of Scope Assets: |
| + | https://hackerone.com/ibb | 21 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/ruby
- SOURCE_CODE: https://github.com/rails
- SOURCE_CODE: https://github.com/rubygems/rubygems
- SOURCE_CODE: https://github.com/curl/curl
- SOURCE_CODE: https://github.com/Electron
- SOURCE_CODE: https://github.com/django
- SOURCE_CODE: https://github.com/Nginx
- SOURCE_CODE: https://github.com/openssl/openssl
- SOURCE_CODE: https://github.com/nodejs/node
- SOURCE_CODE: https://github.com/apache/airflow
- SOURCE_CODE: https://github.com/apache/httpd
- SOURCE_CODE: https://wiki.xenproject.org/wiki/Xen_Project_Repositories
- SOURCE_CODE: https://git.libssh.org/
- SOURCE_CODE: https://github.com/spiffe/spiffe
- SOURCE_CODE: https://github.com/spiffe/spire
- URL: rubygems.org
- SOURCE_CODE: https://github.com/rust-lang/rust
- SOURCE_CODE: https://github.com/argoproj/argoproj
- SOURCE_CODE: https://github.com/rack/rack
- SOURCE_CODE: https://github.com/apache/tomcat
- SOURCE_CODE: https://github.com/libuv/libuv
|
| + | https://hackerone.com/inditex | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/indrive | 34 | 2 | HackerOne |
In Scope Assets:- WILDCARD: terra-*.indriverapp.com
- URL: new-order.eu-east-1.indriverapp.com
- URL: watchdocs.indriverapp.com
- URL: injob.indriver.com
- URL: super-services.indriverapp.com
- WILDCARD: intercity-*.eu-east-1.indriverapp.com
- URL: priority.eu-east-1.indriverapp.com
- URL: profile-api.eu-east-1.indriverapp.com
- URL: messenger.eu-east-1.indriverapp.com
- URL: ab-platform-api.eu-east-1.indriverapp.com
- URL: truck-api.eu-east-1.indriverapp.com
- URL: file-storage-front.eu-east-1.indriverapp.com
- WILDCARD: *.indriverapp.com
- WILDCARD: *.indriver.com
- WILDCARD: *.indrive.com
- URL: cargo.indrive.com
- WILDCARD: https://*.indriver.io
- WILDCARD: https://*.indriverjob.com
- URL: volans.tech
- URL: wga.volans.tech
- URL: argocd.indrive.dev
- URL: ci.indrive.dev
- URL: external.indrive.dev
- URL: auth.indrive.tech
- URL: auth2.indrive.tech
- URL: aws.indrive.tech
- URL: debug.clairvoyance.indrive.tech
- URL: ingest.clairvoyance.indrive.tech
- URL: alternativa.film
- URL: bridekidnapping.alternativa.film
- URL: festival.alternativa.film
- URL: indrive.alternativa.film
- URL: auroratechaward.com
- URL: https://cas-cf.euce1.indriverapp.com/api/passkey
Out of Scope Assets:- ANDROID: sinet.startup.inDriver (OOS)
- URL: servicos.indrive.com (OOS)
|
| + | https://hackerone.com/inspectorio | 9 | 0 | HackerOne |
In Scope Assets:- URL: app.stg.inspectorio.com
- URL: rise.stg.inspectorio.com
- URL: report-html-sight.stg.inspectorio.com
- URL: api.stg.inspectorio.com
- URL: rise-api.stg.inspectorio.com
- URL: docuflow.stg.inspectorio.com
- URL: id.stg.inspectorio.com
- TESTFLIGHT: https://testflight.apple.com/join/vwFxXX7t
- ANDROID: https://app.bitrise.io/app/51a95edaab331ec5/installable-artifacts/e5213e1a814bf0ba/public-install-page/bed0d33f048271d6828c5a4a979ecc96
|
| + | https://hackerone.com/instacart | 9 | 12 | HackerOne |
In Scope Assets:- URL: api.instacart.com
- URL: www.instacart.com
- ANDROID: com.instacart.client
- IOS: 545599256
- URL: admin.instacart.com
- URL: shoppers.instacart.com
- OTHER: Android & iOS App for Instacart Shoppers
- WILDCARD: *.instacart.com
- WILDCARD: *.instacart.tools
Out of Scope Assets:- URL: brand.instacart.com (OOS)
- URL: careers.instacart.com (OOS)
- URL: carrotstore.instacart.com (OOS)
- URL: corporate.instacart.com (OOS)
- URL: covidresponse.instacart.com (OOS)
- URL: design.instacart.com (OOS)
- WILDCARD: *.email.instacart.com (OOS)
- URL: life.instacart.com (OOS)
- URL: news.instacart.com (OOS)
- URL: tech.instacart.com (OOS)
- URL: enterprise-status.instacart.com (OOS)
- URL: instacart.careers (OOS)
|
| + | https://hackerone.com/irccloud | 12 | 0 | HackerOne |
In Scope Assets:- URL: www.irccloud.com
- URL: api.irccloud.com
- IOS: com.irccloud.IRCCloud
- ANDROID: com.irccloud.android
- WILDCARD: *.irccloud-cdn.com
- URL: blog.irccloud.com
- SOURCE_CODE: https://github.com/irccloud/ios
- SOURCE_CODE: https://github.com/irccloud/android
- WILDCARD: *.irccloud.com
- URL: irccloud.com
- URL: irc.irccloud.com
- URL: team-irc.irccloud.com
|
| + | https://hackerone.com/judgeme | 6 | 0 | HackerOne |
In Scope Assets:- URL: judge.me
- URL: https://judge.me/reviews
- URL: shop.judge.me
- URL: woocommerce-adapter.judge.me
- URL: bigcommerce-adapter.judge.me
- URL: cache.judge.me
|
| + | https://hackerone.com/kayak | 12 | 6 | HackerOne |
In Scope Assets:- URL: www.kayak.com
- IOS: com.kayak.travel
- ANDROID: com.kayak.android
- URL: www.swoodoo.com
- URL: www.checkfelix.com
- URL: www.momondo.com
- URL: www.cheapflights.com
- URL: www.hotelscombined.com
- URL: www.mundi.com.br
- URL: business.kayak.com
- WILDCARD: *.kayak.com
- URL: kayak.ai
Out of Scope Assets:- URL: klassereise.checkfelix.com (OOS)
- URL: kayak.com/hotelowner/* (OOS)
- URL: kayak.com/moira/ehoe/* (OOS)
- URL: kayak.com/guides/* (OOS)
- URL: affiliates.kayak.com (OOS)
- WILDCARD: https://*.kayakairplanemode.com (OOS)
|
| + | https://hackerone.com/khealth | 23 | 5 | HackerOne |
In Scope Assets:- IOS: 1180400838
- ANDROID: ai.kanghealth
- URL: api.khealth.io
- URL: accounts.khealth.com
- URL: eligibility.khealth.com
- URL: treatments.khealth.com
- WILDCARD: https://*.khealth.com
- WILDCARD: https://*.khealth.io/
- WILDCARD: https://*.khealth.us/
- URL: www.kpharmacyllc.com
- URL: start.khealth.com
- URL: app.khealth.com
- URL: kaccount.khealth.com
- URL: ask.khealth.com
- URL: http://auth.khealth.com/khealth/sign-up
- URL: http://auth.khealth.com/cedars/sign-up
- URL: http://auth.khealth.com/mayo-la-crosse/sign-up
- URL: salesforce.khealth.com
- URL: http://clinical-quality.khealth.com/api/v1
- URL: middle-force.khealth.io
- URL: api.khealth.com
- OTHER: Tier 1
- OTHER: Tier 2
Out of Scope Assets:- WILDCARD: http://*.hydrogenhealth.com (OOS)
- URL: careers.khealth.com (OOS)
- URL: api-2.khealth.io (OOS)
- URL: khealth-test.com (OOS)
- URL: https://khealth.com/careers (OOS)
|
| + | https://hackerone.com/kiwicom | 10 | 24 | HackerOne |
In Scope Assets:- URL: www.kiwi.com
- WILDCARD: *.kiwi.com
- WILDCARD: *.skypicker.com
- ANDROID: com.skypicker.main
- IOS: com.skypicker.Skypicker
- URL: auth.skypicker.com
- URL: tequila.kiwi.com
- SOURCE_CODE: https://github.com/kiwicom/*
- URL: http://www.kiwi.com/stories
- URL: jobs.kiwi.com
Out of Scope Assets:- WILDCARD: *cars.kiwi.com (OOS)
- URL: status.kiwi.com (OOS)
- WILDCARD: *code.kiwi.com (OOS)
- WILDCARD: *parking.kiwi.com (OOS)
- URL: rooms.kiwi.com (OOS)
- URL: retool.skypicker.com (OOS)
- WILDCARD: *learn.kiwi.com (OOS)
- URL: vacation.kiwi.com (OOS)
- WILDCARD: *ov.kiwi.com (OOS)
- WILDCARD: *sg.kiwi.com (OOS)
- WILDCARD: *._domainkey.kiwi.com (OOS)
- URL: outbound.intercom.kiwi.com (OOS)
- WILDCARD: email*skypicker.com (OOS)
- WILDCARD: email*kiwi.com (OOS)
- WILDCARD: *_domainkey.skypicker.com (OOS)
- URL: mail.skypicker.com (OOS)
- URL: packages.kiwi.com (OOS)
- URL: nyrujhhu3yuk.nest.skypicker.com (OOS)
- WILDCARD: *citi-sign.kiwi.com (OOS)
- WILDCARD: *.coupons.kiwi.com (OOS)
- WILDCARD: *experiences.kiwi.com (OOS)
- URL: kiwistore.kiwi.com (OOS)
- URL: link.kiwi.com (OOS)
- SOURCE_CODE: https://github.com/kiwicom/pytest-recording (OOS)
|
| + | https://hackerone.com/klarna | 4 | 0 | HackerOne |
In Scope Assets:- OTHER: Merchant Portal
- IOS: Klarna iOS App (com.klarna.app)
- ANDROID: Klarna Android App (com.myklarnamobile)
- URL: app.klarna.com
|
| + | https://hackerone.com/koho | 9 | 1 | HackerOne |
In Scope Assets:- URL: web.koho.ca
- URL: www.koho.ca
- URL: http://api.koho.ca/1.0
- URL: http://api.koho.ca/partner
- URL: usercontent.koho.ca
- URL: app.koho.ca
- URL: webgateway.koho.ca
- IOS: 1091010942
- ANDROID: ca.koho
Out of Scope Assets:- WILDCARD: *.koho.ca/cdn-cgi (OOS)
|
| + | https://hackerone.com/kolesagroup | 20 | 4 | HackerOne |
In Scope Assets:- URL: kolesa.kz
- IOS: 563291345
- ANDROID: kz.kolesa
- URL: m.kolesa.kz
- URL: krisha.kz
- URL: m.krisha.kz
- IOS: 965180355
- ANDROID: kz.krisha
- URL: avtoelon.uz
- ANDROID: uz.avtoelon
- IOS: 1431768824
- URL: m.avtoelon.uz
- URL: api.kolesa.kz
- URL: app.kolesa.kz
- URL: id.kolesa.kz
- URL: api.krisha.kz
- URL: app.krisha.kz
- URL: api.avtoelon.uz
- URL: app.avtoelon.uz
- URL: id.avtoelon.uz
Out of Scope Assets:- OTHER: Kolesa website (OOS)
- OTHER: Krisha website (OOS)
- OTHER: Avtoelon website (OOS)
- OTHER: Mobile Apps (OOS)
|
| + | https://hackerone.com/krisp | 12 | 6 | HackerOne |
In Scope Assets:- EXECUTABLE: https://download.krisp.ai/win
- EXECUTABLE: https://download.krisp.ai/mac
- URL: krisp.ai
- URL: account.krisp.ai
- URL: api.krisp.ai
- URL: teams.krisp.ai
- URL: download.krisp.ai
- URL: analytics.krisp.ai
- URL: upld.krisp.ai
- WILDCARD: *.krisp.ai
- OTHER: Other
- URL: app.krisp.ai
Out of Scope Assets:- URL: whatsnew.krisp.ai (OOS)
- WILDCARD: *dev*.krisp.ai (OOS)
- URL: url5145.krisp.ai (OOS)
- URL: voice-ai-newsletter.krisp.ai (OOS)
- URL: sdk-docs.krisp.ai (OOS)
- URL: metabase.krisp.ai (OOS)
|
| + | https://hackerone.com/kubernetes | 58 | 2 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/kubernetes/csi-api
- SOURCE_CODE: https://github.com/kubernetes/kubernetes
- SOURCE_CODE: https://github.com/kubernetes/dns
- SOURCE_CODE: https://github.com/kubernetes/kube-openapi
- SOURCE_CODE: https://github.com/kubernetes/git-sync
- SOURCE_CODE: https://github.com/kubernetes/gengo
- SOURCE_CODE: https://github.com/kubernetes/cluster-bootstrap
- SOURCE_CODE: https://github.com/kubernetes/kube-controller-manager
- SOURCE_CODE: https://github.com/kubernetes/kube-scheduler
- SOURCE_CODE: https://github.com/kubernetes/kubelet
- SOURCE_CODE: https://github.com/kubernetes/kube-proxy
- SOURCE_CODE: https://github.com/kubernetes/cli-runtime
- SOURCE_CODE: https://github.com/kubernetes/metrics
- SOURCE_CODE: https://github.com/kubernetes/apiextensions-apiserver
- SOURCE_CODE: https://github.com/kubernetes/kube-aggregator
- SOURCE_CODE: https://github.com/kubernetes/apiserver
- SOURCE_CODE: https://github.com/kubernetes/component-base
- SOURCE_CODE: https://github.com/kubernetes/client-go
- SOURCE_CODE: https://github.com/kubernetes/api
- SOURCE_CODE: https://github.com/kubernetes/apimachinery
- SOURCE_CODE: https://github.com/kubernetes/code-generator
- SOURCE_CODE: https://github.com/kubernetes/publishing-bot
- SOURCE_CODE: https://github.com/kubernetes/cluster-registry
- SOURCE_CODE: https://github.com/kubernetes/k8s.io
- SOURCE_CODE: https://github.com/kubernetes/klog
- SOURCE_CODE: https://github.com/kubernetes/utils
- SOURCE_CODE: https://github.com/kubernetes/website
- SOURCE_CODE: https://github.com/kubernetes/test-infra
- SOURCE_CODE: https://github.com/kubernetes/kops
- SOURCE_CODE: https://github.com/kubernetes/minikube
- SOURCE_CODE: https://github.com/kubernetes/kompose
- SOURCE_CODE: https://github.com/kubernetes/kube-state-metrics
- SOURCE_CODE: https://github.com/kubernetes/autoscaler
- SOURCE_CODE: https://github.com/kubernetes/kube-deploy
- SOURCE_CODE: https://github.com/kubernetes/release
- SOURCE_CODE: https://github.com/kubernetes/dashboard
- SOURCE_CODE: https://github.com/kubernetes/node-problem-detector
- SOURCE_CODE: https://github.com/kubernetes/repo-infra
- SOURCE_CODE: https://github.com/kubernetes/kubectl
- SOURCE_CODE: https://github.com/kubernetes/org
- SOURCE_CODE: https://github.com/kubernetes/sig-release
- SOURCE_CODE: https://github.com/kubernetes/kubeadm
- SOURCE_CODE: https://github.com/kubernetes/cri-api
- SOURCE_CODE: https://github.com/kubernetes/node-api
- SOURCE_CODE: https://github.com/kubernetes/csi-translation-lib
- SOURCE_CODE: https://github.com/kubernetes/cloud-provider
- SOURCE_CODE: https://github.com/kubernetes-security
- SOURCE_CODE: https://github.com/kubernetes-client
- OTHER: k8s.gcr.io
- OTHER: https://storage.googleapis.com/kubernetes-release/
- URL: prow.k8s.io
- URL: kubernetes.io
- URL: k8s.io
- SOURCE_CODE: github.com/kubernetes-csi
- URL: kubernetes-csi.github.io
- OTHER: Tier 1
- OTHER: Tier 2
- OTHER: Tier 3
Out of Scope Assets:- SOURCE_CODE: https://github.com/kubernetes/ingress-gce (OOS)
- SOURCE_CODE: https://github.com/kubernetes/ingress-nginx (OOS)
|
| + | https://hackerone.com/lark_technologies | 17 | 0 | HackerOne |
In Scope Assets:- URL: larksuite.com
- URL: lark-frontier.byteoversea.com
- URL: file.larksuite.com
- URL: open.larksuite.com
- URL: api.larksuite.com
- URL: app.larksuite.com
- URL: caldav.larksuite.com
- URL: status.larksuite.com
- URL: passport.larksuite.com
- URL: internal-api.larksuite.com
- URL: internal-api-lark-api.larksuite.com
- URL: internal-api-drive-stream.larksuite.com
- EXECUTABLE: Windows OS Executable: Download here https://www.larksuite.com/download
- EXECUTABLE: Mac OS Executable: Download here https://www.larksuite.com/download
- IOS: 1452166623
- ANDROID: com.larksuite.suite
- URL: hackers_chosendomain.larksuite.com
|
| + | https://hackerone.com/launchdarkly | 6 | 5 | HackerOne |
In Scope Assets:- URL: app.launchdarkly.com
- URL: events.launchdarkly.com
- URL: stream.launchdarkly.com
- SOURCE_CODE: LaunchDarkly Open Source SDKs
- URL: docs.launchdarkly.com
- URL: https://launchdarkly.com/docs
Out of Scope Assets:- URL: blog.launchdarkly.com (OOS)
- URL: launchdarkly.com (OOS)
- URL: sandbox.launchdarkly.com (OOS)
- URL: slack.launchdarkly.com (OOS)
- URL: status.launchdarkly.com (OOS)
|