Scope Data

In Scope Assets:

• URL: www.leather.io
• SOURCE_CODE: https://github.com/leather-wallet/extension

In Scope Assets:

• URL: http://api.lightspark.com
• URL: http://app.lightspark.com
• SOURCE_CODE: lightsparkdev/lightspark-crypto-uniffi
• SOURCE_CODE: lightsparkdev/kotlin-sdk
• SOURCE_CODE: lightsparkdev/js-sdk
• SOURCE_CODE: lightsparkdev/flutter-sdk
• SOURCE_CODE: https://github.com/lightsparkdev/go-sdk
• SOURCE_CODE: https://github.com/lightsparkdev/lightspark-rs
• SOURCE_CODE: https://github.com/lightsparkdev/python-sdk
• URL: https://link.uma.me
• URL: lrc20.lightspark.com
• URL: app.uma.money
• SOURCE_CODE: https://github.com/buildonspark/spark
• SOURCE_CODE: https://github.com/buildonspark/lrc20

Out of Scope Assets:

• URL: support.lighstpark.com (OOS)

In Scope Assets:

• WILDCARD: *.line.me
• WILDCARD: *.line-apps.com
• WILDCARD: *.line.naver.jp
• ANDROID: jp.naver.line.android
• IOS: 443904275
• WINDOWS APP: 9wzdncrfj2g6
• OTHER: Chrome Extension
• EXECUTABLE: Windows Executable
• IOS: 539883307
• ANDROID: com.linecorp.linelite
• OTHER: LINE Messenger - VOOM
• OTHER: LINE Messenger - Keep
• OTHER: LINE Messenger - VoIP
• OTHER: LINE Messenger - Chat
• OTHER: LINE Messenger - OpenChat
• OTHER: LINE Messenger - News
• WILDCARD: *.line.biz
• WILDCARD: *.linecorp.com
• URL: http://recruit.linepluscorp.com

Out of Scope Assets:

• OTHER: LINE Pay (OOS)
• URL: prod-fido-fido2-server.line-apps.com (OOS)
• OTHER: *nvapis.line.me (OOS)
• OTHER: LINEMAN (OOS)
• OTHER: DEMAE-CAN (OOS)
• OTHER: Yahoo Japan (OOS)
• URL: https://entry.line.me/ (OOS)
• OTHER: livedoor (OOS)
• OTHER: LINE TAXI (OOS)
• OTHER: LINE BANK (OOS)
• OTHER: LINE FINANCIAL (OOS)

In Scope Assets:

• URL: www.linkedin.com
• URL: api.linkedin.com
• IOS: 288429040
• ANDROID: com.linkedin.android
• URL: business.linkedin.com

In Scope Assets:

• URL: localizestaging.com
• URL: api.localizestaging.com
• URL: cdn.localizestaging.com
• URL: app.localizestaging.com

In Scope Assets:

• URL: circle.logi.com
• URL: id.logi.com
• URL: accounts.logi.com
• HARDWARE: Circle Cameras
• HARDWARE: Ultimate Ears Speakers
• HARDWARE: Presentation Remotes
• ANDROID: com.logitech.ueboom
• ANDROID: com.logitech.circle
• IOS: 632344648
• IOS: 1018340690
• URL: www.logitech.com
• URL: www.logitechg.com
• URL: www.ultimateears.com
• URL: www.astrogaming.com
• WILDCARD: *vc.logitech.com
• URL: www.logitech.com.cn
• WILDCARD: *.streamlabs.com
• EXECUTABLE: Streamlabs Desktop Application PC/MAC
• IOS: 1294578643
• IOS: 1476615877
• ANDROID: com.streamlabs.slobsrc
• ANDROID: com.streamlabs
• IOS: 1456293789
• ANDROID: com.logitech.logue
• EXECUTABLE: Logi Tune PC/MAC
• HARDWARE: Video Conferencing Products
• EXECUTABLE: Logitech Sync
• HARDWARE: USB Unifying and LightSpeed Receivers
• EXECUTABLE: G Hub
• URL: sync.logitech.com
• HARDWARE: Logitech Mice & Keyboards
• EXECUTABLE: Logi Options+ PC/MAC
• WILDCARD: *.getmeetio.com
• URL: meetiobook.com
• ANDROID: com.getmeetio.*
• IOS: com.getmeetio.Meetio-Enterprise
• URL: www.logicool.co.jp
• URL: logitechg.com.cn
• URL: gaming.logicool.co.jp
• EXECUTABLE: Logitech MIXLINE

Out of Scope Assets:

• WILDCARD: *.saitekforum.com (OOS)
• WILDCARD: *.saitek-fr.com (OOS)
• WILDCARD: *.saitek.com (OOS)
• HARDWARE: Squeezebox Products (OOS)
• HARDWARE: Logitech Alert Cameras (OOS)
• WILDCARD: *.wilife.com (OOS)

In Scope Assets:

• WILDCARD: *.lyst.com
• IOS: 597940518
• URL: cdna.lystit.com
• URL: mobileapi.lystit.com
• WILDCARD: *.lystit.com
• WILDCARD: *.lyst.co
• ANDROID: com.lyst.lystapp

Out of Scope Assets:

• URL: help.lyst.com (OOS)

In Scope Assets:

• URL: api.fortmatic.com
• URL: auth.magic.link
• URL: dashboard.magic.link
• URL: api.magic.link

In Scope Assets:

• URL: magiceden.io
• OTHER: *.magiceden.io
• OTHER: *.magiceden.dev
• OTHER: *.magiceden.workers.dev
• OTHER: Magic Eden Wallet (Chrome Extension)
• IOS: com.magiceden.wallet
• ANDROID: com.magiceden.wallet
• URL: slingshot.finance
• URL: slingshot.app

Out of Scope Assets:

• URL: blog.magiceden.io (OOS)
• URL: eng.magiceden.io (OOS)
• URL: eng.magiceden.dev (OOS)
• URL: http://ord-mirror.magiceden.dev (OOS)
• URL: mainframe.magiceden.io (OOS)
• URL: img-cdn.magiceden.dev (OOS)
• URL: cdn.magiceden.dev (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/mainwp/mainwp
• SOURCE_CODE: https://github.com/mainwp/mainwp-child

In Scope Assets:

• EXECUTABLE: Malwarebytes for Windows
• EXECUTABLE: Malwarebytes for Mac
• ANDROID: org.malwarebytes.antimalware
• URL: www.malwarebytes.com
• URL: my.malwarebytes.com
• URL: cloud.malwarebytes.com
• OTHER: Malwarebytes Privacy (VPN)
• IOS: com.malwarebytes.Malwarebytes
• OTHER: BrowserGuard (Firefox/Chrome/Safari browser extension)
• EXECUTABLE: Malwarebytes for Teams
• OTHER: Vulnerability & Patch Management
• EXECUTABLE: Malwarebytes Remediation for CrowdStrike
• EXECUTABLE: Malwarebytes Incident Response
• OTHER: Malwarebytes Endpoint Detection and Response (EDR)
• OTHER: Malwarebytes Endpoint Protection
• EXECUTABLE: Malwarebytes ToolSet (MBTS)
• EXECUTABLE: Malwarebytes Windows Firewall Control
• URL: oneview.malwarebytes.com
• WILDCARD: *.mwbsys.com
• WILDCARD: *.mb-cosmos.com
• WILDCARD: *.mbamupdates.com
• WILDCARD: *.cloud.malwarebytes.com
• WILDCARD: *.malwarebytes.com
• WILDCARD: *.mwb-threatintel.com
• OTHER: Malwarebytes Device Control
• OTHER: Any other Malwarebytes asset
• WILDCARD: *.threatdown.com
• WILDCARD: *.cyrus-security.com
• EXECUTABLE: Malwarebytes Support Tool (MBST)

Out of Scope Assets:

• URL: estore.malwarebytes.com (OOS)
• URL: store.malwarebytes.com (OOS)
• URL: pages.malwarebytes.com (OOS)
• URL: view.malwarebytes.com (OOS)
• EXECUTABLE: Malwarebytes Anti-Ransomware (OOS)

In Scope Assets:

• URL: www.mapbox.com
• SOURCE_CODE: https://www.mapbox.com/mapbox-gl-js/
• SOURCE_CODE: https://docs.mapbox.com/ios/maps/overview/
• SOURCE_CODE: https://docs.mapbox.com/android/
• SOURCE_CODE: https://github.com/mapbox
• URL: api.mapbox.com
• URL: https://docs.mapbox.com/

Out of Scope Assets:

• OTHER: Submissions on out-of-scope assets listed below will be closed as N/A (OOS)
• URL: geojson.io (OOS)

In Scope Assets:

• IOS: 455004730
• URL: homes-and-villas.marriott.com
• URL: activities.marriott.com
• URL: careers.marriott.com
• URL: sso.marriott.com
• URL: mgs.marriott.com
• URL: jobs.marriott.com
• URL: passwordchallenge.marriott.com
• URL: gateway*.marriott.com
• URL: dcfgateway*.marriott.com
• URL: marriottfranchisetransactions.marriott.com
• URL: lawmanager.marriott.com
• URL: hotel-deals.marriott.com
• URL: all-inclusive.marriott.com
• URL: reservations.all-inclusive.marriott.com
• URL: marrtool.com
• URL: cpp.marriott.com
• URL: gatewaydsapdev2.marriott.com
• URL: dcfgatewaytst1.marriott.com
• URL: gatewaydsaptst1.marriott.com
• URL: gatewaydsaptst2.marriott.com
• URL: www.ritzcarlton.com
• URL: www.marriott.com
• URL: *uat.marriott.com
• URL: http://www.shopmarriott.com
• URL: moments.marriottbonvoy.com
• URL: help.marriott.com
• URL: traveler.marriott.com
• URL: travelagents.marriott.com/
• URL: mipartnerprivileges.marriott.com

Out of Scope Assets:

• URL: apps.ritzcarlton.com (OOS)
• URL: vacations.marriott.com (OOS)
• URL: towneplacesuites.marriott.com (OOS)
• URL: springhillsuites.marriott.com (OOS)
• URL: www.travelagents.marriott.com (OOS)
• OTHER: Not-Listed Assets (OOS)
• URL: *moxymix*.marriott.com (OOS)
• URL: milux.marriott.com (OOS)
• URL: luxurybrands.marriott.com (OOS)
• URL: element-hotels.marriott.com (OOS)
• URL: mi.bookmarriott.com (OOS)
• URL: *.ritzcarltonyachtcollection.com (OOS)
• URL: *.phunware.com (OOS)
• URL: www.github.com (OOS)
• URL: marriottlearnourbrands.com (OOS)
• URL: hotelexcellence.marriott.com (OOS)
• URL: meetings-excellence.marriott.com (OOS)
• URL: marriott.tech (OOS)
• OTHER: Phoenix Platform (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/matomo-org/matomo
• SOURCE_CODE: https://plugins.matomo.org/developer/matomo-org
• SOURCE_CODE: https://plugins.matomo.org/developer/innocraft
• SOURCE_CODE: https://github.com/matomo-org
• SOURCE_CODE: https://github.com/innocraft/
• URL: matomo.cloud
• URL: https://github.com/matomo-org/docker

Out of Scope Assets:

• URL: plugins.matomo.org (OOS)
• URL: api.matomo.org (OOS)
• URL: matomo.org (OOS)
• URL: forum.matomo.org (OOS)
• URL: shop.matomo.org (OOS)

In Scope Assets:

• ANDROID: com.mercadopago.wallet
• IOS: com.mercadopago.MercadoPago
• URL: api.mercadopago.com
• ANDROID: com.mercadolibre
• IOS: com.3mosquitos.MercadoLibre
• URL: api.mercadolibre.com
• HARDWARE: Point Smart
• ANDROID: com.mercadoenvios.driver
• ANDROID: com.mercadoenvios.crowdsourcing
• OTHER: Crypto
• WILDCARD: *.adminml.com
• WILDCARD: *.mercadolibre.cl
• WILDCARD: *.mercadolibre.com
• WILDCARD: *.mercadolibre.com.ar
• WILDCARD: *.mercadolibre.com.co
• WILDCARD: *.mercadolibre.com.mx
• WILDCARD: *.mercadolibre.com.pe
• WILDCARD: *.mercadolibre.com.uy
• WILDCARD: *.mercadolivre.com.br
• WILDCARD: *.mercadopago.cl
• WILDCARD: *.mercadopago.com
• WILDCARD: *.mercadopago.com.ar
• WILDCARD: *.mercadopago.com.br
• WILDCARD: *.mercadopago.com.co
• WILDCARD: *.mercadopago.com.mx
• WILDCARD: *.mercadopago.com.pe
• WILDCARD: *.mercadopago.com.uy
• WILDCARD: *.mercadoshops.cl
• WILDCARD: *.mercadoshops.co.cr
• WILDCARD: *.mercadoshops.com
• WILDCARD: *.mercadoshops.com.ar
• WILDCARD: *.mercadoshops.com.br
• WILDCARD: *.mercadoshops.com.co
• WILDCARD: *.mercadoshops.com.do
• WILDCARD: *.mercadoshops.com.ec
• WILDCARD: *.mercadoshops.com.mx
• WILDCARD: *.mercadoshops.com.pa
• WILDCARD: *.mercadoshops.com.pe
• WILDCARD: *.mercadoshops.com.py
• WILDCARD: *.mercadoshops.com.uy
• WILDCARD: *.mlstatic.com
• URL: logistica.redelcom.cl
• URL: www.mercadolibre.co.cr
• URL: www.mercadolibre.com.bo
• URL: www.mercadolibre.com.do
• URL: www.mercadolibre.com.ec
• URL: www.mercadolibre.com.gt
• URL: www.mercadolibre.com.hn
• URL: www.mercadolibre.com.ni
• URL: www.mercadolibre.com.pa
• URL: www.mercadolibre.com.py
• URL: www.mercadolibre.com.sv
• URL: www.mercadolivre.com
• URL: www.mercadopago.com.ec
• ANDROID: com.mercadoenvios.logistics
• OTHER: Leaked Credentials
• URL: biolibre.ar
• URL: biolibre.cl
• URL: biolibre.co
• URL: biolibre.mx
• URL: biolivre.com.br
• URL: meliplay.com.ar
• URL: meliplay.com.pe
• URL: meliplay.com.uy
• URL: mercadoplay.co
• URL: mercadoplay.com.pe
• URL: mercadoplay.com.uy
• URL: mercadoplay.pe
• URL: mercadoplay.uy
• URL: portalinmobiliario.cl
• URL: portalinmobiliario.com
• URL: tucarro.com
• URL: tucarro.com.co
• URL: tumoto.com
• ANDROID: com.mercadolibre.android.mplay_tv

Out of Scope Assets:

• WILDCARD: *.kangu.com.br (OOS)
• OTHER: developersforum (OOS)
• OTHER: Redelcom (OOS)
• WILDCARD: *.gokangu.cl (OOS)
• WILDCARD: *.gokangu.co (OOS)
• WILDCARD: *.gokangu.mx (OOS)
• WILDCARD: *.gokangu.uy (OOS)
• WILDCARD: *.kangu.tech (OOS)
• URL: wow-int.mercadolibre.com (OOS)

In Scope Assets:

• URL: api.mergify.com
• URL: dashboard.mergify.com

Out of Scope Assets:

• URL: mergify.com (OOS)
• URL: blog.mergify.com (OOS)

In Scope Assets:

• URL: metamask.io
• ANDROID: io.metamask
• IOS: io.metamask.Metamask
• OTHER: MetaMask Browser Extension
• OTHER: MetaMask SDK
• URL: portfolio.metamask.io
• OTHER: https://metamask.github.io/phishing-warning/<vX.Y.Z>
• OTHER: Snaps
• URL: snaps.metamask.io
• SOURCE_CODE: Snaps Development Packages
• WILDCARD: https://*.metamask.io
• OTHER: Authentication component
• URL: https://user-storage.api.cx.metamask.io
• OTHER: Message signing snap
• URL: signature-insights.api.cx.metamask.io

Out of Scope Assets:

• OTHER: https://www.npmjs.com/search?q=%40metamask (OOS)
• OTHER: Metamask Flask Extension (OOS)
• URL: community.metamask.io (OOS)
• OTHER: https://metamask.github.io/ (OOS)
• OTHER: Core Tier Assets (OOS)
• OTHER: Non-Core Tier Assets (OOS)
• WILDCARD: *.api.cx.metamask.io (OOS)
• URL: https://mmi-support.metamask.io/ (OOS)
• URL: https://support.metamask.io/ (OOS)
• URL: permissionless.snaps.metamask.io (OOS)
• OTHER: Wallet Tier Assets (OOS)
• URL: developer.metamask.io (OOS)
• URL: card.metamask.io (OOS)

In Scope Assets:

• URL: app.moderntreasury.com
• URL: cdn.moderntreasury.com

Out of Scope Assets:

• URL: www.moderntreasury.com (OOS)
• URL: docs.moderntreasury.com (OOS)
• URL: trust.moderntreasury.com (OOS)
• URL: help.moderntreasury.com (OOS)

In Scope Assets:

• URL: moneybird.com
• URL: moneybirdstorage.com
• IOS: com.moneybird.Moneybird
• ANDROID: com.moneybird.android

In Scope Assets:

• URL: https://www.*mongodb.com/*
• URL: mongodb.live/*
• OTHER: Node.js Driver
• OTHER: Java Driver
• OTHER: Python Driver
• OTHER: .NET Driver
• OTHER: MongoDB Owned GitHub Repositories
• OTHER: *.cloud.mongodb.com/*
• OTHER: Ruby Driver
• OTHER: Rust Driver
• OTHER: MongoDB Server Local Instance
• OTHER: MongoDB BI Connector
• OTHER: Cluster-To-Cluster sync
• OTHER: Compass
• OTHER: C Driver
• OTHER: C# Driver
• OTHER: C++ Driver
• OTHER: GO Driver
• OTHER: PHP Driver
• OTHER: Kafka Connector
• OTHER: MongoDB Realm SDKs
• OTHER: Relational Migrator
• OTHER: MongoDB Shell
• OTHER: Spark Connector
• OTHER: VS Code Plugin
• WILDCARD: https://*.corp.mongodb.com*
• URL: artifactory.corp.mongodb.com/

Out of Scope Assets:

• OTHER: MonogoDB Community Server (OOS)
• OTHER: MongoDB Community Edition Cloud Manager (OOS)
• OTHER: Enterprise Edition Products and Tools (OOS)
• URL: *.account.mongodb.com/* (OOS)
• URL: *.atlas.mongodb.com/* (OOS)
• OTHER: All Evergreen Assets (including staging) (OOS)
• URL: https://www.mongodb.com/community/forums/* (OOS)
• URL: auth.mongodb.com/ (OOS)
• WILDCARD: http://*.auth.mongodb.com/* (OOS)
• OTHER: MongoDB Driver: Swift (OOS)

In Scope Assets:

• URL: moonpay.com
• WILDCARD: *.moonpaycloud.com
• URL: hypermint.com
• WILDCARD: *.hypermint.com
• WILDCARD: *.moonpay.com
• SOURCE_CODE: https://github.com/moonpay
• ANDROID: https://play.google.com/store/apps/details?id=com.moonpay
• IOS: https://apps.apple.com/app/id1635031432
• URL: web3.moonpay.com
• URL: sell.moonpay.com
• URL: buy.moonpay.com
• URL: auth.moonpay.com
• URL: app.moonpay.com
• URL: api.moonpay.com

Out of Scope Assets:

• URL: clicks.moonpay.com (OOS)
• URL: qr.moonpay.com (OOS)
• URL: page.moonpay.com (OOS)
• URL: support.moonpay.com (OOS)
• URL: docs.moonpay.com (OOS)
• WILDCARD: *.plexlabs.io (OOS)
• URL: plexlabs.io (OOS)
• URL: request-headers-no-proxy.moonpay.com (OOS)
• URL: request-headers.moonpay.com (OOS)
• URL: docs.hypermint.com (OOS)
• URL: help.moonpay.com (OOS)
• URL: storefront.hypermint.com (OOS)
• URL: ethpass.xyz (OOS)
• URL: dev.moonpay.com (OOS)

In Scope Assets:

• URL: addons.allizom.org
• URL: developer.mozilla.org
• URL: accounts.firefox.com
• URL: profiler.firefox.com
• URL: vpn.mozilla.org
• URL: relay.firefox.com
• URL: api.profiler.firefox.com
• OTHER: Mozilla VPN Clients
• URL: www.mozilla.org
• URL: support.mozilla.org
• URL: hg.mozilla.org
• URL: stage.taskcluster.nonprod.cloudops.mozgcp.net
• URL: community-tc.services.mozilla.com
• URL: monitor.mozilla.org
• URL: shavar.services.mozilla.com
• OTHER: Product Delivery
• URL: aus5.mozilla.org
• URL: bugzilla.mozilla.org
• URL: crash-reports.allizom.org
• URL: crash-stats.allizom.org
• URL: firefox-ci-tc.services.mozilla.com
• URL: firefox.settings.services.mozilla.com
• URL: lando.services.mozilla.com
• URL: merino.services.mozilla.com
• URL: mozilla-pontoon-staging.herokuapp.com
• URL: phabricator.allizom.org
• URL: push.services.mozilla.com
• URL: sync.services.mozilla.com
• OTHER: Mozilla Ad Routing Service

In Scope Assets:

• URL: www.nba.com
• URL: gleague.nba.com
• URL: 2kleague.nba.com
• URL: bal.nba.com
• URL: content-api-nextgen-prod.nba.com
• URL: content-api-prod.nba.com
• URL: core-api.nba.com
• URL: id.nba.com
• URL: stats-trafficcop-prod.nba.com
• URL: cdn.nba.com
• URL: cms.nba.com
• URL: stats.nba.com
• URL: identity.nba.com
• URL: www.wnba.com
• URL: teamportal.nba.com
• URL: cweb-ott.nba.com
• URL: syndication.nba.com
• URL: stats.wnba.com
• URL: stats.gleague.nba.com
• URL: stats.2kleague.nba.com
• URL: cdn-bal.nba.com
• URL: corp-dev.nba.com
• URL: manage.nba.com
• URL: manage-teams.nba.com
• URL: nbafedsvc.nba.com
• URL: vote.nba.com
• URL: elm.nba.com
• URL: lockervision.nba.com
• ANDROID: com.nbaimd.gametime.nba2011
• IOS: com.nbaimd.gametime.universal
• URL: adb.nba.com
• URL: br.nba.com
• URL: cares.nba.com
• URL: cl.nba.com
• URL: coalition.nba.com
• URL: gamenotes.nba.com
• URL: grae.nba.com
• URL: 2kleague-dev.nba.com
• URL: 2kleague-qa.nba.com
• URL: gleague-dev.nba.com
• URL: gleague-qa.nba.com
• URL: www-dev.wnba.com
• URL: www-dev.nba.com
• URL: www-qa.wnba.com
• URL: www-qa.nba.com
• URL: socialimpact.nba.com
• URL: www-uat.nba.com
• URL: www-ng.nba.com
• URL: vth.nba.com
• URL: teamdirectory.nba.com
• URL: bal-dev.nba.com
• URL: bal-qa.nba.com
• URL: bal-uat.nba.com

Out of Scope Assets:

• URL: mcd.nba.com (OOS)
• URL: mcdalerts.nba.com (OOS)
• URL: mindhealth.nba.com (OOS)
• URL: totalhealth.nba.com (OOS)

In Scope Assets:

• URL: https://console.neon.tech/api/v2/
• URL: https://console.neon.tech/
• URL: https://console-stage.neon.build/

In Scope Assets:

• WILDCARD: *.nflxext.com
• URL: www.netflix.com
• WILDCARD: api*.netflix.com
• WILDCARD: *.prod.ftl.netflix.com
• WILDCARD: *.prod.cloud.netflix.com
• SOURCE_CODE: Open Source - Atlas
• OTHER: Corporate Assets
• WILDCARD: *.nflxvideo.net
• WILDCARD: *.prod.dradis.netflix.com
• URL: beacon.netflix.com
• URL: customerevents.netflix.com
• URL: secure.netflix.com
• WILDCARD: *.nflximg.net
• WILDCARD: *.nflxso.net
• URL: help.netflix.com
• URL: ichnaea.netflix.com
• URL: presentationtracking.netflix.com
• URL: nmtracking.netflix.com
• OTHER: Open Source - Consoleme
• OTHER: Open Source - Weep
• OTHER: Open Source - Zuul
• OTHER: Microsites
• OTHER: Open Source - Spectator
• OTHER: Secondary Assets
• OTHER: Content Authorization Targets
• URL: meechum.netflix.com
• OTHER: Open Source - Dispatch
• IOS: Netflix Mobile Application for iOS
• ANDROID: Netflix Mobile Application for Android

Out of Scope Assets:

• OTHER: Third party websites or systems hosted by non-Netflix entities Out of Scope (OOS)
• URL: ir.netflix.com (OOS)
• URL: ir.netflix.net (OOS)
• URL: netflixinvestor.com (OOS)
• OTHER: Set-top-boxes, smart TVs, streaming sticks Out of Scope (OOS)

In Scope Assets:

• URL: app.netlify.com
• URL: api.netlify.com
• WILDCARD: *.onegraph.com
• WILDCARD: *.services.netlify.com
• WILDCARD: *.services-prod.nsvcs.net
• URL: internal.netlify.com
• WILDCARD: *.infra-prod.nsvcs.net
• WILDCARD: *.ops.netlify.com
• URL: netlify-cdp-loader.netlify.app
• URL: screenshot-proxy.netlify.app
• URL: netlify-rum.netlify.app
• URL: list-v2--netlify-plugins.netlify.app
• URL: internal-docs.netlify.com
• URL: supportal.netlify.app

Out of Scope Assets:

• URL: www.netlify.com (OOS)
• URL: webpop.com (OOS)
• WILDCARD: *.netlify.app (OOS)
• URL: docs.netlify.com (OOS)
• URL: answers.netlify.com (OOS)
• WILDCARD: *.netlify.com (OOS)
• URL: https://github.com/netlify/ (OOS)
• WILDCARD: *.netlifycms.org (OOS)

In Scope Assets:

• WILDCARD: http://*.newegg.com
• WILDCARD: http://*.newegg.ca
• IOS: com.newegg.app
• ANDROID: com.newegg.app

Out of Scope Assets:

• WILDCARD: http://*.neweggbusiness.com (OOS)
• URL: jobs.newegg.com (OOS)
• URL: sellerportal.newegg.com (OOS)
• URL: sellingpilot.newegg.com (OOS)

In Scope Assets:

• ANDROID: com.nextcloud.client
• IOS: it.twsweb.Nextcloud
• SOURCE_CODE: nextcloud/server
• SOURCE_CODE: nextcloud/activity
• SOURCE_CODE: nextcloud/files_accesscontrol
• SOURCE_CODE: nextcloud/3rdparty
• SOURCE_CODE: nextcloud/files_pdfviewer
• SOURCE_CODE: nextcloud/files_texteditor
• SOURCE_CODE: nextcloud/firstrunwizard
• SOURCE_CODE: nextcloud/notifications
• SOURCE_CODE: nextcloud/password_policy
• SOURCE_CODE: nextcloud/user_saml
• SOURCE_CODE: nextcloud/files_automatedtagging
• SOURCE_CODE: nextcloud/files_retention
• SOURCE_CODE: nextcloud/serverinfo
• SOURCE_CODE: nextcloud/nextcloud_announcements
• SOURCE_CODE: nextcloud/logreader
• SOURCE_CODE: nextcloud/survey_client
• SOURCE_CODE: nextcloud/updater
• EXECUTABLE: Desktop Client
• SOURCE_CODE: nextcloud/spreed
• ANDROID: com.nextcloud.talk2
• IOS: com.nextcloud.Talk
• SOURCE_CODE: nextcloud/photos
• SOURCE_CODE: nextcloud/mail
• SOURCE_CODE: nextcloud/files_rightclick
• SOURCE_CODE: nextcloud/privacy
• SOURCE_CODE: nextcloud/recommendations
• SOURCE_CODE: nextcloud/viewer
• SOURCE_CODE: nextcloud/text
• SOURCE_CODE: nextcloud/circles
• SOURCE_CODE: nextcloud/data_request
• SOURCE_CODE: nextcloud/files_antivirus
• SOURCE_CODE: nextcloud/fulltextsearch
• SOURCE_CODE: daita/files_fulltextsearch_tesseract
• SOURCE_CODE: nextcloud/flow_notifications
• SOURCE_CODE: nextcloud/fulltextsearch_elasticsearch
• SOURCE_CODE: nextcloud/files_fulltextsearch
• SOURCE_CODE: nextcloud/groupfolders
• SOURCE_CODE: nextcloud/guests
• SOURCE_CODE: nextcloud/sharepoint
• SOURCE_CODE: nextcloud/socialsharing
• SOURCE_CODE: nextcloud/suspicious_login
• SOURCE_CODE: nextcloud/terms_of_service
• SOURCE_CODE: nextcloud/twofactor_totp
• SOURCE_CODE: nextcloud/user_oidc
• SOURCE_CODE: nextcloud/workflow_script
• SOURCE_CODE: nextcloud/calendar
• SOURCE_CODE: nextcloud/contacts
• SOURCE_CODE: nextcloud/richdocuments
• SOURCE_CODE: nextcloud/onlyoffice
• SOURCE_CODE: nextcloud/end_to_end_encryption
• SOURCE_CODE: nextcloud/deck
• SOURCE_CODE: nextcloud/bruteforcesettings
• SOURCE_CODE: nextcloud/related_resources
• SOURCE_CODE: nextcloud/approval
• SOURCE_CODE: nextcloud/files_lock
• SOURCE_CODE: nextcloud/user_migration
• SOURCE_CODE: nextcloud/twofactor_webauthn
• SOURCE_CODE: nextcloud/external
• SOURCE_CODE: nextcloud/notify_push
• SOURCE_CODE: nextcloud/calendar_resource_management
• SOURCE_CODE: nextcloud/globalsiteselector
• SOURCE_CODE: nextcloud/notes
• ANDROID: it.niedermann.owncloud.notes
• IOS: com.peterandlinda.iOCNotes
• SOURCE_CODE: https://github.com/nextcloud/files_confidential
• SOURCE_CODE: https://github.com/nextcloud/tables
• SOURCE_CODE: https://github.com/nextcloud/collectives

Out of Scope Assets:

• URL: drone.nextcloud.com (OOS)
• URL: conf.nextcloud.com (OOS)
• URL: cloud.nextcloud.com (OOS)
• URL: demo.nextcloud.com (OOS)
• URL: sentry.nextcloud.com (OOS)
• URL: try.nextcloud.com (OOS)
• URL: https://nextcloud.atlassian.net/jira/dashboard (OOS)

In Scope Assets:

• URL: test.nicehash.com
• ANDROID: com.nicehash.metallum
• IOS: com.nicehash.mobile
• URL: https://api-test.nicehash.com

Out of Scope Assets:

• URL: https://test.nicehash.com/shop/ (OOS)
• URL: https://test.nicex.com (OOS)
• URL: https://api-test.nicex.com (OOS)
• URL: test.nicex.com (OOS)

In Scope Assets:

• HARDWARE: Nintendo Switch System
• HARDWARE: Nintendo Switch applications for which Nintendo is the publisher worldwide

Out of Scope Assets:

• HARDWARE: Nintendo 3DS applications for which Nintendo is the publisher worldwide (OOS)
• HARDWARE: Nintendo 3DS System (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/nodejs/node

In Scope Assets:

• WILDCARD: *.nordvpn.com
• ANDROID: com.nordvpn.android
• EXECUTABLE: NordVPN - Windows Executable
• IOS: 905953485
• OTHER: NordVPN Browser Extension
• EXECUTABLE: NordVPN - MacOS Executable
• EXECUTABLE: NordVPN - Linux Executable
• ANDROID: com.nordvpn.android
• EXECUTABLE: NordPass - Windows Executable
• EXECUTABLE: NordPass - MacOS Executable
• EXECUTABLE: NordPass - Linux Executable
• ANDROID: com.nordpass.android.app.password.manager
• IOS: 1486322860
• OTHER: All Mobile Assets
• URL: app.nordpass.com

In Scope Assets:

• SOURCE_CODE: https://github.com/oasisprotocol/oasis-core
• SOURCE_CODE: https://github.com/oasisprotocol/deoxysii
• SOURCE_CODE: https://github.com/oasisprotocol/deoxysii-rust
• SOURCE_CODE: https://github.com/oasisprotocol/oasis-sdk
• SOURCE_CODE: https://github.com/oasisprotocol/curve25519-voi
• SOURCE_CODE: https://github.com/oasisprotocol/oasis-wallet-web
• SOURCE_CODE: https://github.com/oasisprotocol/oasis-wallet-ext
• URL: wallet.oasis.io
• URL: status.oasis.io
• URL: http://emerald.oasis.dev
• URL: http://grpc.oasis.dev
• URL: http://rosetta.oasis.dev/api/mainnet
• URL: http://sapphire.oasis.io
• SOURCE_CODE: github.com/oasisprotocol/explorer

Out of Scope Assets:

• OTHER: Not in Scope (OOS)

In Scope Assets:

• WILDCARD: *.okx.com
• OTHER: Mac OS Executable
• OTHER: Windows OS Executable
• OTHER: OKX Android APK
• OTHER: OKX iOS APP
• OTHER: OKT Chain
• OTHER: OKX Wallet Chrome Extension
• OTHER: OKX Wallet Edge Add-ons
• OTHER: OKX Wallet Safari Extension
• WILDCARD: *.oklink.com
• SOURCE_CODE: Web3 DEX Open Source
• SOURCE_CODE: OKX Wallet Core Open Source

Out of Scope Assets:

• WILDCARD: *.okg.com (OOS)

In Scope Assets:

• URL: vault.omise.co
• URL: api.omise.co
• URL: dashboard.omise.co
• SOURCE_CODE: github.com
• URL: www.omise.co
• URL: offsite.omise.co
• URL: www.opn.ooo

In Scope Assets:

• URL: https://developers.oppomobile.com
• URL: https://e.oppomobile.com
• URL: https://open.oppomobile.com
• URL: http://heytap.com
• URL: https://e.heytap.com/
• OTHER: ColorOS
• OTHER: LockScreenMagazine
• OTHER: OPPO+
• OTHER: QuickApps
• URL: http://coloros.com
• ANDROID: com.coloros.browser
• ANDROID: com.coloros.encryption
• ANDROID: com.coloros.securepay
• ANDROID: com.coloros.speechassist
• ANDROID: com.coloros.video
• ANDROID: com.fintech.life
• ANDROID: com.heytap.browser
• ANDROID: com.heytap.cloud
• ANDROID: com.heytap.health.international
• ANDROID: com.heytap.market
• ANDROID: com.heytap.themestore
• ANDROID: com.heytap.xgame
• ANDROID: com.nearme.browser
• ANDROID: com.nearme.themespace
• ANDROID: com.nearme.themestore
• ANDROID: com.oplus.account
• ANDROID: com.oplus.member
• ANDROID: com.oplus.themestore
• ANDROID: com.oplus.vip
• ANDROID: com.opos.ads
• ANDROID: com.oppo.cloud
• ANDROID: com.oppo.encryption
• ANDROID: com.oppo.market
• ANDROID: com.oppo.quicksearchbox
• ANDROID: com.oppo.speechassist
• ANDROID: com.oppo.usercenter
• URL: http://heytapmobi.com
• URL: http://oppofind.com
• URL: opposhop.cn
• WILDCARD: *.coloros.com
• URL: community.coloros.com
• WILDCARD: *.oppo.com
• WILDCARD: *.oppomobile.com
• WILDCARD: *.myoas.com
• WILDCARD: *.wanyol.com
• WILDCARD: *.myoas.net
• HARDWARE: A16k
• HARDWARE: A76
• HARDWARE: A96
• HARDWARE: F 21 Pro
• HARDWARE: FindN2
• HARDWARE: FindN2Flip
• HARDWARE: FindN3
• HARDWARE: FindN3Flip
• HARDWARE: FindX6
• HARDWARE: FindX6Pro
• HARDWARE: FindX7
• HARDWARE: FindX7Ultra
• HARDWARE: K10
• HARDWARE: K105G
• HARDWARE: K9
• HARDWARE: K9Pro
• HARDWARE: K9s
• HARDWARE: Porsche-B
• HARDWARE: Reno105G
• HARDWARE: Reno10Pro+5G
• HARDWARE: Reno10Pro5G
• HARDWARE: Reno115G
• HARDWARE: Reno11Pro5G
• HARDWARE: Reno12
• HARDWARE: Reno12Pro
• HARDWARE: Reno8Pro5G
• HARDWARE: Reno9Pro+5G
• HARDWARE: Reno9Pro5G
• HARDWARE: Reno 9 5G
• URL: nearme.com.cn
• OTHER: Test environment
• WILDCARD: *.nearme.com.cn
• WILDCARD: *.myoppo.com
• URL: https://www.opposhop.cn/
• URL: https://www.opposhop.cn/m/
• URL: https://hd.opposhop.cn
• URL: https://www.oppo.com/in/
• URL: https://ifind.oppomobile.com
• URL: https://ifind.heytapmobi.com
• URL: https://find.yun.oppo.com/
• URL: https://cloud.oppo.com/
• URL: https://cloud.heytap.com/
• URL: https://support.oppo.com/cn/
• URL: https://career.oppo.com/
• URL: https://chat.oppo.com/
• URL: https://sbox.myoas.com
• URL: https://mtp.myoas.com
• URL: http://engine.heytap.com
• URL: https://nativepay.keke.cn
• URL: https://spgw-pay.finzfin.com
• ANDROID: com.coloros.assistantscreen
• ANDROID: com.oplus.games
• ANDROID: com.coloros.video
• ANDROID: com.heytap.music
• ANDROID: com.heytap.pictorial
• ANDROID: com.coloros.pictorial

In Scope Assets:

• OTHER: Any public (Internet-facing) infrastructure owned and operated by Palantir.
• OTHER: Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.

Out of Scope Assets:

• URL: gear.palantir.com (OOS)
• URL: investors.palantir.com (OOS)
• URL: blog.palantir.com (OOS)
• URL: go.palantir.com (OOS)
• URL: explore.palantir.com (OOS)
• URL: info.palantir.com (OOS)
• OTHER: Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions. (OOS)
• URL: certification.palantir.com (OOS)
• URL: training.palantir.com (OOS)
• URL: learn.palantir.com (OOS)
• URL: palantirpacusa.com (OOS)
• URL: palantirfedstart.com (OOS)
• URL: sandbox.training.palantir.com (OOS)
• URL: community.palantir.com (OOS)
• URL: store.palantir.com (OOS)

In Scope Assets:

• URL: *.payoneer.com
• URL: payoneer.com.cn
• URL: http://greenchannel.payoneer.com.cn/gcportal
• URL: myaccount-cn.payoneer.com

Out of Scope Assets:

• URL: blog.payoneer.com (OOS)
• URL: community.payoneer.com (OOS)
• URL: affiliates.payoneer.com (OOS)
• URL: tracks.payoneer.com (OOS)
• URL: explore.payoneer.com (OOS)
• URL: register.payoneer.com (OOS)
• URL: duediligence.payoneer.com (OOS)
• URL: investorday.payoneer.com (OOS)
• URL: brand.payoneer.com (OOS)
• URL: skuad.io (OOS)

In Scope Assets:

• IOS: 351727428
• IOS: com.xoom.app
• IOS: com.paypal.merchant
• ANDROID: com.xoom.android.app
• ANDROID: com.paypal.merchant.client
• ANDROID: com.paypal.android.p2pmobile
• ANDROID: com.venmo
• URL: www.paypal-*.com
• URL: *.xoom.com
• URL: *.paypal.com
• URL: *.braintreegateway.com
• URL: *.paydiant.com
• URL: *.venmo.com
• URL: paypalobjects.com
• URL: paypal.me
• URL: py.pl
• URL: *.braintreepayments.com
• URL: *.braintree-api.com
• URL: *.braintree.tools
• URL: prequal.swiftfinancial.com
• URL: partner.swiftfinancial.com
• URL: decision.swiftfinancial.com
• URL: pigeon.swiftfinancial.com
• URL: scrutiny.swiftfinancial.com
• URL: www.swiftcapital.com
• URL: www.loanbuilder.com
• URL: www.swiftfinancial.com
• URL: api.swiftfinancial.com
• URL: my.swiftfinancial.com
• URL: api.loanbuilder.com
• URL: my.loanbuilder.com
• URL: loanbuilder.com
• URL: swiftfinancial.com
• URL: swiftcapital.com
• URL: *.paypalcorp.com
• URL: *.hyperwallet.com
• URL: *.paylution.com
• URL: sandbox.braintreegateway.com
• OTHER: Braintree SDK
• OTHER: PayPal SDK

Out of Scope Assets:

• IOS: com.paypal.herehd (OOS)
• IOS: com.paypal.here (OOS)
• ANDROID: com.paypal.here (OOS)
• URL: *.paypal.cn (OOS)
• URL: braintree.com (OOS)
• OTHER: *.atlassian.net (OOS)
• URL: www.gopay.com (OOS)

In Scope Assets:

• NO_IN_SCOPE_TABLE

In Scope Assets:

• WILDCARD: https://ort-authenticator.pingone.com/*
• WILDCARD: https://ort-admin.pingone.com/*
• WILDCARD: https://ort-desktop.pingone.com/*
• WILDCARD: https://openam-bug-bounty-stag.forgeblocks.com/*
• URL: api.ort-one-pingone.com
• URL: console.ort-one-pingone.com
• URL: apps.ort-one-pingone.com

Out of Scope Assets:

• WILDCARD: https://*.pingidentity.com (OOS)
• URL: admin.pingone.com (OOS)
• URL: api.pingone.com (OOS)
• URL: desktop.pingone.com (OOS)
• WILDCARD: https://*.pingidentity.io (OOS)
• URL: test-desktop.pingone.com (OOS)
• URL: test-sso.connect.pingidentity.com (OOS)
• URL: authenticator.pingone.com (OOS)
• WILDCARD: https://*.pingidentity.net (OOS)
• URL: console.pingone.com (OOS)
• WILDCARD: https://developer.pingidentity.com/* (OOS)
• URL: uploads.pingone.com (OOS)
• URL: uploads-staging.pingone.com (OOS)
• URL: api-staging.pingone.com (OOS)
• URL: console-staging.pingone.com (OOS)

In Scope Assets:

• URL: booth.pm
• URL: comic.pixiv.net
• URL: sketch.pixiv.net
• URL: sensei.pixiv.net
• URL: accounts.pixiv.net
• URL: www.pixiv.net
• URL: hub.vroid.com
• URL: dic.pixiv.net
• WILDCARD: *.fanbox.cc
• URL: vroid.com
• URL: payment.pixiv.net
• URL: neoket.net
• SOURCE_CODE: https://github.com/pixiv/charcoal
• URL: novel.pixiv.net
• URL: https://vroid.com/studio
• URL: coban.pixiv.net
• URL: pastela.app
• URL: comic-indies.pixiv.net

Out of Scope Assets:

• URL: factory.pixiv.net (OOS)
• WILDCARD: *.pixiv.co.jp (OOS)

In Scope Assets:

• URL: production.plaid.com
• URL: dashboard.plaid.com
• URL: demo.plaid.com
• URL: cdn.plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-link-ios
• URL: my.plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-link-android
• SOURCE_CODE: https://github.com/plaid/plaid-link-examples
• URL: secure.plaid.com
• URL: plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-ruby
• SOURCE_CODE: https://github.com/plaid/react-native-plaid-link-sdk
• SOURCE_CODE: https://github.com/plaid/react-plaid-link

In Scope Assets:

• URL: *.playstation.net
• URL: *.sonyentertainmentnetwork.com
• URL: *.api.playstation.com
• URL: my.playstation.com
• URL: store.playstation.com
• URL: social.playstation.com
• URL: transact.playstation.com
• URL: wallets.api.playstation.com
• HARDWARE: PlayStation 4
• URL: direct.playstation.com
• URL: api.direct.playstation.com
• HARDWARE: PlayStation 5
• URL: ca.account.sony.com
• URL: my.account.sony.com
• URL: ps5.np.playstation.net
• IOS: iOS Playstation App
• ANDROID: Android Playstation App

In Scope Assets:

• ANDROID: air.com.playtika.slotomania
• IOS: 447553564
• WILDCARD: *.slotomania.com
• WILDCARD: *.playtika.com
• URL: gnocchi-www.buffalo-ggn.net
• WILDCARD: *.bingoblitz.com
• ANDROID: air.com.buffalo_studios.newflashbingo
• IOS: 529996768
• WILDCARD: *.caesarsgames.com
• ANDROID: com.playtika.caesarscasino
• IOS: 603097018
• WILDCARD: *.boardkingsgame.com
• ANDROID: com.jellybtn.boardkings
• IOS: 1116488672
• WILDCARD: *.houseoffun.com
• IOS: 586634331
• ANDROID: com.pacificinteractive.HouseOfFun
• WILDCARD: *.playwsop.com
• IOS: 719525810
• ANDROID: com.playtika.wsop.gp
• IOS: 868013618
• ANDROID: com.Seriously.BestFiends
• IOS: 654671575
• ANDROID: com.jellybtn.cashkingmobile
• WILDCARD: *.serious.li
• IOS: 1223338261
• ANDROID: net.supertreat.solitaire
• ANDROID: net.wooga.junes_journey_hidden_object_mystery_game
• IOS: 1200391796
• WILDCARD: *.wooga.com
• ANDROID: air.com.playtika.cvs
• IOS: 975035622
• ANDROID: com.bigblueparrot.pokerfriends
• IOS: 480523695
• ANDROID: fi.reworks.redecor
• IOS: 1413287364
• WILDCARD: *.redecor.com
• OTHER: https://apps.facebook.com/pokerheat
• OTHER: https://apps.facebook.com/vegas_downtown_slots
• WILDCARD: *.justfall.lol,*.justplay.lol,*.1v1.lol
• WILDCARD: *.seriously.com
• IOS: 1438744533
• ANDROID: com.Seriously.Phoenix
• OTHER: 1v1.lol
• ANDROID: lol.onevone
• IOS: 1508620125
• IOS: 645949180
• IOS: 1510325826
• ANDROID: net.wooga.switchcraft.googleplay
• IOS: 1215220850
• ANDROID: net.wooga.tropicats_tropical_cats_puzzle_paradise
• IOS: 594802437
• ANDROID: com.wooga.pearlsperil
• OTHER: https://apps.facebook.com/pearls-peril
• URL: bestfiends.com
• WILDCARD: *.monopoly-poker.com
• IOS: 1448884851
• ANDROID: com.youdagames.monopolypoker
• WINDOWS APP: 9nqwjwnqjj5n
• OTHER: 1474700 (Steam app id)
• WILDCARD: *.playticorp.com

Out of Scope Assets:

• URL: sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com (OOS)
• ANDROID: com.youdagames.gop3multiplayer (OOS)
• IOS: id877638937 (OOS)
• WILDCARD: *.awards.slotomania.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/maticnetwork/heimdall
• SOURCE_CODE: https://github.com/maticnetwork/bor
• URL: staking-api.polygon.technology
• URL: faucet.polygon.technology
• SOURCE_CODE: https://github.com/0xPolygon/chain-indexer-framework
• URL: portal.polygon.technology
• SOURCE_CODE: https://github.com/maticnetwork/matic-cli
• URL: ecosystem.polygon.technology
• URL: ecosystem-api.polygon.technology
• SOURCE_CODE: https://github.com/0xPolygon/proof-generation-api
• URL: staking.polygon.technology
• URL: faucet-api.polygon.technology/
• URL: api-gateway.polygon.technology
• URL: gasstation.polygon.technology/
• URL: api-polygon-tokens.polygon.technology/
• URL: balance-api.polygon.technology/
• SOURCE_CODE: https://github.com/0xPolygon/auto-claim-service
• SOURCE_CODE: https://github.com/0xPolygon/lxly.js
• SOURCE_CODE: https://github.com/0xPolygon/static

Out of Scope Assets:

• SOURCE_CODE: https://github.com/maticnetwork/contracts (OOS)
• WILDCARD: *.matic.network (OOS)

In Scope Assets:

• URL: www.pornbox.com
• URL: www.analvids.com
• URL: www.ddfcontent.com
• URL: www.pornworld.com

In Scope Assets:

• URL: portswigger.net
• EXECUTABLE: Burp Suite Pro/Community
• EXECUTABLE: Burp Collaborator
• URL: forum.portswigger.net
• URL: https://enterprise-demo.portswigger.net/
• URL: ai.portswigger.net
• OTHER: Burp Suite DAST

Out of Scope Assets:

• WILDCARD: *.web-security-academy.net (OOS)
• WILDCARD: *.portswigger.net (OOS)

In Scope Assets:

• URL: www.priceline.com
• URL: secure.rezserver.com
• URL: reservations.rezserver.com
• URL: cruises.priceline.com
• URL: www.bookingholdings.com
• IOS: 336381998
• ANDROID: com.priceline.android.negotiator
• URL: api.rezserver.com
• URL: admin.rezserver.com
• URL: press.priceline.com
• URL: www.getaroom.com
• URL: flyiin.com
• URL: priceline.com
• AI_MODEL: Penny
• URL: ir.bookingholdings.com
• URL: bookingholdings-coe.com
• URL: https://www.priceline.com/pwd/v0/pcln-graphql/

Out of Scope Assets:

• URL: www.airportrentalcars.com (OOS)
• OTHER: www.priceline.com/vp-web/* (OOS)
• URL: availability.getaroom.com (OOS)
• URL: extranet.getaroom.com (OOS)
• URL: breadcrumb.getaroom.com (OOS)
• URL: supply.getaroom.com (OOS)
• URL: stockroom.production.getaroom.com (OOS)
• URL: *.roomvaluesteam.com (OOS)
• URL: *.testaroom.com (OOS)
• URL: *.testaroom.cloud (OOS)
• URL: groupdeals.priceline.com (OOS)
• URL: weatherstatus.priceline.com (OOS)
• URL: url5932.travel.priceline.com (OOS)
• URL: tools.corp.priceline.com (OOS)
• URL: tools-qaa.corp.priceline.com (OOS)
• URL: remotecontrol.corp.priceline.com (OOS)
• URL: qaa.booking.priceline.com (OOS)
• URL: offers.priceline.com (OOS)
• URL: mail.corp.priceline.com (OOS)
• URL: localdealsemail.priceline.com (OOS)
• URL: links.deals.priceline.com (OOS)
• URL: jira.corp.priceline.com (OOS)
• URL: itsupport.corp.priceline.com (OOS)
• URL: ids-too.priceline.com (OOS)
• URL: ids-dev.priceline.com (OOS)
• URL: help.corp.priceline.com (OOS)
• URL: guse4-rc-qa.priceline.com (OOS)
• URL: google.corp.priceline.com (OOS)
• URL: experiences.priceline.com (OOS)
• URL: employeedeals.flightdeals.priceline.com (OOS)
• URL: dev.sales-ccp.priceline.com (OOS)
• URL: dev.customerservice-ccp.priceline.com (OOS)
• URL: dashboard.corp.priceline.com (OOS)
• URL: customerservice-ccp.priceline.com (OOS)
• URL: careers.priceline.com (OOS)
• URL: booking.priceline.com (OOS)
• URL: api-guse4-poc.priceline.com (OOS)
• URL: api-gnae1-poc.priceline.com (OOS)
• URL: ace-qa.corp.priceline.com (OOS)
• URL: 1psb.priceline.com (OOS)
• URL: img1.priceline.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://www.npmjs.com/package/@privy-io/react-auth
• URL: auth.privy.io
• URL: dashboard.privy.io

Out of Scope Assets:

• URL: privy.io (OOS)
• URL: blog.privy.io (OOS)
• URL: docs.privy.io (OOS)
• URL: demo.privy.io (OOS)