| + | https://hackerone.com/malwarebytes | 31 | 7 | HackerOne |
In Scope Assets:- EXECUTABLE: Malwarebytes for Windows
- EXECUTABLE: Malwarebytes for Mac
- ANDROID: org.malwarebytes.antimalware
- OTHER: Malwarebytes Privacy (VPN)
- WILDCARD: *.threatdown.com
- WILDCARD: *.cyrus-security.com
- URL: www.malwarebytes.com
- URL: my.malwarebytes.com
- URL: cloud.malwarebytes.com
- EXECUTABLE: Malwarebytes Support Tool (MBST)
- URL: oneview.threatdown.com
- URL: https://oneview.threatdownstage.com
- EXECUTABLE: AdwCleaner
- IOS: com.malwarebytes.Malwarebytes
- OTHER: BrowserGuard (Firefox/Chrome/Safari browser extension)
- EXECUTABLE: Malwarebytes for Teams
- OTHER: Vulnerability & Patch Management
- EXECUTABLE: Malwarebytes Remediation for CrowdStrike
- OTHER: ThreatDown Endpoint Detection & Response (EDR)
- OTHER: ThreatDown Endpoint Protection
- EXECUTABLE: Malwarebytes ToolSet (MBTS)
- EXECUTABLE: Malwarebytes Windows Firewall Control
- WILDCARD: *.mwbsys.com
- WILDCARD: *.mb-cosmos.com
- WILDCARD: *.mbamupdates.com
- WILDCARD: *.cloud.malwarebytes.com
- WILDCARD: *.malwarebytes.com
- WILDCARD: *.mwb-threatintel.com
- OTHER: Malwarebytes Device Control
- OTHER: Any other Malwarebytes asset
- OTHER: ThreatDown Browser Phishing Protection
Out of Scope Assets:- URL: estore.malwarebytes.com (OOS)
- URL: store.malwarebytes.com (OOS)
- URL: pages.malwarebytes.com (OOS)
- URL: view.malwarebytes.com (OOS)
- URL: store.threatdown.com (OOS)
- URL: malwarebytes.zoom.us (OOS)
- EXECUTABLE: Malwarebytes Anti-Ransomware (OOS)
|
| + | https://hackerone.com/mapbox | 7 | 2 | HackerOne |
In Scope Assets:- URL: www.mapbox.com
- SOURCE_CODE: https://www.mapbox.com/mapbox-gl-js/
- SOURCE_CODE: https://docs.mapbox.com/ios/maps/overview/
- SOURCE_CODE: https://docs.mapbox.com/android/
- SOURCE_CODE: https://github.com/mapbox
- URL: api.mapbox.com
- URL: https://docs.mapbox.com/
Out of Scope Assets:- OTHER: Submissions on out-of-scope assets listed below will be closed as N/A (OOS)
- URL: geojson.io (OOS)
|
| + | https://hackerone.com/marriott | 79 | 21 | HackerOne |
In Scope Assets:- IOS: 455004730
- URL: *uat.marriott.com
- URL: http://www.shopmarriott.com
- URL: homes-and-villas.marriott.com
- URL: moments.marriottbonvoy.com
- URL: help.marriott.com
- URL: traveler.marriott.com
- URL: travelagents.marriott.com/
- URL: mipartnerprivileges.marriott.com
- URL: activities.marriott.com
- URL: careers.marriott.com
- URL: sso.marriott.com
- URL: mgs.marriott.com
- URL: jobs.marriott.com
- URL: passwordchallenge.marriott.com
- URL: gateway*.marriott.com
- URL: dcfgateway*.marriott.com
- URL: marriottfranchisetransactions.marriott.com
- URL: lawmanager.marriott.com
- URL: hotel-deals.marriott.com
- URL: all-inclusive.marriott.com
- URL: reservations.all-inclusive.marriott.com
- URL: marrtool.com
- URL: cpp.marriott.com
- URL: editionhotels.com
- URL: gatewaydsapdev2.marriott.com
- URL: dcfgatewaytst1.marriott.com
- URL: gatewaydsaptst1.marriott.com
- URL: gatewaydsaptst2.marriott.com
- URL: www.ritzcarlton.com
- URL: psp.marriott.com
- URL: www.marriott.com
- WILDCARD: *gateway-apc.marriott.com
- URL: esupplier.marriott.com
- WILDCARD: *.dcfgateway.marriott.com
- URL: efast.marriott.com
- URL: eidhelp.marriott.com
- WILDCARD: *.mgs.marriott.com
- WILDCARD: *.gateway.marriott.com
- URL: apcgateway.marriott.com
- WILDCARD: *.apigatewayc.marriott.com
- WILDCARD: *.apigwc.marriott.com
- WILDCARD: *.artifactory.marriott.com
- URL: auth-apc.marriott.com
- URL: bpa2.marriott.com
- URL: device.marriott.com
- WILDCARD: *.sba.marriott.com
- URL: smetrics.marriott.com
- URL: vacation.marriott.com
- URL: moments.marriott.com
- URL: www.giving.marriott.com
- URL: www.members.marriott.com
- URL: splunk-phantom-nlb.marriott.com
- URL: bsp.marriott.com
- URL: cache.marriott.com
- URL: channel-portal.homes-and-villas.marriott.com
- URL: ci-propertyconversionportal.marriott.com
- URL: contentportal.marriott.com
- URL: contentportalauth.marriott.com
- URL: globaldesign.marriott.com
- URL: join.marriott.com
- URL: joinrewards.marriott.com
- URL: oasisprod.marriott.com
- URL: ocijlbex1prd.marriott.com
- URL: owa.marriott.com
- URL: app-insiders.marriott.com
- URL: mds.marriott.com
- URL: meetmarriottbonvoy.marriott.com
- URL: prod-mipaasiaasservices.marriott.com
- URL: www.travel-brilliantly.marriott.com
- URL: uber.marriott.com
- URL: university.marriott.com
- URL: bilt.marriott.com
- URL: gifts.marriott.com
- URL: joinmarriottbonvoy.com
- URL: hotel-development.marriott.com
- URL: ifast.marriott.com
- URL: ssm-marriottms.saviyntcloud.com
- URL: wechat.api.marriott.com
Out of Scope Assets:- OTHER: *.ritzcarlton.com (OOS)
- URL: milux.marriott.com (OOS)
- URL: luxurybrands.marriott.com (OOS)
- URL: element-hotels.marriott.com (OOS)
- URL: mi.bookmarriott.com (OOS)
- URL: *.ritzcarltonyachtcollection.com (OOS)
- URL: *.phunware.com (OOS)
- URL: www.github.com (OOS)
- URL: marriottlearnourbrands.com (OOS)
- URL: hotelexcellence.marriott.com (OOS)
- URL: meetings-excellence.marriott.com (OOS)
- URL: marriott.tech (OOS)
- URL: apps.ritzcarlton.com (OOS)
- OTHER: Phoenix Platform (OOS)
- URL: vacations.marriott.com (OOS)
- URL: towneplacesuites.marriott.com (OOS)
- URL: springhillsuites.marriott.com (OOS)
- URL: www.travelagents.marriott.com (OOS)
- OTHER: Not-Listed Assets (OOS)
- URL: www.msg-gateway.marriott.com (OOS)
- URL: *moxymix*.marriott.com (OOS)
|
| + | https://hackerone.com/matomo | 7 | 5 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/matomo-org/matomo
- SOURCE_CODE: https://plugins.matomo.org/developer/matomo-org
- SOURCE_CODE: https://plugins.matomo.org/developer/innocraft
- SOURCE_CODE: https://github.com/matomo-org
- SOURCE_CODE: https://github.com/innocraft/
- URL: matomo.cloud
- URL: https://github.com/matomo-org/docker
Out of Scope Assets:- URL: plugins.matomo.org (OOS)
- URL: api.matomo.org (OOS)
- URL: matomo.org (OOS)
- URL: forum.matomo.org (OOS)
- URL: shop.matomo.org (OOS)
|
| + | https://hackerone.com/meesho_bbp | 10 | 20 | HackerOne |
In Scope Assets:- URL: www.meesho.com
- ANDROID: com.meesho.supply
- IOS: 1457958492
- URL: admin.meeshosupply.com
- URL: supplier.meesho.com
- URL: affiliate.meesho.com
- URL: prod.meeshoapi.com
- URL: www.valmo.in
- ANDROID: com.valmo.valmo
- URL: superstoreapp.meesho.com
Out of Scope Assets:- OTHER: Other Asset (OOS)
- URL: grocery-supplier.meesho.com (OOS)
- URL: farmiso.meeshosupply.com (OOS)
- URL: atlas.valmo.in (OOS)
- URL: affiliate-c.meesho.com (OOS)
- URL: warehouse.meesho.com (OOS)
- URL: agency.meesho.com (OOS)
- WILDCARD: *.meesho.io (OOS)
- WILDCARD: *.meeshogcp.in (OOS)
- URL: di-prd-superset.meesho.com (OOS)
- URL: investor.meesho.com (OOS)
- WILDCARD: *.meeshoaiservices.ai (OOS)
- URL: console.valmo.in (OOS)
- URL: log10-web-staging.valmo.in (OOS)
- ANDROID: com.valmo.ops (OOS)
- OTHER: Rider App (OOS)
- WILDCARD: *.meesho.com (OOS)
- WILDCARD: *.meeshosupply.com (OOS)
- WILDCARD: *.valmo.in (OOS)
- WILDCARD: *.meeshoapi.com (OOS)
|
| + | https://hackerone.com/mercadolibre | 67 | 9 | HackerOne |
In Scope Assets:- ANDROID: com.mercadopago.wallet
- IOS: com.mercadopago.MercadoPago
- URL: api.mercadopago.com
- ANDROID: com.mercadolibre
- IOS: com.3mosquitos.MercadoLibre
- URL: api.mercadolibre.com
- OTHER: Crypto
- WILDCARD: *.adminml.com
- WILDCARD: *.mercadolibre.cl
- WILDCARD: *.mercadolibre.com
- WILDCARD: *.mercadolibre.com.ar
- WILDCARD: *.mercadolibre.com.co
- WILDCARD: *.mercadolibre.com.mx
- WILDCARD: *.mercadolibre.com.pe
- WILDCARD: *.mercadolibre.com.uy
- WILDCARD: *.mercadolivre.com.br
- WILDCARD: *.mercadopago.cl
- WILDCARD: *.mercadopago.com
- WILDCARD: *.mercadopago.com.ar
- WILDCARD: *.mercadopago.com.br
- WILDCARD: *.mercadopago.com.co
- WILDCARD: *.mercadopago.com.mx
- WILDCARD: *.mercadopago.com.pe
- WILDCARD: *.mercadopago.com.uy
- WILDCARD: *.mlstatic.com
- URL: logistica.redelcom.cl
- URL: www.mercadolibre.co.cr
- URL: www.mercadolibre.com.bo
- URL: www.mercadolibre.com.do
- URL: www.mercadolibre.com.ec
- URL: www.mercadolibre.com.gt
- URL: www.mercadolibre.com.hn
- URL: www.mercadolibre.com.ni
- URL: www.mercadolibre.com.pa
- URL: www.mercadolibre.com.py
- URL: www.mercadolibre.com.sv
- URL: www.mercadolivre.com
- URL: www.mercadopago.com.ec
- ANDROID: com.mercadoenvios.logistics
- OTHER: Leaked Credentials
- URL: biolibre.ar
- URL: biolibre.cl
- URL: biolibre.co
- URL: biolibre.mx
- URL: biolivre.com.br
- URL: meliplay.com.ar
- URL: meliplay.com.pe
- URL: meliplay.com.uy
- URL: mercadoplay.co
- URL: mercadoplay.com.pe
- URL: mercadoplay.com.uy
- URL: mercadoplay.pe
- URL: mercadoplay.uy
- URL: portalinmobiliario.cl
- URL: portalinmobiliario.com
- URL: tucarro.com
- URL: tucarro.com.co
- URL: tumoto.com
- ANDROID: com.mercadolibre.android.mplay_tv
- HARDWARE: Point Smart
- ANDROID: com.mercadoenvios.driver
- ANDROID: com.mercadoenvios.crowdsourcing
- URL: furycloud.io
- URL: furydocs.io
- URL: mercadolibreexperience.cl
- URL: mercadolivreexperience.com.br
- URL: sustentabilidadmercadolibre.com
Out of Scope Assets:- WILDCARD: *.kangu.com.br (OOS)
- OTHER: developersforum (OOS)
- OTHER: Redelcom (OOS)
- WILDCARD: *.gokangu.cl (OOS)
- WILDCARD: *.gokangu.co (OOS)
- WILDCARD: *.gokangu.mx (OOS)
- WILDCARD: *.gokangu.uy (OOS)
- WILDCARD: *.kangu.tech (OOS)
- URL: wow-int.mercadolibre.com (OOS)
|
| + | https://hackerone.com/mergify | 2 | 3 | HackerOne |
In Scope Assets:- URL: api.mergify.com
- URL: dashboard.mergify.com
Out of Scope Assets:- URL: mergify.com (OOS)
- URL: blog.mergify.com (OOS)
- URL: articles.mergify.com (OOS)
|
| + | https://hackerone.com/metamask | 22 | 12 | HackerOne |
In Scope Assets:- OTHER: MetaMask SDK
- URL: portfolio.metamask.io
- OTHER: https://metamask.github.io/phishing-warning/<vX.Y.Z>
- OTHER: Snaps
- URL: snaps.metamask.io
- SOURCE_CODE: Snaps Development Packages
- WILDCARD: https://*.metamask.io
- WILDCARD: *.api.cx.metamask.io
- URL: https://user-storage.api.cx.metamask.io
- OTHER: Message signing snap
- URL: developer.metamask.io
- URL: signature-insights.api.cx.metamask.io
- URL: metamask.io
- ANDROID: io.metamask
- IOS: io.metamask.Metamask
- OTHER: MetaMask Browser Extension
- OTHER: mUSD Stablecoin
- URL: dashboard.web3auth.io
- URL: api-dashboard.web3auth.io
- SOURCE_CODE: https://github.com/Web3Auth/web3auth-web
- URL: wallet.web3auth.io
- URL: api-wallet.web3auth.io
Out of Scope Assets:- URL: community.metamask.io (OOS)
- OTHER: https://metamask.github.io/ (OOS)
- OTHER: Core Tier Assets (OOS)
- OTHER: Non-Core Tier Assets (OOS)
- URL: https://mmi-support.metamask.io/ (OOS)
- URL: https://support.metamask.io/ (OOS)
- URL: permissionless.snaps.metamask.io (OOS)
- OTHER: Wallet Tier Assets (OOS)
- URL: card.metamask.io (OOS)
- URL: travel.metamask.io (OOS)
- OTHER: https://www.npmjs.com/search?q=%40metamask (OOS)
- OTHER: Metamask Flask Extension (OOS)
|
| + | https://hackerone.com/modern_treasury | 2 | 5 | HackerOne |
In Scope Assets:- URL: app.moderntreasury.com
- URL: cdn.moderntreasury.com
Out of Scope Assets:- URL: www.moderntreasury.com (OOS)
- URL: docs.moderntreasury.com (OOS)
- URL: trust.moderntreasury.com (OOS)
- URL: help.moderntreasury.com (OOS)
- URL: ph.moderntreasury.com (OOS)
|
| + | https://hackerone.com/moneybird | 4 | 0 | HackerOne |
In Scope Assets:- URL: moneybird.com
- URL: moneybirdstorage.com
- IOS: com.moneybird.Moneybird
- ANDROID: com.moneybird.android
|
| + | https://hackerone.com/mongodb | 23 | 1 | HackerOne |
In Scope Assets:- OTHER: All Evergreen Assets (Excluding staging)
- OTHER: MongoDB Owned GitHub Repositories
- OTHER: Cluster-To-Cluster sync
- OTHER: Compass
- OTHER: Relational Migrator
- OTHER: MongoDB Shell
- OTHER: VS Code Plugin
- OTHER: Enterprise Edition Products and Tools
- WILDCARD: *.mongodb.com/*
- EXECUTABLE: Drivers
- OTHER: MongoDB Connectors
- OTHER: MongoDB Atlas
- OTHER: MongoDB Community Server
- EXECUTABLE: Database Tools
- OTHER: MongoDB IntelliJ Plugin
- OTHER: MongoDB Partner Integrations
- OTHER: MongoDB MCP Server
- OTHER: MongoDB Assistant
- OTHER: Jira Projects
- OTHER: Atlas Charts
- OTHER: Atlas IAM
- OTHER: Atlas Data Federation
- OTHER: Atlas Payments/Billing
Out of Scope Assets: |
| + | https://hackerone.com/moonpay | 14 | 18 | HackerOne |
In Scope Assets:- URL: hypermint.com
- WILDCARD: *.hypermint.com
- WILDCARD: *.moonpay.com
- SOURCE_CODE: https://github.com/moonpay
- ANDROID: https://play.google.com/store/apps/details?id=com.moonpay
- IOS: https://apps.apple.com/app/id1635031432
- URL: web3.moonpay.com
- URL: sell.moonpay.com
- URL: buy.moonpay.com
- URL: auth.moonpay.com
- URL: app.moonpay.com
- URL: api.moonpay.com
- URL: moonpay.com
- WILDCARD: *.moonpaycloud.com
Out of Scope Assets:- URL: clicks.moonpay.com (OOS)
- URL: qr.moonpay.com (OOS)
- URL: page.moonpay.com (OOS)
- URL: support.moonpay.com (OOS)
- URL: docs.moonpay.com (OOS)
- WILDCARD: *.plexlabs.io (OOS)
- URL: plexlabs.io (OOS)
- URL: request-headers-no-proxy.moonpay.com (OOS)
- URL: request-headers.moonpay.com (OOS)
- URL: docs.hypermint.com (OOS)
- URL: help.moonpay.com (OOS)
- URL: storefront.hypermint.com (OOS)
- URL: ethpass.xyz (OOS)
- URL: dev.moonpay.com (OOS)
- URL: payload-marketing.moonpay.com (OOS)
- SOURCE_CODE: https://github.com/moonpay/moonpay-sign (OOS)
- SOURCE_CODE: https://github.com/moonpay/moonpay-demo-integrations (OOS)
- SOURCE_CODE: https://github.com/moonpay/devops-challenge (OOS)
|
| + | https://hackerone.com/mozilla | 29 | 0 | HackerOne |
In Scope Assets:- URL: addons.allizom.org
- URL: developer.mozilla.org
- URL: accounts.firefox.com
- URL: profiler.firefox.com
- URL: vpn.mozilla.org
- URL: relay.firefox.com
- URL: api.profiler.firefox.com
- OTHER: Mozilla VPN Clients
- URL: www.mozilla.org
- URL: support.mozilla.org
- URL: hg.mozilla.org
- URL: stage.taskcluster.nonprod.cloudops.mozgcp.net
- URL: community-tc.services.mozilla.com
- URL: monitor.mozilla.org
- OTHER: Product Delivery
- URL: aus5.mozilla.org
- URL: bugzilla.mozilla.org
- URL: crash-reports.allizom.org
- URL: crash-stats.allizom.org
- URL: firefox-ci-tc.services.mozilla.com
- URL: firefox.settings.services.mozilla.com
- URL: lando.services.mozilla.com
- URL: merino.services.mozilla.com
- URL: phabricator.allizom.org
- URL: push.services.mozilla.com
- URL: sync.services.mozilla.com
- OTHER: Mozilla Ad Routing Service
- URL: www.firefox.com
- URL: pontoon.allizom.org
|
| + | https://hackerone.com/mpesa | 12 | 6 | HackerOne |
In Scope Assets:- OTHER: mpa.qr.web.m-pesa.com
- URL: mpa.ekyc.backoffice.m-pesa.com
- URL: mpa.ekyc.selfregister.m-pesa.com
- URL: openapiportal.m-pesa.com
- URL: openapi.m-pesa.com
- ANDROID: com.vodafone.mpesa.ls
- ANDROID: com.vodafone.mpesa.mozambique
- ANDROID: com.vodafone.mpesa.drc
- IOS: 1442121355
- IOS: 1502222766
- WILDCARD: *.m-pesa.com
- URL: m-pesa.africa
Out of Scope Assets:- URL: sso.m-pesa.vm.co.mz (OOS)
- URL: sso.pr.m-pesa.vm.co.mz (OOS)
- URL: business.m-pesa.com (OOS)
- ANDROID: com.vodacom.mpesa.ls.business (OOS)
- URL: ra.ls.m-pesa.com (OOS)
- URL: mz.m-pesa.com (OOS)
|
| + | https://hackerone.com/nba-public | 142 | 15 | HackerOne |
|
| + | https://hackerone.com/neon_bbp | 3 | 0 | HackerOne |
In Scope Assets:- URL: https://console.neon.tech/api/v2/
- URL: https://console.neon.tech/
- URL: https://console-stage.neon.build/
|
| + | https://hackerone.com/netflix | 26 | 9 | HackerOne |
In Scope Assets:- WILDCARD: *.nflxext.com
- URL: www.netflix.com
- WILDCARD: api*.netflix.com
- WILDCARD: *.prod.ftl.netflix.com
- WILDCARD: *.prod.cloud.netflix.com
- SOURCE_CODE: Open Source - Atlas
- OTHER: Corporate Assets
- WILDCARD: *.nflxvideo.net
- WILDCARD: *.prod.dradis.netflix.com
- URL: beacon.netflix.com
- URL: customerevents.netflix.com
- URL: secure.netflix.com
- WILDCARD: *.nflximg.net
- WILDCARD: *.nflxso.net
- URL: help.netflix.com
- URL: ichnaea.netflix.com
- URL: presentationtracking.netflix.com
- URL: nmtracking.netflix.com
- OTHER: Open Source - Zuul
- OTHER: Microsites
- OTHER: Open Source - Spectator
- OTHER: Secondary Assets
- OTHER: Content Authorization Targets
- URL: meechum.netflix.com
- IOS: Netflix Mobile Application for iOS
- ANDROID: Netflix Mobile Application for Android
Out of Scope Assets:- OTHER: Open Source - Consoleme (OOS)
- OTHER: Open Source - Weep (OOS)
- OTHER: Open Source - Dispatch (OOS)
- OTHER: Third party websites or systems hosted by non-Netflix entities Out of Scope (OOS)
- URL: ir.netflix.com (OOS)
- URL: ir.netflix.net (OOS)
- URL: netflixinvestor.com (OOS)
- OTHER: Set-top-boxes, smart TVs, streaming sticks Out of Scope (OOS)
- OTHER: Assets associated with ReadyPlayerMe (OOS)
|
| + | https://hackerone.com/netlify | 14 | 8 | HackerOne |
In Scope Assets:- WILDCARD: *.onegraph.com
- WILDCARD: *.services.netlify.com
- WILDCARD: *.services-prod.nsvcs.net
- URL: internal.netlify.com
- WILDCARD: *.infra-prod.nsvcs.net
- WILDCARD: *.ops.netlify.com
- URL: netlify-cdp-loader.netlify.app
- URL: screenshot-proxy.netlify.app
- URL: netlify-rum.netlify.app
- URL: list-v2--netlify-plugins.netlify.app
- URL: internal-docs.netlify.com
- URL: supportal.netlify.app
- URL: app.netlify.com
- URL: api.netlify.com
Out of Scope Assets:- URL: webpop.com (OOS)
- URL: docs.netlify.com (OOS)
- URL: answers.netlify.com (OOS)
- WILDCARD: *.netlify.com (OOS)
- URL: https://github.com/netlify/ (OOS)
- WILDCARD: *.netlifycms.org (OOS)
- WILDCARD: *.netlify.app (OOS)
- URL: www.netlify.com (OOS)
|
| + | https://hackerone.com/netscaler_public_program | 3 | 0 | HackerOne |
In Scope Assets:- OTHER: NetScaler Gateway
- OTHER: NetScaler ADC
- OTHER: NetScaler AAA
|
| + | https://hackerone.com/newegg | 7 | 3 | HackerOne |
In Scope Assets:- WILDCARD: http://*.newegg.com
- WILDCARD: http://*.newegg.ca
- IOS: com.newegg.app
- ANDROID: com.newegg.app
- URL: secure.newegg.com
- URL: secure.newegg.ca
- URL: pmtcards.newegg.com
Out of Scope Assets:- URL: jobs.newegg.com (OOS)
- URL: sellingpilot.newegg.com (OOS)
- WILDCARD: http://*.neweggbusiness.com (OOS)
|
| + | https://hackerone.com/nextcloud | 69 | 8 | HackerOne |
In Scope Assets:- ANDROID: com.nextcloud.client
- SOURCE_CODE: nextcloud/server
- SOURCE_CODE: nextcloud/spreed
- ANDROID: com.nextcloud.talk2
- IOS: com.nextcloud.Talk
- SOURCE_CODE: nextcloud/activity
- SOURCE_CODE: nextcloud/files_accesscontrol
- IOS: it.twsweb.Nextcloud
- SOURCE_CODE: nextcloud/bruteforcesettings
- SOURCE_CODE: nextcloud/related_resources
- SOURCE_CODE: nextcloud/approval
- SOURCE_CODE: nextcloud/files_lock
- SOURCE_CODE: nextcloud/user_migration
- SOURCE_CODE: nextcloud/twofactor_webauthn
- SOURCE_CODE: nextcloud/external
- SOURCE_CODE: nextcloud/notify_push
- SOURCE_CODE: nextcloud/calendar_resource_management
- SOURCE_CODE: nextcloud/globalsiteselector
- SOURCE_CODE: nextcloud/notes
- ANDROID: it.niedermann.owncloud.notes
- IOS: com.peterandlinda.iOCNotes
- SOURCE_CODE: nextcloud/photos
- SOURCE_CODE: nextcloud/mail
- SOURCE_CODE: nextcloud/files_rightclick
- SOURCE_CODE: nextcloud/privacy
- SOURCE_CODE: nextcloud/recommendations
- SOURCE_CODE: nextcloud/viewer
- SOURCE_CODE: nextcloud/text
- SOURCE_CODE: https://github.com/nextcloud/files_confidential
- SOURCE_CODE: nextcloud/3rdparty
- SOURCE_CODE: nextcloud/files_pdfviewer
- SOURCE_CODE: nextcloud/files_texteditor
- SOURCE_CODE: nextcloud/firstrunwizard
- SOURCE_CODE: nextcloud/notifications
- SOURCE_CODE: https://github.com/nextcloud/tables
- SOURCE_CODE: https://github.com/nextcloud/collectives
- SOURCE_CODE: nextcloud/password_policy
- SOURCE_CODE: nextcloud/circles
- SOURCE_CODE: nextcloud/data_request
- SOURCE_CODE: nextcloud/files_antivirus
- SOURCE_CODE: nextcloud/fulltextsearch
- SOURCE_CODE: nextcloud/flow_notifications
- SOURCE_CODE: nextcloud/fulltextsearch_elasticsearch
- SOURCE_CODE: nextcloud/files_fulltextsearch
- SOURCE_CODE: nextcloud/groupfolders
- SOURCE_CODE: nextcloud/guests
- SOURCE_CODE: nextcloud/sharepoint
- SOURCE_CODE: nextcloud/socialsharing
- SOURCE_CODE: nextcloud/suspicious_login
- SOURCE_CODE: nextcloud/terms_of_service
- SOURCE_CODE: nextcloud/twofactor_totp
- SOURCE_CODE: nextcloud/user_oidc
- SOURCE_CODE: nextcloud/workflow_script
- SOURCE_CODE: nextcloud/calendar
- SOURCE_CODE: nextcloud/contacts
- SOURCE_CODE: nextcloud/richdocuments
- SOURCE_CODE: nextcloud/onlyoffice
- SOURCE_CODE: nextcloud/user_saml
- SOURCE_CODE: nextcloud/files_automatedtagging
- SOURCE_CODE: nextcloud/end_to_end_encryption
- SOURCE_CODE: nextcloud/files_retention
- SOURCE_CODE: nextcloud/serverinfo
- SOURCE_CODE: nextcloud/deck
- SOURCE_CODE: nextcloud/nextcloud_announcements
- SOURCE_CODE: nextcloud/logreader
- SOURCE_CODE: nextcloud/survey_client
- SOURCE_CODE: nextcloud/updater
- EXECUTABLE: Desktop Client
- SOURCE_CODE: nextcloud/files_fulltextsearch_tesseract
Out of Scope Assets:- URL: sentry.nextcloud.com (OOS)
- URL: drone.nextcloud.com (OOS)
- URL: try.nextcloud.com (OOS)
- URL: conf.nextcloud.com (OOS)
- URL: cloud.nextcloud.com (OOS)
- URL: demo.nextcloud.com (OOS)
- URL: https://nextcloud.atlassian.net/jira/dashboard (OOS)
- SOURCE_CODE: daita/files_fulltextsearch_tesseract (OOS)
|
| + | https://hackerone.com/nintendo | 7 | 2 | HackerOne |
In Scope Assets:- HARDWARE: Nintendo Switch System
- HARDWARE: Nintendo Switch applications for which Nintendo is the publisher worldwide
- HARDWARE: Nintendo Switch 2 applications for which Nintendo is the publisher worldwide
- HARDWARE: Nintendo Switch 2 Security controller known as PSC or Platform Security Controller (any component) / Security controller known as TSEC (bootROM only)
- HARDWARE: Nintendo Switch 2 Kernel / ARM® TrustZone®
- HARDWARE: Nintendo Switch 2 System Processes allowing piracy
- HARDWARE: Nintendo Switch 2 System Processes
Out of Scope Assets:- HARDWARE: Nintendo 3DS applications for which Nintendo is the publisher worldwide (OOS)
- HARDWARE: Nintendo 3DS System (OOS)
|
| + | https://hackerone.com/nodejs | 1 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/nodejs/node
|
| + | https://hackerone.com/nordsecurity | 17 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.nordvpn.com
- ANDROID: com.nordvpn.android
- EXECUTABLE: NordVPN - Windows Executable
- IOS: 905953485
- OTHER: NordVPN Browser Extension
- EXECUTABLE: NordVPN - MacOS Executable
- EXECUTABLE: NordVPN - Linux Executable
- ANDROID: com.nordvpn.android
- URL: app.nordpass.com
- EXECUTABLE: NordPass - Windows Executable
- EXECUTABLE: NordPass - MacOS Executable
- EXECUTABLE: NordPass - Linux Executable
- ANDROID: com.nordpass.android.app.password.manager
- IOS: 1486322860
- OTHER: All Mobile Assets
- IOS: Saily - iOS
- ANDROID: Saily - Android
|
| + | https://hackerone.com/notion | 12 | 0 | HackerOne |
In Scope Assets:- ANDROID: notion.id
- EXECUTABLE: Notion Desktop App
- OTHER: Notion Frontend
- OTHER: Product API
- OTHER: Public API
- AI_MODEL: Notion AI
- OTHER: Notion Integrations
- OTHER: Privilege Escalation
- OTHER: Notion Authentication
- URL: mail.notion.so
- URL: calendar.notion.so
- OTHER: Github Repositories or other public artifacts owned by makenotion
|
| + | https://hackerone.com/okg | 10 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.okx.com
- OTHER: Mac OS Executable
- OTHER: Windows OS Executable
- OTHER: OKX Android APK
- OTHER: OKX iOS APP
- OTHER: OKX Wallet Chrome Extension
- OTHER: OKX Wallet Edge Add-ons
- OTHER: OKX Wallet Safari Extension
- WILDCARD: *.oklink.com
- SOURCE_CODE: OKX Wallet Core Open Source
Out of Scope Assets:- WILDCARD: *.okg.com (OOS)
|
| + | https://hackerone.com/oppo_bbp | 92 | 0 | HackerOne |
In Scope Assets:- OTHER: ColorOS
- ANDROID: com.coloros.browser
- ANDROID: com.heytap.browser
- ANDROID: com.heytap.cloud
- ANDROID: com.heytap.health.international
- ANDROID: com.heytap.market
- ANDROID: com.heytap.themestore
- ANDROID: com.oplus.account
- ANDROID: com.oplus.themestore
- ANDROID: com.oppo.market
- URL: opposhop.cn
- HARDWARE: A16k
- HARDWARE: A76
- HARDWARE: A96
- HARDWARE: F 21 Pro
- HARDWARE: FindN2
- HARDWARE: FindN2Flip
- HARDWARE: FindN3
- HARDWARE: FindN3Flip
- HARDWARE: FindX6
- HARDWARE: FindX6Pro
- HARDWARE: FindX7
- HARDWARE: FindX7Ultra
- HARDWARE: K10
- HARDWARE: K105G
- HARDWARE: K9
- HARDWARE: K9Pro
- HARDWARE: K9s
- HARDWARE: Porsche-B
- HARDWARE: Reno105G
- HARDWARE: Reno10Pro+5G
- HARDWARE: Reno10Pro5G
- HARDWARE: Reno115G
- HARDWARE: Reno11Pro5G
- HARDWARE: Reno12
- HARDWARE: Reno12Pro
- HARDWARE: Reno8Pro5G
- HARDWARE: Reno9Pro+5G
- HARDWARE: Reno9Pro5G
- HARDWARE: Reno 9 5G
- URL: https://www.opposhop.cn/
- URL: https://www.opposhop.cn/m/
- URL: https://cloud.oppo.com/
- ANDROID: com.heytap.pictorial
- ANDROID: com.coloros.pictorial
- URL: https://www.oppo.com/th
- URL: https://www.oppo.com/my/store
- URL: https://www.oppo.com/id/store
- URL: https://www.oppo.com/th/store
- ANDROID: com.heytap.store
- ANDROID: com.heytap.mall
- ANDROID: com.coloros.findmyphone
- ANDROID: com.finshell.wallet
- ANDROID: com.nearme.gamecenter
- ANDROID: com.finshell.finance
- ANDROID: com.heytap.research
- URL: https://gcsm.oppoit.com/
- URL: https://e.oppo.com/
- URL: https://u.oppomobile.com/
- ANDROID: com.netease.my.nearme.gamecenter
- URL: https://drp.myoppo.com/
- ANDROID: com.oplus.aimemory
- ANDROID: com.oppo.speechassist
- ANDROID: com.oplus.play
- ANDROID: com.oppo.store
- URL: https://www.oppo.com/in/store
- ANDROID: com.coloros.wallet
- URL: id.oppo.com
- URL: id.heytap.com
- URL: https://safe.heytap.com/
- ANDROID: com.realme.storecn
- ANDROID: com.realmestore.app
- HARDWARE: realme GT7Pro
- HARDWARE: realme GT7
- HARDWARE: realme GT7T
- HARDWARE: realme GT6
- HARDWARE: realme GT6T
- HARDWARE: realme 15 Pro 5G
- HARDWARE: realme 15 5G
- HARDWARE: realme 15T
- HARDWARE: realme P3 Lite 5G
- HARDWARE: realme P4 Pro 5G
- HARDWARE: realme P4 5G
- HARDWARE: realme P1 speed
- HARDWARE: NARZO 80 Lite 4G
- HARDWARE: Narzo 80 lite 5G
- HARDWARE: NARZO 80x 5G
- HARDWARE: NARZO 80 Pro 5G
- HARDWARE: realme Note 70
- HARDWARE: realme C75 5G
- HARDWARE: realme C71
- OTHER: Extremely high properties
|
| + | https://hackerone.com/palantir_public | 2 | 15 | HackerOne |
In Scope Assets:- OTHER: Any public (Internet-facing) infrastructure owned and operated by Palantir.
- OTHER: Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.
Out of Scope Assets:- URL: certification.palantir.com (OOS)
- URL: training.palantir.com (OOS)
- URL: learn.palantir.com (OOS)
- URL: palantirpacusa.com (OOS)
- URL: palantirfedstart.com (OOS)
- URL: sandbox.training.palantir.com (OOS)
- URL: community.palantir.com (OOS)
- URL: store.palantir.com (OOS)
- URL: gear.palantir.com (OOS)
- URL: investors.palantir.com (OOS)
- URL: blog.palantir.com (OOS)
- URL: go.palantir.com (OOS)
- URL: explore.palantir.com (OOS)
- URL: info.palantir.com (OOS)
- OTHER: Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions. (OOS)
|
| + | https://hackerone.com/payoneer | 5 | 10 | HackerOne |
In Scope Assets:- URL: *.payoneer.com
- URL: payoneer.com.cn
- URL: http://greenchannel.payoneer.com.cn/gcportal
- URL: myaccount-cn.payoneer.com
- URL: myaccount.payoneer.com
Out of Scope Assets:- URL: duediligence.payoneer.com (OOS)
- URL: investorday.payoneer.com (OOS)
- URL: blog.payoneer.com (OOS)
- URL: community.payoneer.com (OOS)
- URL: affiliates.payoneer.com (OOS)
- URL: tracks.payoneer.com (OOS)
- URL: explore.payoneer.com (OOS)
- URL: register.payoneer.com (OOS)
- URL: brand.payoneer.com (OOS)
- URL: skuad.io (OOS)
|
| + | https://hackerone.com/paypal | 40 | 7 | HackerOne |
In Scope Assets:- IOS: 351727428
- IOS: com.xoom.app
- IOS: com.paypal.merchant
- ANDROID: com.xoom.android.app
- ANDROID: com.paypal.merchant.client
- ANDROID: com.paypal.android.p2pmobile
- ANDROID: com.venmo
- URL: www.paypal-*.com
- URL: *.xoom.com
- URL: *.paypal.com
- URL: *.braintreegateway.com
- URL: *.paydiant.com
- URL: *.venmo.com
- URL: paypalobjects.com
- URL: paypal.me
- URL: py.pl
- URL: *.braintreepayments.com
- URL: *.braintree-api.com
- URL: *.braintree.tools
- URL: prequal.swiftfinancial.com
- URL: partner.swiftfinancial.com
- URL: decision.swiftfinancial.com
- URL: pigeon.swiftfinancial.com
- URL: scrutiny.swiftfinancial.com
- URL: www.swiftcapital.com
- URL: www.loanbuilder.com
- URL: www.swiftfinancial.com
- URL: api.swiftfinancial.com
- URL: my.swiftfinancial.com
- URL: api.loanbuilder.com
- URL: my.loanbuilder.com
- URL: loanbuilder.com
- URL: swiftfinancial.com
- URL: swiftcapital.com
- URL: *.paypalcorp.com
- URL: *.hyperwallet.com
- URL: *.paylution.com
- URL: sandbox.braintreegateway.com
- OTHER: Braintree SDK
- OTHER: PayPal SDK
Out of Scope Assets:- IOS: com.paypal.herehd (OOS)
- IOS: com.paypal.here (OOS)
- ANDROID: com.paypal.here (OOS)
- OTHER: *.atlassian.net (OOS)
- URL: www.gopay.com (OOS)
- URL: *.paypal.cn (OOS)
- URL: braintree.com (OOS)
|
| + | https://hackerone.com/phabricator | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/pingidentity | 9 | 16 | HackerOne |
In Scope Assets:- WILDCARD: https://ort-authenticator.pingone.com/*
- WILDCARD: https://ort-admin.pingone.com/*
- WILDCARD: https://ort-desktop.pingone.com/*
- WILDCARD: https://openam-bug-bounty-stag.forgeblocks.com/*
- URL: api.ort-one-pingone.com
- URL: console.ort-one-pingone.com
- URL: apps.ort-one-pingone.com
- URL: auth.ort-one-pingone.com
- URL: https://console.ort-one-pingone.com/?env=361b34ef-2725-4fd9-af1b-a2b189df3d05
Out of Scope Assets:- URL: authenticator.pingone.com (OOS)
- WILDCARD: https://*.pingidentity.net (OOS)
- URL: console.pingone.com (OOS)
- WILDCARD: https://developer.pingidentity.com/* (OOS)
- URL: uploads.pingone.com (OOS)
- URL: uploads-staging.pingone.com (OOS)
- WILDCARD: https://*.pingidentity.com (OOS)
- URL: admin.pingone.com (OOS)
- URL: api.pingone.com (OOS)
- URL: desktop.pingone.com (OOS)
- WILDCARD: https://*.pingidentity.io (OOS)
- URL: test-desktop.pingone.com (OOS)
- URL: test-sso.connect.pingidentity.com (OOS)
- URL: api-staging.pingone.com (OOS)
- URL: console-staging.pingone.com (OOS)
- URL: privilege.ort-one-pingone.com (OOS)
|
| + | https://hackerone.com/pixiv | 18 | 3 | HackerOne |
In Scope Assets:- URL: comic.pixiv.net
- URL: sketch.pixiv.net
- URL: sensei.pixiv.net
- URL: accounts.pixiv.net
- URL: www.pixiv.net
- SOURCE_CODE: https://github.com/pixiv/charcoal
- URL: novel.pixiv.net
- URL: hub.vroid.com
- URL: dic.pixiv.net
- URL: https://vroid.com/studio
- URL: coban.pixiv.net
- URL: pastela.app
- URL: comic-indies.pixiv.net
- WILDCARD: *.fanbox.cc
- URL: vroid.com
- URL: payment.pixiv.net
- URL: neoket.net
- URL: booth.pm
Out of Scope Assets:- URL: factory.pixiv.net (OOS)
- WILDCARD: *.pixiv.co.jp (OOS)
- URL: ads.pixiv.net (OOS)
|
| + | https://hackerone.com/plaid | 13 | 0 | HackerOne |
In Scope Assets:- URL: my.plaid.com
- URL: production.plaid.com
- URL: dashboard.plaid.com
- URL: demo.plaid.com
- URL: cdn.plaid.com
- SOURCE_CODE: https://github.com/plaid/plaid-link-ios
- SOURCE_CODE: https://github.com/plaid/plaid-link-android
- SOURCE_CODE: https://github.com/plaid/plaid-link-examples
- URL: secure.plaid.com
- URL: plaid.com
- SOURCE_CODE: https://github.com/plaid/plaid-ruby
- SOURCE_CODE: https://github.com/plaid/react-native-plaid-link-sdk
- SOURCE_CODE: https://github.com/plaid/react-plaid-link
|
| + | https://hackerone.com/playstation | 18 | 0 | HackerOne |
In Scope Assets:- URL: *.playstation.net
- URL: *.sonyentertainmentnetwork.com
- URL: *.api.playstation.com
- URL: my.playstation.com
- URL: store.playstation.com
- URL: social.playstation.com
- URL: transact.playstation.com
- URL: wallets.api.playstation.com
- HARDWARE: PlayStation 4
- URL: ca.account.sony.com
- URL: my.account.sony.com
- URL: direct.playstation.com
- URL: api.direct.playstation.com
- HARDWARE: PlayStation 5
- URL: ps5.np.playstation.net
- IOS: iOS Playstation App
- ANDROID: Android Playstation App
- URL: checkout.playstation.com
|
| + | https://hackerone.com/playtika | 63 | 6 | HackerOne |
In Scope Assets:- WILDCARD: *.houseoffun.com
- IOS: 586634331
- ANDROID: com.pacificinteractive.HouseOfFun
- WILDCARD: *.playwsop.com
- IOS: 719525810
- ANDROID: com.playtika.wsop.gp
- IOS: 868013618
- ANDROID: com.Seriously.BestFiends
- IOS: 654671575
- ANDROID: com.jellybtn.cashkingmobile
- WILDCARD: *.serious.li
- IOS: 1223338261
- ANDROID: net.supertreat.solitaire
- ANDROID: net.wooga.junes_journey_hidden_object_mystery_game
- IOS: 1200391796
- WILDCARD: *.wooga.com
- ANDROID: air.com.playtika.cvs
- IOS: 975035622
- ANDROID: com.bigblueparrot.pokerfriends
- IOS: 480523695
- ANDROID: fi.reworks.redecor
- IOS: 1413287364
- WILDCARD: *.redecor.com
- OTHER: https://apps.facebook.com/pokerheat
- OTHER: https://apps.facebook.com/vegas_downtown_slots
- WILDCARD: *.seriously.com
- IOS: 1438744533
- ANDROID: com.Seriously.Phoenix
- ANDROID: lol.onevone
- IOS: 1508620125
- IOS: 645949180
- IOS: 1510325826
- ANDROID: net.wooga.switchcraft.googleplay
- IOS: 1215220850
- ANDROID: net.wooga.tropicats_tropical_cats_puzzle_paradise
- IOS: 594802437
- ANDROID: com.wooga.pearlsperil
- OTHER: https://apps.facebook.com/pearls-peril
- URL: bestfiends.com
- ANDROID: air.com.playtika.slotomania
- IOS: 447553564
- WILDCARD: *.slotomania.com
- WILDCARD: *.playtika.com
- URL: gnocchi-www.buffalo-ggn.net
- WILDCARD: *.bingoblitz.com
- ANDROID: air.com.buffalo_studios.newflashbingo
- IOS: 529996768
- WILDCARD: *.monopoly-poker.com
- IOS: 1448884851
- ANDROID: com.youdagames.monopolypoker
- WINDOWS APP: 9nqwjwnqjj5n
- OTHER: 1474700 (Steam app id)
- WILDCARD: *.playticorp.com
- WILDCARD: *.caesarsgames.com
- ANDROID: com.playtika.caesarscasino
- IOS: 603097018
- WILDCARD: *.boardkingsgame.com
- ANDROID: com.jellybtn.boardkings
- IOS: 1116488672
- OTHER: Tier 1 Studios
- OTHER: Tier 2
- OTHER: Tier 3
- OTHER: Tier 1
Out of Scope Assets:- WILDCARD: *.justfall.lol,*.justplay.lol,*.1v1.lol (OOS)
- OTHER: 1v1.lol (OOS)
- ANDROID: com.youdagames.gop3multiplayer (OOS)
- IOS: id877638937 (OOS)
- WILDCARD: *.awards.slotomania.com (OOS)
- URL: sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com (OOS)
|
| + | https://hackerone.com/polygon-technology | 14 | 6 | HackerOne |
In Scope Assets:- URL: staking-api.polygon.technology
- URL: faucet.polygon.technology
- SOURCE_CODE: https://github.com/0xPolygon/chain-indexer-framework
- URL: portal.polygon.technology
- SOURCE_CODE: https://github.com/0xPolygon/proof-generation-api
- URL: staking.polygon.technology
- URL: faucet-api.polygon.technology/
- URL: api-gateway.polygon.technology
- URL: gasstation.polygon.technology/
- URL: api-polygon-tokens.polygon.technology/
- URL: balance-api.polygon.technology/
- SOURCE_CODE: https://github.com/0xPolygon/auto-claim-service
- SOURCE_CODE: https://github.com/0xPolygon/lxly.js
- SOURCE_CODE: https://github.com/0xPolygon/static
Out of Scope Assets:- SOURCE_CODE: https://github.com/maticnetwork/heimdall (OOS)
- SOURCE_CODE: https://github.com/maticnetwork/bor (OOS)
- SOURCE_CODE: https://github.com/maticnetwork/contracts (OOS)
- WILDCARD: *.matic.network (OOS)
- SOURCE_CODE: https://github.com/maticnetwork/matic-cli (OOS)
- SOURCE_CODE: https://github.com/0xPolygon/heimdall-v2 (OOS)
|
| + | https://hackerone.com/pornbox | 4 | 0 | HackerOne |
In Scope Assets:- URL: www.pornbox.com
- URL: www.analvids.com
- URL: www.ddfcontent.com
- URL: www.pornworld.com
|
| + | https://hackerone.com/portswigger | 9 | 2 | HackerOne |
In Scope Assets:- URL: portswigger.net
- EXECUTABLE: Burp Suite Pro/Community
- EXECUTABLE: Burp Collaborator
- URL: ai.portswigger.net
- OTHER: Burp Suite DAST
- URL: http1mustdie.com
- URL: collections.portswigger.net
- URL: share.portswigger.net
- URL: links.portswigger.net
Out of Scope Assets:- WILDCARD: *.web-security-academy.net (OOS)
- WILDCARD: *.portswigger.net (OOS)
|
| + | https://hackerone.com/priceline | 13 | 45 | HackerOne |
In Scope Assets:- URL: www.getaroom.com
- URL: flyiin.com
- URL: priceline.com
- AI_MODEL: Penny
- URL: www.priceline.com
- URL: cruises.priceline.com
- URL: www.bookingholdings.com
- IOS: 336381998
- ANDROID: com.priceline.android.negotiator
- URL: ir.bookingholdings.com
- URL: bookingholdings-coe.com
- URL: press.priceline.com
- URL: https://www.priceline.com/pwd/v0/pcln-graphql/
Out of Scope Assets:- URL: api.rezserver.com (OOS)
- URL: admin.rezserver.com (OOS)
- URL: availability.getaroom.com (OOS)
- URL: extranet.getaroom.com (OOS)
- URL: breadcrumb.getaroom.com (OOS)
- URL: supply.getaroom.com (OOS)
- URL: stockroom.production.getaroom.com (OOS)
- URL: *.roomvaluesteam.com (OOS)
- URL: *.testaroom.com (OOS)
- URL: *.testaroom.cloud (OOS)
- URL: groupdeals.priceline.com (OOS)
- URL: weatherstatus.priceline.com (OOS)
- URL: url5932.travel.priceline.com (OOS)
- URL: tools.corp.priceline.com (OOS)
- URL: tools-qaa.corp.priceline.com (OOS)
- URL: remotecontrol.corp.priceline.com (OOS)
- URL: qaa.booking.priceline.com (OOS)
- URL: offers.priceline.com (OOS)
- URL: mail.corp.priceline.com (OOS)
- URL: localdealsemail.priceline.com (OOS)
- URL: links.deals.priceline.com (OOS)
- URL: jira.corp.priceline.com (OOS)
- URL: itsupport.corp.priceline.com (OOS)
- URL: ids-too.priceline.com (OOS)
- URL: ids-dev.priceline.com (OOS)
- URL: help.corp.priceline.com (OOS)
- URL: guse4-rc-qa.priceline.com (OOS)
- URL: google.corp.priceline.com (OOS)
- URL: experiences.priceline.com (OOS)
- URL: employeedeals.flightdeals.priceline.com (OOS)
- URL: dev.sales-ccp.priceline.com (OOS)
- URL: dev.customerservice-ccp.priceline.com (OOS)
- URL: dashboard.corp.priceline.com (OOS)
- URL: customerservice-ccp.priceline.com (OOS)
- URL: careers.priceline.com (OOS)
- URL: booking.priceline.com (OOS)
- URL: api-guse4-poc.priceline.com (OOS)
- URL: api-gnae1-poc.priceline.com (OOS)
- URL: ace-qa.corp.priceline.com (OOS)
- URL: 1psb.priceline.com (OOS)
- URL: img1.priceline.com (OOS)
- URL: secure.rezserver.com (OOS)
- URL: reservations.rezserver.com (OOS)
- URL: www.airportrentalcars.com (OOS)
- OTHER: www.priceline.com/vp-web/* (OOS)
|
| + | https://hackerone.com/privy-bbp | 12 | 4 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://www.npmjs.com/package/@privy-io/react-auth
- URL: auth.privy.io
- URL: dashboard.privy.io
- OTHER: https://www.npmjs.com/package/@privy-io/js-sdk-core
- OTHER: https://www.npmjs.com/package/@privy-io/expo
- OTHER: https://www.npmjs.com/package/@privy-io/wagmi
- OTHER: https://www.npmjs.com/package/@privy-io/cross-app-connect
- OTHER: https://www.npmjs.com/package/@privy-io/cross-app-provider
- URL: home.privy.io
- URL: recovery.privy.io
- OTHER: @privy-io controlled namespace dependencies
- URL: api.privy.io
Out of Scope Assets:- URL: privy.io (OOS)
- URL: blog.privy.io (OOS)
- URL: docs.privy.io (OOS)
- URL: demo.privy.io (OOS)
|
| + | https://hackerone.com/quora | 4 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.quora.com
- IOS: com.quora.app.mobile
- ANDROID: com.quora.android
- URL: poe.com
|
| + | https://hackerone.com/rails | 1 | 1 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/rails/rails
Out of Scope Assets:- WILDCARD: *.rubyonrails.org (OOS)
|
| + | https://hackerone.com/razorpay | 6 | 0 | HackerOne |
In Scope Assets:- URL: payroll.razorpay.com
- URL: x.razorpay.com
- URL: dashboard.razorpay.com
- URL: api.razorpay.com
- URL: checkout.razorpay.com
- URL: invoices.razorpay.com
|
| + | https://hackerone.com/reddit | 28 | 1 | HackerOne |
In Scope Assets:- URL: redditforbusiness.com
- URL: new.reddit.com
- WILDCARD: *.redditinc.com
- WILDCARD: *.redditblog.com
- WILDCARD: *.reddithelp.com
- URL: api.reddit.com
- URL: mod.reddit.com
- URL: ads.reddit.com
- URL: matrix.redditspace.com
- URL: gql.reddit.com
- URL: accounts.reddit.com
- URL: gateway.reddit.com
- URL: strapi.reddit.com
- URL: m.reddit.com
- URL: amp.reddit.com
- URL: meta-api.reddit.com
- WILDCARD: *.snooguts.net
- WILDCARD: *.redditmedia.com
- WILDCARD: *.spiketrap.io
- OTHER: Android App
- OTHER: iOS App
- OTHER: Core Assets
- OTHER: Non-Core Assets
- URL: developers.reddit.com
- URL: business.reddithelp.com
- URL: sh.reddit.com
- WILDCARD: *.memorable.io
- WILDCARD: *.reddit.com
Out of Scope Assets:- URL: reddit.secure.force.com (OOS)
|
| + | https://hackerone.com/redox_bbp | 9 | 6 | HackerOne |
In Scope Assets:- URL: 10x.redoxengine.com
- URL: testapp.redoxengine.com
- URL: testapi.redoxengine.com
- WILDCARD: test*.redoxengine.com
- URL: docs.redoxengine.com
- URL: fhir.redoxengine.com
- URL: explore.redoxengine.com
- URL: www.redoxengine.com
- URL: help.redoxengine.com
Out of Scope Assets:- URL: dashboard.redoxengine.com (OOS)
- URL: candi.redoxengine.com (OOS)
- URL: api.redoxengine.com (OOS)
- URL: sso.redoxengine.com (OOS)
- URL: redox.slack.com (OOS)
- URL: https://redoxengine.atlassian.net (OOS)
|
| + | https://hackerone.com/rei_bbp | 6 | 19 | HackerOne |
In Scope Assets:- URL: rei.com
- OTHER: Any public cloud resource or infrastructure operated and managed by REI.
- OTHER: Android & iOS App for REI Customers
- URL: login.rei.com
- URL: http://www.rei.com/learn/expert-advice
- URL: http://collaboration.rei.com
Out of Scope Assets:- URL: http://rei.com/used (OOS)
- URL: http://rei.com/blog (OOS)
- URL: http://rei.com/rentals (OOS)
- URL: http://rei.com/rei-garage (OOS)
- URL: rei.jobs (OOS)
- URL: reifund.org (OOS)
- URL: destinations.rei.com (OOS)
- URL: partners2.rei.com (OOS)
- URL: greenvestrentals.rei.com (OOS)
- URL: reicasting.com (OOS)
- URL: engineering.rei.com (OOS)
- URL: test-login.rei.com (OOS)
- WILDCARD: *.rentals.rei.com (OOS)
- URL: wpvip.rei.com (OOS)
- URL: vpn.rei.com (OOS)
- URL: desktop.rei.com (OOS)
- URL: foryourbenefit-rei.com/ (OOS)
- URL: rei.gladly.com (OOS)
- URL: http://rei.com/lists (OOS)
|
| + | https://hackerone.com/remitly | 26 | 1 | HackerOne |
In Scope Assets:- URL: remitly.com
- URL: blog.remitly.com
- ANDROID: com.remitly.androidapp
- IOS: 674258465
- URL: api.remitly.io
- URL: cards.remitly.io
- URL: rewire.com
- URL: app.rewire.to
- URL: rates.rewire.com
- URL: app3.rewire.to
- WILDCARD: *.dev.remitly.com
- WILDCARD: *.int.remitly.com
- URL: funding-webhooks.remitly.io
- URL: media.remitly.io
- URL: hub-api-sandbox.remitly.io
- URL: cardpayments.remitly.io
- URL: partner-webhook.remitly.io
- URL: ablink.info.remitly.com
- URL: careers.remitly.com
- URL: ir.remitly.com
- URL: metrics.int.remitly.com
- URL: news.remitly.com
- URL: access.remitly.com
- URL: access-sandbox.remitly.com
- URL: auth.remitly.com
- URL: site.rewire.com
Out of Scope Assets:- OTHER: https://www.remitly.com/blog (OOS)
|
| + | https://hackerone.com/ridewithvia | 13 | 6 | HackerOne |
In Scope Assets:- IOS: 657777015
- ANDROID: via.rider
- IOS: 469463298
- ANDROID: com.citymapper.app.release
- URL: global-api.citymapper.com
- URL: eu.remix.com
- URL: platform.remix.com
- URL: https://metroconnect.app.ridewithvia.com
- ANDROID: ridewithvia.neoridelittlerock
- IOS: 6449737830
- URL: https://pt-runner.app.ridewithvia.com
- IOS: 6464473474
- ANDROID: ridewithvia.par.piercetransit
Out of Scope Assets:- URL: ridewithvia.okta.com (OOS)
- WILDCARD: *.drivewithvia.com (OOS)
- URL: ridewithvia.com (OOS)
- WILDCARD: *.citymapper.com/ (OOS)
- URL: citymapper.com (OOS)
- URL: remix.com (OOS)
|
| + | https://hackerone.com/ring | 30 | 3 | HackerOne |
In Scope Assets:- OTHER: https://ring.com/*
- OTHER: https://api.ring.com/*
- OTHER: https://fw.ring.com/*
- OTHER: https://app.ring.com/*
- OTHER: https://admin.ring.com/*
- OTHER: https://nw.ring.com/*
- OTHER: https://oauth.ring.com/*
- OTHER: https://billing.ring.com/*
- URL: prd-ring-web-us.prd.rings.solutions
- WILDCARD: https://*.immedia-semi.com/*
- WILDCARD: https://*.blinkforhome.com/*
- HARDWARE: Video Doorbell
- HARDWARE: Peephole Cam
- HARDWARE: Indoor Cam
- HARDWARE: Stickup Cam
- HARDWARE: Chime
- HARDWARE: Ring Alarm
- HARDWARE: Ring Smart Lighting Bridge
- HARDWARE: Blink Outdoor
- HARDWARE: Blink Indoor
- HARDWARE: Blink Sync Module 2
- HARDWARE: Blink Mini
- HARDWARE: Blink Video Doorbell
- ANDROID: com.immediasemi.android.blink
- ANDROID: com.ring.neighborhoods
- ANDROID: com.ringapp
- IOS: 1013961111
- IOS: 1218902777
- IOS: 926252661
- URL: publicsafety.ring.com
Out of Scope Assets:- OTHER: Devices (OOS)
- OTHER: Services, Apps, Mobile (OOS)
- OTHER: Anything not in scope (OOS)
|