| + | https://hackerone.com/leather_wallet | 2 | 0 | HackerOne |
In Scope Assets:- URL: www.leather.io
- SOURCE_CODE: https://github.com/leather-wallet/extension
|
| + | https://hackerone.com/lightspark_bbp | 14 | 1 | HackerOne |
In Scope Assets:- URL: http://api.lightspark.com
- URL: http://app.lightspark.com
- SOURCE_CODE: lightsparkdev/lightspark-crypto-uniffi
- SOURCE_CODE: lightsparkdev/kotlin-sdk
- SOURCE_CODE: lightsparkdev/js-sdk
- SOURCE_CODE: lightsparkdev/flutter-sdk
- SOURCE_CODE: https://github.com/lightsparkdev/go-sdk
- SOURCE_CODE: https://github.com/lightsparkdev/lightspark-rs
- SOURCE_CODE: https://github.com/lightsparkdev/python-sdk
- URL: https://link.uma.me
- URL: lrc20.lightspark.com
- URL: app.uma.money
- SOURCE_CODE: https://github.com/buildonspark/spark
- SOURCE_CODE: https://github.com/buildonspark/lrc20
Out of Scope Assets:- URL: support.lighstpark.com (OOS)
|
| + | https://hackerone.com/line | 19 | 11 | HackerOne |
In Scope Assets:- WILDCARD: *.line.me
- WILDCARD: *.line-apps.com
- WILDCARD: *.line.naver.jp
- ANDROID: jp.naver.line.android
- IOS: 443904275
- WINDOWS APP: 9wzdncrfj2g6
- OTHER: Chrome Extension
- EXECUTABLE: Windows Executable
- IOS: 539883307
- ANDROID: com.linecorp.linelite
- OTHER: LINE Messenger - VOOM
- OTHER: LINE Messenger - Keep
- OTHER: LINE Messenger - VoIP
- OTHER: LINE Messenger - Chat
- OTHER: LINE Messenger - OpenChat
- OTHER: LINE Messenger - News
- WILDCARD: *.line.biz
- WILDCARD: *.linecorp.com
- URL: http://recruit.linepluscorp.com
Out of Scope Assets:- OTHER: LINE Pay (OOS)
- URL: prod-fido-fido2-server.line-apps.com (OOS)
- OTHER: *nvapis.line.me (OOS)
- OTHER: LINEMAN (OOS)
- OTHER: DEMAE-CAN (OOS)
- OTHER: Yahoo Japan (OOS)
- URL: https://entry.line.me/ (OOS)
- OTHER: livedoor (OOS)
- OTHER: LINE TAXI (OOS)
- OTHER: LINE BANK (OOS)
- OTHER: LINE FINANCIAL (OOS)
|
| + | https://hackerone.com/linkedin | 5 | 0 | HackerOne |
In Scope Assets:- URL: www.linkedin.com
- URL: api.linkedin.com
- IOS: 288429040
- ANDROID: com.linkedin.android
- URL: business.linkedin.com
|
| + | https://hackerone.com/localizejs | 4 | 0 | HackerOne |
In Scope Assets:- URL: localizestaging.com
- URL: api.localizestaging.com
- URL: cdn.localizestaging.com
- URL: app.localizestaging.com
|
| + | https://hackerone.com/logitech | 36 | 6 | HackerOne |
In Scope Assets:- URL: circle.logi.com
- URL: id.logi.com
- URL: accounts.logi.com
- HARDWARE: Circle Cameras
- HARDWARE: Ultimate Ears Speakers
- HARDWARE: Presentation Remotes
- ANDROID: com.logitech.ueboom
- ANDROID: com.logitech.circle
- IOS: 632344648
- IOS: 1018340690
- URL: www.logitech.com
- URL: www.logitechg.com
- URL: www.ultimateears.com
- URL: www.astrogaming.com
- WILDCARD: *vc.logitech.com
- URL: www.logitech.com.cn
- WILDCARD: *.streamlabs.com
- EXECUTABLE: Streamlabs Desktop Application PC/MAC
- IOS: 1294578643
- IOS: 1476615877
- ANDROID: com.streamlabs.slobsrc
- ANDROID: com.streamlabs
- IOS: 1456293789
- ANDROID: com.logitech.logue
- EXECUTABLE: Logi Tune PC/MAC
- HARDWARE: Video Conferencing Products
- EXECUTABLE: Logitech Sync
- HARDWARE: USB Unifying and LightSpeed Receivers
- EXECUTABLE: G Hub
- URL: sync.logitech.com
- HARDWARE: Logitech Mice & Keyboards
- EXECUTABLE: Logi Options+ PC/MAC
- URL: www.logicool.co.jp
- URL: logitechg.com.cn
- URL: gaming.logicool.co.jp
- EXECUTABLE: Logitech MIXLINE
Out of Scope Assets:- WILDCARD: *.saitekforum.com (OOS)
- WILDCARD: *.saitek-fr.com (OOS)
- WILDCARD: *.saitek.com (OOS)
- HARDWARE: Squeezebox Products (OOS)
- HARDWARE: Logitech Alert Cameras (OOS)
- WILDCARD: *.wilife.com (OOS)
|
| + | https://hackerone.com/lyst | 7 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.lyst.com
- IOS: 597940518
- URL: cdna.lystit.com
- URL: mobileapi.lystit.com
- WILDCARD: *.lystit.com
- WILDCARD: *.lyst.co
- ANDROID: com.lyst.lystapp
Out of Scope Assets: |
| + | https://hackerone.com/magic-eden | 9 | 7 | HackerOne |
In Scope Assets:- URL: magiceden.io
- OTHER: *.magiceden.io
- OTHER: *.magiceden.dev
- OTHER: *.magiceden.workers.dev
- OTHER: Magic Eden Wallet (Chrome Extension)
- IOS: com.magiceden.wallet
- ANDROID: com.magiceden.wallet
- URL: slingshot.finance
- URL: slingshot.app
Out of Scope Assets:- URL: blog.magiceden.io (OOS)
- URL: eng.magiceden.io (OOS)
- URL: eng.magiceden.dev (OOS)
- URL: http://ord-mirror.magiceden.dev (OOS)
- URL: mainframe.magiceden.io (OOS)
- URL: img-cdn.magiceden.dev (OOS)
- URL: cdn.magiceden.dev (OOS)
|
| + | https://hackerone.com/malwarebytes | 31 | 7 | HackerOne |
In Scope Assets:- EXECUTABLE: Malwarebytes for Windows
- EXECUTABLE: Malwarebytes for Mac
- ANDROID: org.malwarebytes.antimalware
- URL: www.malwarebytes.com
- URL: my.malwarebytes.com
- URL: cloud.malwarebytes.com
- OTHER: Malwarebytes Privacy (VPN)
- EXECUTABLE: AdwCleaner
- IOS: com.malwarebytes.Malwarebytes
- OTHER: BrowserGuard (Firefox/Chrome/Safari browser extension)
- EXECUTABLE: Malwarebytes for Teams
- OTHER: Vulnerability & Patch Management
- EXECUTABLE: Malwarebytes Remediation for CrowdStrike
- EXECUTABLE: Malwarebytes Incident Response
- OTHER: ThreatDown Endpoint Detection & Response (EDR)
- OTHER: ThreatDown Endpoint Protection
- EXECUTABLE: Malwarebytes ToolSet (MBTS)
- EXECUTABLE: Malwarebytes Windows Firewall Control
- WILDCARD: *.mwbsys.com
- WILDCARD: *.mb-cosmos.com
- WILDCARD: *.mbamupdates.com
- WILDCARD: *.cloud.malwarebytes.com
- WILDCARD: *.malwarebytes.com
- WILDCARD: *.mwb-threatintel.com
- OTHER: Malwarebytes Device Control
- OTHER: Any other Malwarebytes asset
- WILDCARD: *.threatdown.com
- WILDCARD: *.cyrus-security.com
- EXECUTABLE: Malwarebytes Support Tool (MBST)
- URL: oneview.threatdown.com
- URL: https://oneview.threatdownstage.com
Out of Scope Assets:- URL: estore.malwarebytes.com (OOS)
- URL: store.malwarebytes.com (OOS)
- URL: pages.malwarebytes.com (OOS)
- URL: view.malwarebytes.com (OOS)
- EXECUTABLE: Malwarebytes Anti-Ransomware (OOS)
- URL: store.threatdown.com (OOS)
- URL: malwarebytes.zoom.us (OOS)
|
| + | https://hackerone.com/mapbox | 7 | 2 | HackerOne |
In Scope Assets:- URL: www.mapbox.com
- SOURCE_CODE: https://www.mapbox.com/mapbox-gl-js/
- SOURCE_CODE: https://docs.mapbox.com/ios/maps/overview/
- SOURCE_CODE: https://docs.mapbox.com/android/
- SOURCE_CODE: https://github.com/mapbox
- URL: api.mapbox.com
- URL: https://docs.mapbox.com/
Out of Scope Assets:- OTHER: Submissions on out-of-scope assets listed below will be closed as N/A (OOS)
- URL: geojson.io (OOS)
|
| + | https://hackerone.com/marriott | 79 | 20 | HackerOne |
In Scope Assets:- IOS: 455004730
- URL: homes-and-villas.marriott.com
- URL: activities.marriott.com
- URL: careers.marriott.com
- URL: sso.marriott.com
- URL: mgs.marriott.com
- URL: jobs.marriott.com
- URL: passwordchallenge.marriott.com
- URL: gateway*.marriott.com
- URL: dcfgateway*.marriott.com
- URL: marriottfranchisetransactions.marriott.com
- URL: lawmanager.marriott.com
- URL: hotel-deals.marriott.com
- URL: all-inclusive.marriott.com
- URL: reservations.all-inclusive.marriott.com
- URL: marrtool.com
- URL: cpp.marriott.com
- URL: editionhotels.com
- URL: gatewaydsapdev2.marriott.com
- URL: dcfgatewaytst1.marriott.com
- URL: gatewaydsaptst1.marriott.com
- URL: gatewaydsaptst2.marriott.com
- URL: www.ritzcarlton.com
- URL: www.marriott.com
- URL: *uat.marriott.com
- URL: http://www.shopmarriott.com
- URL: moments.marriottbonvoy.com
- URL: help.marriott.com
- URL: traveler.marriott.com
- URL: travelagents.marriott.com/
- URL: mipartnerprivileges.marriott.com
- URL: psp.marriott.com
- WILDCARD: *gateway-apc.marriott.com
- URL: esupplier.marriott.com
- WILDCARD: *.dcfgateway.marriott.com
- URL: efast.marriott.com
- URL: eidhelp.marriott.com
- WILDCARD: *.mgs.marriott.com
- WILDCARD: *.gateway.marriott.com
- URL: apcgateway.marriott.com
- WILDCARD: *.apigatewayc.marriott.com
- WILDCARD: *.apigwc.marriott.com
- WILDCARD: *.artifactory.marriott.com
- URL: auth-apc.marriott.com
- URL: bpa2.marriott.com
- URL: device.marriott.com
- WILDCARD: *.sba.marriott.com
- URL: smetrics.marriott.com
- URL: vacation.marriott.com
- URL: moments.marriott.com
- URL: www.giving.marriott.com
- URL: www.members.marriott.com
- URL: splunk-phantom-nlb.marriott.com
- URL: bsp.marriott.com
- URL: cache.marriott.com
- URL: channel-portal.homes-and-villas.marriott.com
- URL: ci-propertyconversionportal.marriott.com
- URL: contentportal.marriott.com
- URL: contentportalauth.marriott.com
- URL: globaldesign.marriott.com
- URL: join.marriott.com
- URL: joinrewards.marriott.com
- URL: oasisprod.marriott.com
- URL: ocijlbex1prd.marriott.com
- URL: owa.marriott.com
- URL: app-insiders.marriott.com
- URL: mds.marriott.com
- URL: meetmarriottbonvoy.marriott.com
- URL: prod-mipaasiaasservices.marriott.com
- URL: www.travel-brilliantly.marriott.com
- URL: uber.marriott.com
- URL: university.marriott.com
- URL: bilt.marriott.com
- URL: gifts.marriott.com
- URL: joinmarriottbonvoy.com
- URL: hotel-development.marriott.com
- URL: ifast.marriott.com
- URL: ssm-marriottms.saviyntcloud.com
- URL: wechat.api.marriott.com
Out of Scope Assets:- URL: apps.ritzcarlton.com (OOS)
- URL: vacations.marriott.com (OOS)
- URL: towneplacesuites.marriott.com (OOS)
- URL: springhillsuites.marriott.com (OOS)
- URL: www.travelagents.marriott.com (OOS)
- OTHER: Not-Listed Assets (OOS)
- URL: *moxymix*.marriott.com (OOS)
- URL: milux.marriott.com (OOS)
- URL: luxurybrands.marriott.com (OOS)
- URL: element-hotels.marriott.com (OOS)
- URL: mi.bookmarriott.com (OOS)
- URL: *.ritzcarltonyachtcollection.com (OOS)
- URL: *.phunware.com (OOS)
- URL: www.github.com (OOS)
- URL: marriottlearnourbrands.com (OOS)
- URL: hotelexcellence.marriott.com (OOS)
- URL: meetings-excellence.marriott.com (OOS)
- URL: marriott.tech (OOS)
- OTHER: Phoenix Platform (OOS)
- URL: www.msg-gateway.marriott.com (OOS)
|
| + | https://hackerone.com/matomo | 7 | 5 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/matomo-org/matomo
- SOURCE_CODE: https://plugins.matomo.org/developer/matomo-org
- SOURCE_CODE: https://plugins.matomo.org/developer/innocraft
- SOURCE_CODE: https://github.com/matomo-org
- SOURCE_CODE: https://github.com/innocraft/
- URL: matomo.cloud
- URL: https://github.com/matomo-org/docker
Out of Scope Assets:- URL: plugins.matomo.org (OOS)
- URL: api.matomo.org (OOS)
- URL: matomo.org (OOS)
- URL: forum.matomo.org (OOS)
- URL: shop.matomo.org (OOS)
|
| + | https://hackerone.com/mercadolibre | 80 | 9 | HackerOne |
In Scope Assets:- ANDROID: com.mercadopago.wallet
- IOS: com.mercadopago.MercadoPago
- URL: api.mercadopago.com
- ANDROID: com.mercadolibre
- IOS: com.3mosquitos.MercadoLibre
- URL: api.mercadolibre.com
- HARDWARE: Point Smart
- ANDROID: com.mercadoenvios.driver
- ANDROID: com.mercadoenvios.crowdsourcing
- OTHER: Crypto
- WILDCARD: *.adminml.com
- WILDCARD: *.mercadolibre.cl
- WILDCARD: *.mercadolibre.com
- WILDCARD: *.mercadolibre.com.ar
- WILDCARD: *.mercadolibre.com.co
- WILDCARD: *.mercadolibre.com.mx
- WILDCARD: *.mercadolibre.com.pe
- WILDCARD: *.mercadolibre.com.uy
- WILDCARD: *.mercadolivre.com.br
- WILDCARD: *.mercadopago.cl
- WILDCARD: *.mercadopago.com
- WILDCARD: *.mercadopago.com.ar
- WILDCARD: *.mercadopago.com.br
- WILDCARD: *.mercadopago.com.co
- WILDCARD: *.mercadopago.com.mx
- WILDCARD: *.mercadopago.com.pe
- WILDCARD: *.mercadopago.com.uy
- WILDCARD: *.mercadoshops.cl
- WILDCARD: *.mercadoshops.co.cr
- WILDCARD: *.mercadoshops.com
- WILDCARD: *.mercadoshops.com.ar
- WILDCARD: *.mercadoshops.com.br
- WILDCARD: *.mercadoshops.com.co
- WILDCARD: *.mercadoshops.com.do
- WILDCARD: *.mercadoshops.com.ec
- WILDCARD: *.mercadoshops.com.mx
- WILDCARD: *.mercadoshops.com.pa
- WILDCARD: *.mercadoshops.com.pe
- WILDCARD: *.mercadoshops.com.py
- WILDCARD: *.mercadoshops.com.uy
- WILDCARD: *.mlstatic.com
- URL: logistica.redelcom.cl
- URL: www.mercadolibre.co.cr
- URL: www.mercadolibre.com.bo
- URL: www.mercadolibre.com.do
- URL: www.mercadolibre.com.ec
- URL: www.mercadolibre.com.gt
- URL: www.mercadolibre.com.hn
- URL: www.mercadolibre.com.ni
- URL: www.mercadolibre.com.pa
- URL: www.mercadolibre.com.py
- URL: www.mercadolibre.com.sv
- URL: www.mercadolivre.com
- URL: www.mercadopago.com.ec
- ANDROID: com.mercadoenvios.logistics
- OTHER: Leaked Credentials
- URL: biolibre.ar
- URL: biolibre.cl
- URL: biolibre.co
- URL: biolibre.mx
- URL: biolivre.com.br
- URL: meliplay.com.ar
- URL: meliplay.com.pe
- URL: meliplay.com.uy
- URL: mercadoplay.co
- URL: mercadoplay.com.pe
- URL: mercadoplay.com.uy
- URL: mercadoplay.pe
- URL: mercadoplay.uy
- URL: portalinmobiliario.cl
- URL: portalinmobiliario.com
- URL: tucarro.com
- URL: tucarro.com.co
- URL: tumoto.com
- ANDROID: com.mercadolibre.android.mplay_tv
- URL: furycloud.io
- URL: furydocs.io
- URL: mercadolibreexperience.cl
- URL: mercadolivreexperience.com.br
- URL: sustentabilidadmercadolibre.com
Out of Scope Assets:- WILDCARD: *.kangu.com.br (OOS)
- OTHER: developersforum (OOS)
- OTHER: Redelcom (OOS)
- WILDCARD: *.gokangu.cl (OOS)
- WILDCARD: *.gokangu.co (OOS)
- WILDCARD: *.gokangu.mx (OOS)
- WILDCARD: *.gokangu.uy (OOS)
- WILDCARD: *.kangu.tech (OOS)
- URL: wow-int.mercadolibre.com (OOS)
|
| + | https://hackerone.com/mergify | 2 | 3 | HackerOne |
In Scope Assets:- URL: api.mergify.com
- URL: dashboard.mergify.com
Out of Scope Assets:- URL: mergify.com (OOS)
- URL: blog.mergify.com (OOS)
- URL: articles.mergify.com (OOS)
|
| + | https://hackerone.com/metamask | 17 | 12 | HackerOne |
In Scope Assets:- URL: metamask.io
- ANDROID: io.metamask
- IOS: io.metamask.Metamask
- OTHER: MetaMask Browser Extension
- OTHER: MetaMask SDK
- URL: portfolio.metamask.io
- OTHER: https://metamask.github.io/phishing-warning/<vX.Y.Z>
- OTHER: Snaps
- URL: snaps.metamask.io
- SOURCE_CODE: Snaps Development Packages
- WILDCARD: https://*.metamask.io
- WILDCARD: *.api.cx.metamask.io
- URL: https://user-storage.api.cx.metamask.io
- OTHER: Message signing snap
- URL: developer.metamask.io
- URL: signature-insights.api.cx.metamask.io
- OTHER: mUSD Stablecoin
Out of Scope Assets:- OTHER: https://www.npmjs.com/search?q=%40metamask (OOS)
- OTHER: Metamask Flask Extension (OOS)
- URL: community.metamask.io (OOS)
- OTHER: https://metamask.github.io/ (OOS)
- OTHER: Core Tier Assets (OOS)
- OTHER: Non-Core Tier Assets (OOS)
- URL: https://mmi-support.metamask.io/ (OOS)
- URL: https://support.metamask.io/ (OOS)
- URL: permissionless.snaps.metamask.io (OOS)
- OTHER: Wallet Tier Assets (OOS)
- URL: card.metamask.io (OOS)
- URL: travel.metamask.io (OOS)
|
| + | https://hackerone.com/modern_treasury | 2 | 5 | HackerOne |
In Scope Assets:- URL: app.moderntreasury.com
- URL: cdn.moderntreasury.com
Out of Scope Assets:- URL: www.moderntreasury.com (OOS)
- URL: docs.moderntreasury.com (OOS)
- URL: trust.moderntreasury.com (OOS)
- URL: help.moderntreasury.com (OOS)
- URL: ph.moderntreasury.com (OOS)
|
| + | https://hackerone.com/moneybird | 4 | 0 | HackerOne |
In Scope Assets:- URL: moneybird.com
- URL: moneybirdstorage.com
- IOS: com.moneybird.Moneybird
- ANDROID: com.moneybird.android
|
| + | https://hackerone.com/mongodb | 23 | 1 | HackerOne |
In Scope Assets:- OTHER: Enterprise Edition Products and Tools
- OTHER: All Evergreen Assets (Excluding staging)
- OTHER: MongoDB Owned GitHub Repositories
- OTHER: Cluster-To-Cluster sync
- OTHER: Compass
- OTHER: Relational Migrator
- OTHER: MongoDB Shell
- OTHER: VS Code Plugin
- WILDCARD: *.mongodb.com/*
- EXECUTABLE: Drivers
- OTHER: MongoDB Connectors
- OTHER: MongoDB Atlas
- OTHER: MongoDB Community Server
- EXECUTABLE: Database Tools
- OTHER: MongoDB IntelliJ Plugin
- OTHER: MongoDB Partner Integrations
- OTHER: MongoDB MCP Server
- OTHER: MongoDB Assistant
- OTHER: Jira Projects
- OTHER: Atlas Charts
- OTHER: Atlas IAM
- OTHER: Atlas Data Federation
- OTHER: Atlas Payments/Billing
Out of Scope Assets: |
| + | https://hackerone.com/moonpay | 14 | 16 | HackerOne |
In Scope Assets:- URL: moonpay.com
- WILDCARD: *.moonpaycloud.com
- URL: hypermint.com
- WILDCARD: *.hypermint.com
- WILDCARD: *.moonpay.com
- SOURCE_CODE: https://github.com/moonpay
- ANDROID: https://play.google.com/store/apps/details?id=com.moonpay
- IOS: https://apps.apple.com/app/id1635031432
- URL: web3.moonpay.com
- URL: sell.moonpay.com
- URL: buy.moonpay.com
- URL: auth.moonpay.com
- URL: app.moonpay.com
- URL: api.moonpay.com
Out of Scope Assets:- URL: clicks.moonpay.com (OOS)
- URL: qr.moonpay.com (OOS)
- URL: page.moonpay.com (OOS)
- URL: support.moonpay.com (OOS)
- URL: docs.moonpay.com (OOS)
- WILDCARD: *.plexlabs.io (OOS)
- URL: plexlabs.io (OOS)
- URL: request-headers-no-proxy.moonpay.com (OOS)
- URL: request-headers.moonpay.com (OOS)
- URL: docs.hypermint.com (OOS)
- URL: help.moonpay.com (OOS)
- URL: storefront.hypermint.com (OOS)
- URL: ethpass.xyz (OOS)
- URL: dev.moonpay.com (OOS)
- URL: payload-marketing.moonpay.com (OOS)
- SOURCE_CODE: https://github.com/moonpay/moonpay-sign (OOS)
|
| + | https://hackerone.com/mozilla | 29 | 0 | HackerOne |
In Scope Assets:- URL: addons.allizom.org
- URL: developer.mozilla.org
- URL: accounts.firefox.com
- URL: profiler.firefox.com
- URL: vpn.mozilla.org
- URL: relay.firefox.com
- URL: api.profiler.firefox.com
- OTHER: Mozilla VPN Clients
- URL: www.mozilla.org
- URL: support.mozilla.org
- URL: hg.mozilla.org
- URL: stage.taskcluster.nonprod.cloudops.mozgcp.net
- URL: community-tc.services.mozilla.com
- URL: monitor.mozilla.org
- OTHER: Product Delivery
- URL: aus5.mozilla.org
- URL: bugzilla.mozilla.org
- URL: crash-reports.allizom.org
- URL: crash-stats.allizom.org
- URL: firefox-ci-tc.services.mozilla.com
- URL: firefox.settings.services.mozilla.com
- URL: lando.services.mozilla.com
- URL: merino.services.mozilla.com
- URL: phabricator.allizom.org
- URL: push.services.mozilla.com
- URL: sync.services.mozilla.com
- OTHER: Mozilla Ad Routing Service
- URL: www.firefox.com
- URL: pontoon.allizom.org
|
| + | https://hackerone.com/mpesa | 12 | 6 | HackerOne |
In Scope Assets:- OTHER: mpa.qr.web.m-pesa.com
- URL: mpa.ekyc.backoffice.m-pesa.com
- URL: mpa.ekyc.selfregister.m-pesa.com
- URL: openapiportal.m-pesa.com
- URL: openapi.m-pesa.com
- ANDROID: com.vodafone.mpesa.ls
- ANDROID: com.vodafone.mpesa.mozambique
- ANDROID: com.vodafone.mpesa.drc
- IOS: 1442121355
- IOS: 1502222766
- WILDCARD: *.m-pesa.com
- URL: m-pesa.africa
Out of Scope Assets:- URL: sso.m-pesa.vm.co.mz (OOS)
- URL: sso.pr.m-pesa.vm.co.mz (OOS)
- URL: business.m-pesa.com (OOS)
- ANDROID: com.vodacom.mpesa.ls.business (OOS)
- URL: ra.ls.m-pesa.com (OOS)
- URL: mz.m-pesa.com (OOS)
|
| + | https://hackerone.com/nba-public | 142 | 13 | HackerOne |
|
| + | https://hackerone.com/neon_bbp | 3 | 0 | HackerOne |
In Scope Assets:- URL: https://console.neon.tech/api/v2/
- URL: https://console.neon.tech/
- URL: https://console-stage.neon.build/
|
| + | https://hackerone.com/netflix | 28 | 6 | HackerOne |
In Scope Assets:- WILDCARD: *.nflxext.com
- URL: www.netflix.com
- WILDCARD: api*.netflix.com
- WILDCARD: *.prod.ftl.netflix.com
- WILDCARD: *.prod.cloud.netflix.com
- SOURCE_CODE: Open Source - Atlas
- OTHER: Corporate Assets
- WILDCARD: *.nflxvideo.net
- WILDCARD: *.prod.dradis.netflix.com
- URL: beacon.netflix.com
- URL: customerevents.netflix.com
- URL: secure.netflix.com
- WILDCARD: *.nflximg.net
- WILDCARD: *.nflxso.net
- URL: help.netflix.com
- URL: ichnaea.netflix.com
- URL: presentationtracking.netflix.com
- URL: nmtracking.netflix.com
- OTHER: Open Source - Consoleme
- OTHER: Open Source - Weep
- OTHER: Open Source - Zuul
- OTHER: Microsites
- OTHER: Open Source - Spectator
- OTHER: Secondary Assets
- OTHER: Content Authorization Targets
- URL: meechum.netflix.com
- IOS: Netflix Mobile Application for iOS
- ANDROID: Netflix Mobile Application for Android
Out of Scope Assets:- OTHER: Open Source - Dispatch (OOS)
- OTHER: Third party websites or systems hosted by non-Netflix entities Out of Scope (OOS)
- URL: ir.netflix.com (OOS)
- URL: ir.netflix.net (OOS)
- URL: netflixinvestor.com (OOS)
- OTHER: Set-top-boxes, smart TVs, streaming sticks Out of Scope (OOS)
|
| + | https://hackerone.com/netlify | 14 | 8 | HackerOne |
In Scope Assets:- URL: app.netlify.com
- URL: api.netlify.com
- WILDCARD: *.onegraph.com
- WILDCARD: *.services.netlify.com
- WILDCARD: *.services-prod.nsvcs.net
- URL: internal.netlify.com
- WILDCARD: *.infra-prod.nsvcs.net
- WILDCARD: *.ops.netlify.com
- URL: netlify-cdp-loader.netlify.app
- URL: screenshot-proxy.netlify.app
- URL: netlify-rum.netlify.app
- URL: list-v2--netlify-plugins.netlify.app
- URL: internal-docs.netlify.com
- URL: supportal.netlify.app
Out of Scope Assets:- URL: www.netlify.com (OOS)
- URL: webpop.com (OOS)
- WILDCARD: *.netlify.app (OOS)
- URL: docs.netlify.com (OOS)
- URL: answers.netlify.com (OOS)
- WILDCARD: *.netlify.com (OOS)
- URL: https://github.com/netlify/ (OOS)
- WILDCARD: *.netlifycms.org (OOS)
|
| + | https://hackerone.com/netscaler_public_program | 3 | 0 | HackerOne |
In Scope Assets:- OTHER: NetScaler Gateway
- OTHER: NetScaler ADC
- OTHER: NetScaler AAA
|
| + | https://hackerone.com/newegg | 7 | 3 | HackerOne |
In Scope Assets:- WILDCARD: http://*.newegg.com
- WILDCARD: http://*.newegg.ca
- IOS: com.newegg.app
- ANDROID: com.newegg.app
- URL: secure.newegg.com
- URL: secure.newegg.ca
- URL: pmtcards.newegg.com
Out of Scope Assets:- WILDCARD: http://*.neweggbusiness.com (OOS)
- URL: jobs.newegg.com (OOS)
- URL: sellingpilot.newegg.com (OOS)
|
| + | https://hackerone.com/nextcloud | 69 | 7 | HackerOne |
In Scope Assets:- ANDROID: com.nextcloud.client
- IOS: it.twsweb.Nextcloud
- SOURCE_CODE: nextcloud/server
- SOURCE_CODE: nextcloud/activity
- SOURCE_CODE: nextcloud/files_accesscontrol
- SOURCE_CODE: nextcloud/3rdparty
- SOURCE_CODE: nextcloud/files_pdfviewer
- SOURCE_CODE: nextcloud/files_texteditor
- SOURCE_CODE: nextcloud/firstrunwizard
- SOURCE_CODE: nextcloud/notifications
- SOURCE_CODE: nextcloud/password_policy
- SOURCE_CODE: nextcloud/user_saml
- SOURCE_CODE: nextcloud/files_automatedtagging
- SOURCE_CODE: nextcloud/files_retention
- SOURCE_CODE: nextcloud/serverinfo
- SOURCE_CODE: nextcloud/nextcloud_announcements
- SOURCE_CODE: nextcloud/logreader
- SOURCE_CODE: nextcloud/survey_client
- SOURCE_CODE: nextcloud/updater
- EXECUTABLE: Desktop Client
- SOURCE_CODE: nextcloud/spreed
- ANDROID: com.nextcloud.talk2
- IOS: com.nextcloud.Talk
- SOURCE_CODE: nextcloud/photos
- SOURCE_CODE: nextcloud/mail
- SOURCE_CODE: nextcloud/files_rightclick
- SOURCE_CODE: nextcloud/privacy
- SOURCE_CODE: nextcloud/recommendations
- SOURCE_CODE: nextcloud/viewer
- SOURCE_CODE: nextcloud/text
- SOURCE_CODE: nextcloud/circles
- SOURCE_CODE: nextcloud/data_request
- SOURCE_CODE: nextcloud/files_antivirus
- SOURCE_CODE: nextcloud/fulltextsearch
- SOURCE_CODE: daita/files_fulltextsearch_tesseract
- SOURCE_CODE: nextcloud/flow_notifications
- SOURCE_CODE: nextcloud/fulltextsearch_elasticsearch
- SOURCE_CODE: nextcloud/files_fulltextsearch
- SOURCE_CODE: nextcloud/groupfolders
- SOURCE_CODE: nextcloud/guests
- SOURCE_CODE: nextcloud/sharepoint
- SOURCE_CODE: nextcloud/socialsharing
- SOURCE_CODE: nextcloud/suspicious_login
- SOURCE_CODE: nextcloud/terms_of_service
- SOURCE_CODE: nextcloud/twofactor_totp
- SOURCE_CODE: nextcloud/user_oidc
- SOURCE_CODE: nextcloud/workflow_script
- SOURCE_CODE: nextcloud/calendar
- SOURCE_CODE: nextcloud/contacts
- SOURCE_CODE: nextcloud/richdocuments
- SOURCE_CODE: nextcloud/onlyoffice
- SOURCE_CODE: nextcloud/end_to_end_encryption
- SOURCE_CODE: nextcloud/deck
- SOURCE_CODE: nextcloud/bruteforcesettings
- SOURCE_CODE: nextcloud/related_resources
- SOURCE_CODE: nextcloud/approval
- SOURCE_CODE: nextcloud/files_lock
- SOURCE_CODE: nextcloud/user_migration
- SOURCE_CODE: nextcloud/twofactor_webauthn
- SOURCE_CODE: nextcloud/external
- SOURCE_CODE: nextcloud/notify_push
- SOURCE_CODE: nextcloud/calendar_resource_management
- SOURCE_CODE: nextcloud/globalsiteselector
- SOURCE_CODE: nextcloud/notes
- ANDROID: it.niedermann.owncloud.notes
- IOS: com.peterandlinda.iOCNotes
- SOURCE_CODE: https://github.com/nextcloud/files_confidential
- SOURCE_CODE: https://github.com/nextcloud/tables
- SOURCE_CODE: https://github.com/nextcloud/collectives
Out of Scope Assets:- URL: drone.nextcloud.com (OOS)
- URL: conf.nextcloud.com (OOS)
- URL: cloud.nextcloud.com (OOS)
- URL: demo.nextcloud.com (OOS)
- URL: sentry.nextcloud.com (OOS)
- URL: try.nextcloud.com (OOS)
- URL: https://nextcloud.atlassian.net/jira/dashboard (OOS)
|
| + | https://hackerone.com/nintendo | 7 | 2 | HackerOne |
In Scope Assets:- HARDWARE: Nintendo Switch System
- HARDWARE: Nintendo Switch applications for which Nintendo is the publisher worldwide
- HARDWARE: Nintendo Switch 2 applications for which Nintendo is the publisher worldwide
- HARDWARE: Nintendo Switch 2 Security controller known as PSC or Platform Security Controller (any component) / Security controller known as TSEC (bootROM only)
- HARDWARE: Nintendo Switch 2 Kernel / ARM® TrustZone®
- HARDWARE: Nintendo Switch 2 System Processes allowing piracy
- HARDWARE: Nintendo Switch 2 System Processes
Out of Scope Assets:- HARDWARE: Nintendo 3DS applications for which Nintendo is the publisher worldwide (OOS)
- HARDWARE: Nintendo 3DS System (OOS)
|
| + | https://hackerone.com/nodejs | 1 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/nodejs/node
|
| + | https://hackerone.com/nordsecurity | 17 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.nordvpn.com
- ANDROID: com.nordvpn.android
- EXECUTABLE: NordVPN - Windows Executable
- IOS: 905953485
- OTHER: NordVPN Browser Extension
- EXECUTABLE: NordVPN - MacOS Executable
- EXECUTABLE: NordVPN - Linux Executable
- ANDROID: com.nordvpn.android
- EXECUTABLE: NordPass - Windows Executable
- EXECUTABLE: NordPass - MacOS Executable
- EXECUTABLE: NordPass - Linux Executable
- ANDROID: com.nordpass.android.app.password.manager
- IOS: 1486322860
- OTHER: All Mobile Assets
- URL: app.nordpass.com
- IOS: Saily - iOS
- ANDROID: Saily - Android
|
| + | https://hackerone.com/northerntechhq | 5 | 1 | HackerOne |
In Scope Assets:- URL: staging.hosted.mender.io
- SOURCE_CODE: https://github.com/mendersoftware/mender
- SOURCE_CODE: https://github.com/mendersoftware/mender-server
- SOURCE_CODE: https://github.com/cfengine/core
- EXECUTABLE: CFEngine Enterprise
Out of Scope Assets:- URL: hosted.mender.io (OOS)
|
| + | https://hackerone.com/notion | 12 | 0 | HackerOne |
In Scope Assets:- ANDROID: notion.id
- EXECUTABLE: Notion Desktop App
- OTHER: Notion Frontend
- OTHER: Product API
- OTHER: Public API
- AI_MODEL: Notion AI
- OTHER: Notion Integrations
- OTHER: Privilege Escalation
- OTHER: Notion Authentication
- URL: mail.notion.so
- URL: calendar.notion.so
- OTHER: Github Repositories or other public artifacts owned by makenotion
|
| + | https://hackerone.com/okg | 10 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.okx.com
- OTHER: Mac OS Executable
- OTHER: Windows OS Executable
- OTHER: OKX Android APK
- OTHER: OKX iOS APP
- OTHER: OKX Wallet Chrome Extension
- OTHER: OKX Wallet Edge Add-ons
- OTHER: OKX Wallet Safari Extension
- WILDCARD: *.oklink.com
- SOURCE_CODE: OKX Wallet Core Open Source
Out of Scope Assets:- WILDCARD: *.okg.com (OOS)
|
| + | https://hackerone.com/oppo_bbp | 93 | 0 | HackerOne |
In Scope Assets:- OTHER: ColorOS
- ANDROID: com.coloros.browser
- ANDROID: com.heytap.browser
- ANDROID: com.heytap.cloud
- ANDROID: com.heytap.health.international
- ANDROID: com.heytap.market
- ANDROID: com.heytap.themestore
- ANDROID: com.oplus.account
- ANDROID: com.oplus.member
- ANDROID: com.oplus.themestore
- ANDROID: com.oplus.vip
- ANDROID: com.oppo.market
- URL: opposhop.cn
- HARDWARE: A16k
- HARDWARE: A76
- HARDWARE: A96
- HARDWARE: F 21 Pro
- HARDWARE: FindN2
- HARDWARE: FindN2Flip
- HARDWARE: FindN3
- HARDWARE: FindN3Flip
- HARDWARE: FindX6
- HARDWARE: FindX6Pro
- HARDWARE: FindX7
- HARDWARE: FindX7Ultra
- HARDWARE: K10
- HARDWARE: K105G
- HARDWARE: K9
- HARDWARE: K9Pro
- HARDWARE: K9s
- HARDWARE: Porsche-B
- HARDWARE: Reno105G
- HARDWARE: Reno10Pro+5G
- HARDWARE: Reno10Pro5G
- HARDWARE: Reno115G
- HARDWARE: Reno11Pro5G
- HARDWARE: Reno12
- HARDWARE: Reno12Pro
- HARDWARE: Reno8Pro5G
- HARDWARE: Reno9Pro+5G
- HARDWARE: Reno9Pro5G
- HARDWARE: Reno 9 5G
- URL: https://www.opposhop.cn/
- URL: https://www.opposhop.cn/m/
- URL: https://cloud.oppo.com/
- ANDROID: com.heytap.pictorial
- ANDROID: com.coloros.pictorial
- URL: https://www.oppo.com/th
- URL: https://www.oppo.com/my/store
- URL: https://www.oppo.com/id/store
- URL: https://www.oppo.com/th/store
- ANDROID: com.heytap.store
- ANDROID: com.heytap.mall
- ANDROID: com.coloros.findmyphone
- ANDROID: com.finshell.wallet
- ANDROID: com.nearme.gamecenter
- ANDROID: com.finshell.finance
- ANDROID: com.heytap.research
- URL: https://gcsm.oppoit.com/
- URL: https://e.oppo.com/
- URL: https://u.oppomobile.com/
- ANDROID: com.netease.my.nearme.gamecenter
- URL: https://drp.myoppo.com/
- ANDROID: com.oplus.aimemory
- ANDROID: com.oppo.speechassist
- ANDROID: com.oplus.play
- ANDROID: com.oppo.store
- URL: https://www.oppo.com/in/store
- ANDROID: com.coloros.wallet
- URL: id.oppo.com
- URL: id.heytap.com
- URL: https://safe.heytap.com/
- ANDROID: com.realme.storecn
- ANDROID: com.realmestore.app
- HARDWARE: realme GT7Pro
- HARDWARE: realme GT7
- HARDWARE: realme GT7T
- HARDWARE: realme GT6
- HARDWARE: realme GT6T
- HARDWARE: realme 15 Pro 5G
- HARDWARE: realme 15 5G
- HARDWARE: realme 15T
- HARDWARE: realme P3 Lite 5G
- HARDWARE: realme P4 Pro 5G
- HARDWARE: realme P4 5G
- HARDWARE: realme P1 speed
- HARDWARE: NARZO 80 Lite 4G
- HARDWARE: Narzo 80 lite 5G
- HARDWARE: NARZO 80x 5G
- HARDWARE: NARZO 80 Pro 5G
- HARDWARE: realme Note 70
- HARDWARE: realme C75 5G
- HARDWARE: realme C71
|
| + | https://hackerone.com/palantir_public | 2 | 15 | HackerOne |
In Scope Assets:- OTHER: Any public (Internet-facing) infrastructure owned and operated by Palantir.
- OTHER: Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.
Out of Scope Assets:- URL: gear.palantir.com (OOS)
- URL: investors.palantir.com (OOS)
- URL: blog.palantir.com (OOS)
- URL: go.palantir.com (OOS)
- URL: explore.palantir.com (OOS)
- URL: info.palantir.com (OOS)
- OTHER: Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions. (OOS)
- URL: certification.palantir.com (OOS)
- URL: training.palantir.com (OOS)
- URL: learn.palantir.com (OOS)
- URL: palantirpacusa.com (OOS)
- URL: palantirfedstart.com (OOS)
- URL: sandbox.training.palantir.com (OOS)
- URL: community.palantir.com (OOS)
- URL: store.palantir.com (OOS)
|
| + | https://hackerone.com/payoneer | 5 | 10 | HackerOne |
In Scope Assets:- URL: *.payoneer.com
- URL: payoneer.com.cn
- URL: http://greenchannel.payoneer.com.cn/gcportal
- URL: myaccount-cn.payoneer.com
- URL: myaccount.payoneer.com
Out of Scope Assets:- URL: blog.payoneer.com (OOS)
- URL: community.payoneer.com (OOS)
- URL: affiliates.payoneer.com (OOS)
- URL: tracks.payoneer.com (OOS)
- URL: explore.payoneer.com (OOS)
- URL: register.payoneer.com (OOS)
- URL: duediligence.payoneer.com (OOS)
- URL: investorday.payoneer.com (OOS)
- URL: brand.payoneer.com (OOS)
- URL: skuad.io (OOS)
|
| + | https://hackerone.com/paypal | 40 | 7 | HackerOne |
In Scope Assets:- IOS: 351727428
- IOS: com.xoom.app
- IOS: com.paypal.merchant
- ANDROID: com.xoom.android.app
- ANDROID: com.paypal.merchant.client
- ANDROID: com.paypal.android.p2pmobile
- ANDROID: com.venmo
- URL: www.paypal-*.com
- URL: *.xoom.com
- URL: *.paypal.com
- URL: *.braintreegateway.com
- URL: *.paydiant.com
- URL: *.venmo.com
- URL: paypalobjects.com
- URL: paypal.me
- URL: py.pl
- URL: *.braintreepayments.com
- URL: *.braintree-api.com
- URL: *.braintree.tools
- URL: prequal.swiftfinancial.com
- URL: partner.swiftfinancial.com
- URL: decision.swiftfinancial.com
- URL: pigeon.swiftfinancial.com
- URL: scrutiny.swiftfinancial.com
- URL: www.swiftcapital.com
- URL: www.loanbuilder.com
- URL: www.swiftfinancial.com
- URL: api.swiftfinancial.com
- URL: my.swiftfinancial.com
- URL: api.loanbuilder.com
- URL: my.loanbuilder.com
- URL: loanbuilder.com
- URL: swiftfinancial.com
- URL: swiftcapital.com
- URL: *.paypalcorp.com
- URL: *.hyperwallet.com
- URL: *.paylution.com
- URL: sandbox.braintreegateway.com
- OTHER: Braintree SDK
- OTHER: PayPal SDK
Out of Scope Assets:- IOS: com.paypal.herehd (OOS)
- IOS: com.paypal.here (OOS)
- ANDROID: com.paypal.here (OOS)
- URL: *.paypal.cn (OOS)
- URL: braintree.com (OOS)
- OTHER: *.atlassian.net (OOS)
- URL: www.gopay.com (OOS)
|
| + | https://hackerone.com/phabricator | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/pingidentity | 9 | 15 | HackerOne |
In Scope Assets:- WILDCARD: https://ort-authenticator.pingone.com/*
- WILDCARD: https://ort-admin.pingone.com/*
- WILDCARD: https://ort-desktop.pingone.com/*
- WILDCARD: https://openam-bug-bounty-stag.forgeblocks.com/*
- URL: api.ort-one-pingone.com
- URL: console.ort-one-pingone.com
- URL: apps.ort-one-pingone.com
- URL: auth.ort-one-pingone.com
- URL: https://console.ort-one-pingone.com/?env=361b34ef-2725-4fd9-af1b-a2b189df3d05
Out of Scope Assets:- WILDCARD: https://*.pingidentity.com (OOS)
- URL: admin.pingone.com (OOS)
- URL: api.pingone.com (OOS)
- URL: desktop.pingone.com (OOS)
- WILDCARD: https://*.pingidentity.io (OOS)
- URL: test-desktop.pingone.com (OOS)
- URL: test-sso.connect.pingidentity.com (OOS)
- URL: authenticator.pingone.com (OOS)
- WILDCARD: https://*.pingidentity.net (OOS)
- URL: console.pingone.com (OOS)
- WILDCARD: https://developer.pingidentity.com/* (OOS)
- URL: uploads.pingone.com (OOS)
- URL: uploads-staging.pingone.com (OOS)
- URL: api-staging.pingone.com (OOS)
- URL: console-staging.pingone.com (OOS)
|
| + | https://hackerone.com/pixiv | 18 | 3 | HackerOne |
In Scope Assets:- URL: booth.pm
- URL: comic.pixiv.net
- URL: sketch.pixiv.net
- URL: sensei.pixiv.net
- URL: accounts.pixiv.net
- URL: www.pixiv.net
- URL: hub.vroid.com
- URL: dic.pixiv.net
- WILDCARD: *.fanbox.cc
- URL: vroid.com
- URL: payment.pixiv.net
- URL: neoket.net
- SOURCE_CODE: https://github.com/pixiv/charcoal
- URL: novel.pixiv.net
- URL: https://vroid.com/studio
- URL: coban.pixiv.net
- URL: pastela.app
- URL: comic-indies.pixiv.net
Out of Scope Assets:- URL: factory.pixiv.net (OOS)
- WILDCARD: *.pixiv.co.jp (OOS)
- URL: ads.pixiv.net (OOS)
|
| + | https://hackerone.com/plaid | 13 | 0 | HackerOne |
In Scope Assets:- URL: production.plaid.com
- URL: dashboard.plaid.com
- URL: demo.plaid.com
- URL: cdn.plaid.com
- SOURCE_CODE: https://github.com/plaid/plaid-link-ios
- URL: my.plaid.com
- SOURCE_CODE: https://github.com/plaid/plaid-link-android
- SOURCE_CODE: https://github.com/plaid/plaid-link-examples
- URL: secure.plaid.com
- URL: plaid.com
- SOURCE_CODE: https://github.com/plaid/plaid-ruby
- SOURCE_CODE: https://github.com/plaid/react-native-plaid-link-sdk
- SOURCE_CODE: https://github.com/plaid/react-plaid-link
|
| + | https://hackerone.com/playstation | 18 | 0 | HackerOne |
In Scope Assets:- URL: *.playstation.net
- URL: *.sonyentertainmentnetwork.com
- URL: *.api.playstation.com
- URL: my.playstation.com
- URL: store.playstation.com
- URL: social.playstation.com
- URL: transact.playstation.com
- URL: wallets.api.playstation.com
- HARDWARE: PlayStation 4
- URL: direct.playstation.com
- URL: api.direct.playstation.com
- HARDWARE: PlayStation 5
- URL: ca.account.sony.com
- URL: my.account.sony.com
- URL: ps5.np.playstation.net
- IOS: iOS Playstation App
- ANDROID: Android Playstation App
- URL: checkout.playstation.com
|
| + | https://hackerone.com/playtika | 63 | 6 | HackerOne |
In Scope Assets:- ANDROID: air.com.playtika.slotomania
- IOS: 447553564
- WILDCARD: *.slotomania.com
- WILDCARD: *.playtika.com
- URL: gnocchi-www.buffalo-ggn.net
- WILDCARD: *.bingoblitz.com
- ANDROID: air.com.buffalo_studios.newflashbingo
- IOS: 529996768
- WILDCARD: *.caesarsgames.com
- ANDROID: com.playtika.caesarscasino
- IOS: 603097018
- WILDCARD: *.boardkingsgame.com
- ANDROID: com.jellybtn.boardkings
- IOS: 1116488672
- WILDCARD: *.houseoffun.com
- IOS: 586634331
- ANDROID: com.pacificinteractive.HouseOfFun
- WILDCARD: *.playwsop.com
- IOS: 719525810
- ANDROID: com.playtika.wsop.gp
- IOS: 868013618
- ANDROID: com.Seriously.BestFiends
- IOS: 654671575
- ANDROID: com.jellybtn.cashkingmobile
- WILDCARD: *.serious.li
- IOS: 1223338261
- ANDROID: net.supertreat.solitaire
- ANDROID: net.wooga.junes_journey_hidden_object_mystery_game
- IOS: 1200391796
- WILDCARD: *.wooga.com
- ANDROID: air.com.playtika.cvs
- IOS: 975035622
- ANDROID: com.bigblueparrot.pokerfriends
- IOS: 480523695
- ANDROID: fi.reworks.redecor
- IOS: 1413287364
- WILDCARD: *.redecor.com
- OTHER: https://apps.facebook.com/pokerheat
- OTHER: https://apps.facebook.com/vegas_downtown_slots
- WILDCARD: *.seriously.com
- IOS: 1438744533
- ANDROID: com.Seriously.Phoenix
- ANDROID: lol.onevone
- IOS: 1508620125
- IOS: 645949180
- IOS: 1510325826
- ANDROID: net.wooga.switchcraft.googleplay
- IOS: 1215220850
- ANDROID: net.wooga.tropicats_tropical_cats_puzzle_paradise
- IOS: 594802437
- ANDROID: com.wooga.pearlsperil
- OTHER: https://apps.facebook.com/pearls-peril
- URL: bestfiends.com
- WILDCARD: *.monopoly-poker.com
- IOS: 1448884851
- ANDROID: com.youdagames.monopolypoker
- WINDOWS APP: 9nqwjwnqjj5n
- OTHER: 1474700 (Steam app id)
- WILDCARD: *.playticorp.com
- OTHER: Tier 1 Studios
- OTHER: Tier 2
- OTHER: Tier 3
- OTHER: Tier 1
Out of Scope Assets:- URL: sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com (OOS)
- WILDCARD: *.justfall.lol,*.justplay.lol,*.1v1.lol (OOS)
- OTHER: 1v1.lol (OOS)
- ANDROID: com.youdagames.gop3multiplayer (OOS)
- IOS: id877638937 (OOS)
- WILDCARD: *.awards.slotomania.com (OOS)
|
| + | https://hackerone.com/polygon-technology | 16 | 4 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/maticnetwork/bor
- URL: staking-api.polygon.technology
- URL: faucet.polygon.technology
- SOURCE_CODE: https://github.com/0xPolygon/chain-indexer-framework
- URL: portal.polygon.technology
- SOURCE_CODE: https://github.com/0xPolygon/proof-generation-api
- URL: staking.polygon.technology
- URL: faucet-api.polygon.technology/
- URL: api-gateway.polygon.technology
- URL: gasstation.polygon.technology/
- URL: api-polygon-tokens.polygon.technology/
- URL: balance-api.polygon.technology/
- SOURCE_CODE: https://github.com/0xPolygon/auto-claim-service
- SOURCE_CODE: https://github.com/0xPolygon/lxly.js
- SOURCE_CODE: https://github.com/0xPolygon/static
- SOURCE_CODE: https://github.com/0xPolygon/heimdall-v2
Out of Scope Assets:- SOURCE_CODE: https://github.com/maticnetwork/heimdall (OOS)
- SOURCE_CODE: https://github.com/maticnetwork/contracts (OOS)
- WILDCARD: *.matic.network (OOS)
- SOURCE_CODE: https://github.com/maticnetwork/matic-cli (OOS)
|
| + | https://hackerone.com/pornbox | 4 | 0 | HackerOne |
In Scope Assets:- URL: www.pornbox.com
- URL: www.analvids.com
- URL: www.ddfcontent.com
- URL: www.pornworld.com
|
| + | https://hackerone.com/porsche | 110 | 0 | HackerOne |
|
| + | https://hackerone.com/portswigger | 8 | 2 | HackerOne |
In Scope Assets:- URL: portswigger.net
- EXECUTABLE: Burp Suite Pro/Community
- EXECUTABLE: Burp Collaborator
- URL: forum.portswigger.net
- URL: https://enterprise-demo.portswigger.net/
- URL: ai.portswigger.net
- OTHER: Burp Suite DAST
- URL: http1mustdie.com
Out of Scope Assets:- WILDCARD: *.web-security-academy.net (OOS)
- WILDCARD: *.portswigger.net (OOS)
|
| + | https://hackerone.com/priceline | 13 | 45 | HackerOne |
In Scope Assets:- URL: www.priceline.com
- URL: cruises.priceline.com
- URL: www.bookingholdings.com
- IOS: 336381998
- ANDROID: com.priceline.android.negotiator
- URL: press.priceline.com
- URL: www.getaroom.com
- URL: flyiin.com
- URL: priceline.com
- AI_MODEL: Penny
- URL: ir.bookingholdings.com
- URL: bookingholdings-coe.com
- URL: https://www.priceline.com/pwd/v0/pcln-graphql/
Out of Scope Assets:- URL: secure.rezserver.com (OOS)
- URL: reservations.rezserver.com (OOS)
- URL: www.airportrentalcars.com (OOS)
- OTHER: www.priceline.com/vp-web/* (OOS)
- URL: api.rezserver.com (OOS)
- URL: admin.rezserver.com (OOS)
- URL: availability.getaroom.com (OOS)
- URL: extranet.getaroom.com (OOS)
- URL: breadcrumb.getaroom.com (OOS)
- URL: supply.getaroom.com (OOS)
- URL: stockroom.production.getaroom.com (OOS)
- URL: *.roomvaluesteam.com (OOS)
- URL: *.testaroom.com (OOS)
- URL: *.testaroom.cloud (OOS)
- URL: groupdeals.priceline.com (OOS)
- URL: weatherstatus.priceline.com (OOS)
- URL: url5932.travel.priceline.com (OOS)
- URL: tools.corp.priceline.com (OOS)
- URL: tools-qaa.corp.priceline.com (OOS)
- URL: remotecontrol.corp.priceline.com (OOS)
- URL: qaa.booking.priceline.com (OOS)
- URL: offers.priceline.com (OOS)
- URL: mail.corp.priceline.com (OOS)
- URL: localdealsemail.priceline.com (OOS)
- URL: links.deals.priceline.com (OOS)
- URL: jira.corp.priceline.com (OOS)
- URL: itsupport.corp.priceline.com (OOS)
- URL: ids-too.priceline.com (OOS)
- URL: ids-dev.priceline.com (OOS)
- URL: help.corp.priceline.com (OOS)
- URL: guse4-rc-qa.priceline.com (OOS)
- URL: google.corp.priceline.com (OOS)
- URL: experiences.priceline.com (OOS)
- URL: employeedeals.flightdeals.priceline.com (OOS)
- URL: dev.sales-ccp.priceline.com (OOS)
- URL: dev.customerservice-ccp.priceline.com (OOS)
- URL: dashboard.corp.priceline.com (OOS)
- URL: customerservice-ccp.priceline.com (OOS)
- URL: careers.priceline.com (OOS)
- URL: booking.priceline.com (OOS)
- URL: api-guse4-poc.priceline.com (OOS)
- URL: api-gnae1-poc.priceline.com (OOS)
- URL: ace-qa.corp.priceline.com (OOS)
- URL: 1psb.priceline.com (OOS)
- URL: img1.priceline.com (OOS)
|
| + | https://hackerone.com/privy-bbp | 3 | 4 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://www.npmjs.com/package/@privy-io/react-auth
- URL: auth.privy.io
- URL: dashboard.privy.io
Out of Scope Assets:- URL: privy.io (OOS)
- URL: blog.privy.io (OOS)
- URL: docs.privy.io (OOS)
- URL: demo.privy.io (OOS)
|