Scope Data

In Scope Assets:

• URL: trade.ripio.com
• URL: app.ripio.com
• URL: https://kyc.ripio.com/
• URL: http://auth.ripio.com
• URL: defi.ripio.com
• WILDCARD: *ripiotrade.co
• IOS: com.ripio.ios
• ANDROID: com.ripio.android
• URL: sandbox-b2b.ripio.com

In Scope Assets:

• URL: api.robinhood.com
• URL: cashier.robinhood.com
• URL: minerva.robinhood.com
• URL: nummus.robinhood.com
• WILDCARD: https://*.saytechnologies.com
• OTHER: *.rhinternal.net
• OTHER: *.robinhood.com
• OTHER: *.robinhood.net
• OTHER: *.say.rocks
• OTHER: *.saytechnologies.com
• ANDROID: com.robinhood.android
• IOS: 1634080733
• IOS: 6462308655
• IOS: 938003185
• ANDROID: com.robinhood.gateway
• ANDROID: com.robinhood.money
• URL: identi.robinhood.com
• URL: fusion.tradepmr.com
• URL: www.tradepmr.com
• URL: insight2.tradepmr.com
• URL: www.bitstamp.net
• URL: 7671800.bitstamp.net
• URL: 7671800.team.bitstamp.net
• URL: _16928ca3f53f40a48a751be40fa24e4c.bitstamp.net
• URL: _domainconnect.bitstamp.net
• URL: autodiscover.bitstamp.net
• URL: bounces.bitstamp.net
• URL: em1198.bitstamp.net
• URL: em4296.team.bitstamp.net
• URL: em9457.team.bitstamp.net
• URL: enterpriseenrollment.bitstamp.net
• URL: enterpriseregistration.bitstamp.net
• URL: status.bitstamp.net
• URL: url6884.team.bitstamp.net
• IOS: Id1406825640
• ANDROID: net.bitstamp.app
• OTHER: Tier 3
• ANDROID: com.robinhood.global Android

Out of Scope Assets:

• URL: https://www.saytechnologies.com/contact/sales (OOS)
• URL: shop.robinhood.com (OOS)
• URL: fleet.infra.robinhood.net (OOS)
• URL: content.research.robinhood.com (OOS)
• URL: events.robinhood.com (OOS)
• URL: affiliates.robinhood.com (OOS)
• URL: vgs-api.robinhood.com (OOS)
• URL: share.robinhood.com (OOS)
• URL: esg.robinhood.com (OOS)
• URL: startinvesting.robinhood.com (OOS)
• URL: go.robinhood.com (OOS)
• URL: underthehoodpod.robinhood.com (OOS)
• URL: press.robinhood.com (OOS)
• URL: roadshow.robinhood.com (OOS)
• URL: weareallinvestors.robinhood.com (OOS)
• URL: careers.robinhood.com (OOS)
• URL: earlytalent.robinhood.com (OOS)
• URL: auth-sandbox.tradepmr.com (OOS)
• URL: api-sandbox.tradepmr.com (OOS)
• URL: fusion-demo.tradepmr.com (OOS)
• URL: fusion-demo.uat.tradepmr.com (OOS)
• URL: fusion-demo.uat2.tradepmr.com (OOS)
• URL: fusion.uat.tradepmr.com (OOS)
• URL: fusion.uat2.tradepmr.com (OOS)
• URL: fusion.uat3.tradepmr.com (OOS)
• URL: auth-validation.tradepmr.com (OOS)
• URL: api-validation.tradepmr.com (OOS)
• URL: auth.tradepmr.com (OOS)
• URL: api.tradepmr.com (OOS)
• URL: sandbox.bitstamp.net (OOS)

In Scope Assets:

• EXECUTABLE: Roblox Client
• EXECUTABLE: Roblox Studio
• WILDCARD: *.roblox.com
• WILDCARD: *.rbx.com
• WILDCARD: *.ra.roblox.com
• URL: blox.link
• EXECUTABLE: Roblox Engine

Out of Scope Assets:

• WILDCARD: *.guilded.gg (OOS)

In Scope Assets:

• URL: store.rockstargames.com
• EXECUTABLE: Rockstar Games Launcher
• URL: *.rockstargames.com
• URL: circolocorecords.com/
• URL: socialclub.rockstargames.com
• URL: rockstarnorth.com
• URL: prod.ros.rockstargames.com
• URL: support.rockstargames.com
• URL: www.rockstargames.com

Out of Scope Assets:

• URL: any-invalid-domains.rockstargames.com (OOS)
• URL: lifeinvader.com (OOS)
• URL: faspex.rockstargames.com (OOS)
• URL: emailcontent.rockstargames.com (OOS)
• URL: anomotion.com (OOS)
• URL: bomgar.rockstargames.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/ruby/ruby

Out of Scope Assets:

• WILDCARD: *.ruby-lang.org (OOS)

In Scope Assets:

• URL: rubygems.org
• SOURCE_CODE: https://github.com/rubygems/rubygems

Out of Scope Assets:

• URL: help.rubygems.org (OOS)
• URL: https://s3-us-west-2.amazonaws.com/rubygems-dumps (OOS)
• URL: http://rubygems.org/names (OOS)
• OTHER: gem server command (OOS)
• URL: support.rubygems.org (OOS)
• URL: uptime.rubygems.org (OOS)
• URL: blog.rubygems.org (OOS)
• URL: guide.rubygems.org (OOS)
• URL: stats.rubygems.org (OOS)
• URL: status.rubygems.org (OOS)

In Scope Assets:

• URL: online.s-pankki.fi
• URL: digili.s-cloud.fi
• URL: www.s-pankki.fi
• URL: https://crosskey.io/stores/s-pankki/apis
• URL: www.prisma.fi
• URL: www.sokos.fi
• URL: api.sokos.fi
• IOS: 740514933
• ANDROID: fi.spankki
• URL: mobile.s-pankki.fi
• URL: www.s-kaupat.fi
• URL: extranet.s-pankki.fi
• URL: api.s-kaupat.fi
• URL: tunnistus.s-ryhma.fi

In Scope Assets:

• ANDROID: com.foxnextgames.m3
• IOS: com.foxnextgames.m3
• IOS: com.pieyel.scrabble
• ANDROID: com.pieyel.scrabble
• IOS: com.withbuddies.dice.free
• ANDROID: com.withbuddies.dice.free
• IOS: com.scopely.yux
• ANDROID: com.scopely.yux
• WILDCARD: *.scopely.com
• ANDROID: com.scopely.monopolygo
• WILDCARD: *.scopely.io
• WILDCARD: *.withbuddies.com
• ANDROID: com.scopely.startrek
• IOS: id1427744264
• OTHER: Games Tier 1
• OTHER: Games Tier 2
• ANDROID: com.gsn.android.casino
• ANDROID: com.gsn.grandcasino
• ANDROID: air.com.bitrhymes.bingo
• ANDROID: com.gsn.android.tripeaks
• IOS: id1621328561
• OTHER: Games Tier 3

Out of Scope Assets:

• URL: confluence.scopely.io (OOS)
• URL: jira.scopely.io (OOS)
• URL: scopely.okta.com (OOS)
• URL: bamboo.scopely.io (OOS)

In Scope Assets:

• URL: app.pullrequest.com
• URL: reviewer.pullrequest.com
• URL: ctf.hacker101.com
• URL: hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
• URL: a5s.hackerone-ext-content.com
• URL: b5s.hackerone-ext-content.com
• URL: hackerone-ext-content.com
• URL: hackathon-photos.hackerone-user-content.com
• URL: cover-photos.hackerone-user-content.com
• URL: hackathon-photos-us-east-2.hackerone-user-content.com
• URL: profile-photos.hackerone-user-content.com
• URL: hackerone-user-content.com
• URL: profile-photos-us-east-2.hackerone-user-content.com
• URL: cover-photos-us-east-2.hackerone-user-content.com
• OTHER: *.vpn.hackerone.net
• CIDR: 66.232.20.0/23
• CIDR: 206.166.248.0/23
• URL: hackerone.com
• URL: hackerone.live
• URL: www.wearehackerone.com
• URL: mta-sts.wearehackerone.com
• URL: api.hackerone.com
• URL: www.hackerone.com
• URL: errors.hackerone.net
• URL: https://*.hackerone-ext-content.com
• URL: https://*.hackerone-user-content.com/

Out of Scope Assets:

• URL: www.hackeronestatus.com (OOS)
• URL: go.hacker.one (OOS)
• URL: info.hacker.one (OOS)
• URL: ma.hacker.one (OOS)
• URL: support.hackerone.com (OOS)
• URL: h1.community (OOS)
• URL: www.h1.community (OOS)
• URL: hackerone-swag.com (OOS)

In Scope Assets:

• WILDCARD: *.semrush.com
• WILDCARD: *.myinsights.io
• WILDCARD: *.semrush.net
• WILDCARD: *.seoquake.com
• WILDCARD: *.seoab.io
• WILDCARD: *.scatec.io
• OTHER: Other Semrush Related Asset
• OTHER: Leaked/Сompromised Employee accounts
• WILDCARD: *.sellzone.com

Out of Scope Assets:

• URL: advocates.semrush.com (OOS)
• URL: email.semrush.com (OOS)

In Scope Assets:

• URL: www.sheer.com
• URL: my.sheer.com

In Scope Assets:

• WILDCARD: *.sheingsp.com
• WILDCARD: *.shein.com
• IOS: 878577184
• ANDROID: com.zzkko
• WILDCARD: *.romwe.com
• ANDROID: com.romwe
• IOS: 1080248000

In Scope Assets:

• WILDCARD: *.shopify.com
• OTHER: Shopify Developed Apps
• OTHER: Shopify Mobile Applications
• URL: your-store.myshopify.com
• URL: partners.shopify.com
• URL: accounts.shopify.com
• URL: admin.shopify.com
• WILDCARD: *.shopifykloud.com
• SOURCE_CODE: https://github.com/Shopify/*
• WILDCARD: *.shopifycs.com
• WILDCARD: *.shopifycloud.com
• WILDCARD: *.pci.shopifyinc.com
• URL: linkpop.com
• URL: shopifyinbox.com
• URL: shop.app
• URL: shopify.plus
• URL: arrive-server.shopifycloud.com
• WILDCARD: *.shopify.io

Out of Scope Assets:

• OTHER: Other (OOS)
• URL: cdn.shopify.com (OOS)
• WILDCARD: *.email.shopify.com (OOS)
• URL: livechat.shopify.com (OOS)
• URL: community.shopify.com (OOS)
• URL: investors.shopify.com (OOS)
• OTHER: supplier-portal.shopifycloud.com (OOS)
• URL: academy.shopify.com (OOS)
• URL: community.shopify.dev (OOS)

In Scope Assets:

• WILDCARD: *.sidefx.com

In Scope Assets:

• URL: www.six-group.com
• URL: www.bolsasymercados.es
• CIDR: 153.46.96.0/20
• CIDR: 193.110.154.0/24
• IOS: https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB
• IOS: https://apps.apple.com/mx/app/debix/id1581440132
• IOS: https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871
• IOS: https://apps.apple.com/mx/app/six-id/id1620496931
• IOS: https://apps.apple.com/us/app/bme-conecta/id6443938949
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.debixplus
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1
• ANDROID: https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta
• ANDROID: https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps
• URL: https://web3.sdx.com
• URL: https://www.sdx.com/
• CIDR: 193.109.229.0/24
• CIDR: 153.46.240.0/20
• CIDR: 153.46.108.0/22
• CIDR: 62.192.20.16/29
• CIDR: 153.46.111.0/24
• CIDR: 153.46.104.0/22
• CIDR: 146.109.8.0/22
• CIDR: 194.209.121.0/24
• CIDR: 153.46.30.0/23
• CIDR: 153.46.32.0/23
• CIDR: 153.46.34.0/23
• CIDR: 174.44.253.152/29
• CIDR: 153.46.0.0/16
• CIDR: 146.109.2.0/24
• CIDR: 146.109.3.0/24
• CIDR: 146.109.4.0/24
• CIDR: 185.210.32.0/22
• CIDR: 153.46.162.0/23
• CIDR: 212.95.227.64/26
• CIDR: 146.109.1.0/24
• CIDR: 146.109.8.0/21
• CIDR: 153.46.176.0/22
• CIDR: 153.46.48.0/22
• CIDR: 146.109.64.0/24
• CIDR: 146.109.65.0/24
• CIDR: 146.109.66.0/24
• CIDR: 146.109.68.0/24
• CIDR: 146.109.67.0/24
• CIDR: 146.109.140.0/24
• CIDR: 146.109.141.0/24
• CIDR: 146.109.142.0/24
• CIDR: 146.109.143.0/24
• CIDR: 146.109.148.0/24
• CIDR: 146.109.149.0/24
• CIDR: 146.109.150.0/24
• URL: https://secure-test.six-swiss-exchange.com/
• CIDR: 146.109.151.0/24
• CIDR: 146.109.161.0/24
• CIDR: 193.5.66.0/23
• CIDR: 193.8.251.0/24
• CIDR: 194.35.79.0/24

Out of Scope Assets:

• IP_ADDRESS: 153.46.254.150 (OOS)
• URL: saferpay.com (OOS)
• URL: 193.109.229.71 (OOS)
• WILDCARD: *.sixidmobile.com (OOS)
• CIDR: 213.41.106.0/24 (OOS)
• CIDR: 194.98.112.0/24 (OOS)

In Scope Assets:

• URL: slackatwork.com
• URL: slack-redir.net
• URL: slack-imgs.com
• URL: spaces.pm
• URL: slack.com
• URL: api.slack.com
• ANDROID: com.Slack
• IOS: com.tinyspeck.chatlyio
• IOS: com.slack.slackmdm
• URL: slackb.com
• URL: www.quip.com
• URL: *.quip.com
• EXECUTABLE: https://salesforce.quip.com/blog/desktop
• URL: app.slack.com
• SOURCE_CODE: https://github.com/slackhq/nebula
• URL: slack-status.com
• URL: edgeapi.slack.com
• OTHER: Slack Desktop Application
• IOS: https://apps.apple.com/us/app/quip-docs-chat-sheets/id647922896

Out of Scope Assets:

• URL: slackhq.com (OOS)
• URL: status.slack.com (OOS)
• ANDROID: com.Slack.intune (OOS)
• IOS: com.slack.slackintune (OOS)
• URL: *.glitchthegame.com (OOS)
• OTHER: 3rd Party Quip Apps (OOS)

In Scope Assets:

• URL: smtp2go.com
• URL: app.smtp2go.com
• URL: api.smtp2go.com

Out of Scope Assets:

• URL: support.smtp2go.com (OOS)

In Scope Assets:

• IOS: com.bitstrips.imoji
• ANDROID: com.bitstrips.imoji
• IOS: com.toyopagroup.picaboo
• ANDROID: com.snapchat.android
• URL: www.bitmoji.com
• URL: www.bitstrips.com
• URL: scan.snapchat.com
• URL: kit.snapchat.com
• URL: snappublisher.snapchat.com
• URL: geofilters.snapchat.com
• URL: spectacles.com
• URL: accounts.snapchat.com
• URL: app.snapchat.com
• URL: web.snapchat.com
• URL: blog.playcanvas.com
• URL: code.playcanvas.com
• URL: developer.playcanvas.com
• URL: forum.playcanvas.com
• URL: launch.playcanvas.com
• URL: login.playcanvas.com
• URL: msg.playcanvas.com
• URL: playcanvas.com
• URL: relay.playcanvas.com
• URL: rt.playcanvas.com
• URL: store.playcanvas.com
• URL: playcanv.as
• OTHER: *.sc-corp.net
• OTHER: Tier A - Core Assets
• OTHER: Tier B - Non Core (Bitmoji, Playcanvas)
• EXECUTABLE: Lens Studio
• URL: map.snapchat.com
• URL: story.snapchat.com
• URL: ads.snapchat.com
• URL: *.sc-core.net
• URL: create.snapchat.com
• URL: business.snapchat.com
• URL: my.snapchat.com
• URL: businesshelp.snapchat.com
• SOURCE_CODE: https://lensstudio.snapchat.com/api/
• URL: store.snapchat.com

Out of Scope Assets:

• URL: support.snapchat.com (OOS)
• HARDWARE: Spectacles charging case (OOS)
• HARDWARE: Spectacles (OOS)
• URL: returns.spectacles.com (OOS)
• WILDCARD: http://dev*.playcanvas.com (OOS)
• URL: dev.playcanv.as (OOS)

In Scope Assets:

• URL: sorare.com
• URL: api.sorare.com
• URL: ws.sorare.com

In Scope Assets:

• URL: assets.spotify.com
• IOS: com.spotify.client
• IOS: com.spotify.s4a
• ANDROID: com.spotify.tv.android
• ANDROID: com.spotify.s4a
• SOURCE_CODE: Spotify SDKs
• OTHER: Other Spotify websites
• ANDROID: com.spotify.music
• EXECUTABLE: Spotify desktop application (Windows and Mac)
• OTHER: Anchor
• IOS: com.spotify.kids
• SOURCE_CODE: iOS SDK
• SOURCE_CODE: Android SDK
• SOURCE_CODE: Web Playback SDK
• URL: backstage.io
• SOURCE_CODE: Backstage source code
• ANDROID: com.spotify.kids
• IOS: com.anchorfminc.Anchor
• ANDROID: fm.anchor.android
• OTHER: Sonantic
• WILDCARD: *.withspotify.com
• WILDCARD: *.byspotify.com
• WILDCARD: *.atspotify.com
• WILDCARD: *.avecspotify.com
• WILDCARD: *.enspotify.com
• WILDCARD: *.forspotify.com
• WILDCARD: *.fromspotify.com
• WILDCARD: *.tospotify.com
• OTHER: Core Assets
• OTHER: Non-Core Assets
• OTHER: GHE
• OTHER: Jira
• OTHER: Okta
• OTHER: VPN
• WILDCARD: *.spotify.com
• WILDCARD: *.spotify.net
• URL: api.spotify.com
• URL: api-partner.spotify.com
• OTHER: Megaphone
• OTHER: Wrapped
• URL: https://www.whosampled.com/
• OTHER: Podsights

Out of Scope Assets:

• IOS: com.soundtrap.studioapp (OOS)
• ANDROID: com.soundtrap.studioapp (OOS)
• OTHER: Preact (OOS)
• OTHER: Soundtrap (OOS)
• OTHER: The Ringer (OOS)
• URL: example.com (OOS)
• OTHER: Findaway (OOS)
• URL: everynoise.com (OOS)

In Scope Assets:

• IOS: com.starbucks.mystarbucks
• ANDROID: com.starbucks.mobilecard
• URL: www.starbucksreserve.com
• URL: www.starbucks.ca
• URL: www.starbucks.com
• URL: app.starbucks.com
• OTHER: Subdomain Takeover (SDTO)
• URL: openapi.starbucks.com
• URL: secureui.starbucks.com

Out of Scope Assets:

• URL: apply.starbucks.com (OOS)
• URL: careers.starbucks.com (OOS)
• URL: lsstar.starbucks.com (OOS)
• OTHER: Teavana (OOS)

In Scope Assets:

• URL: www.starbucks.com.cn/
• IOS: Starbucks China iOS
• ANDROID: Starbucks China Android

Out of Scope Assets:

• OTHER: Teavana (OOS)

In Scope Assets:

• URL: www.starbucks.co.jp
• IOS: Starbucks Japan iOS
• ANDROID: Starbucks Japan Android
• URL: www.cart.starbucks.co.jp/
• URL: cart.starbucks.co.jp
• URL: gift.starbucks.co.jp
• URL: login.starbucks.co.jp

In Scope Assets:

• WILDCARD: *.stripchat.com
• URL: go.stripchat.com

Out of Scope Assets:

• URL: pxl.stripchat.com (OOS)
• WILDCARD: https://stripchat.com/page* (OOS)
• URL: support.stripchat.com (OOS)
• URL: https://stripchat.com/wiki (OOS)
• URL: wiki.stripchat.com (OOS)
• WILDCARD: mta*.stripchat.com (OOS)

In Scope Assets:

• URL: *.link.co
• OTHER: Stripe Apps
• OTHER: Stripe Payment Links
• OTHER: Stripe Invoicing
• OTHER: Stripe Financial Connections
• OTHER: Stripe Revenue Recognition
• OTHER: Stripe Identity
• OTHER: Stripe Climate
• OTHER: Stripe Data Pipeline
• OTHER: Stripe Tax
• OTHER: Stripe Capital
• OTHER: Stripe Treasury
• URL: api.stripe.com
• URL: *.stripe.com
• ANDROID: com.stripe.android.dashboard
• IOS: 978516833
• URL: js.stripe.com
• OTHER: Stripe Payments
• OTHER: Stripe Checkout
• OTHER: Stripe Connect
• OTHER: Stripe Terminal
• OTHER: Stripe Billing
• OTHER: Stripe Elements
• OTHER: Stripe Dashboard
• OTHER: Stripe Issuing
• OTHER: Stripe Radar
• OTHER: Stripe Sigma
• OTHER: Stripe Atlas
• OTHER: Stripe SDKs
• OTHER: Stripe Open Source
• URL: api.taxjar.com
• URL: app.taxjar.com
• WILDCARD: *.lemonsqueezy.com
• OTHER: Stripe for Visual Studio Code
• OTHER: Tap to Pay (Android)
• OTHER: Tap to Pay (iOS)
• OTHER: Sandboxes
• OTHER: Organizations
• WILDCARD: *.bridge.xyz
• OTHER: Smokescreen Open Source Project
• URL: *.recko.io
• URL: *.reckoproduction.com
• URL: *.reckostaging.com

Out of Scope Assets:

• OTHER: Stripe Third Party Apps and Integrations (OOS)
• OTHER: Onboarding Verification Link Crawling (OOS)
• URL: *.getbouncer.com (OOS)

In Scope Assets:

• WILDCARD: *.superbet.ro
• WILDCARD: *.superbet.rs
• WILDCARD: *.superbet.com
• WILDCARD: *.spinaway.com
• ANDROID: ro.superbet.sport
• ANDROID: ro.superbet.games
• WILDCARD: *.luckydays.com
• WILDCARD: *.luckydays.ca
• WILDCARD: *.napoleoncasino.be
• WILDCARD: *.napoleondice.be
• WILDCARD: *.napoleongames.be
• WILDCARD: *.napoleonsports.be
• WILDCARD: *.superbet.pl
• URL: superbet.bet.br
• URL: https://napoleoncasino.be/en-be/game/hogamba-crash?demo=false
• URL: https://superbet.ro
• URL: https://superbet.pl
• URL: https://napoleoncasino.be
• URL: https://napoleonsports.be
• URL: https://napoleondice.be
• URL: https://napoleongames.be
• URL: https://superbet.rs
• OTHER: WGP Slot Games
• OTHER: https://napoleoncasino.be/nl-be/game/plinko-napoleon?demo=false
• WILDCARD: *.happening.dev

Out of Scope Assets:

• WILDCARD: *.epic.superbet.ro (OOS)
• URL: https://legacy-web.superbet.ro/session/login (OOS)
• URL: affiliates.superbet.com (OOS)
• URL: affiliates.superbet.rs (OOS)
• URL: affiliate.napoleongames.be (OOS)
• URL: https://retail.prod.incubator.superbet.ro/ssbt-api/ (OOS)
• URL: http://surveys.superbet.com (OOS)
• URL: lp.superbet.pl (OOS)
• URL: lp.superbet.ro (OOS)
• URL: lp.superbet.com (OOS)
• URL: lp.superbet.rs (OOS)
• URL: lp.superbet.bet.br (OOS)
• URL: test.epic.superbet.ro (OOS)
• URL: test-gw.epic.superbet.ro (OOS)

In Scope Assets:

• WILDCARD: *.grammarly.io
• OTHER: Grammarly Browser Extensions
• EXECUTABLE: Grammarly Desktop for Windows
• WILDCARD: *.grammarlyaws.com
• EXECUTABLE: Grammarly Desktop for macOS
• IOS: com.grammarly.keyboard
• ANDROID: com.grammarly.android.keyboard
• WILDCARD: *.grammarly.com
• OTHER: Capture the Flag
• URL: app.grammarly.com
• OTHER: Superhuman Go
• URL: superhuman.com
• WILDCARD: *.superhuman.com
• URL: gateway.superhuman.com
• URL: id.superhuman.com
• URL: settings.superhuman.com
• OTHER: Coda Chrome Extension
• URL: codacontent.io
• URL: codahosted.io
• IOS: io.coda
• ANDROID: io.coda.codaapp
• URL: coda.grammarly.com
• URL: coda.io
• WILDCARD: *.coda.io

Out of Scope Assets:

• OTHER: Third party external services (OOS)
• URL: status.coda.io (OOS)
• OTHER: Superhuman Mail (OOS)

In Scope Assets:

• URL: uat-bugbounty.nonprod.syfe.com
• URL: api-uat-bugbounty.nonprod.syfe.com
• URL: www.syfe.com
• URL: api.syfe.com
• URL: alfred.syfe.com
• URL: mark8.syfe.com
• ANDROID: com.syfe
• IOS: https://apps.apple.com/sg/app/syfe-stay-invested/id1497156434
• URL: alfred-uat-31.nonprod.syfe.com

In Scope Assets:

• URL: www.temu.com
• ANDROID: com.einnovation.temu
• IOS: 1641486558
• URL: seller.temu.com

In Scope Assets:

• URL: effecthouse.tiktok.com
• ANDROID: com.ss.android.ugc.now
• IOS: 641062073
• URL: partner.tiktokshop.com
• ANDROID: com.tiktok.tv
• URL: shop.tiktok.com
• ANDROID: com.zhiliao.musically.livewallpaper
• URL: live-backstage.tiktok.com
• ANDROID: com.zhiliaoapp.musically
• IOS: 835599320
• URL: *.tiktok.com
• URL: business.tiktok.com
• IOS: 1235601864
• ANDROID: com.ss.android.ugc.trill
• URL: academy-outbound-ads.tiktok.com
• URL: www.pangleglobal.com
• IOS: 1591003012
• ANDROID: com.tiktokshop.seller
• URL: ads.tiktok.com
• URL: tiktok.com
• URL: careers.tiktok.com
• URL: creatormarketplace.tiktok.com
• URL: *.tiktokv.com
• URL: developers.tiktok.com
• URL: fp-sg.tiktokv.com
• URL: affiliate-id.tokopedia.com
• URL: seller-id.tokopedia.com
• URL: shop-id.tokopedia.com
• URL: pay.tokopediax.com
• WILDCARD: *.pipopay.com
• WILDCARD: *.tiktokpublishers.com
• WILDCARD: *.tiktokcdn.com
• URL: lemon8-api.tiktokv.us
• URL: starling-ttp.lemon8-app.us
• URL: platform.tiktokpangle.us
• URL: pangle-mediation-ttp.tiktokpangle.us
• URL: www.soundonw.us
• URL: tiktokdata-us-open.tiktokw.us

In Scope Assets:

• WILDCARD: *.tinder.com
• WILDCARD: *.gotinder.com
• IOS: 547702041
• ANDROID: com.tinder
• WILDCARD: *.tinderops.net
• WILDCARD: *.tstaging.com
• WILDCARD: *.tstaging.tools
• WILDCARD: *.tinderwebstaging.com

Out of Scope Assets:

• URL: console.gotinder.com (OOS)
• OTHER: AppsFlyer Subdomains (OOS)
• URL: go.tinder.com (OOS)
• URL: www.help.tinder.com (OOS)
• URL: gotinder.imgix.net (OOS)

In Scope Assets:

• WILDCARD: *.worldcoin.org
• WILDCARD: *.consumer.worldcoin.org
• URL: toolsforhumanity.com
• URL: getworldcoin.com
• WILDCARD: *.worldcoin-distributors.com
• WILDCARD: *.worldcoin.dev
• IOS: https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847
• ANDROID: https://play.google.com/store/apps/details?id=com.worldcoin
• SOURCE_CODE: https://github.com/worldcoin
• URL: worldcoin.org
• WILDCARD: *.toolsforhumanity.com
• OTHER: Secondary Assets
• OTHER: Primary Assets
• URL: developer.worldcoin.org
• URL: id.worldcoin.org
• SMART_CONTRACT: https://docs.world.org/world-chain/reference/address-book
• URL: world.org

Out of Scope Assets:

• URL: support.worldcoin.com (OOS)
• URL: support.world.org (OOS)

In Scope Assets:

• OTHER: Tor
• OTHER: Tor Browser

In Scope Assets:

• URL: www.trendyol-milla.com
• IOS: 6467634418
• ANDROID: com.trendyol.milla.android
• URL: www.trendyol.com
• URL: m.trendyol.com
• URL: www.dolap.com
• IOS: 524362642
• IOS: 1127881507
• ANDROID: trendyol.com
• ANDROID: com.dolap.android
• URL: www.tgoyemek.com
• ANDROID: com.trendyol.go

In Scope Assets:

• WILDCARD: *.trip.com
• OTHER: <locale>.trip.com
• IOS: com.trip.ios
• ANDROID: com.trip.android
• WILDCARD: *.travix.com
• WILDCARD: *.travix.io
• WILDCARD: *.trainpal.com,*.mytrainpal.com
• WILDCARD: *.cheaptickets.nl
• WILDCARD: *.triplinkintl.com
• WILDCARD: *.tyo-masters.co.jp
• URL: app.blueskytravelvietnam.com
• WILDCARD: *.budgetair.com
• WILDCARD: *.flugladen.de
• WILDCARD: *.vayama.com
• WILDCARD: *.vliegwinkel.nl
• WILDCARD: *.trip.biz

Out of Scope Assets:

• WILDCARD: *.stg.travix.com (OOS)
• WILDCARD: *.dev.travix.com (OOS)
• WILDCARD: *.development.travix.com (OOS)
• WILDCARD: *.playground.travix.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/tronprotocol/java-tron

In Scope Assets:

• ANDROID: com.truecaller
• IOS: 448142450
• URL: web.truecaller.com
• URL: www.truecaller.com
• URL: business-resources.truecaller.com
• WILDCARD: *-asia-south1.truecaller.com
• WILDCARD: *-eu.truecaller.com
• WILDCARD: *-noneu.truecaller.com
• URL: business.truecaller.com

Out of Scope Assets:

• URL: adsmanager.truecaller.com (OOS)
• URL: support.truecaller.com (OOS)
• URL: community.truecaller.com (OOS)

In Scope Assets:

• URL: api.twilio.com
• URL: Twilio APIs
• URL: http://tsock.us1.twilio.com
• WILDCARD: *.sip.*.twilio.com
• OTHER: https://www.twilio.com/en-us/blog/get-started-webrtc
• OTHER: https://www.twilio.com/docs/libraries
• URL: https://www.twilio.com/login?g=%2fconsole%3f&t=2b1c98334b25c1a785ef15b6556396290e3c704a9b57fc40687cbccd79c46a8c
• WILDCARD: static*.twilio.com
• URL: http://twilio.com/blog
• URL: http://help.twilio.com
• URL: sendgrid.com
• URL: app.sendgrid.com
• URL: signup.sendgrid.com
• URL: api.sendgrid.com
• URL: mc.sendgrid.com
• OTHER: smtp.sendgrid.net
• ANDROID: https://www.authy.com/download/
• IOS: https://www.authy.com/download/
• URL: https://www.twilio.com/docs/verify/api
• URL: https://www.twilio.com/docs/authy/api
• URL: app.segment.com
• URL: api.segment.io
• URL: https://segment.com/docs/connections/sources/
• OTHER: Any host/web property verified to be owned by Twilio et al.

Out of Scope Assets:

• URL: signal.twilio.com (OOS)
• URL: status.twilio.com (OOS)
• URL: store.twilio.com (OOS)
• URL: support.twilio.com (OOS)
• URL: surveys.twilio.com (OOS)
• URL: talks.twilio.com (OOS)
• URL: community.segment.com (OOS)
• URL: status.segment.com (OOS)
• URL: webinars.segment.com (OOS)
• URL: status.sendgrid.com (OOS)
• URL: support.sendgrid.com (OOS)
• URL: transform.twilio.com (OOS)
• URL: webinars.twilio.com (OOS)
• URL: lab.authy.com (OOS)
• URL: twil.io (OOS)
• URL: twiliotraining.com (OOS)
• URL: zipwhip.com (OOS)
• OTHER: All Twilio acquisitions until explicitly noted under the in-scope targets (OOS)
• OTHER: Ytica and its assets (OOS)
• OTHER: Electric Imp and its assets (OOS)
• OTHER: TwimlBins (OOS)
• OTHER: All Kurento domains (OOS)
• OTHER: Twilio Quest (OOS)
• OTHER: Twilio Wireless (OOS)
• URL: http://segment.com/contact (OOS)
• URL: http://segment.com/jobs (OOS)
• URL: http://twilio.com/en-us/company/jobs (OOS)
• URL: http://twilio.com/labs (OOS)
• OTHER: Third-party services (OOS)
• URL: http://apjevents.twilio.com (OOS)
• URL: http://events.cdpweek.com (OOS)

In Scope Assets:

• OTHER: uber.com
• OTHER: Recon Data
• OTHER: *.uberinternal.com
• OTHER: *ubereats.com

Out of Scope Assets:

• URL: *.ubertransit.io (OOS)
• URL: bizblog.uber.com (OOS)
• URL: et.uber.com (OOS)
• URL: newsroom.uber.com (OOS)
• URL: eng.uber.com (OOS)
• URL: people.uber.com (OOS)
• URL: love.uber.com (OOS)
• URL: drive.uber.com (OOS)
• URL: uber.onelogin.com (OOS)
• URL: uber.com.cn (OOS)
• OTHER: *.ubercarshare.com (OOS)
• URL: https://assets.uber.com (OOS)
• URL: https://brand.uber.com (OOS)
• URL: *.uberscoot.us (OOS)
• OTHER: Fraud Reports (OOS)
• WILDCARD: scaledsolutions*.uber.com (OOS)
• WILDCARD: *scaledsolutions.uber.com (OOS)
• URL: merchants.ubereats.com (OOS)

In Scope Assets:

• URL: www.udemy.com
• URL: yourcompany.udemy.com

Out of Scope Assets:

• URL: about.udemy.com (OOS)
• URL: affiliates.udemy.com (OOS)
• URL: blog.udemy.com (OOS)
• URL: business.udemy.com (OOS)
• URL: community.udemy.com (OOS)
• URL: teach.udemy.com (OOS)
• URL: research.udemy.com (OOS)
• URL: support.udemy.com (OOS)
• URL: mi.udemy.com (OOS)
• URL: helpdesk.udemy.com (OOS)
• URL: copyright.udemy.com (OOS)
• URL: design.udemy.com (OOS)
• URL: government.udemy.com (OOS)
• URL: keeplearning.udemy.com (OOS)
• URL: legalteam.udemy.com (OOS)
• URL: people-innovators.udemy.com (OOS)
• URL: theupskillingimperative.com (OOS)
• URL: translate.udemy.com (OOS)
• URL: ufbsupport.udemy.com (OOS)
• URL: coding-exercises.udemy.com (OOS)

In Scope Assets:

• HARDWARE: AmpliFi
• WILDCARD: *.ui.com
• WILDCARD: *.ubnt.com
• URL: store.ui.com
• URL: community.ui.com
• HARDWARE: airMAX
• HARDWARE: UniFi
• HARDWARE: EdgeMAX
• HARDWARE: airFiber
• HARDWARE: UFiber
• OTHER: UniFi Cloud
• EXECUTABLE: UniFi Network Application
• ANDROID: com.ubnt.easyunifi
• ANDROID: com.ubnt.umobile
• ANDROID: com.ubnt.discovery.app
• EXECUTABLE: UCRM
• EXECUTABLE: UNMS
• HARDWARE: UniFi Talk
• HARDWARE: UniFi Protect
• HARDWARE: UniFi Switches
• HARDWARE: UniFi Wireless Access Points
• HARDWARE: UniFi Gateways (UDM, UXG, USG)
• HARDWARE: Cloudkey
• HARDWARE: UniFi LED
• HARDWARE: UniFi Access
• URL: account.ui.com
• URL: fw-update.ubnt.com
• URL: rma.ui.com
• URL: design.ui.com
• URL: uisp.com
• URL: unifi.ui.com
• URL: careers.ui.com
• URL: ispdesign.ui.com
• HARDWARE: UniFi Connect
• EXECUTABLE: UISP
• WILDCARD: *.uisp.com
• OTHER: UID
• EXECUTABLE: UniFi OS Server

Out of Scope Assets:

• URL: security.community.ui.com (OOS)
• URL: forum-es.ui.com (OOS)
• URL: forum-pt.ui.com (OOS)
• HARDWARE: UniFi Video (OOS)
• OTHER: UniFi Video Cloud (OOS)
• EXECUTABLE: AirControl (OOS)
• EXECUTABLE: UniFi Video Server (OOS)
• HARDWARE: mFi (OOS)
• ANDROID: com.ubnt.unifivideo (OOS)
• ANDROID: com.ubnt.unifi.edu (OOS)
• ANDROID: com.ubnt.mpower (OOS)
• HARDWARE: UniFi Voip (OOS)
• WILDCARD: *.go.ubnt.com (OOS)
• HARDWARE: UniFi Talk Conference Speaker - UT-Conference (OOS)

In Scope Assets:

• OTHER: [Unico] Liveness Bypass
• WILDCARD: *.cadastro.uat.unico.app
• URL: accountshomolog.acesso.io
• URL: identityhomolog.acesso.io
• WILDCARD: *.uat.unico.app
• URL: backend-sdk.uat.private.unico.run
• URL: https://sdk-h1.unico.io/createprocess
• URL: idpay-uat.unico.io
• URL: issuer.idpay-uat.unico.io
• URL: idcash-uat.unico.io
• URL: openfinance.unico.io
• URL: secure.unico.io
• URL: blog.unico.io
• URL: unico.io
• URL: devcenter.unico.io

In Scope Assets:

• URL: www.urbancompany.com
• ANDROID: com.urbanclap.provider
• ANDROID: com.urbanclap.urbanclap
• IOS: 1032480595
• IOS: 982922982
• URL: www.urbanclap.com

Out of Scope Assets:

• OTHER: Other urbancompany.com subdomains except for the ones in-scope (OOS)

In Scope Assets:

• URL: www.dota2.com
• OTHER: Steam Servers
• URL: support.steampowered.com
• URL: partner.steampowered.com
• IOS: com.valvesoftware.Steam
• ANDROID: com.valvesoftware.Steam
• URL: playartifact.com
• URL: help.steampowered.com
• URL: store.steampowered.com
• URL: www.valvesoftware.com
• URL: api.steampowered.com
• URL: partner.steamgames.com
• URL: steamcommunity.com
• URL: www.teamfortress.com
• URL: www.counter-strike.net
• OTHER: Steam Client
• URL: developer.valvesoftware.com
• WILDCARD: *.steamstatic.com

Out of Scope Assets:

• URL: valvestore.forfansbyfans.com,store.valvesoftware.com (OOS)
• URL: www.steampowered.com (OOS)
• URL: translation.steampowered.com (OOS)
• URL: www.steamgames.com (OOS)
• URL: list.valvesoftware.com (OOS)

In Scope Assets:

• WILDCARD: *.varonis.com
• WILDCARD: *.varonis.io
• WILDCARD: *.varonis.net

Out of Scope Assets:

• WILDCARD: *.varonis-preprod.com (OOS)
• OTHER: All other assets (OOS)
• WILDCARD: *.cyral.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/vercel/next.js
• SOURCE_CODE: https://github.com/sveltejs/svelte
• SOURCE_CODE: https://github.com/vercel/turborepo
• SOURCE_CODE: https://github.com/vercel/swr
• SOURCE_CODE: https://github.com/vercel/ai
• SOURCE_CODE: https://github.com/nuxt/nuxt
• OTHER: Tier 1
• OTHER: Tier 2
• SOURCE_CODE: https://github.com/vercel/vercel
• SOURCE_CODE: https://github.com/vercel/workflow
• SOURCE_CODE: https://github.com/vercel/flags
• SOURCE_CODE: https://github.com/vercel/ms
• SOURCE_CODE: https://github.com/nitrojs/nitro
• SOURCE_CODE: https://github.com/vercel/async-sema
• SOURCE_CODE: https://github.com/vercel-labs/skills
• SOURCE_CODE: https://github.com/vercel-labs/agent-skills

In Scope Assets:

• WILDCARD: https://*.verily.com/
• WILDCARD: https://*.projectbaseline.com/
• WILDCARD: https://*.signalpath.com/
• IOS: https://apps.apple.com/us/app/verily-me/id6448808133
• ANDROID: https://play.google.com/store/apps/details?id=com.verily.me
• WILDCARD: https://*.verilyme.com/

In Scope Assets:

• URL: www.vimeo.com
• URL: player.vimeo.com
• URL: api.vimeo.com
• WILDCARD: *.cloud.vimeo.com
• URL: vimeopro.com
• URL: http://vimeo.com/ondemand
• URL: http://vimeo.com/api
• IOS: 425194759
• ANDROID: com.vimeo.android.videoapp
• WILDCARD: *.vimeo.com
• URL: checkout.vimeo.com
• URL: vhx.tv
• URL: embed.vhx.tv
• URL: api.vhx.tv
• WILDCARD: *.vhx.tv
• OTHER: channelstore.roku.com/details/48061/vhx
• OTHER: VHX Branded Customer iOS Apps
• OTHER: VHX Branded Customer Android Apps
• OTHER: VHX Branded Customer Roku Apps
• URL: magisto.com,www.magisto.com
• WILDCARD: *.magisto.com
• URL: staging.magisto.com
• URL: applause1.magisto.com
• ANDROID: com.magisto
• IOS: 486781045
• WILDCARD: *.livestream.com
• URL: www.livestream.com
• WILDCARD: *.new.livestream.com
• URL: donations.livestream.com
• OTHER: Livestream software (Producer, Studio)
• ANDROID: com.livestream.livestream
• IOS: 493086499
• URL: http://vimeo.com/create
• URL: vimeo.magisto.com
• ANDROID: com.vimeocreate.videoeditor.moviemaker
• IOS: 1491791513

Out of Scope Assets:

• ANDROID: tv.vhx (OOS)
• IOS: 935740658 (OOS)
• WILDCARD: *.test.magisto.com (OOS)
• WILDCARD: *.dev.magisto.com (OOS)
• URL: applause2.magisto.com (OOS)
• URL: gamma.magisto.com (OOS)
• URL: delta.magisto.com (OOS)
• URL: int001.vimeo.magisto.com (OOS)
• URL: int002.vimeo.magisto.com (OOS)
• URL: int003.vimeo.magisto.com (OOS)
• URL: int004.vimeo.magisto.com (OOS)
• URL: int005vimeo.magisto.com (OOS)
• URL: eta.magisto.com (OOS)
• URL: epsilon.magisto.com (OOS)
• URL: http://www.magisto.com/blog (OOS)
• URL: omega.magisto.com (OOS)
• WILDCARD: *.cdn.magisto.com (OOS)
• URL: livestreamapis.com (OOS)
• WILDCARD: *.boost.livestream.com,boost.livestream.com (OOS)
• URL: store.livestream.com (OOS)
• URL: publishing-api.livestream.com (OOS)
• URL: help.livestream.com (OOS)
• URL: status.livestream.com (OOS)
• OTHER: s3://static.intercast-livestream.com (OOS)
• OTHER: livestream.com/blog, *.livestream.com/blog, blog.livestream.com (OOS)
• HARDWARE: Any previously owned/sold hardware (OOS)
• WILDCARD: *.email.vimeo.com (OOS)
• WINDOWS APP: All (OOS)
• URL: vimeo.atlassian.net (OOS)
• WILDCARD: *.wirewax.com (OOS)
• WILDCARD: *.wirewax.app (OOS)
• WILDCARD: *.wibbitz.com (OOS)
• URL: billing-account.vimeo.com (OOS)

In Scope Assets:

• URL: aw.visa.com
• URL: bb.visa.com
• URL: bd.visa.com
• URL: bm.visa.com
• URL: bq.visa.com
• URL: cw.visa.com
• URL: ht.visa.com
• URL: www.visa.com.br
• URL: www.visa.com.mx
• URL: www.visa.com.tw
• URL: visa.com.ru
• URL: visa.com.au
• URL: www.visa.com.az
• URL: www.visa.com.cn
• URL: www.visa.com.cy
• URL: www.visa.com.ge
• URL: www.visa.com.hk
• URL: www.visa.com.hr
• URL: visa.com.jm
• URL: www.visa.com.kh
• URL: www.visa.com.kz
• URL: www.visa.com.lc
• URL: www.visa.com.lk
• URL: www.visa.com.ms
• URL: www.visa.com.my
• URL: www.visa.com.ng
• URL: www.visa.com.ph
• URL: www.visa.com.sg
• URL: www.visa.com.tr
• URL: visa.com.ua
• URL: www.visa.com.vn
• URL: www.visa.co.ao
• URL: visa.co.cr
• URL: www.visa.co.id
• URL: www.visa.co.il
• URL: www.visa.co.in
• URL: www.visa.co.jp
• URL: www.visa.co.ke
• URL: visa.co.ni
• URL: www.visa.co.nz
• URL: www.visa.co.th
• URL: www.visa.co.uk
• URL: www.visa.co.ve
• URL: visa.co.za
• URL: www.cybersource.com
• URL: www.authorize.net
• URL: www.cardinalcommerce.com
• URL: www.currencycloud.com
• URL: www.yellowpepper.com
• URL: www.fraedom.com
• URL: usa.visa.com
• URL: www.tink.com
• URL: www.practicalmoneyskills.com
• URL: www.practicalbusinessskills.org
• URL: www.practicalmoneyskills.org
• URL: sandbox.secure.checkout.visa.com
• URL: www.visainfinite.ca
• URL: http://myvisainfinite.com/suntrust/en_us/home.html
• URL: http://www.myvisacardportal.com/welcome/enbd/product/#
• URL: ebctest.cybersource.com
• URL: developer.cybersource.com
• URL: sandbox.authorize.net
• URL: developer.authorize.net
• URL: developer.visa.com
• URL: test.payworks.io
• URL: console.tink.com
• URL: developer.currencycloud.com
• URL: direct-demo.currencycloud.com
• URL: https://ebctest.cybersource.com/listmanager
• URL: https://www.visa.com.az/az_az/account/registration
• URL: https://ebctest.cybersource.com/merchant-mgmt/
• URL: https://ebctest.cybersource.com/ums
• URL: visa.com.bo
• URL: https://ebctest.cybersource.com/cds/
• URL: www.visamiddleeast.com
• OTHER: *.visamiddleeast.com
• URL: www.visa.fr
• URL: my.visa.fr
• URL: infinite.visa.fr
• URL: https://ebctest.cybersource.com/CGK2
• URL: https://ebctest.cybersource.com/bin
• URL: https://ebctest.cybersource.com/boarding/v1/registrations
• URL: https://ebctest.cybersource.com/boarding/v1/templates
• URL: https://ebctest.cybersource.com/casemanagement
• URL: https://ebctest.cybersource.com/dmconfigapi
• URL: https://ebctest.cybersource.com/epcapi
• URL: https://ebctest.cybersource.com/identity
• URL: https://ebctest.cybersource.com/invoicing
• URL: https://ebctest.cybersource.com/jobs
• URL: https://ebctest.cybersource.com/merchantvelocity
• URL: https://ebctest.cybersource.com/mms
• URL: https://ebctest.cybersource.com/oms
• URL: https://ebctest.cybersource.com/partner
• URL: https://ebctest.cybersource.com/payerauthentication
• URL: https://ebctest.cybersource.com/payment
• URL: https://ebctest.cybersource.com/prcs
• URL: https://ebctest.cybersource.com/prefs
• URL: https://ebctest.cybersource.com/processorconfigapi
• URL: https://ebctest.cybersource.com/products/virtual-terminal
• URL: https://ebctest.cybersource.com/pts/v2
• URL: https://ebctest.cybersource.com/reporting
• URL: https://ebctest.cybersource.com/riskui
• URL: https://ebctest.cybersource.com/saconfig
• URL: https://ebctest.cybersource.com/sms
• URL: https://ebctest.cybersource.com/tms
• URL: https://ebctest.cybersource.com/tss
• URL: https://ebctest.cybersource.com/vdm
• URL: https://ebctest.cybersource.com/vts
• URL: https://ebctest.cybersource.com/pts/v1/transaction-batch-upload

In Scope Assets:

• URL: www.vodafone.om
• URL: apix.vodafone.om
• URL: vfo01.vodafone.om
• URL: vfo02.vodafone.om
• URL: vfo03.vodafone.om
• IOS: 1589071345
• ANDROID: om.vodafone.mva