Scope Data

In Scope Assets:

• SOURCE_CODE: https://www.npmjs.com/package/@privy-io/react-auth
• URL: auth.privy.io
• URL: dashboard.privy.io

Out of Scope Assets:

• URL: privy.io (OOS)
• URL: blog.privy.io (OOS)
• URL: docs.privy.io (OOS)
• URL: demo.privy.io (OOS)

In Scope Assets:

• WILDCARD: *.quora.com
• IOS: com.quora.app.mobile
• ANDROID: com.quora.android
• URL: poe.com

In Scope Assets:

• SOURCE_CODE: https://github.com/rails/rails

Out of Scope Assets:

• WILDCARD: *.rubyonrails.org (OOS)

In Scope Assets:

• URL: dashboard.razorpay.com
• URL: api.razorpay.com
• URL: checkout.razorpay.com
• URL: invoices.razorpay.com
• URL: payroll.razorpay.com
• URL: x.razorpay.com

In Scope Assets:

• URL: www.recordedfuture.com
• URL: therecord.media
• URL: api.recordedfuture.com
• IOS: com.recordedfuture.mobile
• ANDROID: com.recordedfuture.mobile
• URL: app.recordedfuture.com
• URL: id.recordedfuture.com
• URL: securitytrails.com
• URL: geminiadvisory.io
• URL: hatching.io
• URL: tria.ge
• URL: dns.watch
• URL: bgpview.io

Out of Scope Assets:

• URL: rescan.io (OOS)

In Scope Assets:

• URL: new.reddit.com
• WILDCARD: *.redditinc.com
• WILDCARD: *.redditblog.com
• WILDCARD: *.reddithelp.com
• URL: api.reddit.com
• URL: mod.reddit.com
• URL: ads.reddit.com
• URL: gql.reddit.com
• URL: accounts.reddit.com
• URL: gateway.reddit.com
• URL: strapi.reddit.com
• URL: m.reddit.com
• URL: amp.reddit.com
• URL: meta-api.reddit.com
• WILDCARD: *.snooguts.net
• WILDCARD: *.redditmedia.com
• URL: sh.reddit.com
• WILDCARD: *.reddit.com
• URL: redditforbusiness.com
• URL: matrix.redditspace.com
• WILDCARD: *.spiketrap.io
• OTHER: Android App
• OTHER: iOS App
• OTHER: Core Assets
• OTHER: Non-Core Assets
• URL: developers.reddit.com
• URL: business.reddithelp.com
• WILDCARD: *.memorable.io

Out of Scope Assets:

• URL: reddit.secure.force.com (OOS)

In Scope Assets:

• URL: 10x.redoxengine.com
• URL: testapp.redoxengine.com
• URL: testapi.redoxengine.com
• WILDCARD: test*.redoxengine.com
• URL: docs.redoxengine.com
• URL: fhir.redoxengine.com
• URL: explore.redoxengine.com
• URL: www.redoxengine.com
• URL: help.redoxengine.com

Out of Scope Assets:

• URL: dashboard.redoxengine.com (OOS)
• URL: candi.redoxengine.com (OOS)
• URL: api.redoxengine.com (OOS)
• URL: sso.redoxengine.com (OOS)
• URL: redox.slack.com (OOS)
• URL: https://redoxengine.atlassian.net (OOS)

In Scope Assets:

• URL: rei.com
• OTHER: Any public cloud resource or infrastructure operated and managed by REI.
• OTHER: Android & iOS App for REI Customers
• URL: login.rei.com
• URL: http://www.rei.com/learn/expert-advice
• URL: http://collaboration.rei.com

Out of Scope Assets:

• URL: http://rei.com/used (OOS)
• URL: http://rei.com/blog (OOS)
• URL: http://rei.com/rentals (OOS)
• URL: http://rei.com/rei-garage (OOS)
• URL: rei.jobs (OOS)
• URL: reifund.org (OOS)
• URL: destinations.rei.com (OOS)
• URL: partners2.rei.com (OOS)
• URL: greenvestrentals.rei.com (OOS)
• URL: reicasting.com (OOS)
• URL: engineering.rei.com (OOS)
• URL: test-login.rei.com (OOS)
• WILDCARD: *.rentals.rei.com (OOS)
• URL: wpvip.rei.com (OOS)
• URL: vpn.rei.com (OOS)
• URL: desktop.rei.com (OOS)
• URL: foryourbenefit-rei.com/ (OOS)
• URL: rei.gladly.com (OOS)
• URL: http://rei.com/lists (OOS)

In Scope Assets:

• URL: remitly.com
• URL: blog.remitly.com
• ANDROID: com.remitly.androidapp
• IOS: 674258465
• URL: api.remitly.io
• URL: cards.remitly.io
• URL: rewire.com
• URL: app.rewire.to
• URL: rates.rewire.com
• URL: app3.rewire.to
• WILDCARD: *.dev.remitly.com
• WILDCARD: *.int.remitly.com
• URL: funding-webhooks.remitly.io
• URL: media.remitly.io
• URL: hub-api-sandbox.remitly.io
• URL: cardpayments.remitly.io
• URL: partner-webhook.remitly.io
• URL: ablink.info.remitly.com
• URL: careers.remitly.com
• URL: ir.remitly.com
• URL: metrics.int.remitly.com
• URL: news.remitly.com
• URL: access.remitly.com
• URL: access-sandbox.remitly.com
• URL: auth.remitly.com
• URL: site.rewire.com

Out of Scope Assets:

• OTHER: https://www.remitly.com/blog (OOS)

In Scope Assets:

• IOS: 657777015
• ANDROID: via.rider
• IOS: 469463298
• ANDROID: com.citymapper.app.release
• URL: global-api.citymapper.com
• URL: eu.remix.com
• URL: platform.remix.com
• URL: https://metroconnect.app.ridewithvia.com
• ANDROID: ridewithvia.neoridelittlerock
• IOS: 6449737830
• URL: https://pt-runner.app.ridewithvia.com
• IOS: 6464473474
• ANDROID: ridewithvia.par.piercetransit

Out of Scope Assets:

• URL: ridewithvia.okta.com (OOS)
• WILDCARD: *.drivewithvia.com (OOS)
• URL: ridewithvia.com (OOS)
• WILDCARD: *.citymapper.com/ (OOS)
• URL: citymapper.com (OOS)
• URL: remix.com (OOS)

In Scope Assets:

• OTHER: https://ring.com/*
• OTHER: https://api.ring.com/*
• OTHER: https://fw.ring.com/*
• OTHER: https://app.ring.com/*
• OTHER: https://admin.ring.com/*
• OTHER: https://nw.ring.com/*
• OTHER: https://oauth.ring.com/*
• OTHER: https://billing.ring.com/*
• URL: prd-ring-web-us.prd.rings.solutions
• WILDCARD: https://*.immedia-semi.com/*
• WILDCARD: https://*.blinkforhome.com/*
• HARDWARE: Video Doorbell
• HARDWARE: Peephole Cam
• HARDWARE: Indoor Cam
• HARDWARE: Stickup Cam
• HARDWARE: Chime
• HARDWARE: Ring Alarm
• HARDWARE: Ring Smart Lighting Bridge
• HARDWARE: Blink Outdoor
• HARDWARE: Blink Indoor
• HARDWARE: Blink Sync Module 2
• HARDWARE: Blink Mini
• HARDWARE: Blink Video Doorbell
• ANDROID: com.immediasemi.android.blink
• ANDROID: com.ring.neighborhoods
• ANDROID: com.ringapp
• IOS: 1013961111
• IOS: 1218902777
• IOS: 926252661
• URL: publicsafety.ring.com

Out of Scope Assets:

• OTHER: Devices (OOS)
• OTHER: Services, Apps, Mobile (OOS)
• OTHER: Anything not in scope (OOS)

In Scope Assets:

• IOS: com.ripio.ios
• ANDROID: com.ripio.android
• URL: trade.ripio.com
• URL: app.ripio.com
• URL: https://kyc.ripio.com/
• URL: http://auth.ripio.com
• URL: defi.ripio.com
• WILDCARD: *ripiotrade.co

In Scope Assets:

• EXECUTABLE: Roblox Client
• EXECUTABLE: Roblox Studio
• WILDCARD: *.roblox.com
• WILDCARD: *.rbx.com
• WILDCARD: *.ra.roblox.com
• URL: blox.link
• EXECUTABLE: Roblox Engine

Out of Scope Assets:

• WILDCARD: *.guilded.gg (OOS)

In Scope Assets:

• URL: socialclub.rockstargames.com
• URL: rockstarnorth.com
• URL: prod.ros.rockstargames.com
• URL: support.rockstargames.com
• EXECUTABLE: Rockstar Games Launcher
• URL: *.rockstargames.com
• URL: store.rockstargames.com
• URL: circolocorecords.com/
• URL: www.rockstargames.com

Out of Scope Assets:

• URL: lifeinvader.com (OOS)
• URL: faspex.rockstargames.com (OOS)
• URL: emailcontent.rockstargames.com (OOS)
• URL: bomgar.rockstargames.com (OOS)
• URL: any-invalid-domains.rockstargames.com (OOS)
• URL: anomotion.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/rsksmart/rskj
• SOURCE_CODE: https://github.com/rsksmart/tokenbridge
• SOURCE_CODE: https://github.com/rsksmart/powpeg-node
• URL: https://github.com/rsksmart/rsk-powhsm/
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet-services
• SOURCE_CODE: https://github.com/rsksmart/rif-wallet-libs
• SOURCE_CODE: https://github.com/rsksmart/2wp-app
• SOURCE_CODE: https://github.com/rsksmart/2wp-api
• SOURCE_CODE: https://github.com/rsksmart/liquidity-provider-server
• SOURCE_CODE: https://github.com/rsksmart/liquidity-bridge-contract
• SOURCE_CODE: https://github.com/rsksmart/bridges-core-sdk
• SOURCE_CODE: https://github.com/rsksmart/flyover-sdk

Out of Scope Assets:

• WILDCARD: *.rsk.co (OOS)
• URL: bounty-node.rsk.co (OOS)
• WILDCARD: *.iovlabs.org (OOS)
• WILDCARD: *.rifos.org (OOS)
• WILDCARD: *.rootstocklabs.com (OOS)
• WILDCARD: *.rootstock.io (OOS)
• WILDCARD: *.rif.technology (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/ruby/ruby

Out of Scope Assets:

• WILDCARD: *.ruby-lang.org (OOS)

In Scope Assets:

• URL: rubygems.org
• SOURCE_CODE: https://github.com/rubygems/rubygems

Out of Scope Assets:

• URL: help.rubygems.org (OOS)
• OTHER: gem server command (OOS)
• URL: support.rubygems.org (OOS)
• URL: uptime.rubygems.org (OOS)
• URL: blog.rubygems.org (OOS)
• URL: guide.rubygems.org (OOS)
• URL: stats.rubygems.org (OOS)
• URL: status.rubygems.org (OOS)
• URL: https://s3-us-west-2.amazonaws.com/rubygems-dumps (OOS)
• URL: http://rubygems.org/names (OOS)

In Scope Assets:

• URL: online.s-pankki.fi
• URL: www.s-pankki.fi
• URL: https://crosskey.io/stores/s-pankki/apis
• IOS: 740514933
• ANDROID: fi.spankki
• URL: mobile.s-pankki.fi
• URL: www.s-kaupat.fi
• URL: extranet.s-pankki.fi
• URL: tunnistus.s-ryhma.fi
• URL: digili.s-cloud.fi
• URL: www.prisma.fi
• URL: www.sokos.fi
• URL: api.sokos.fi
• URL: api.s-kaupat.fi

In Scope Assets:

• WILDCARD: *.scopely.io
• WILDCARD: *.scopely.com
• IOS: com.pieyel.scrabble
• ANDROID: com.pieyel.scrabble
• IOS: com.withbuddies.dice.free
• ANDROID: com.withbuddies.dice.free
• IOS: com.scopely.yux
• ANDROID: com.scopely.yux
• WILDCARD: *.withbuddies.com
• ANDROID: com.foxnextgames.m3
• IOS: com.foxnextgames.m3
• ANDROID: com.scopely.monopolygo
• ANDROID: com.scopely.startrek
• IOS: id1427744264
• ANDROID: com.kitkagames.fallbuddies
• IOS: id1541153375
• OTHER: Games Tier 1
• OTHER: Games Tier 2
• IOS: id1621328561
• OTHER: Games Tier 3

Out of Scope Assets:

• URL: confluence.scopely.io (OOS)
• URL: jira.scopely.io (OOS)
• URL: scopely.okta.com (OOS)
• URL: bamboo.scopely.io (OOS)

In Scope Assets:

• URL: hackerone.com
• URL: api.hackerone.com
• URL: www.hackerone.com
• URL: https://*.hackerone-user-content.com/
• URL: errors.hackerone.net
• URL: https://*.hackerone-ext-content.com
• OTHER: *.vpn.hackerone.net
• CIDR: 66.232.20.0/23
• CIDR: 206.166.248.0/23
• URL: app.pullrequest.com
• URL: reviewer.pullrequest.com
• URL: ctf.hacker101.com
• URL: hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
• URL: a5s.hackerone-ext-content.com
• URL: b5s.hackerone-ext-content.com
• URL: hackerone-ext-content.com
• URL: hackathon-photos.hackerone-user-content.com
• URL: cover-photos.hackerone-user-content.com
• URL: hackathon-photos-us-east-2.hackerone-user-content.com
• URL: profile-photos.hackerone-user-content.com
• URL: hackerone-user-content.com
• URL: profile-photos-us-east-2.hackerone-user-content.com
• URL: cover-photos-us-east-2.hackerone-user-content.com
• URL: hackerone.live
• URL: www.wearehackerone.com
• URL: mta-sts.wearehackerone.com

Out of Scope Assets:

• URL: support.hackerone.com (OOS)
• URL: www.hackeronestatus.com (OOS)
• URL: go.hacker.one (OOS)
• URL: info.hacker.one (OOS)
• URL: ma.hacker.one (OOS)
• URL: h1.community (OOS)
• URL: www.h1.community (OOS)
• URL: hackerone-swag.com (OOS)

In Scope Assets:

• WILDCARD: *.semrush.com
• WILDCARD: *.semrush.net
• WILDCARD: *.seoquake.com
• WILDCARD: *.seoab.io
• WILDCARD: *.scatec.io
• WILDCARD: *.sellzone.com
• WILDCARD: *.myinsights.io
• OTHER: Other Semrush Related Asset
• OTHER: Leaked/Сompromised Employee accounts

Out of Scope Assets:

• URL: advocates.semrush.com (OOS)
• URL: email.semrush.com (OOS)

In Scope Assets:

• URL: www.sheer.com
• URL: my.sheer.com

In Scope Assets:

• WILDCARD: *.shein.com
• IOS: 878577184
• ANDROID: com.zzkko
• WILDCARD: *.romwe.com
• ANDROID: com.romwe
• IOS: 1080248000
• WILDCARD: *.sheingsp.com

In Scope Assets:

• URL: your-store.myshopify.com
• URL: partners.shopify.com
• URL: accounts.shopify.com
• WILDCARD: *.shopify.io
• WILDCARD: *.shopify.com
• OTHER: Shopify Developed Apps
• OTHER: Shopify Mobile Applications
• WILDCARD: *.shopifykloud.com
• WILDCARD: *.shopifycloud.com
• URL: linkpop.com
• URL: shopifyinbox.com
• URL: shop.app
• URL: shopify.plus
• URL: arrive-server.shopifycloud.com
• URL: admin.shopify.com
• SOURCE_CODE: https://github.com/Shopify/*
• WILDCARD: *.shopifycs.com
• WILDCARD: *.pci.shopifyinc.com

Out of Scope Assets:

• URL: investors.shopify.com (OOS)
• WILDCARD: *.email.shopify.com (OOS)
• OTHER: Other (OOS)
• URL: cdn.shopify.com (OOS)
• URL: livechat.shopify.com (OOS)
• URL: community.shopify.com (OOS)
• OTHER: supplier-portal.shopifycloud.com (OOS)
• URL: academy.shopify.com (OOS)
• URL: community.shopify.dev (OOS)

In Scope Assets:

• WILDCARD: *.sidefx.com

In Scope Assets:

• HARDWARE: Gecko SDK
• SOURCE_CODE: https://github.com/SiliconLabsSoftware/matter_extension
• SOURCE_CODE: https://github.com/SiliconLabsSoftware/matter_sdk
• HARDWARE: SiW917
• HARDWARE: Arduino Nano
• EXECUTABLE: Simplicity Studio Development Platform
• HARDWARE: Wireless Microcontrollers (MCUs)

Out of Scope Assets:

• SOURCE_CODE: https://github.com/SiliconLabsSoftware/z-wave-protocol-controller (OOS)

In Scope Assets:

• URL: www.six-group.com
• URL: www.bolsasymercados.es
• CIDR: 153.46.96.0/20
• CIDR: 193.110.154.0/24
• IOS: https://apps.apple.com/ch/app/debix/id1581440132?l=en-GB
• IOS: https://apps.apple.com/mx/app/debix/id1581440132
• IOS: https://apps.apple.com/mx/app/schweizer-finanzmuseum/id1225222871
• IOS: https://apps.apple.com/mx/app/six-id/id1620496931
• IOS: https://apps.apple.com/us/app/bme-conecta/id6443938949
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.debixplus
• ANDROID: https://play.google.com/store/apps/details?id=com.sixgroup.id&hl=en_US&pli=1
• ANDROID: https://play.google.com/store/apps/details?id=es.grupobme.bmeconecta
• ANDROID: https://play.google.com/store/search?q=Schweizer+Finanzmuseum&c=apps
• URL: https://web3.sdx.com
• URL: https://www.sdx.com/
• CIDR: 193.109.229.0/24
• CIDR: 153.46.240.0/20
• CIDR: 153.46.108.0/22
• CIDR: 62.192.20.16/29
• CIDR: 153.46.111.0/24
• CIDR: 153.46.104.0/22
• CIDR: 146.109.8.0/22
• CIDR: 194.209.121.0/24
• CIDR: 153.46.30.0/23
• CIDR: 153.46.32.0/23
• CIDR: 153.46.34.0/23
• CIDR: 174.44.253.152/29
• CIDR: 153.46.0.0/16
• CIDR: 146.109.2.0/24
• CIDR: 146.109.3.0/24
• CIDR: 146.109.4.0/24
• CIDR: 185.210.32.0/22
• CIDR: 153.46.162.0/23
• CIDR: 212.95.227.64/26
• CIDR: 146.109.1.0/24
• CIDR: 146.109.8.0/21
• CIDR: 153.46.176.0/22
• CIDR: 153.46.48.0/22
• CIDR: 146.109.64.0/24
• CIDR: 146.109.65.0/24
• CIDR: 146.109.66.0/24
• CIDR: 146.109.68.0/24
• CIDR: 146.109.67.0/24
• CIDR: 146.109.140.0/24
• CIDR: 146.109.141.0/24
• CIDR: 146.109.142.0/24
• CIDR: 146.109.143.0/24
• CIDR: 146.109.148.0/24
• CIDR: 146.109.149.0/24
• CIDR: 146.109.150.0/24
• URL: https://secure-test.six-swiss-exchange.com/
• CIDR: 146.109.151.0/24
• CIDR: 146.109.161.0/24
• CIDR: 193.5.66.0/23
• CIDR: 193.8.251.0/24
• CIDR: 194.35.79.0/24

Out of Scope Assets:

• IP_ADDRESS: 153.46.254.150 (OOS)
• URL: saferpay.com (OOS)
• URL: 193.109.229.71 (OOS)
• WILDCARD: *.sixidmobile.com (OOS)
• CIDR: 213.41.106.0/24 (OOS)
• CIDR: 194.98.112.0/24 (OOS)

In Scope Assets:

• URL: slack.com
• URL: api.slack.com
• URL: slackb.com
• URL: app.slack.com
• SOURCE_CODE: https://github.com/slackhq/nebula
• URL: edgeapi.slack.com
• URL: slackatwork.com
• URL: slack-redir.net
• URL: slack-imgs.com
• URL: spaces.pm
• ANDROID: com.Slack
• IOS: com.tinyspeck.chatlyio
• IOS: com.slack.slackmdm
• URL: www.quip.com
• URL: *.quip.com
• EXECUTABLE: https://salesforce.quip.com/blog/desktop
• URL: slack-status.com
• OTHER: Slack Desktop Application
• IOS: https://apps.apple.com/us/app/quip-docs-chat-sheets/id647922896

Out of Scope Assets:

• URL: status.slack.com (OOS)
• URL: slackhq.com (OOS)
• ANDROID: com.Slack.intune (OOS)
• IOS: com.slack.slackintune (OOS)
• URL: *.glitchthegame.com (OOS)
• OTHER: 3rd Party Quip Apps (OOS)

In Scope Assets:

• URL: smtp2go.com
• URL: app.smtp2go.com
• URL: api.smtp2go.com

Out of Scope Assets:

• URL: support.smtp2go.com (OOS)

In Scope Assets:

• IOS: com.bitstrips.imoji
• ANDROID: com.bitstrips.imoji
• IOS: com.toyopagroup.picaboo
• ANDROID: com.snapchat.android
• URL: www.bitmoji.com
• URL: www.bitstrips.com
• URL: scan.snapchat.com
• URL: kit.snapchat.com
• URL: snappublisher.snapchat.com
• URL: geofilters.snapchat.com
• URL: spectacles.com
• URL: accounts.snapchat.com
• URL: app.snapchat.com
• EXECUTABLE: Lens Studio
• URL: map.snapchat.com
• URL: story.snapchat.com
• URL: ads.snapchat.com
• URL: *.sc-core.net
• URL: create.snapchat.com
• URL: business.snapchat.com
• URL: my.snapchat.com
• URL: businesshelp.snapchat.com
• SOURCE_CODE: https://lensstudio.snapchat.com/api/
• URL: store.snapchat.com
• URL: web.snapchat.com
• URL: blog.playcanvas.com
• URL: code.playcanvas.com
• URL: developer.playcanvas.com
• URL: forum.playcanvas.com
• URL: launch.playcanvas.com
• URL: login.playcanvas.com
• URL: msg.playcanvas.com
• URL: playcanvas.com
• URL: relay.playcanvas.com
• URL: rt.playcanvas.com
• URL: store.playcanvas.com
• URL: playcanv.as
• OTHER: *.sc-corp.net
• OTHER: Tier A - Core Assets
• OTHER: Tier B - Non Core (Bitmoji, Playcanvas)

Out of Scope Assets:

• URL: returns.spectacles.com (OOS)
• URL: support.snapchat.com (OOS)
• HARDWARE: Spectacles charging case (OOS)
• HARDWARE: Spectacles (OOS)
• WILDCARD: http://dev*.playcanvas.com (OOS)
• URL: dev.playcanv.as (OOS)

In Scope Assets:

• URL: sorare.com
• URL: api.sorare.com
• URL: ws.sorare.com

In Scope Assets:

• URL: assets.spotify.com
• IOS: com.spotify.client
• IOS: com.spotify.s4a
• ANDROID: com.spotify.tv.android
• ANDROID: com.spotify.s4a
• SOURCE_CODE: Spotify SDKs
• OTHER: Other Spotify websites
• ANDROID: com.spotify.music
• EXECUTABLE: Spotify desktop application (Windows and Mac)
• OTHER: Anchor
• ANDROID: com.spotify.lite
• IOS: com.spotify.kids
• SOURCE_CODE: iOS SDK
• SOURCE_CODE: Android SDK
• SOURCE_CODE: Web Playback SDK
• URL: backstage.io
• SOURCE_CODE: Backstage source code
• ANDROID: com.spotify.kids
• IOS: com.anchorfminc.Anchor
• ANDROID: fm.anchor.android
• OTHER: Megaphone
• OTHER: Podsights
• OTHER: Sonantic
• WILDCARD: *.withspotify.com
• WILDCARD: *.byspotify.com
• WILDCARD: *.atspotify.com
• WILDCARD: *.avecspotify.com
• WILDCARD: *.enspotify.com
• WILDCARD: *.forspotify.com
• WILDCARD: *.fromspotify.com
• WILDCARD: *.tospotify.com
• OTHER: Core Assets
• OTHER: Non-Core Assets
• OTHER: GHE
• OTHER: Jira
• OTHER: Okta
• OTHER: VPN
• WILDCARD: *.spotify.com
• WILDCARD: *.spotify.net
• URL: api.spotify.com
• URL: api-partner.spotify.com

Out of Scope Assets:

• IOS: com.soundtrap.studioapp (OOS)
• ANDROID: com.soundtrap.studioapp (OOS)
• OTHER: Preact (OOS)
• OTHER: Soundtrap (OOS)
• OTHER: The Ringer (OOS)
• URL: example.com (OOS)
• OTHER: Findaway (OOS)
• URL: everynoise.com (OOS)

In Scope Assets:

• IOS: com.starbucks.mystarbucks
• ANDROID: com.starbucks.mobilecard
• URL: www.starbucksreserve.com
• URL: www.starbucks.ca
• URL: www.starbucks.com
• URL: app.starbucks.com
• OTHER: Subdomain Takeover (SDTO)
• URL: openapi.starbucks.com
• URL: secureui.starbucks.com

Out of Scope Assets:

• URL: apply.starbucks.com (OOS)
• URL: careers.starbucks.com (OOS)
• URL: lsstar.starbucks.com (OOS)

In Scope Assets:

• URL: www.starbucks.com.cn/
• IOS: Starbucks China iOS
• ANDROID: Starbucks China Android

In Scope Assets:

• URL: www.starbucks.co.jp
• IOS: Starbucks Japan iOS
• ANDROID: Starbucks Japan Android
• URL: www.cart.starbucks.co.jp/
• URL: cart.starbucks.co.jp
• URL: gift.starbucks.co.jp
• URL: login.starbucks.co.jp

In Scope Assets:

• URL: api.stripe.com
• URL: *.stripe.com
• ANDROID: com.stripe.android.dashboard
• IOS: 978516833
• URL: js.stripe.com
• OTHER: Stripe Payments
• OTHER: Stripe Checkout
• OTHER: Stripe Connect
• OTHER: Stripe Terminal
• OTHER: Stripe Billing
• OTHER: Stripe Elements
• OTHER: Stripe Dashboard
• OTHER: Stripe Issuing
• OTHER: Stripe Radar
• OTHER: Stripe Sigma
• OTHER: Stripe Atlas
• OTHER: Stripe SDKs
• OTHER: Stripe Open Source
• URL: api.taxjar.com
• URL: app.taxjar.com
• URL: *.recko.io
• URL: *.reckoproduction.com
• URL: *.reckostaging.com
• URL: *.link.co
• OTHER: Stripe Apps
• OTHER: Stripe Payment Links
• OTHER: Stripe Invoicing
• OTHER: Stripe Financial Connections
• OTHER: Stripe Revenue Recognition
• OTHER: Stripe Identity
• OTHER: Stripe Climate
• OTHER: Stripe Data Pipeline
• OTHER: Stripe Tax
• OTHER: Stripe Capital
• OTHER: Stripe Treasury
• WILDCARD: *.lemonsqueezy.com
• OTHER: Stripe for Visual Studio Code
• OTHER: Tap to Pay (Android)
• OTHER: Tap to Pay (iOS)
• OTHER: Sandboxes
• OTHER: Organizations
• WILDCARD: *.bridge.xyz

Out of Scope Assets:

• URL: *.getbouncer.com (OOS)
• OTHER: Stripe Third Party Apps and Integrations (OOS)
• OTHER: Onboarding Verification Link Crawling (OOS)

In Scope Assets:

• WILDCARD: *.superbet.ro
• WILDCARD: *.superbet.rs
• WILDCARD: *.superbet.com
• WILDCARD: *.spinaway.com
• ANDROID: ro.superbet.sport
• ANDROID: ro.superbet.games
• WILDCARD: *.luckydays.com
• WILDCARD: *.luckydays.ca
• WILDCARD: *.napoleoncasino.be
• WILDCARD: *.napoleondice.be
• WILDCARD: *.napoleongames.be
• WILDCARD: *.napoleonsports.be
• WILDCARD: *.superbet.pl
• URL: superbet.bet.br
• URL: https://napoleoncasino.be/en-be/game/hogamba-crash?demo=false
• URL: https://superbet.ro
• URL: https://superbet.pl
• URL: https://napoleoncasino.be
• URL: https://napoleonsports.be
• URL: https://napoleondice.be
• URL: https://napoleongames.be
• URL: https://superbet.rs
• OTHER: WGP Slot Games
• OTHER: https://napoleoncasino.be/nl-be/game/plinko-napoleon?demo=false

Out of Scope Assets:

• WILDCARD: *.epic.superbet.ro (OOS)
• URL: https://legacy-web.superbet.ro/session/login (OOS)
• URL: affiliates.superbet.com (OOS)
• URL: affiliates.superbet.rs (OOS)
• URL: affiliate.napoleongames.be (OOS)
• URL: https://retail.prod.incubator.superbet.ro/ssbt-api/ (OOS)
• URL: http://surveys.superbet.com (OOS)
• URL: lp.superbet.pl (OOS)
• URL: lp.superbet.ro (OOS)
• URL: lp.superbet.com (OOS)
• URL: lp.superbet.rs (OOS)
• URL: lp.superbet.bet.br (OOS)
• URL: test.epic.superbet.ro (OOS)
• URL: test-gw.epic.superbet.ro (OOS)

In Scope Assets:

• URL: uat-bugbounty.nonprod.syfe.com
• URL: api-uat-bugbounty.nonprod.syfe.com
• URL: www.syfe.com
• URL: api.syfe.com
• URL: alfred.syfe.com
• URL: mark8.syfe.com
• ANDROID: com.syfe
• IOS: https://apps.apple.com/sg/app/syfe-stay-invested/id1497156434

In Scope Assets:

• URL: www.temu.com
• ANDROID: com.einnovation.temu
• IOS: 1641486558
• URL: seller.temu.com

In Scope Assets:

• IOS: co.tide
• ANDROID: com.tideplatform.banking
• ANDROID: co.tide.tideplatform.in
• URL: api.tideplatform.in
• WILDCARD: *.tide.co

Out of Scope Assets:

• URL: account-reader.tide.co (OOS)
• URL: community.tide.co (OOS)
• URL: status.tide.co (OOS)
• URL: admin.tide.co (OOS)
• WILDCARD: http://*-wip.tide.co (OOS)
• WILDCARD: http://*-staging.tide.co (OOS)
• WILDCARD: http://*.wip.tide.co (OOS)
• WILDCARD: http://*.staging.tide.co (OOS)
• URL: www.tidecharity.org.uk (OOS)
• URL: portaldesign.tide.co (OOS)
• URL: domains.tide.co (OOS)
• WILDCARD: http://*.stg-tideplatform.in (OOS)
• WILDCARD: http://*.wip-tideplatform.in (OOS)
• URL: mi.tide.co (OOS)
• WILDCARD: bot-*.bo.tide.co (OOS)
• WILDCARD: status-*.tide.co (OOS)

In Scope Assets:

• ANDROID: com.zhiliaoapp.musically
• IOS: 835599320
• URL: *.tiktok.com
• URL: business.tiktok.com
• IOS: 1235601864
• ANDROID: com.ss.android.ugc.trill
• URL: ads.tiktok.com
• URL: tiktok.com
• URL: careers.tiktok.com
• URL: creatormarketplace.tiktok.com
• URL: *.tiktokv.com
• URL: developers.tiktok.com
• URL: effecthouse.tiktok.com
• ANDROID: com.ss.android.ugc.now
• IOS: 641062073
• URL: partner.tiktokshop.com
• ANDROID: com.tiktok.tv
• URL: shop.tiktok.com
• ANDROID: com.zhiliao.musically.livewallpaper
• URL: live-backstage.tiktok.com
• URL: academy-outbound-ads.tiktok.com
• URL: www.pangleglobal.com
• IOS: 1591003012
• ANDROID: com.tiktokshop.seller
• URL: fp-sg.tiktokv.com
• URL: affiliate-id.tokopedia.com
• URL: seller-id.tokopedia.com
• URL: shop-id.tokopedia.com
• URL: pay.tokopediax.com

In Scope Assets:

• WILDCARD: *.tinder.com
• WILDCARD: *.gotinder.com
• IOS: 547702041
• ANDROID: com.tinder
• WILDCARD: *.tinderops.net
• WILDCARD: *.tstaging.com
• WILDCARD: *.tstaging.tools
• WILDCARD: *.tinderwebstaging.com

Out of Scope Assets:

• URL: go.tinder.com (OOS)
• URL: www.help.tinder.com (OOS)
• URL: gotinder.imgix.net (OOS)
• URL: console.gotinder.com (OOS)
• OTHER: AppsFlyer Subdomains (OOS)

In Scope Assets:

• WILDCARD: *.worldcoin.org
• WILDCARD: *.consumer.worldcoin.org
• URL: toolsforhumanity.com
• URL: getworldcoin.com
• WILDCARD: *.worldcoin-distributors.com
• WILDCARD: *.worldcoin.dev
• IOS: https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847
• ANDROID: https://play.google.com/store/apps/details?id=com.worldcoin
• SOURCE_CODE: https://github.com/worldcoin
• URL: worldcoin.org
• WILDCARD: *.toolsforhumanity.com
• OTHER: Secondary Assets
• OTHER: Primary Assets
• URL: developer.worldcoin.org
• URL: id.worldcoin.org
• SMART_CONTRACT: https://docs.world.org/world-chain/reference/address-book
• URL: world.org

Out of Scope Assets:

• URL: support.worldcoin.com (OOS)
• URL: support.world.org (OOS)

In Scope Assets:

• OTHER: Tor
• OTHER: Tor Browser

In Scope Assets:

• URL: www.trendyol.com
• URL: m.trendyol.com
• URL: www.dolap.com
• IOS: 524362642
• IOS: 1127881507
• ANDROID: trendyol.com
• ANDROID: com.dolap.android
• URL: www.trendyol-milla.com
• IOS: 6467634418
• ANDROID: com.trendyol.milla.android
• URL: www.tgoyemek.com
• ANDROID: com.trendyol.go

In Scope Assets:

• WILDCARD: *.trip.com
• OTHER: <locale>.trip.com
• IOS: com.trip.ios
• ANDROID: com.trip.android
• WILDCARD: *.travix.com
• WILDCARD: *.travix.io
• WILDCARD: *.trainpal.com,*.mytrainpal.com
• WILDCARD: *.cheaptickets.nl
• WILDCARD: *.triplinkintl.com
• WILDCARD: *.tyo-masters.co.jp
• URL: app.blueskytravelvietnam.com
• WILDCARD: *.budgetair.com
• WILDCARD: *.flugladen.de
• WILDCARD: *.vayama.com
• WILDCARD: *.vliegwinkel.nl
• WILDCARD: *.trip.biz

Out of Scope Assets:

• WILDCARD: *.stg.travix.com (OOS)
• WILDCARD: *.dev.travix.com (OOS)
• WILDCARD: *.development.travix.com (OOS)
• WILDCARD: *.playground.travix.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/tronprotocol/java-tron

In Scope Assets:

• ANDROID: com.truecaller
• IOS: 448142450
• URL: business.truecaller.com
• URL: web.truecaller.com
• URL: www.truecaller.com
• URL: business-resources.truecaller.com
• WILDCARD: *-asia-south1.truecaller.com
• WILDCARD: *-eu.truecaller.com
• WILDCARD: *-noneu.truecaller.com

Out of Scope Assets:

• URL: adsmanager.truecaller.com (OOS)
• URL: support.truecaller.com (OOS)
• URL: community.truecaller.com (OOS)

In Scope Assets:

• OTHER: uber.com
• OTHER: Recon Data
• OTHER: *.uberinternal.com
• OTHER: *ubereats.com

Out of Scope Assets:

• URL: *.uberscoot.us (OOS)
• OTHER: Fraud Reports (OOS)
• URL: *.ubertransit.io (OOS)
• URL: bizblog.uber.com (OOS)
• URL: et.uber.com (OOS)
• URL: newsroom.uber.com (OOS)
• URL: eng.uber.com (OOS)
• URL: people.uber.com (OOS)
• URL: love.uber.com (OOS)
• URL: drive.uber.com (OOS)
• URL: uber.onelogin.com (OOS)
• URL: uber.com.cn (OOS)
• OTHER: *.ubercarshare.com (OOS)
• URL: https://assets.uber.com (OOS)
• URL: https://brand.uber.com (OOS)
• WILDCARD: scaledsolutions*.uber.com (OOS)
• WILDCARD: *scaledsolutions.uber.com (OOS)

In Scope Assets:

• URL: www.udemy.com
• URL: yourcompany.udemy.com

Out of Scope Assets:

• URL: about.udemy.com (OOS)
• URL: affiliates.udemy.com (OOS)
• URL: blog.udemy.com (OOS)
• URL: business.udemy.com (OOS)
• URL: community.udemy.com (OOS)
• URL: teach.udemy.com (OOS)
• URL: research.udemy.com (OOS)
• URL: support.udemy.com (OOS)
• URL: mi.udemy.com (OOS)
• URL: helpdesk.udemy.com (OOS)
• URL: copyright.udemy.com (OOS)
• URL: design.udemy.com (OOS)
• URL: government.udemy.com (OOS)
• URL: keeplearning.udemy.com (OOS)
• URL: legalteam.udemy.com (OOS)
• URL: people-innovators.udemy.com (OOS)
• URL: theupskillingimperative.com (OOS)
• URL: translate.udemy.com (OOS)
• URL: ufbsupport.udemy.com (OOS)
• URL: coding-exercises.udemy.com (OOS)