| + | https://hackerone.com/bumba_bbp | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/bumble | 52 | 10 | HackerOne |
In Scope Assets:- URL: www.bumble.com
- URL: bma.bumble.com
- IOS: 930441707
- ANDROID: com.bumble.app
- ANDROID: com.badoo.mobile
- ANDROID: com.badoo.twa
- IOS: 351331194
- IOS: 403684733
- URL: badoo.com
- URL: eu1.badoo.com
- URL: us1.badoo.com
- URL: corp.badoo.com
- URL: m.badoo.com
- URL: meu1.badoo.com
- URL: mus1.badoo.com
- URL: hotornot.com
- URL: bma.badoo.com
- URL: badoocdn.com
- URL: translate.badoo.com
- URL: ccardseu1.badoo.com
- URL: ccardsus1.badoo.com
- URL: chatdate.app
- ANDROID: com.hotornot.app
- IOS: com.badoo.hotornot
- IOS: 6444040977
- ANDROID: com.bumblebff.app
- IOS: 1604650263
- URL: www.geneva-staging.chat
- URL: www.geneva-staging.com
- URL: web.geneva-staging.com
- URL: geneva-staging.chat
- URL: app.geneva-staging.chat
- URL: links.geneva-staging.chat
- URL: links.geneva-staging.com
- URL: go.geneva-staging.com
- URL: presence.geneva-staging.chat
- URL: presence.geneva-staging.com
- URL: sockets.geneva-staging.chat
- URL: sockets.geneva-staging.com
- URL: api.geneva-staging.com
- URL: deeplinks.geneva-staging.com
- URL: deeplinks.geneva-staging.chat
- URL: payments.geneva-staging.chat
- URL: payments.geneva-staging.com
- URL: gateway.geneva-staging.com
- URL: gateway.geneva-staging.chat
- URL: router.geneva-staging.com
- URL: social.geneva-staging.com
- URL: social.geneva-staging.chat
- TESTFLIGHT: https://testflight.apple.com/join/Y4cHu289
- OTHER: Geneva
- ANDROID: https://appdistribution.firebase.google.com/pub/i/505927432f64f04a
Out of Scope Assets:- URL: blog.bumble.com (OOS)
- URL: shop.bumble.com (OOS)
- URL: honey.bumble.com (OOS)
- URL: thebeehive.bumble.com (OOS)
- URL: heyfiesta.com (OOS)
- IOS: com.sgiggle.Mango (OOS)
- ANDROID: com.studio.projects.zodia (OOS)
- URL: zodia.studio (OOS)
- IOS: 1660741163 (OOS)
- ANDROID: com.sgiggle.Mango (OOS)
|
| + | https://hackerone.com/bybit_fintech | 4 | 0 | HackerOne |
In Scope Assets:- IOS: https://apps.apple.com/us/app/bybit-app/id1488296980
- WILDCARD: *.bybit.com
- ANDROID: https://play.google.com/store/apps/details?id=com.bybit.app&hl=en
- WILDCARD: *.bybit.eu
|
| + | https://hackerone.com/bykea | 15 | 1 | HackerOne |
In Scope Assets:- WILDCARD: *.bykea.net
- ANDROID: com.bykea.pk
- ANDROID: com.bykea.pk.partner
- IOS: 1351179184
- URL: bykea.com
- URL: https://maps.bykea.net
- URL: https://leaflet-map.bykea.net
- URL: https://nominatim.bykea.net
- WILDCARD: https://googleplace*.bykea.net
- URL: https://geocode-beta.bykea.net
- URL: https://api.bykea.net
- WILDCARD: https://kronos*.bykea.net
- WILDCARD: https://loadboard*.bykea.net/
- WILDCARD: https://raptor*.bykea.net
- WILDCARD: https://*test*.bykea.net
Out of Scope Assets:- URL: www.tilismtechservices.com (OOS)
|
| + | https://hackerone.com/capital-one-bounty | 10 | 0 | HackerOne |
In Scope Assets:- OTHER: Eno® Browser Extension
- OTHER: *.capitalone.com
- OTHER: *.capitaloneshopping.com
- ANDROID: com.konylabs.capitalone
- ANDROID: com.wikibuy.prod.main
- OTHER: Capital One Shopping Browser Extension
- OTHER: *.capitalonegslbex.com
- OTHER: *.capitalone.ca
- IOS: 407558537
- IOS: 1089294040
|
| + | https://hackerone.com/chainlink | 6 | 15 | HackerOne |
In Scope Assets:- OTHER: Faucets
- SMART_CONTRACT: https://github.com/smartcontractkit/staking-v0.1/tree/master/contracts
- SOURCE_CODE: https://github.com/smartcontractkit/external-adapters-js/
- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink-evm/tree/develop/contracts
- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink-solana/tree/develop/contracts
- SOURCE_CODE: https://github.com/smartcontractkit/chainlink
Out of Scope Assets:- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink (OOS)
- URL: create.smartcontract.com (OOS)
- URL: docs.chain.link (OOS)
- SOURCE_CODE: https://github.com/smartcontractkit/chainlink/tree/master/core/sgx (OOS)
- OTHER: Intercom (OOS)
- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink/tree/master/contracts (OOS)
- SOURCE_CODE: https://github.com/smartcontractkit/chainlink/tree/master/tools (OOS)
- SOURCE_CODE: https://github.com/smartcontractkit/chainlink/tree/master/integration (OOS)
- SOURCE_CODE: github.com/smartcontractkit/chainlink/examples (OOS)
- SOURCE_CODE: github.com/smartcontractkit/chainlink/contracts/src/*/dev (OOS)
- URL: chainlinklabs.com (OOS)
- SOURCE_CODE: https://github.com/smartcontractkit/chainlink/tree/master/core/internal (OOS)
- URL: blog.chain.link (OOS)
- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink-evm/tree/develop/contracts/.../dev (OOS)
- SMART_CONTRACT: https://github.com/smartcontractkit/chainlink-solana/tree/develop/contracts/.../dev (OOS)
|
| + | https://hackerone.com/chaturbate | 9 | 3 | HackerOne |
In Scope Assets:- URL: chaturbate.com
- WILDCARD: *.highwebmedia.com
- URL: m.chaturbate.com
- WILDCARD: *.securegatewayaccess.com
- URL: billingsupport.chaturbate.com
- URL: secure.chaturbate.com
- WILDCARD: *.mmcdn.com
- WILDCARD: *.cb.dev
- WILDCARD: *.mmwebc.dev
Out of Scope Assets:- URL: support.chaturbate.com (OOS)
- URL: status.chaturbate.com (OOS)
- URL: cbswag.com (OOS)
|
| + | https://hackerone.com/chia_network | 9 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/Chia-Network/chia-blockchain
- SOURCE_CODE: https://github.com/Chia-Network/chia-blockchain-gui
- SOURCE_CODE: https://github.com/Chia-Network/clvm_rs
- SOURCE_CODE: https://github.com/Chia-Network/chia_rs
- SOURCE_CODE: https://github.com/Chia-Network/chiapos
- SOURCE_CODE: https://github.com/Chia-Network/chiavdf
- URL: https://vault.chiatest.net/
- IOS: https://apps.apple.com/app/chia-signer/id6504493785
- URL: api.vault.chiatest.net
|
| + | https://hackerone.com/circle-bbp | 13 | 2 | HackerOne |
In Scope Assets:- URL: api.circle.com
- URL: app.circle.com
- SMART_CONTRACT: https://github.com/circlefin/evm-cctp-contracts
- SMART_CONTRACT: http://github.com/circlefin/noble-cctp
- SMART_CONTRACT: https://github.com/circlefin/solana-cctp-contracts
- URL: console.circle.com
- SOURCE_CODE: https://github.com/circlefin/stablecoin-sui
- SMART_CONTRACT: https://github.com/circlefin/buidl-wallet-contracts
- SMART_CONTRACT: https://github.com/circlefin/stablecoin-evm
- SMART_CONTRACT: https://github.com/circlefin/noble-fiattokenfactory
- SOURCE_CODE: https://github.com/circlefin/stablecoin-aptos
- SOURCE_CODE: https://github.com/circlefin/sui-cctp
- SMART_CONTRACT: https://github.com/circlefin/evm-gateway-contracts
Out of Scope Assets:- URL: youtube.com (OOS)
- URL: x.com (OOS)
|
| + | https://hackerone.com/cloudflare | 52 | 5 | HackerOne |
In Scope Assets:- URL: dash.cloudflare.com
- URL: cloudflareworkers.com
- URL: *.teams.cloudflare.com
- OTHER: Cloudflare Pages
- OTHER: CDNJS
- OTHER: WARP Mobile Apps
- OTHER: Cloudflare Access
- OTHER: Stream
- OTHER: 1.1.1.1 Resolver
- OTHER: Magic Transit
- OTHER: Spectrum
- OTHER: Load Balancing
- OTHER: Bot Management
- URL: api.cloudflare.com
- OTHER: Cloudflare Zero Trust/Cloudflare One
- URL: *.cloudflare.com
- OTHER: Open source tools from Cloudflare
- OTHER: Area 1
- OTHER: Cloudflare D1
- OTHER: Cloudflare R2
- URL: http://github.com/cloudflare
- SOURCE_CODE: https://github.com/cloudflare/workerd
- OTHER: WARP desktop client
- URL: one.dash.cloudflare.com
- OTHER: *.cloudflarepartners.com
- OTHER: Cloudflare DNS
- URL: waf.cumulusfire.net
- OTHER: Cloudflare CASB
- OTHER: Workers
- OTHER: Cloudflare Tunnel
- OTHER: AMP Real URL
- OTHER: Cloudflare Cache
- OTHER: Magic Firewall
- OTHER: Cloudflare Zaraz
- OTHER: China Network
- OTHER: API Shield
- OTHER: Gateway
- OTHER: Browser Isolation
- OTHER: Images
- AI_MODEL: Workers AI
- OTHER: AI Gateway
- OTHER: Vectorize
- OTHER: Hyperdrive
- OTHER: Workers KV
- OTHER: Cloudflare Analytics
- OTHER: Cloudflare Durable Objects
- OTHER: Turnstile
- OTHER: Waiting Room
- OTHER: Magic WAN
- OTHER: Data Loss Prevention (DLP)
- OTHER: SSL/TLS
- OTHER: Cloudflare Workers CI
Out of Scope Assets:- URL: support.cloudflare.com (OOS)
- URL: community.cloudflare.com (OOS)
- URL: support.cloudflarewarp.com (OOS)
- URL: events.www.cloudflare.com (OOS)
- OTHER: 172.65.0.0/16 (OOS)
|
| + | https://hackerone.com/coda_bbp | 17 | 1 | HackerOne |
In Scope Assets:- WILDCARD: https://airflow-prod.coda.io/*
- WILDCARD: https://coda.io/*
- WILDCARD: https://data.coda.io/*
- WILDCARD: https://head.coda.io/*
- WILDCARD: https://infra.coda.io/*
- WILDCARD: https://airflow-prod.ops.coda.io/*
- WILDCARD: https://shiny.ops.coda.io/*
- WILDCARD: https://staging.coda.io/*
- WILDCARD: https://user-profile-prod.coda.io/*
- WILDCARD: https://*.coda.io/*
- URL: https://coda.io/signup/email
- IOS: io.coda
- ANDROID: io.coda.codaapp
- OTHER: Coda Chrome Extension
- URL: codahosted.io
- URL: codacontent.io
- URL: coda.grammarly.com
Out of Scope Assets:- URL: status.coda.io (OOS)
|
| + | https://hackerone.com/coinbase | 27 | 12 | HackerOne |
In Scope Assets:- URL: *.coinbase.com
- ANDROID: com.coinbase.android
- IOS: com.coinbase.ios
- CIDR: 54.175.255.192/27
- URL: *.cbhq.net
- URL: pro.coinbase.com
- URL: custody.coinbase.com
- URL: commerce.coinbase.com
- URL: prime.coinbase.com
- OTHER: Other
- ANDROID: org.toshi
- IOS: org.toshi.distribution
- URL: institutional.coinbase.com
- URL: api.coinbase.com
- ANDROID: com.coinbase.wallite
- URL: api.custody.coinbase.com
- OTHER: https://chrome.google.com/webstore/detail/coinbase-wallet-extension/hnfanknocfeofbddgcijnmhnfnkdnaad
- OTHER: *.base.org
- URL: cloud.coinbase.com
- SMART_CONTRACT: https://base.org
- OTHER: Web3 Smart Contracts
- URL: coinbase.com
- URL: http://coinbase.com
- URL: international.coinbase.com
- URL: nft.coinbase.com
- OTHER: Coinbase WaaS (Wallet as a Service)
- SOURCE_CODE: https://github.com/coinbase/cb-mpc
Out of Scope Assets:- URL: paradex.io (OOS)
- URL: support.coinbase.com (OOS)
- URL: blog.coinbase.com (OOS)
- URL: engineering.coinbase.com (OOS)
- URL: developers.coinbase.com (OOS)
- URL: status.coinbase.com (OOS)
- URL: support.pro.coinbase.com (OOS)
- URL: *.blockspring.com (OOS)
- OTHER: N/A - Not Coinbase owned or operated (OOS)
- IOS: com.coinbase.pro (OOS)
- ANDROID: com.coinbase.pro (OOS)
- URL: tagomi.com (OOS)
|
| + | https://hackerone.com/coinhako | 3 | 0 | HackerOne |
In Scope Assets:- URL: www.coinhako.com
- ANDROID: com.coinhako
- IOS: com.coinhako.app
|
| + | https://hackerone.com/coinspot | 4 | 0 | HackerOne |
In Scope Assets:- URL: www.coinspot.com.au
- ANDROID: com.coinspot.app
- IOS: 1541949985
- URL: https://www.coinspot.com.au/v2/api
|
| + | https://hackerone.com/compass-bbp | 3 | 18 | HackerOne |
In Scope Assets:- URL: www.compass.com
- ANDROID: com.compass.compass
- IOS: https://apps.apple.com/us/app/compass-real-estate-homes/id692766504
Out of Scope Assets:- URL: http://www.compass.com/contact/ (OOS)
- URL: http://www.compass.com/api/v3/lead_forms/agent_profile (OOS)
- OTHER: Christie’s International Real Estate (OOS)
- OTHER: @properties (OOS)
- URL: glide.com (OOS)
- WILDCARD: *.ctccal.com (OOS)
- OTHER: Consumer’s Title of California (OOS)
- WILDCARD: *.chartwellescrow.com (OOS)
- OTHER: Chartwell (OOS)
- WILDCARD: *.legacytexastitle.com (OOS)
- OTHER: LegacyTexas Title (OOS)
- WILDCARD: *.firstalliancetitle.com (OOS)
- WILDCARD: *.sqstitle.com (OOS)
- OTHER: SQS Square Settlements (OOS)
- WILDCARD: *.attorneyskeytitle.com (OOS)
- WILDCARD: *.kvstitle.com (OOS)
- OTHER: KVS Title (OOS)
- OTHER: Glide (OOS)
|
| + | https://hackerone.com/consensys | 10 | 3 | HackerOne |
In Scope Assets:- URL: on-ramp.metaswap-dev.codefi.network
- URL: http://portfolio.metamask.io
- URL: https://metamask-sdk-socket.metafi.codefi.network/
- URL: staking.consensys.io
- URL: https://consensys.io/
- URL: support.metamask.io
- URL: tickets.metamask.io
- WILDCARD: *.api.cx.metamask.io
- URL: developer.metamask.io
- URL: https://docs.metamask.io/developer-tools/faucet
Out of Scope Assets:- URL: consensys.net (OOS)
- URL: consensys-solutions.net (OOS)
- URL: www.mesh.xyz (OOS)
|
| + | https://hackerone.com/cosmos | 17 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/cosmos/iavl
- SOURCE_CODE: https://github.com/iqlusioninc/yubihsm.rs
- SOURCE_CODE: https://github.com/iqlusioninc/tmkms
- SOURCE_CODE: https://github.com/iqlusioninc/crates/tree/main/signatory
- SOURCE_CODE: https://github.com/cosmos/ledger-cosmos
- SOURCE_CODE: https://github.com/cosmos/gaia
- SOURCE_CODE: https://github.com/cosmos/ics23
- OTHER: CosmWasm
- OTHER: Packet Forward Middleware
- OTHER: CometBFT
- OTHER: Cosmos SDK
- OTHER: ibc-go
- OTHER: Horcrux
- OTHER: Hermes Relayer
- OTHER: IBC Go Relayer
- OTHER: Solidity IBC Eureka
- SOURCE_CODE: https://github.com/skip-mev/go-fast-contracts
|
| + | https://hackerone.com/creditkarma | 14 | 10 | HackerOne |
In Scope Assets:- WILDCARD: https://*.creditkarma.com
- URL: accounts.creditkarma.com
- URL: www.creditkarma.ca
- URL: api.creditkarma.com
- ANDROID: com.creditkarma.mobile
- IOS: com.creditkarma.mobile
- URL: https://www.creditkarma.com/reviews/
- URL: blog.creditkarma.com
- URL: https://www.creditkarma.com/savings
- URL: support.creditkarma.ca
- WILDCARD: https://*.creditkarma.co.uk
- ANDROID: com.creditkarma.mobile.international
- IOS: com.creditkarma.mobile.international
- WILDCARD: https://*.creditkarma.ca
Out of Scope Assets:- URL: tax.creditkarma.com (OOS)
- URL: help.creditkarma.com (OOS)
- URL: https://www.creditkarma.com/all/advice (OOS)
- URL: appsflyer.com (OOS)
- URL: crashlytics.com (OOS)
- URL: taplytics.com (OOS)
- WILDCARD: https://www.creditkarma.com/article/* (OOS)
- URL: socialverification.creditkarma.com (OOS)
- URL: socialverification.stage.creditkarma.com (OOS)
- URL: taxsupport.creditkarma.com (OOS)
|
| + | https://hackerone.com/crowdstrike | 16 | 0 | HackerOne |
In Scope Assets:- WILDCARD: *.crowdstrike.com
- URL: www.crowdstrike.org
- OTHER: CrowdStrike public infrastructure
- URL: falcon-sandbox.com
- URL: hybrid-analysis.com
- URL: www.crowdstrike.com
- WILDCARD: *.humio.com
- WILDCARD: *.securecircle.com
- WILDCARD: *.preempt.com
- WILDCARD: *.preemptsecurity.com
- WILDCARD: *.reposify.com
- IOS: apps.apple.com/us/app/crowdstrike-falcon/id1458815656
- ANDROID: play.google.com/store/apps/details?id=com.crowdstrike.falconmobile
- WILDCARD: *.bionic.ai
- WILDCARD: *.flowsecurity.app
- WILDCARD: *.adaptive-shield.com
|
| + | https://hackerone.com/crypto | 22 | 4 | HackerOne |
In Scope Assets:- ANDROID: co.mona.android
- IOS: com.monaco.mobile
- WILDCARD: *.crypto.com
- URL: https://crypto.com/exchange
- URL: app.mona.co
- ANDROID: com.defi.wallet
- IOS: com.defi.wallet
- URL: merchant.crypto.com
- URL: js.crypto.com
- URL: tax.crypto.com
- URL: https://crypto.com/nft
- URL: https://crypto.com/price
- WILDCARD: *.mona.co
- OTHER: Crypto.com Wallet Extension
- URL: Crypto.com mobile app APIs that require an account
- URL: Crypto.com Exchange APIs that require an account
- URL: web.crypto.com
- URL: developer-platform-api.crypto.com
- SMART_CONTRACT: https://etherscan.io/token/0xfe18ae03741a5b84e39c295ac9c856ed7991c38e
- URL: nadex.com
- URL: developer.crypto.com
- URL: developer-api.crypto.com
Out of Scope Assets:- SOURCE_CODE: https://github.com/crypto-com/cro-staking (OOS)
- SOURCE_CODE: https://github.com/crypto-com/swap-contracts-periphery (OOS)
- SOURCE_CODE: https://github.com/crypto-com/swap-contracts-core (OOS)
- SOURCE_CODE: https://github.com/crypto-com/chain-desktop-wallet (OOS)
|
| + | https://hackerone.com/cs_money | 5 | 3 | HackerOne |
In Scope Assets:- URL: cs.money
- URL: support.cs.money
- URL: wiki.cs.money
- URL: 3d.cs.money
- URL: blog.cs.money
Out of Scope Assets:- URL: old.cs.money (OOS)
- OTHER: CS.Money Antiscam (OOS)
- URL: grafana.cs.money (OOS)
|
| + | https://hackerone.com/csg-public | 16 | 16 | HackerOne |
In Scope Assets:- URL: ap-s.cloud.com
- URL: eu.cloud.com
- URL: us.cloud.com
- URL: *.citrixworkspacesapi.net
- URL: onboarding.cloud.com
- URL: onboarding-*.cloud.com
- URL: accounts.cloud.com
- URL: adm.cloud.com
- URL: api.adm.cloud.com
- OTHER: Citrix Secure Access client for Windows
- IOS: Citrix Secure Access client for macOS
- OTHER: Citrix Secure Access client for iOS
- ANDROID: Citrix Secure Access client for Android
- OTHER: Citrix Secure Access client for Linux
- OTHER: Citrix End Point Analysis (EPA) client for Linux
- OTHER: Citrix End Point Analysis (EPA) client for Windows
Out of Scope Assets:- URL: citrix.cloud.com (OOS)
- URL: www.cloud.com (OOS)
- URL: accounts-internal.cloud.com (OOS)
- OTHER: *.browser.cloud.com (OOS)
- URL: launch.cloud.com (OOS)
- URL: *.citrix*.com (OOS)
- URL: *.cloudburrito.com (OOS)
- URL: *.securevdr.com (OOS)
- URL: *.podio.com (OOS)
- URL: (yoursubdomain).us.iws.cloud.com (OOS)
- URL: (yoursubdomain).ap.iws.cloud.com (OOS)
- URL: (yoursubdomain).eu.iws.cloud.com (OOS)
- URL: (youriwssubdomain).cloud.com (OOS)
- URL: *.xmtest.cloud.com (OOS)
- URL: *.xmqa.cloud.com (OOS)
- URL: *.xmdev.cloud.com (OOS)
|
| + | https://hackerone.com/curl | 1 | 0 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/curl/curl
|
| + | https://hackerone.com/dashlane | 13 | 0 | HackerOne |
In Scope Assets:- URL: ws1.dashlane.com
- URL: www.dashlane.com
- URL: console.dashlane.com
- URL: app.dashlane.com
- URL: logs.dashlane.com
- OTHER: Standalone Chrome extension
- WINDOWS APP: gehmmocbbkpblljhkekmfhjpfbkclbph
- IOS: com.dashlane.dashlanephonefinal
- ANDROID: com.dashlane
- EXECUTABLE: https://www.dashlane.com/fr/directdownload-v2?os=none&platform=website&target=archive_win
- EXECUTABLE: https://www.dashlane.com/fr/directdownload-v2?os=OS_X_10_12_6&platform=website&target=launcher_macosx
- SOURCE_CODE: SSO_Saml_connector
- URL: api.dashlane.com
|
| + | https://hackerone.com/databricks | 17 | 7 | HackerOne |
In Scope Assets:- URL: databricks.com
- URL: academy.databricks.com
- URL: accounts.cloud.databricks.com
- URL: demo.cloud.databricks.com
- URL: docs.databricks.com
- URL: help.databricks.com
- URL: kb.databricks.com
- URL: partners.databricks.com
- URL: support.databricks.com
- URL: https://community.cloud.databricks.com/
- OTHER: All Other In-Scope Assets
- URL: advocates.databricks.com
- URL: community.databricks.com
- URL: customer-academy.databricks.com
- URL: labs.databricks.com
- URL: marketplace.databricks.com
- URL: https://dbc-9a3f8ed1-7608.cloud.databricks.com
Out of Scope Assets:- URL: forums.databricks.com (OOS)
- URL: feedback.databricks.com (OOS)
- URL: go.databricks.com (OOS)
- WILDCARD: *.cloud.databricks.com (OOS)
- WILDCARD: *.azuredatabricks.net (OOS)
- OTHER: Other subdomains of *.azuredatabricks.net and other ‘o’ parameters (OOS)
- WILDCARD: https://databricks-prod-cloudfront.cloud.databricks.com/public/* (OOS)
|
| + | https://hackerone.com/datastax | 7 | 3 | HackerOne |
In Scope Assets:- URL: www.datastax.com
- URL: downloads.datastax.com
- URL: docs.datastax.com
- EXECUTABLE: DSE, Opscenter
- URL: astra.datastax.com
- URL: langflow.org
- URL: langflow.datastax.com
Out of Scope Assets:- URL: academy.datastax.com (OOS)
- WILDCARD: https://*cla.datastax.com/ (OOS)
- URL: community.datastax.com (OOS)
|
| + | https://hackerone.com/deribit | 8 | 5 | HackerOne |
In Scope Assets:- URL: test.deribit.com
- ANDROID: com.deribit
- IOS: 1293674041
- URL: insights.deribit.com
- URL: pb.deribit.com
- WILDCARD: *.deribit.com
- OTHER: Tier 1
- OTHER: Tier 2
Out of Scope Assets:- URL: deribit.zendesk.com (OOS)
- WILDCARD: *.chattest.deribit.com (OOS)
- URL: office.deribit.com (OOS)
- URL: trust.deribit.com (OOS)
- URL: support.deribit.com (OOS)
|
| + | https://hackerone.com/deriv | 13 | 12 | HackerOne |
In Scope Assets:- WILDCARD: *.binary.com
- SOURCE_CODE: github.com/binary-com
- WILDCARD: *.deriv.com
- URL: app.deriv.com
- URL: smarttrader.deriv.com
- URL: cashier.deriv.com
- WILDCARD: *.deriv.cloud
- URL: oauth.deriv.com
- URL: api.deriv.com
- OTHER: github.com/deriv-com
- URL: derivws.com
- WILDCARD: *.derivws.com
- URL: secure-dfadmin.deriv.com
Out of Scope Assets:- ANDROID: com.binary.ticktrade (OOS)
- WILDCARD: *.binary.* (OOS)
- URL: deriv.slack.com (OOS)
- URL: tradingview.deriv.com (OOS)
- URL: besquare.deriv.com (OOS)
- URL: trade.mql5.com (OOS)
- URL: community.deriv.com (OOS)
- URL: http://community.deriv.com (OOS)
- URL: http://admin.binary.com (OOS)
- URL: https://deriv.atlassian.net/servicedesk/customer/user/signup (OOS)
- OTHER: Any 3rd party managed domain (OOS)
- URL: deriv.ae (OOS)
|
| + | https://hackerone.com/discourse | 2 | 0 | HackerOne |
In Scope Assets:- URL: try.discourse.org
- SOURCE_CODE: https://github.com/discourse/discourse
|
| + | https://hackerone.com/django | 1 | 0 | HackerOne |
|
| + | https://hackerone.com/doppler | 6 | 6 | HackerOne |
In Scope Assets:- SOURCE_CODE: https://github.com/DopplerHQ/cli
- URL: doppler.team
- URL: api.doppler.com
- URL: dashboard.doppler.com
- EXECUTABLE: doppler
- URL: share.doppler.com
Out of Scope Assets:- URL: http://calendly.com/doppler/enterprise (OOS)
- URL: docs.doppler.com (OOS)
- URL: doppler.com (OOS)
- URL: community.doppler.com (OOS)
- URL: support.doppler.com (OOS)
- OTHER: https://github.com/DopplerHQ/awesome-bots (OOS)
|
| + | https://hackerone.com/dynamic_labs | 3 | 1 | HackerOne |
In Scope Assets:- URL: app.dynamic-preprod.xyz
- URL: demo.dynamic.xyz
- URL: app.dynamic.xyz
Out of Scope Assets:- URL: billing.dynamic.xyz (OOS)
|
| + | https://hackerone.com/dynatrace | 12 | 4 | HackerOne |
In Scope Assets:- URL: account-sprint.dynatracelabs.com
- WILDCARD: *.sprint.dynatracelabs.com
- EXECUTABLE: Dynatrace OneAgent
- URL: sso-sprint.dynatracelabs.com
- SOURCE_CODE: https://github.com/Dynatrace
- EXECUTABLE: Dynatrace ActiveGate
- OTHER: All other Assets
- EXECUTABLE: Dynatrace MobileAgent
- OTHER: Core Assets
- URL: university-staging.dynatracelabs.com
- URL: myaccount-hardening.dynatracelabs.com
- WILDCARD: *.sprint.apps.dynatracelabs.com
Out of Scope Assets:- WILDCARD: *.dynatrace.com (OOS)
- EXECUTABLE: easyTravel demo application (OOS)
- WILDCARD: *.dev.dynatracelabs.com (OOS)
- EXECUTABLE: EasyTrade demo application (OOS)
|
| + | https://hackerone.com/dyson | 66 | 32 | HackerOne |
In Scope Assets:- IOS: 993135524
- ANDROID: com.dyson.mobile.android
- HARDWARE: Dyson Connected Products (IoT Hardware)
- OTHER: Other Dyson Assets
- OTHER: Github findings
- URL: www.dyson.co.uk
- URL: www.dyson.com
- URL: www.dysoncanada.ca
- URL: www.dyson.it
- URL: www.dyson.ie
- URL: www.dyson.ch
- URL: www.dyson.se
- URL: www.dyson.nl
- URL: www.dyson.at
- URL: www.dyson.be
- URL: www.dyson.pt
- URL: www.dyson.de
- URL: www.dyson.fr
- URL: www.dyson.no
- URL: www.dyson.dk
- URL: www.dyson.es
- URL: www.fi.dyson.com
- URL: api.dyson.se
- URL: api.dysoncanada.ca
- URL: api.dyson.dk
- URL: api.dyson.it
- URL: api.dyson.es
- URL: api.dyson.co.uk
- URL: api.dyson.at
- URL: api.dyson.nl
- URL: api.dyson.be
- URL: api.dyson.pt
- URL: api.dyson.no
- URL: api.dyson.de
- URL: api.dyson.ch
- URL: api.dyson.fr
- URL: api.dyson.ie
- URL: api.dyson.com
- URL: api.fi.dyson.com
- URL: www.dyson.pl
- URL: www.dyson.in
- URL: www.dyson.com.mx
- URL: www.dyson.com.sg
- URL: www.dyson.co.kr
- URL: www.dyson.co.nz
- URL: www.dyson.com.tr
- URL: www.dyson.ae
- URL: www.dyson.co.il
- URL: www.dyson.com.au
- URL: www.dyson.hk
- URL: www.dyson.co.th
- URL: www.dyson.my
- URL: shop.dyson.co.za
- URL: www.sa.dyson.com
- URL: www.dyson.cz
- URL: www.dyson.hu
- URL: www.dyson.co.jp
- URL: www.dyson.com.ro
- URL: www.dyson.vn
- URL: *.cp.dyson.com
- URL: www.dyson.cn
- URL: www.dyson.com.ua
- URL: shop.dyson.tw
- URL: www.dyson.tw
- URL: www.gr.dyson.com
- URL: www.dyson.com.ee
Out of Scope Assets:- URL: comm.dyson* (OOS)
- URL: bounce.dyson* (OOS)
- URL: sakti3.com (OOS)
- URL: on.dyson.co.uk (OOS)
- URL: sm2.dyson.com (OOS)
- URL: m.shop.dyson.cn (OOS)
- URL: register-dyson.co.kr (OOS)
- URL: jobs.dyson.com (OOS)
- URL: reviews.dyson* (OOS)
- URL: sm3.dyson.com (OOS)
- URL: view.dyson.com (OOS)
- URL: mail.register-dyson.co.kr (OOS)
- URL: test.oepay.dyson.cn (OOS)
- URL: shop.dyson.co.kr (OOS)
- URL: *central.dyson.com (OOS)
- URL: shop.dyson.ru (OOS)
- URL: jamesdysonfoundation.* (OOS)
- URL: aio.shop.china-dyson.com (OOS)
- URL: q.dyson.cn (OOS)
- URL: api.q.dyson.cn (OOS)
- URL: fsc.dyson.com (OOS)
- URL: auth.dysonrecall.com (OOS)
- URL: centraltest.dyson.com (OOS)
- URL: 30secondbleeps.com (OOS)
- URL: www.dyson.ovh (OOS)
- URL: dysontherapie.fr (OOS)
- URL: svn.dyson.com (OOS)
- URL: central-test.dyson.com (OOS)
- URL: community.dyson.com (OOS)
- URL: careers.dyson.com (OOS)
- WILDCARD: *dyson-demo.com (OOS)
- WILDCARD: *.dynsystem.kr (OOS)
|
| + | https://hackerone.com/early_warning | 10 | 13 | HackerOne |
In Scope Assets:- WILDCARD: *.zellepay.com
- WILDCARD: *.earlywarning.com
- WILDCARD: developer*.earlywarning.com
- WILDCARD: support*.earlywarning.com
- WILDCARD: *.zelle.com
- URL: platformtest.cat.earlywarning.io
- URL: platform.cat.earlywarning.io
- URL: zellepay.force.com
- URL: zelleservice.my.site.com
- URL: ews-fusion.my.site.com
Out of Scope Assets:- URL: toolkit.zellepay.com (OOS)
- URL: demo.earlywarning.com (OOS)
- WILDCARD: *.clearxchange.com (OOS)
- URL: ccpa.zellepay.com (OOS)
- URL: zellepay.earlywarning.com (OOS)
- WILDCARD: api.zmsp.*.earlywarning.io (OOS)
- WILDCARD: *bc.earlywarning.com (OOS)
- URL: docs.earlywarning.com (OOS)
- URL: flip0717.earlywarning.com (OOS)
- WILDCARD: ccpa*.zellepay.com (OOS)
- URL: http://api.zellepay.com (OOS)
- URL: http://api.zmsp.earlywarning.com (OOS)
- URL: http://earlywarningapi.force.com (OOS)
|
| + | https://hackerone.com/eero | 12 | 3 | HackerOne |
In Scope Assets:- OTHER: https://node.e2ro.com/*
- OTHER: https://api-user.e2ro.com/*
- HARDWARE: eero Pro (2nd Generation)
- HARDWARE: eero Beacon (2nd Generation)
- HARDWARE: eero (2nd Generation)
- HARDWARE: eero 6 (3rd Generation)
- HARDWARE: eero 6 Extender (3rd Generation)
- HARDWARE: eero 6 Pro
- HARDWARE: eero 6+ (4th Gen)
- HARDWARE: eero 6E Pro (4th Gen)
- ANDROID: com.eero.android
- IOS: 1023499075
Out of Scope Assets:- OTHER: Anything not in scope (OOS)
- OTHER: Services, Apps, Mobile (OOS)
- OTHER: Devices (OOS)
|
| + | https://hackerone.com/elastic | 33 | 17 | HackerOne |
In Scope Assets:- URL: www.elastic.co
- URL: cloud.elastic.co
- WILDCARD: *.elastic.co
- WILDCARD: *.found.io
- WILDCARD: *.swiftype.com
- WILDCARD: *.elstc.co
- WILDCARD: *.elasticnet.co
- WILDCARD: *.eops.nl
- OTHER: Other
- OTHER: Elastic Package Registry
- OTHER: Elastic Synthetics Monitoring
- OTHER: elastic.co credentials
- EXECUTABLE: Beats - Auditbeat
- EXECUTABLE: Beats - Filebeat
- EXECUTABLE: Beats - Heartbeat
- EXECUTABLE: Beats - Metricbeat
- EXECUTABLE: Beats - Packetbeat
- EXECUTABLE: Beats - Winlogbeat
- EXECUTABLE: Elastic Agent
- EXECUTABLE: Elastic Cloud Enterprise (ECE)
- EXECUTABLE: Elastic Cloud on Kubernetes (ECK)
- EXECUTABLE: Elastic Enterprise Search
- EXECUTABLE: Elastic Maps Server
- EXECUTABLE: Elasticsearch
- EXECUTABLE: Logstash
- EXECUTABLE: Observability - APM Agents
- EXECUTABLE: Observability - APM Server
- EXECUTABLE: Fleet Server
- EXECUTABLE: Kibana
- EXECUTABLE: Beats
- OTHER: Software Supply Chain
- OTHER: Elastic Clients
- SOURCE_CODE: Elastic Behavior Detections
Out of Scope Assets:- URL: go.es.co (OOS)
- URL: info.elastic.co (OOS)
- URL: learn.elastic.co (OOS)
- URL: elasticon.elastic.co (OOS)
- URL: training.elastic.co (OOS)
- URL: link.email.elastic.co (OOS)
- URL: track.email.elastic.co (OOS)
- URL: sendgrid.elastic.co (OOS)
- URL: wiki.elastic.co (OOS)
- WILDCARD: https://github.com/elastic/*/wiki (OOS)
- WILDCARD: https://github.com/swiftype/*/wiki (OOS)
- URL: community.elastic.co (OOS)
- URL: discuss.elastic.co (OOS)
- URL: jobs.elastic.co (OOS)
- URL: partners.elastic.co (OOS)
- WILDCARD: *.elasticsearch.cn (OOS)
- URL: buy.elastic.co (OOS)
|
| + | https://hackerone.com/enjin | 6 | 9 | HackerOne |
In Scope Assets:- ANDROID: com.enjin.mobile.wallet
- IOS: com.enjin.mobile.wallet
- OTHER: Enjin Coin - Ethereum ERC-20 Contract
- URL: nft.io
- URL: platform.enjin.io
- OTHER: Enjin Blockchain
Out of Scope Assets:- URL: enj.in (OOS)
- URL: docs.enjin.io (OOS)
- URL: enjin.io (OOS)
- URL: cdn.nft.io (OOS)
- URL: faucet.canary.enjin.io (OOS)
- URL: support.enjin.io (OOS)
- URL: support.nft.io (OOS)
- URL: assets.enjin.io (OOS)
- URL: cdn.enjin.io (OOS)
|
| + | https://hackerone.com/epicgames | 74 | 99 | HackerOne |
|
| + | https://hackerone.com/eternal | 29 | 15 | HackerOne |
In Scope Assets:- WILDCARD: *.zomato.com
- URL: winecellar.zomato.com
- ANDROID: com.application.zomato
- IOS: 434613896
- WILDCARD: *.zdev.net
- WILDCARD: *.zomans.com
- WILDCARD: *.hyperpure.com
- WILDCARD: *.runnr.in
- OTHER: All Assets (other than Blinkit)
- WILDCARD: http://*.grofer.io
- WILDCARD: http://*.grofers.com
- IOS: 960335206
- ANDROID: com.grofers.customerapp
- URL: api.grofers.com
- URL: api2.grofers.com
- URL: blinkit.com
- WILDCARD: *.district.in
- WILDCARD: *.edition.in
- WILDCARD: *.ticketnew.com
- WILDCARD: *.insider.in
- OTHER: Blinkit, Bistro and Hyperpure assets (in scope)
- OTHER: All Zomato Assets (Other than BlinkIT & Hyperpure)
- WILDCARD: *.tktnew.com
- OTHER: All District Assets (Other than Zomato, BlinkIT & Hyperpure)
- ANDROID: com.blinkit.bistro
- IOS: 6670203019
- URL: bistro-api.blinkit.com
- ANDROID: com.application.zomato.district
- IOS: 6670536058
Out of Scope Assets:- URL: www.zomatobook.com (OOS)
- URL: business-blog.zomato.com (OOS)
- ANDROID: com.application.zomato.ordering (OOS)
- URL: blog.zomato.com (OOS)
- URL: community.zomato.com (OOS)
- URL: success.zomato.com (OOS)
- URL: dev.hyperpure.com (OOS)
- URL: devapi.hyperpure.com (OOS)
- URL: devpod.hyperpure.com (OOS)
- URL: send.zomato.com (OOS)
- WILDCARD: staging*.runnr.in (OOS)
- WILDCARD: http://*.blinkit.support (OOS)
- WILDCARD: *.zomatoportugal.com (OOS)
- WILDCARD: *.bstro.io (OOS)
- WILDCARD: *.ali.zomans.com (OOS)
|
| + | https://hackerone.com/etoro_bbp | 42 | 3 | HackerOne |
In Scope Assets:- URL: www.etoro.com
- URL: etoropartners.com
- URL: partners.etoro.com
- IOS: com.etoro.openbook
- ANDROID: com.etoro.openbook
- URL: aggregator.etoro.com
- URL: api.etoro.com
- URL: billing.etoro.com
- URL: billing-pci.etoro.com
- URL: candle.etoro.com
- URL: candle-src.etoro.com
- URL: cashier.etoro.com
- URL: cashier-src.etoro.com
- URL: charts.etoro.com
- URL: push-d-gw.cloud.etoro.com
- URL: push-d-hap.cloud.etoro.com
- URL: push-demo-hk-lightstreamer.cloud.etoro.com
- URL: push-demo-lightstreamer.cloud.etoro.com
- URL: push-dn-hap.cloud.etoro.com
- URL: push-hap.cloud.etoro.com
- URL: push-lightstreamer.cloud.etoro.com
- URL: push-n-hap.cloud.etoro.com
- URL: push-real-hk-lightstreamer.cloud.etoro.com
- URL: etorologsapi.etoro.com
- URL: kyc.etoro.com
- URL: kyc-src.etoro.com
- URL: r.etoro.com
- URL: streams.etoro.com
- URL: sts.etoro.com
- URL: tapi-demo.etoro.com
- URL: tapi-real.etoro.com
- URL: uapi-front.etoro.com
- URL: wallet.etoro.com
- URL: watchlistapi.etoro.com
- IOS: com.etoro.wallet
- ANDROID: com.etoro.wallet
- URL: rankings.etoro.com
- URL: delta.app
- IOS: io.getdelta.ios
- ANDROID: io.getdelta.android
- URL: bullsheet.me
- URL: helpers.bullsheet.me
Out of Scope Assets:- URL: templates.etoro.com (OOS)
- URL: api-portal.etoro.com (OOS)
- URL: etorox.com (OOS)
|
| + | https://hackerone.com/eufy_security | 15 | 0 | HackerOne |
In Scope Assets:- HARDWARE: https://us.eufy.com/products/t88711w1
- HARDWARE: https://us.eufy.com/products/t88511d1
- HARDWARE: https://us.eufy.com/products/t8410121
- IOS: com.security.BatteryCam
- HARDWARE: https://us.eufy.com/products/e8213181
- ANDROID: com.oceanwing.battery.cam
- IOS: com.security.care
- ANDROID: com.oceanwing.care.cam
- IOS: com.eufylife.EufyHome
- IOS: com.anker.AnkerMake
- ANDROID: com.oceanwing.FDMPrint
- HARDWARE: eufyMake E1
- HARDWARE: Solarbank 2 E1600 Pro
- ANDROID: com.anker.charging
- IOS: id1635029057
|
| + | https://hackerone.com/evernote | 7 | 2 | HackerOne |
In Scope Assets:- URL: www.evernote.com
- URL: accounts.evernote.com
- IOS: 281796108
- WINDOWS APP: 9wzdncrfj3mb
- EXECUTABLE: 406056744
- URL: api.evernote.com
- ANDROID: com.evernote
Out of Scope Assets:- ANDROID: com.evernote.android (OOS)
- URL: help.evernote.com (OOS)
|
| + | https://hackerone.com/exness | 15 | 0 | HackerOne |
In Scope Assets:- ANDROID: com.exness.investments
- URL: my.exness.com
- URL: pay.ibex.exchange
- URL: https://my.exness.com/webtrading/
- URL: exnessaffiliates.com
- URL: social-trading.exness.com
- URL: https://my.exness.com/pa/socialtrading
- URL: https://my.exness.com/pa/pim/manager
- URL: pwapi.ex2b.com
- URL: exness.com
- URL: api.excalls.mobi
- IOS: Exness Trade: Online Trading
- IOS: Exness Social Trading
- IOS: Exness Investor
- ANDROID: com.exness.android.pa
|
| + | https://hackerone.com/exodus | 7 | 12 | HackerOne |
In Scope Assets:- WILDCARD: *.exodus.io
- WILDCARD: *.a.exodus.io
- IOS: exodus-movement.exodus
- ANDROID: exodusmovement.exodus
- EXECUTABLE: Exodus Desktop Wallet
- WILDCARD: *.exodus.com
- OTHER: Passkey Wallet
Out of Scope Assets:- URL: support.exodus.com (OOS)
- WILDCARD: get.exodus.* (OOS)
- URL: http://www.exodus.com/contact-support (OOS)
- URL: support-helpers.a.exodus.io (OOS)
- WILDCARD: www.exodus.com/job-application/* (OOS)
- URL: slack-invite.exodus.com (OOS)
- WILDCARD: *.atp-exodus.com (OOS)
- URL: exodus.atlassian.net (OOS)
- URL: exodusstore.blob.core.windows.net (OOS)
- URL: https://exodus.atlassian.net (OOS)
- URL: http://exodus.com/keybase.txt (OOS)
- EXECUTABLE: Exodus Browser Extension (OOS)
|
| + | https://hackerone.com/expediagroup_bbp | 51 | 7 | HackerOne |
In Scope Assets:- URL: www.hotels.com
- URL: www.expedia.com
- URL: www.vrbo.com
- URL: www.hotwire.com
- URL: www.hotwirepartnercentral.com
- IOS: 566635048
- ANDROID: com.hotwire.hotels
- URL: www.orbitz.com
- URL: www.ebookers.com
- URL: www.ebookers.fi
- URL: www.mrjet.se
- ANDROID: com.ebookers
- ANDROID: com.orbitz
- IOS: 403546234
- IOS: 483394780
- IOS: 427916203
- ANDROID: com.expedia.bookings
- URL: www.carrentals.com
- URL: www.wotif.com
- URL: www.cheaptickets.com
- URL: www.lastminute.co.nz
- URL: www.lastminute.com.au
- URL: www.travelocity.com
- URL: www.travelocity.ca
- ANDROID: com.wotif.android
- ANDROID: com.cheaptickets
- ANDROID: com.travelocity.android
- IOS: 531549799
- IOS: 880759727
- IOS: 284803487
- URL: www.abritel.fr
- URL: www.bookabach.co.nz
- URL: www.fewo-direkt.de
- URL: www.stayz.com.au
- URL: www.expediagroup.com
- URL: www.flights.com
- ANDROID: com.hcom.android
- IOS: 284971959
- ANDROID: com.vrbo.android
- IOS: 1245772818
- WILDCARD: *.vrbo.com
- WILDCARD: *.carrentals.com
- WILDCARD: *.wotif.com
- WILDCARD: *.cheaptickets.com
- WILDCARD: *.lastminute.co.nz
- WILDCARD: *.lastminute.com.au
- WILDCARD: *.travelocity.com
- WILDCARD: *.travelocity.ca
- WILDCARD: *.expediapartnercentral.com
- URL: www.expediataap.com
- URL: www.expedia-aarp.com
Out of Scope Assets:- URL: www.expediapartnersolutions.com (OOS)
- URL: www.expediaagents.com (OOS)
- WILDCARD: *.expediacruises.com (OOS)
- URL: china.airasiago.com (OOS)
- URL: thailand.airasiago.com (OOS)
- URL: bookus.expediacruises.com (OOS)
- WILDCARD: https://*.expedia.com/ (OOS)
|
| + | https://hackerone.com/fanduel | 38 | 7 | HackerOne |
In Scope Assets:- IOS: 599664106
- URL: sportsbook.fanduel.com
- WILDCARD: *racing.fanduel.com
- URL: tvg.com
- ANDROID: com.fanduel.android.self
- URL: 4njbets.tvgnetwork.com
- URL: www.tvg.com
- URL: b2b.tvgnetwork.com
- URL: ia.tvg.com
- URL: login-4ngbets.us.betfair.com
- URL: login.pabets.tvg.com
- URL: login-ia.tvg.com
- URL: login.tvg.com
- URL: m.4njbets.tvg.com
- URL: mobile-prod.tvg.com
- URL: pabets.tvg.com
- URL: promos.tvg.com
- URL: service.tvg.com
- URL: us.tvg.com
- URL: www.4njbets.com
- WILDCARD: *.mgmt.fndlsb.net
- WILDCARD: *.prd.fndlsb.net
- WILDCARD: *inf.fndlsb.net
- URL: fanduel.com
- URL: service.racing.fanduel.com
- URL: 4njbets.com
- URL: 4njbets.tvg.com
- URL: 4njbets.us.betfair.com
- URL: login-4njbets.us.betfair.com
- URL: login-pabets.tvg.com
- ANDROID: com.fanduel.sportsbook
- ANDROID: com.fanduel.casino
- IOS: 1506229470
- ANDROID: com.fanduel.racing
- IOS: 1485539253
- ANDROID: com.fanduel.flywheelnativecontainer.picks
- IOS: 6740879082
- IOS: 1413721906
Out of Scope Assets:- URL: fdbox.net (OOS)
- WILDCARD: *.east.fdbox.net (OOS)
- WILDCARD: *.prod.fdbox.net (OOS)
- WILDCARD: *.canada.fanduel.com (OOS)
- WILDCARD: *.fndl.dev (OOS)
- URL: affiliates.fanduel.com (OOS)
- URL: partners.fanduel.com (OOS)
|
| + | https://hackerone.com/faraday_inc | 4 | 0 | HackerOne |
In Scope Assets:- OTHER: s3://faraday-uploads
- OTHER: s3://faraday-secret
- URL: app.faraday.ai
- URL: api.faraday.ai
|
| + | https://hackerone.com/fetlife | 3 | 9 | HackerOne |
In Scope Assets:- URL: fetlife.com
- WILDCARD: *.fetlife.com
- URL: fetlifemail.com
Out of Scope Assets:- URL: status.fetlife.com (OOS)
- ANDROID: com.bitlove.fetlife (OOS)
- URL: mail.fetlife.com (OOS)
- URL: n2.fetlife.com (OOS)
- URL: fetlifestatus.com (OOS)
- IOS: co.bitlove.opensource.FetLife (OOS)
- OTHER: Requests to our ad endpoints (on any server): `/ads/serve`, `/ads/application_serve*`, and `/ads/click/*` (OOS)
- WILDCARD: *.bitlove.co (OOS)
- URL: bitlove.co (OOS)
|
| + | https://hackerone.com/figma | 7 | 1 | HackerOne |
In Scope Assets:- URL: www.figma.com
- URL: api.figma.com
- OTHER: Figma Atlassian App
- OTHER: Figma Desktop App
- OTHER: Figma iOS and Android apps
- OTHER: Figma Slack App
- OTHER: Figma for Microsoft Teams
Out of Scope Assets:- URL: www.designsystems.com (OOS)
|