Scope Data

In Scope Assets:

• WILDCARD: *.lyst.com
• IOS: 597940518
• URL: cdna.lystit.com
• URL: mobileapi.lystit.com
• WILDCARD: *.lystit.com
• WILDCARD: *.lyst.co
• ANDROID: com.lyst.lystapp

Out of Scope Assets:

• URL: help.lyst.com (OOS)

In Scope Assets:

• URL: auth.magic.link
• URL: dashboard.magic.link
• URL: api.magic.link
• URL: newton.xyz

In Scope Assets:

• URL: magiceden.io
• OTHER: *.magiceden.io
• OTHER: *.magiceden.dev
• OTHER: *.magiceden.workers.dev
• OTHER: Magic Eden Wallet (Chrome Extension)
• IOS: com.magiceden.wallet
• ANDROID: com.magiceden.wallet
• URL: slingshot.finance
• URL: slingshot.app

Out of Scope Assets:

• URL: blog.magiceden.io (OOS)
• URL: eng.magiceden.io (OOS)
• URL: eng.magiceden.dev (OOS)
• URL: http://ord-mirror.magiceden.dev (OOS)
• URL: mainframe.magiceden.io (OOS)
• URL: img-cdn.magiceden.dev (OOS)
• URL: cdn.magiceden.dev (OOS)

In Scope Assets:

• EXECUTABLE: Malwarebytes for Windows
• EXECUTABLE: Malwarebytes for Mac
• ANDROID: org.malwarebytes.antimalware
• URL: www.malwarebytes.com
• URL: my.malwarebytes.com
• URL: cloud.malwarebytes.com
• OTHER: Malwarebytes Privacy (VPN)
• EXECUTABLE: AdwCleaner
• IOS: com.malwarebytes.Malwarebytes
• OTHER: BrowserGuard (Firefox/Chrome/Safari browser extension)
• EXECUTABLE: Malwarebytes for Teams
• OTHER: Vulnerability & Patch Management
• EXECUTABLE: Malwarebytes Remediation for CrowdStrike
• EXECUTABLE: Malwarebytes Incident Response
• OTHER: Malwarebytes Endpoint Detection and Response (EDR)
• OTHER: Malwarebytes Endpoint Protection
• EXECUTABLE: Malwarebytes ToolSet (MBTS)
• EXECUTABLE: Malwarebytes Windows Firewall Control
• URL: oneview.malwarebytes.com
• WILDCARD: *.mwbsys.com
• WILDCARD: *.mb-cosmos.com
• WILDCARD: *.mbamupdates.com
• WILDCARD: *.cloud.malwarebytes.com
• WILDCARD: *.malwarebytes.com
• WILDCARD: *.mwb-threatintel.com
• OTHER: Malwarebytes Device Control
• OTHER: Any other Malwarebytes asset
• WILDCARD: *.threatdown.com
• WILDCARD: *.cyrus-security.com
• EXECUTABLE: Malwarebytes Support Tool (MBST)

Out of Scope Assets:

• URL: estore.malwarebytes.com (OOS)
• URL: store.malwarebytes.com (OOS)
• URL: pages.malwarebytes.com (OOS)
• URL: view.malwarebytes.com (OOS)
• EXECUTABLE: Malwarebytes Anti-Ransomware (OOS)
• URL: store.threatdown.com (OOS)
• URL: malwarebytes.zoom.us (OOS)

In Scope Assets:

• URL: www.mapbox.com
• SOURCE_CODE: https://www.mapbox.com/mapbox-gl-js/
• SOURCE_CODE: https://docs.mapbox.com/ios/maps/overview/
• SOURCE_CODE: https://docs.mapbox.com/android/
• SOURCE_CODE: https://github.com/mapbox
• URL: api.mapbox.com
• URL: https://docs.mapbox.com/

Out of Scope Assets:

• OTHER: Submissions on out-of-scope assets listed below will be closed as N/A (OOS)
• URL: geojson.io (OOS)

In Scope Assets:

• IOS: 455004730
• URL: homes-and-villas.marriott.com
• URL: activities.marriott.com
• URL: careers.marriott.com
• URL: sso.marriott.com
• URL: mgs.marriott.com
• URL: jobs.marriott.com
• URL: passwordchallenge.marriott.com
• URL: gateway*.marriott.com
• URL: dcfgateway*.marriott.com
• URL: marriottfranchisetransactions.marriott.com
• URL: lawmanager.marriott.com
• URL: hotel-deals.marriott.com
• URL: all-inclusive.marriott.com
• URL: reservations.all-inclusive.marriott.com
• URL: marrtool.com
• URL: cpp.marriott.com
• URL: gatewaydsapdev2.marriott.com
• URL: dcfgatewaytst1.marriott.com
• URL: gatewaydsaptst1.marriott.com
• URL: gatewaydsaptst2.marriott.com
• URL: www.ritzcarlton.com
• URL: www.marriott.com
• URL: *uat.marriott.com
• URL: http://www.shopmarriott.com
• URL: moments.marriottbonvoy.com
• URL: help.marriott.com
• URL: traveler.marriott.com
• URL: travelagents.marriott.com/
• URL: mipartnerprivileges.marriott.com
• URL: psp.marriott.com

Out of Scope Assets:

• URL: apps.ritzcarlton.com (OOS)
• URL: vacations.marriott.com (OOS)
• URL: towneplacesuites.marriott.com (OOS)
• URL: springhillsuites.marriott.com (OOS)
• URL: www.travelagents.marriott.com (OOS)
• OTHER: Not-Listed Assets (OOS)
• URL: *moxymix*.marriott.com (OOS)
• URL: milux.marriott.com (OOS)
• URL: luxurybrands.marriott.com (OOS)
• URL: element-hotels.marriott.com (OOS)
• URL: mi.bookmarriott.com (OOS)
• URL: *.ritzcarltonyachtcollection.com (OOS)
• URL: *.phunware.com (OOS)
• URL: www.github.com (OOS)
• URL: marriottlearnourbrands.com (OOS)
• URL: hotelexcellence.marriott.com (OOS)
• URL: meetings-excellence.marriott.com (OOS)
• URL: marriott.tech (OOS)
• OTHER: Phoenix Platform (OOS)
• URL: www.msg-gateway.marriott.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/matomo-org/matomo
• SOURCE_CODE: https://plugins.matomo.org/developer/matomo-org
• SOURCE_CODE: https://plugins.matomo.org/developer/innocraft
• SOURCE_CODE: https://github.com/matomo-org
• SOURCE_CODE: https://github.com/innocraft/
• URL: matomo.cloud
• URL: https://github.com/matomo-org/docker

Out of Scope Assets:

• URL: plugins.matomo.org (OOS)
• URL: api.matomo.org (OOS)
• URL: matomo.org (OOS)
• URL: forum.matomo.org (OOS)
• URL: shop.matomo.org (OOS)

In Scope Assets:

• ANDROID: com.mercadopago.wallet
• IOS: com.mercadopago.MercadoPago
• URL: api.mercadopago.com
• ANDROID: com.mercadolibre
• IOS: com.3mosquitos.MercadoLibre
• URL: api.mercadolibre.com
• HARDWARE: Point Smart
• ANDROID: com.mercadoenvios.driver
• ANDROID: com.mercadoenvios.crowdsourcing
• OTHER: Crypto
• WILDCARD: *.adminml.com
• WILDCARD: *.mercadolibre.cl
• WILDCARD: *.mercadolibre.com
• WILDCARD: *.mercadolibre.com.ar
• WILDCARD: *.mercadolibre.com.co
• WILDCARD: *.mercadolibre.com.mx
• WILDCARD: *.mercadolibre.com.pe
• WILDCARD: *.mercadolibre.com.uy
• WILDCARD: *.mercadolivre.com.br
• WILDCARD: *.mercadopago.cl
• WILDCARD: *.mercadopago.com
• WILDCARD: *.mercadopago.com.ar
• WILDCARD: *.mercadopago.com.br
• WILDCARD: *.mercadopago.com.co
• WILDCARD: *.mercadopago.com.mx
• WILDCARD: *.mercadopago.com.pe
• WILDCARD: *.mercadopago.com.uy
• WILDCARD: *.mercadoshops.cl
• WILDCARD: *.mercadoshops.co.cr
• WILDCARD: *.mercadoshops.com
• WILDCARD: *.mercadoshops.com.ar
• WILDCARD: *.mercadoshops.com.br
• WILDCARD: *.mercadoshops.com.co
• WILDCARD: *.mercadoshops.com.do
• WILDCARD: *.mercadoshops.com.ec
• WILDCARD: *.mercadoshops.com.mx
• WILDCARD: *.mercadoshops.com.pa
• WILDCARD: *.mercadoshops.com.pe
• WILDCARD: *.mercadoshops.com.py
• WILDCARD: *.mercadoshops.com.uy
• WILDCARD: *.mlstatic.com
• URL: logistica.redelcom.cl
• URL: www.mercadolibre.co.cr
• URL: www.mercadolibre.com.bo
• URL: www.mercadolibre.com.do
• URL: www.mercadolibre.com.ec
• URL: www.mercadolibre.com.gt
• URL: www.mercadolibre.com.hn
• URL: www.mercadolibre.com.ni
• URL: www.mercadolibre.com.pa
• URL: www.mercadolibre.com.py
• URL: www.mercadolibre.com.sv
• URL: www.mercadolivre.com
• URL: www.mercadopago.com.ec
• ANDROID: com.mercadoenvios.logistics
• OTHER: Leaked Credentials
• URL: biolibre.ar
• URL: biolibre.cl
• URL: biolibre.co
• URL: biolibre.mx
• URL: biolivre.com.br
• URL: meliplay.com.ar
• URL: meliplay.com.pe
• URL: meliplay.com.uy
• URL: mercadoplay.co
• URL: mercadoplay.com.pe
• URL: mercadoplay.com.uy
• URL: mercadoplay.pe
• URL: mercadoplay.uy
• URL: portalinmobiliario.cl
• URL: portalinmobiliario.com
• URL: tucarro.com
• URL: tucarro.com.co
• URL: tumoto.com
• ANDROID: com.mercadolibre.android.mplay_tv
• URL: furycloud.io
• URL: furydocs.io
• URL: mercadolibreexperience.cl
• URL: mercadolivreexperience.com.br
• URL: sustentabilidadmercadolibre.com

Out of Scope Assets:

• WILDCARD: *.kangu.com.br (OOS)
• OTHER: developersforum (OOS)
• OTHER: Redelcom (OOS)
• WILDCARD: *.gokangu.cl (OOS)
• WILDCARD: *.gokangu.co (OOS)
• WILDCARD: *.gokangu.mx (OOS)
• WILDCARD: *.gokangu.uy (OOS)
• WILDCARD: *.kangu.tech (OOS)
• URL: wow-int.mercadolibre.com (OOS)

In Scope Assets:

• URL: api.mergify.com
• URL: dashboard.mergify.com

Out of Scope Assets:

• URL: mergify.com (OOS)
• URL: blog.mergify.com (OOS)

In Scope Assets:

• URL: metamask.io
• ANDROID: io.metamask
• IOS: io.metamask.Metamask
• OTHER: MetaMask Browser Extension
• OTHER: MetaMask SDK
• URL: portfolio.metamask.io
• OTHER: https://metamask.github.io/phishing-warning/<vX.Y.Z>
• OTHER: Snaps
• URL: snaps.metamask.io
• SOURCE_CODE: Snaps Development Packages
• WILDCARD: https://*.metamask.io
• WILDCARD: *.api.cx.metamask.io
• URL: https://user-storage.api.cx.metamask.io
• OTHER: Message signing snap
• URL: developer.metamask.io
• URL: signature-insights.api.cx.metamask.io

Out of Scope Assets:

• OTHER: https://www.npmjs.com/search?q=%40metamask (OOS)
• OTHER: Metamask Flask Extension (OOS)
• URL: community.metamask.io (OOS)
• OTHER: https://metamask.github.io/ (OOS)
• OTHER: Core Tier Assets (OOS)
• OTHER: Non-Core Tier Assets (OOS)
• URL: https://mmi-support.metamask.io/ (OOS)
• URL: https://support.metamask.io/ (OOS)
• URL: permissionless.snaps.metamask.io (OOS)
• OTHER: Wallet Tier Assets (OOS)
• URL: card.metamask.io (OOS)
• URL: travel.metamask.io (OOS)

In Scope Assets:

• URL: app.moderntreasury.com
• URL: cdn.moderntreasury.com

Out of Scope Assets:

• URL: www.moderntreasury.com (OOS)
• URL: docs.moderntreasury.com (OOS)
• URL: trust.moderntreasury.com (OOS)
• URL: help.moderntreasury.com (OOS)
• URL: ph.moderntreasury.com (OOS)

In Scope Assets:

• URL: moneybird.com
• URL: moneybirdstorage.com
• IOS: com.moneybird.Moneybird
• ANDROID: com.moneybird.android

In Scope Assets:

• URL: https://www.*mongodb.com/*
• OTHER: *.account.mongodb.com/*
• URL: mongodb.live/*
• OTHER: Node.js Driver
• OTHER: Java Driver
• OTHER: Python Driver
• OTHER: .NET Driver
• OTHER: All Evergreen Assets (Excluding staging)
• OTHER: MongoDB Owned GitHub Repositories
• OTHER: *.cloud.mongodb.com/*
• OTHER: Ruby Driver
• OTHER: Rust Driver
• OTHER: MongoDB Server Local Instance
• OTHER: MongoDB BI Connector
• OTHER: Cluster-To-Cluster sync
• OTHER: Compass
• OTHER: C Driver
• OTHER: C# Driver
• OTHER: C++ Driver
• OTHER: GO Driver
• OTHER: PHP Driver
• OTHER: Kafka Connector
• OTHER: MongoDB Realm SDKs
• OTHER: Relational Migrator
• OTHER: MongoDB Shell
• OTHER: Spark Connector
• OTHER: VS Code Plugin
• WILDCARD: https://*.corp.mongodb.com*
• URL: artifactory.corp.mongodb.com/

Out of Scope Assets:

• OTHER: MonogoDB Community Server (OOS)
• OTHER: MongoDB Community Edition Cloud Manager (OOS)
• OTHER: Enterprise Edition Products and Tools (OOS)
• URL: *.atlas.mongodb.com/* (OOS)
• URL: https://www.mongodb.com/community/forums/* (OOS)
• URL: auth.mongodb.com/ (OOS)
• WILDCARD: http://*.auth.mongodb.com/* (OOS)
• OTHER: MongoDB Driver: Swift (OOS)

In Scope Assets:

• URL: moonpay.com
• WILDCARD: *.moonpaycloud.com
• URL: hypermint.com
• WILDCARD: *.hypermint.com
• WILDCARD: *.moonpay.com
• SOURCE_CODE: https://github.com/moonpay
• ANDROID: https://play.google.com/store/apps/details?id=com.moonpay
• IOS: https://apps.apple.com/app/id1635031432
• URL: web3.moonpay.com
• URL: sell.moonpay.com
• URL: buy.moonpay.com
• URL: auth.moonpay.com
• URL: app.moonpay.com
• URL: api.moonpay.com

Out of Scope Assets:

• URL: clicks.moonpay.com (OOS)
• URL: qr.moonpay.com (OOS)
• URL: page.moonpay.com (OOS)
• URL: support.moonpay.com (OOS)
• URL: docs.moonpay.com (OOS)
• WILDCARD: *.plexlabs.io (OOS)
• URL: plexlabs.io (OOS)
• URL: request-headers-no-proxy.moonpay.com (OOS)
• URL: request-headers.moonpay.com (OOS)
• URL: docs.hypermint.com (OOS)
• URL: help.moonpay.com (OOS)
• URL: storefront.hypermint.com (OOS)
• URL: ethpass.xyz (OOS)
• URL: dev.moonpay.com (OOS)
• URL: payload-marketing.moonpay.com (OOS)
• SOURCE_CODE: https://github.com/moonpay/moonpay-sign (OOS)

In Scope Assets:

• URL: addons.allizom.org
• URL: developer.mozilla.org
• URL: accounts.firefox.com
• URL: profiler.firefox.com
• URL: vpn.mozilla.org
• URL: relay.firefox.com
• URL: api.profiler.firefox.com
• OTHER: Mozilla VPN Clients
• URL: www.mozilla.org
• URL: support.mozilla.org
• URL: hg.mozilla.org
• URL: stage.taskcluster.nonprod.cloudops.mozgcp.net
• URL: community-tc.services.mozilla.com
• URL: monitor.mozilla.org
• OTHER: Product Delivery
• URL: aus5.mozilla.org
• URL: bugzilla.mozilla.org
• URL: crash-reports.allizom.org
• URL: crash-stats.allizom.org
• URL: firefox-ci-tc.services.mozilla.com
• URL: firefox.settings.services.mozilla.com
• URL: lando.services.mozilla.com
• URL: merino.services.mozilla.com
• URL: mozilla-pontoon-staging.herokuapp.com
• URL: phabricator.allizom.org
• URL: push.services.mozilla.com
• URL: sync.services.mozilla.com
• OTHER: Mozilla Ad Routing Service

In Scope Assets:

• OTHER: mpa.qr.web.m-pesa.com
• URL: mpa.ekyc.backoffice.m-pesa.com
• URL: mpa.ekyc.selfregister.m-pesa.com
• URL: openapiportal.m-pesa.com
• URL: openapi.m-pesa.com
• ANDROID: com.vodafone.mpesa.ls
• ANDROID: com.vodafone.mpesa.mozambique
• ANDROID: com.vodafone.mpesa.drc
• IOS: 1442121355
• IOS: 1502222766
• WILDCARD: *.m-pesa.com
• URL: m-pesa.africa

Out of Scope Assets:

• URL: sso.m-pesa.vm.co.mz (OOS)
• URL: sso.pr.m-pesa.vm.co.mz (OOS)
• URL: business.m-pesa.com (OOS)
• ANDROID: com.vodacom.mpesa.ls.business (OOS)
• URL: ra.ls.m-pesa.com (OOS)
• URL: mz.m-pesa.com (OOS)

In Scope Assets:

• URL: www.nba.com
• URL: gleague.nba.com
• URL: 2kleague.nba.com
• URL: bal.nba.com
• URL: content-api-nextgen-prod.nba.com
• URL: content-api-prod.nba.com
• URL: core-api.nba.com
• URL: id.nba.com
• URL: stats-trafficcop-prod.nba.com
• URL: cdn.nba.com
• URL: cms.nba.com
• URL: stats.nba.com
• URL: identity.nba.com
• URL: www.wnba.com
• URL: teamportal.nba.com
• URL: cweb-ott.nba.com
• URL: syndication.nba.com
• URL: stats.wnba.com
• URL: stats.gleague.nba.com
• URL: stats.2kleague.nba.com
• URL: cdn-bal.nba.com
• URL: corp-dev.nba.com
• URL: manage.nba.com
• URL: manage-teams.nba.com
• URL: nbafedsvc.nba.com
• URL: vote.nba.com
• URL: mcd.nba.com
• URL: mcdalerts.nba.com
• URL: elm.nba.com
• URL: lockervision.nba.com
• ANDROID: com.nbaimd.gametime.nba2011
• IOS: com.nbaimd.gametime.universal
• URL: adb.nba.com
• URL: br.nba.com
• URL: cares.nba.com
• URL: cl.nba.com
• URL: coalition.nba.com
• URL: gamenotes.nba.com
• URL: grae.nba.com
• URL: 2kleague-dev.nba.com
• URL: 2kleague-qa.nba.com
• URL: gleague-dev.nba.com
• URL: gleague-qa.nba.com
• URL: www-dev.wnba.com
• URL: www-dev.nba.com
• URL: www-qa.wnba.com
• URL: www-qa.nba.com
• URL: socialimpact.nba.com
• URL: www-uat.nba.com
• URL: www-ng.nba.com
• URL: vth.nba.com
• URL: teamdirectory.nba.com
• URL: bal-dev.nba.com
• URL: bal-qa.nba.com
• URL: bal-uat.nba.com
• URL: mcd-dev.nba.com
• URL: mcd-devint.nba.com
• URL: mcd-perf.nba.com
• URL: mcd-qa.nba.com
• URL: mcd-uat.nba.com
• URL: mcdalerts-dev.nba.com
• URL: mcdalerts-devint.nba.com
• URL: mcdalerts-perf.nba.com
• URL: mcdalerts-qa.nba.com
• URL: mcdalerts-uat.nba.com
• URL: content-api-dev.nba.com
• URL: content-api-nextgen-dev.nba.com
• URL: content-api-nextgen-qa.nba.com
• URL: content-api-nextgen-uat.nba.com
• URL: content-api-qa.nba.com
• URL: content-api-sandbox.nba.com
• URL: content-api-uat.nba.com
• URL: core-api-dev.nba.com
• URL: core-api-devint.nba.com
• URL: core-api-qa.nba.com
• URL: core-api-sandbox.nba.com
• URL: core-api-uat-uc.nba.com
• URL: core-api-uat.nba.com
• URL: core-api-uc.nba.com
• URL: cweb-ott-dev.nba.com
• URL: cweb-ott-devint.nba.com
• URL: cweb-ott-qa.nba.com
• URL: cweb-ott-uat-uc.nba.com
• URL: cweb-ott-uc.nba.com
• URL: identity-uat.nba.com
• URL: identity-qa.nba.com
• URL: identity-ng.nba.com
• URL: identity-dev.nba.com
• URL: manage-dev.nba.com
• URL: manage-teams-dev.nba.com
• URL: manage-teams-qa.nba.com
• URL: manage-teams-uat.nba.com
• URL: manage-uat.nba.com
• URL: nbafedsvc-dev.nba.com
• URL: nbafedsvc-qa.nba.com

Out of Scope Assets:

• URL: mindhealth.nba.com (OOS)
• URL: totalhealth.nba.com (OOS)

In Scope Assets:

• URL: https://console.neon.tech/api/v2/
• URL: https://console.neon.tech/
• URL: https://console-stage.neon.build/

In Scope Assets:

• WILDCARD: *.nflxext.com
• URL: www.netflix.com
• WILDCARD: api*.netflix.com
• WILDCARD: *.prod.ftl.netflix.com
• WILDCARD: *.prod.cloud.netflix.com
• SOURCE_CODE: Open Source - Atlas
• OTHER: Corporate Assets
• WILDCARD: *.nflxvideo.net
• WILDCARD: *.prod.dradis.netflix.com
• URL: beacon.netflix.com
• URL: customerevents.netflix.com
• URL: secure.netflix.com
• WILDCARD: *.nflximg.net
• WILDCARD: *.nflxso.net
• URL: help.netflix.com
• URL: ichnaea.netflix.com
• URL: presentationtracking.netflix.com
• URL: nmtracking.netflix.com
• OTHER: Open Source - Consoleme
• OTHER: Open Source - Weep
• OTHER: Open Source - Zuul
• OTHER: Microsites
• OTHER: Open Source - Spectator
• OTHER: Secondary Assets
• OTHER: Content Authorization Targets
• URL: meechum.netflix.com
• IOS: Netflix Mobile Application for iOS
• ANDROID: Netflix Mobile Application for Android

Out of Scope Assets:

• OTHER: Open Source - Dispatch (OOS)
• OTHER: Third party websites or systems hosted by non-Netflix entities Out of Scope (OOS)
• URL: ir.netflix.com (OOS)
• URL: ir.netflix.net (OOS)
• URL: netflixinvestor.com (OOS)
• OTHER: Set-top-boxes, smart TVs, streaming sticks Out of Scope (OOS)

In Scope Assets:

• URL: app.netlify.com
• URL: api.netlify.com
• WILDCARD: *.onegraph.com
• WILDCARD: *.services.netlify.com
• WILDCARD: *.services-prod.nsvcs.net
• URL: internal.netlify.com
• WILDCARD: *.infra-prod.nsvcs.net
• WILDCARD: *.ops.netlify.com
• URL: netlify-cdp-loader.netlify.app
• URL: screenshot-proxy.netlify.app
• URL: netlify-rum.netlify.app
• URL: list-v2--netlify-plugins.netlify.app
• URL: internal-docs.netlify.com
• URL: supportal.netlify.app

Out of Scope Assets:

• URL: www.netlify.com (OOS)
• URL: webpop.com (OOS)
• WILDCARD: *.netlify.app (OOS)
• URL: docs.netlify.com (OOS)
• URL: answers.netlify.com (OOS)
• WILDCARD: *.netlify.com (OOS)
• URL: https://github.com/netlify/ (OOS)
• WILDCARD: *.netlifycms.org (OOS)

In Scope Assets:

• WILDCARD: http://*.newegg.com
• WILDCARD: http://*.newegg.ca
• IOS: com.newegg.app
• ANDROID: com.newegg.app
• URL: secure.newegg.com
• URL: secure.newegg.ca
• URL: pmtcards.newegg.com

Out of Scope Assets:

• WILDCARD: http://*.neweggbusiness.com (OOS)
• URL: jobs.newegg.com (OOS)
• URL: sellingpilot.newegg.com (OOS)

In Scope Assets:

• ANDROID: com.nextcloud.client
• IOS: it.twsweb.Nextcloud
• SOURCE_CODE: nextcloud/server
• SOURCE_CODE: nextcloud/activity
• SOURCE_CODE: nextcloud/files_accesscontrol
• SOURCE_CODE: nextcloud/3rdparty
• SOURCE_CODE: nextcloud/files_pdfviewer
• SOURCE_CODE: nextcloud/files_texteditor
• SOURCE_CODE: nextcloud/firstrunwizard
• SOURCE_CODE: nextcloud/notifications
• SOURCE_CODE: nextcloud/password_policy
• SOURCE_CODE: nextcloud/user_saml
• SOURCE_CODE: nextcloud/files_automatedtagging
• SOURCE_CODE: nextcloud/files_retention
• SOURCE_CODE: nextcloud/serverinfo
• SOURCE_CODE: nextcloud/nextcloud_announcements
• SOURCE_CODE: nextcloud/logreader
• SOURCE_CODE: nextcloud/survey_client
• SOURCE_CODE: nextcloud/updater
• EXECUTABLE: Desktop Client
• SOURCE_CODE: nextcloud/spreed
• ANDROID: com.nextcloud.talk2
• IOS: com.nextcloud.Talk
• SOURCE_CODE: nextcloud/photos
• SOURCE_CODE: nextcloud/mail
• SOURCE_CODE: nextcloud/files_rightclick
• SOURCE_CODE: nextcloud/privacy
• SOURCE_CODE: nextcloud/recommendations
• SOURCE_CODE: nextcloud/viewer
• SOURCE_CODE: nextcloud/text
• SOURCE_CODE: nextcloud/circles
• SOURCE_CODE: nextcloud/data_request
• SOURCE_CODE: nextcloud/files_antivirus
• SOURCE_CODE: nextcloud/fulltextsearch
• SOURCE_CODE: daita/files_fulltextsearch_tesseract
• SOURCE_CODE: nextcloud/flow_notifications
• SOURCE_CODE: nextcloud/fulltextsearch_elasticsearch
• SOURCE_CODE: nextcloud/files_fulltextsearch
• SOURCE_CODE: nextcloud/groupfolders
• SOURCE_CODE: nextcloud/guests
• SOURCE_CODE: nextcloud/sharepoint
• SOURCE_CODE: nextcloud/socialsharing
• SOURCE_CODE: nextcloud/suspicious_login
• SOURCE_CODE: nextcloud/terms_of_service
• SOURCE_CODE: nextcloud/twofactor_totp
• SOURCE_CODE: nextcloud/user_oidc
• SOURCE_CODE: nextcloud/workflow_script
• SOURCE_CODE: nextcloud/calendar
• SOURCE_CODE: nextcloud/contacts
• SOURCE_CODE: nextcloud/richdocuments
• SOURCE_CODE: nextcloud/onlyoffice
• SOURCE_CODE: nextcloud/end_to_end_encryption
• SOURCE_CODE: nextcloud/deck
• SOURCE_CODE: nextcloud/bruteforcesettings
• SOURCE_CODE: nextcloud/related_resources
• SOURCE_CODE: nextcloud/approval
• SOURCE_CODE: nextcloud/files_lock
• SOURCE_CODE: nextcloud/user_migration
• SOURCE_CODE: nextcloud/twofactor_webauthn
• SOURCE_CODE: nextcloud/external
• SOURCE_CODE: nextcloud/notify_push
• SOURCE_CODE: nextcloud/calendar_resource_management
• SOURCE_CODE: nextcloud/globalsiteselector
• SOURCE_CODE: nextcloud/notes
• ANDROID: it.niedermann.owncloud.notes
• IOS: com.peterandlinda.iOCNotes
• SOURCE_CODE: https://github.com/nextcloud/files_confidential
• SOURCE_CODE: https://github.com/nextcloud/tables
• SOURCE_CODE: https://github.com/nextcloud/collectives

Out of Scope Assets:

• URL: drone.nextcloud.com (OOS)
• URL: conf.nextcloud.com (OOS)
• URL: cloud.nextcloud.com (OOS)
• URL: demo.nextcloud.com (OOS)
• URL: sentry.nextcloud.com (OOS)
• URL: try.nextcloud.com (OOS)
• URL: https://nextcloud.atlassian.net/jira/dashboard (OOS)

In Scope Assets:

• HARDWARE: Nintendo Switch System
• HARDWARE: Nintendo Switch applications for which Nintendo is the publisher worldwide
• HARDWARE: Nintendo Switch 2 applications for which Nintendo is the publisher worldwide
• HARDWARE: Nintendo Switch 2 Security controller known as PSC or Platform Security Controller (any component) / Security controller known as TSEC (bootROM only)
• HARDWARE: Nintendo Switch 2 Kernel / ARM® TrustZone®
• HARDWARE: Nintendo Switch 2 System Processes allowing piracy
• HARDWARE: Nintendo Switch 2 System Processes

Out of Scope Assets:

• HARDWARE: Nintendo 3DS applications for which Nintendo is the publisher worldwide (OOS)
• HARDWARE: Nintendo 3DS System (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/nodejs/node

In Scope Assets:

• WILDCARD: *.nordvpn.com
• ANDROID: com.nordvpn.android
• EXECUTABLE: NordVPN - Windows Executable
• IOS: 905953485
• OTHER: NordVPN Browser Extension
• EXECUTABLE: NordVPN - MacOS Executable
• EXECUTABLE: NordVPN - Linux Executable
• ANDROID: com.nordvpn.android
• EXECUTABLE: NordPass - Windows Executable
• EXECUTABLE: NordPass - MacOS Executable
• EXECUTABLE: NordPass - Linux Executable
• ANDROID: com.nordpass.android.app.password.manager
• IOS: 1486322860
• OTHER: All Mobile Assets
• URL: app.nordpass.com

In Scope Assets:

• WILDCARD: *.okx.com
• OTHER: Mac OS Executable
• OTHER: Windows OS Executable
• OTHER: OKX Android APK
• OTHER: OKX iOS APP
• OTHER: OKX Wallet Chrome Extension
• OTHER: OKX Wallet Edge Add-ons
• OTHER: OKX Wallet Safari Extension
• WILDCARD: *.oklink.com
• SOURCE_CODE: OKX Wallet Core Open Source

Out of Scope Assets:

• WILDCARD: *.okg.com (OOS)

In Scope Assets:

• URL: vault.omise.co
• URL: api.omise.co
• URL: dashboard.omise.co
• SOURCE_CODE: github.com
• URL: www.omise.co
• URL: offsite.omise.co
• URL: www.opn.ooo

In Scope Assets:

• OTHER: ColorOS
• ANDROID: com.coloros.browser
• ANDROID: com.heytap.browser
• ANDROID: com.heytap.cloud
• ANDROID: com.heytap.health.international
• ANDROID: com.heytap.market
• ANDROID: com.heytap.themestore
• ANDROID: com.oplus.account
• ANDROID: com.oplus.member
• ANDROID: com.oplus.themestore
• ANDROID: com.oplus.vip
• ANDROID: com.oppo.market
• URL: opposhop.cn
• HARDWARE: A16k
• HARDWARE: A76
• HARDWARE: A96
• HARDWARE: F 21 Pro
• HARDWARE: FindN2
• HARDWARE: FindN2Flip
• HARDWARE: FindN3
• HARDWARE: FindN3Flip
• HARDWARE: FindX6
• HARDWARE: FindX6Pro
• HARDWARE: FindX7
• HARDWARE: FindX7Ultra
• HARDWARE: K10
• HARDWARE: K105G
• HARDWARE: K9
• HARDWARE: K9Pro
• HARDWARE: K9s
• HARDWARE: Porsche-B
• HARDWARE: Reno105G
• HARDWARE: Reno10Pro+5G
• HARDWARE: Reno10Pro5G
• HARDWARE: Reno115G
• HARDWARE: Reno11Pro5G
• HARDWARE: Reno12
• HARDWARE: Reno12Pro
• HARDWARE: Reno8Pro5G
• HARDWARE: Reno9Pro+5G
• HARDWARE: Reno9Pro5G
• HARDWARE: Reno 9 5G
• URL: https://www.opposhop.cn/
• URL: https://www.opposhop.cn/m/
• URL: https://cloud.oppo.com/
• ANDROID: com.heytap.pictorial
• ANDROID: com.coloros.pictorial
• URL: https://www.oppo.com/th
• URL: https://www.oppo.com/my/store
• URL: https://www.oppo.com/id/store
• URL: https://www.oppo.com/th/store
• ANDROID: com.heytap.store
• ANDROID: com.heytap.mall
• ANDROID: com.coloros.findmyphone
• ANDROID: com.finshell.wallet
• ANDROID: com.nearme.gamecenter
• ANDROID: com.finshell.finance
• ANDROID: com.heytap.research
• URL: https://gcsm.oppoit.com/
• URL: https://e.oppo.com/
• URL: https://u.oppomobile.com/
• ANDROID: com.netease.my.nearme.gamecenter
• URL: https://drp.myoppo.com/
• ANDROID: com.oplus.aimemory
• ANDROID: com.oppo.speechassist
• ANDROID: com.oplus.play
• ANDROID: com.oppo.store
• URL: https://www.oppo.com/in/store
• ANDROID: com.coloros.wallet
• URL: id.oppo.com
• URL: id.heytap.com
• URL: https://safe.heytap.com/

In Scope Assets:

• OTHER: Any public (Internet-facing) infrastructure owned and operated by Palantir.
• OTHER: Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.

Out of Scope Assets:

• URL: gear.palantir.com (OOS)
• URL: investors.palantir.com (OOS)
• URL: blog.palantir.com (OOS)
• URL: go.palantir.com (OOS)
• URL: explore.palantir.com (OOS)
• URL: info.palantir.com (OOS)
• OTHER: Any infrastructure or assets related to Silk, FancyThat, or other Palantir acquisitions. (OOS)
• URL: certification.palantir.com (OOS)
• URL: training.palantir.com (OOS)
• URL: learn.palantir.com (OOS)
• URL: palantirpacusa.com (OOS)
• URL: palantirfedstart.com (OOS)
• URL: sandbox.training.palantir.com (OOS)
• URL: community.palantir.com (OOS)
• URL: store.palantir.com (OOS)

In Scope Assets:

• URL: *.payoneer.com
• URL: payoneer.com.cn
• URL: http://greenchannel.payoneer.com.cn/gcportal
• URL: myaccount-cn.payoneer.com
• URL: myaccount.payoneer.com

Out of Scope Assets:

• URL: blog.payoneer.com (OOS)
• URL: community.payoneer.com (OOS)
• URL: affiliates.payoneer.com (OOS)
• URL: tracks.payoneer.com (OOS)
• URL: explore.payoneer.com (OOS)
• URL: register.payoneer.com (OOS)
• URL: duediligence.payoneer.com (OOS)
• URL: investorday.payoneer.com (OOS)
• URL: brand.payoneer.com (OOS)
• URL: skuad.io (OOS)

In Scope Assets:

• IOS: 351727428
• IOS: com.xoom.app
• IOS: com.paypal.merchant
• ANDROID: com.xoom.android.app
• ANDROID: com.paypal.merchant.client
• ANDROID: com.paypal.android.p2pmobile
• ANDROID: com.venmo
• URL: www.paypal-*.com
• URL: *.xoom.com
• URL: *.paypal.com
• URL: *.braintreegateway.com
• URL: *.paydiant.com
• URL: *.venmo.com
• URL: paypalobjects.com
• URL: paypal.me
• URL: py.pl
• URL: *.braintreepayments.com
• URL: *.braintree-api.com
• URL: *.braintree.tools
• URL: prequal.swiftfinancial.com
• URL: partner.swiftfinancial.com
• URL: decision.swiftfinancial.com
• URL: pigeon.swiftfinancial.com
• URL: scrutiny.swiftfinancial.com
• URL: www.swiftcapital.com
• URL: www.loanbuilder.com
• URL: www.swiftfinancial.com
• URL: api.swiftfinancial.com
• URL: my.swiftfinancial.com
• URL: api.loanbuilder.com
• URL: my.loanbuilder.com
• URL: loanbuilder.com
• URL: swiftfinancial.com
• URL: swiftcapital.com
• URL: *.paypalcorp.com
• URL: *.hyperwallet.com
• URL: *.paylution.com
• URL: sandbox.braintreegateway.com
• OTHER: Braintree SDK
• OTHER: PayPal SDK

Out of Scope Assets:

• IOS: com.paypal.herehd (OOS)
• IOS: com.paypal.here (OOS)
• ANDROID: com.paypal.here (OOS)
• URL: *.paypal.cn (OOS)
• URL: braintree.com (OOS)
• OTHER: *.atlassian.net (OOS)
• URL: www.gopay.com (OOS)

In Scope Assets:

• NO_IN_SCOPE_TABLE

In Scope Assets:

• WILDCARD: https://ort-authenticator.pingone.com/*
• WILDCARD: https://ort-admin.pingone.com/*
• WILDCARD: https://ort-desktop.pingone.com/*
• WILDCARD: https://openam-bug-bounty-stag.forgeblocks.com/*
• URL: api.ort-one-pingone.com
• URL: console.ort-one-pingone.com
• URL: apps.ort-one-pingone.com

Out of Scope Assets:

• WILDCARD: https://*.pingidentity.com (OOS)
• URL: admin.pingone.com (OOS)
• URL: api.pingone.com (OOS)
• URL: desktop.pingone.com (OOS)
• WILDCARD: https://*.pingidentity.io (OOS)
• URL: test-desktop.pingone.com (OOS)
• URL: test-sso.connect.pingidentity.com (OOS)
• URL: authenticator.pingone.com (OOS)
• WILDCARD: https://*.pingidentity.net (OOS)
• URL: console.pingone.com (OOS)
• WILDCARD: https://developer.pingidentity.com/* (OOS)
• URL: uploads.pingone.com (OOS)
• URL: uploads-staging.pingone.com (OOS)
• URL: api-staging.pingone.com (OOS)
• URL: console-staging.pingone.com (OOS)

In Scope Assets:

• URL: booth.pm
• URL: comic.pixiv.net
• URL: sketch.pixiv.net
• URL: sensei.pixiv.net
• URL: accounts.pixiv.net
• URL: www.pixiv.net
• URL: hub.vroid.com
• URL: dic.pixiv.net
• WILDCARD: *.fanbox.cc
• URL: vroid.com
• URL: payment.pixiv.net
• URL: neoket.net
• SOURCE_CODE: https://github.com/pixiv/charcoal
• URL: novel.pixiv.net
• URL: https://vroid.com/studio
• URL: coban.pixiv.net
• URL: pastela.app
• URL: comic-indies.pixiv.net

Out of Scope Assets:

• URL: factory.pixiv.net (OOS)
• WILDCARD: *.pixiv.co.jp (OOS)

In Scope Assets:

• URL: production.plaid.com
• URL: dashboard.plaid.com
• URL: demo.plaid.com
• URL: cdn.plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-link-ios
• URL: my.plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-link-android
• SOURCE_CODE: https://github.com/plaid/plaid-link-examples
• URL: secure.plaid.com
• URL: plaid.com
• SOURCE_CODE: https://github.com/plaid/plaid-ruby
• SOURCE_CODE: https://github.com/plaid/react-native-plaid-link-sdk
• SOURCE_CODE: https://github.com/plaid/react-plaid-link

In Scope Assets:

• URL: *.playstation.net
• URL: *.sonyentertainmentnetwork.com
• URL: *.api.playstation.com
• URL: my.playstation.com
• URL: store.playstation.com
• URL: social.playstation.com
• URL: transact.playstation.com
• URL: wallets.api.playstation.com
• HARDWARE: PlayStation 4
• URL: direct.playstation.com
• URL: api.direct.playstation.com
• HARDWARE: PlayStation 5
• URL: ca.account.sony.com
• URL: my.account.sony.com
• URL: ps5.np.playstation.net
• IOS: iOS Playstation App
• ANDROID: Android Playstation App

In Scope Assets:

• ANDROID: air.com.playtika.slotomania
• IOS: 447553564
• WILDCARD: *.slotomania.com
• WILDCARD: *.playtika.com
• URL: gnocchi-www.buffalo-ggn.net
• WILDCARD: *.bingoblitz.com
• ANDROID: air.com.buffalo_studios.newflashbingo
• IOS: 529996768
• WILDCARD: *.caesarsgames.com
• ANDROID: com.playtika.caesarscasino
• IOS: 603097018
• WILDCARD: *.boardkingsgame.com
• ANDROID: com.jellybtn.boardkings
• IOS: 1116488672
• WILDCARD: *.houseoffun.com
• IOS: 586634331
• ANDROID: com.pacificinteractive.HouseOfFun
• WILDCARD: *.playwsop.com
• IOS: 719525810
• ANDROID: com.playtika.wsop.gp
• IOS: 868013618
• ANDROID: com.Seriously.BestFiends
• IOS: 654671575
• ANDROID: com.jellybtn.cashkingmobile
• WILDCARD: *.serious.li
• IOS: 1223338261
• ANDROID: net.supertreat.solitaire
• ANDROID: net.wooga.junes_journey_hidden_object_mystery_game
• IOS: 1200391796
• WILDCARD: *.wooga.com
• ANDROID: air.com.playtika.cvs
• IOS: 975035622
• ANDROID: com.bigblueparrot.pokerfriends
• IOS: 480523695
• ANDROID: fi.reworks.redecor
• IOS: 1413287364
• WILDCARD: *.redecor.com
• OTHER: https://apps.facebook.com/pokerheat
• OTHER: https://apps.facebook.com/vegas_downtown_slots
• WILDCARD: *.justfall.lol,*.justplay.lol,*.1v1.lol
• WILDCARD: *.seriously.com
• IOS: 1438744533
• ANDROID: com.Seriously.Phoenix
• OTHER: 1v1.lol
• ANDROID: lol.onevone
• IOS: 1508620125
• IOS: 645949180
• IOS: 1510325826
• ANDROID: net.wooga.switchcraft.googleplay
• IOS: 1215220850
• ANDROID: net.wooga.tropicats_tropical_cats_puzzle_paradise
• IOS: 594802437
• ANDROID: com.wooga.pearlsperil
• OTHER: https://apps.facebook.com/pearls-peril
• URL: bestfiends.com
• WILDCARD: *.monopoly-poker.com
• IOS: 1448884851
• ANDROID: com.youdagames.monopolypoker
• WINDOWS APP: 9nqwjwnqjj5n
• OTHER: 1474700 (Steam app id)
• WILDCARD: *.playticorp.com

Out of Scope Assets:

• URL: sm-php-smid-dsa.slotomania.com,sm-php-smid.slotomania.com,sm-php-smid-va2.slotomania.com,vs-fb-php-p1.playtika.com,sm-php.playtika.com (OOS)
• ANDROID: com.youdagames.gop3multiplayer (OOS)
• IOS: id877638937 (OOS)
• WILDCARD: *.awards.slotomania.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://github.com/maticnetwork/heimdall
• SOURCE_CODE: https://github.com/maticnetwork/bor
• URL: staking-api.polygon.technology
• URL: faucet.polygon.technology
• SOURCE_CODE: https://github.com/0xPolygon/chain-indexer-framework
• URL: portal.polygon.technology
• SOURCE_CODE: https://github.com/maticnetwork/matic-cli
• SOURCE_CODE: https://github.com/0xPolygon/proof-generation-api
• URL: staking.polygon.technology
• URL: faucet-api.polygon.technology/
• URL: api-gateway.polygon.technology
• URL: gasstation.polygon.technology/
• URL: api-polygon-tokens.polygon.technology/
• URL: balance-api.polygon.technology/
• SOURCE_CODE: https://github.com/0xPolygon/auto-claim-service
• SOURCE_CODE: https://github.com/0xPolygon/lxly.js
• SOURCE_CODE: https://github.com/0xPolygon/static

Out of Scope Assets:

• SOURCE_CODE: https://github.com/maticnetwork/contracts (OOS)
• WILDCARD: *.matic.network (OOS)

In Scope Assets:

• URL: www.pornbox.com
• URL: www.analvids.com
• URL: www.ddfcontent.com
• URL: www.pornworld.com

In Scope Assets:

• URL: portswigger.net
• EXECUTABLE: Burp Suite Pro/Community
• EXECUTABLE: Burp Collaborator
• URL: forum.portswigger.net
• URL: https://enterprise-demo.portswigger.net/
• URL: ai.portswigger.net
• OTHER: Burp Suite DAST
• URL: http1mustdie.com

Out of Scope Assets:

• WILDCARD: *.web-security-academy.net (OOS)
• WILDCARD: *.portswigger.net (OOS)

In Scope Assets:

• URL: www.priceline.com
• URL: secure.rezserver.com
• URL: reservations.rezserver.com
• URL: cruises.priceline.com
• URL: www.bookingholdings.com
• IOS: 336381998
• ANDROID: com.priceline.android.negotiator
• URL: api.rezserver.com
• URL: admin.rezserver.com
• URL: press.priceline.com
• URL: www.getaroom.com
• URL: flyiin.com
• URL: priceline.com
• AI_MODEL: Penny
• URL: ir.bookingholdings.com
• URL: bookingholdings-coe.com
• URL: https://www.priceline.com/pwd/v0/pcln-graphql/

Out of Scope Assets:

• URL: www.airportrentalcars.com (OOS)
• OTHER: www.priceline.com/vp-web/* (OOS)
• URL: availability.getaroom.com (OOS)
• URL: extranet.getaroom.com (OOS)
• URL: breadcrumb.getaroom.com (OOS)
• URL: supply.getaroom.com (OOS)
• URL: stockroom.production.getaroom.com (OOS)
• URL: *.roomvaluesteam.com (OOS)
• URL: *.testaroom.com (OOS)
• URL: *.testaroom.cloud (OOS)
• URL: groupdeals.priceline.com (OOS)
• URL: weatherstatus.priceline.com (OOS)
• URL: url5932.travel.priceline.com (OOS)
• URL: tools.corp.priceline.com (OOS)
• URL: tools-qaa.corp.priceline.com (OOS)
• URL: remotecontrol.corp.priceline.com (OOS)
• URL: qaa.booking.priceline.com (OOS)
• URL: offers.priceline.com (OOS)
• URL: mail.corp.priceline.com (OOS)
• URL: localdealsemail.priceline.com (OOS)
• URL: links.deals.priceline.com (OOS)
• URL: jira.corp.priceline.com (OOS)
• URL: itsupport.corp.priceline.com (OOS)
• URL: ids-too.priceline.com (OOS)
• URL: ids-dev.priceline.com (OOS)
• URL: help.corp.priceline.com (OOS)
• URL: guse4-rc-qa.priceline.com (OOS)
• URL: google.corp.priceline.com (OOS)
• URL: experiences.priceline.com (OOS)
• URL: employeedeals.flightdeals.priceline.com (OOS)
• URL: dev.sales-ccp.priceline.com (OOS)
• URL: dev.customerservice-ccp.priceline.com (OOS)
• URL: dashboard.corp.priceline.com (OOS)
• URL: customerservice-ccp.priceline.com (OOS)
• URL: careers.priceline.com (OOS)
• URL: booking.priceline.com (OOS)
• URL: api-guse4-poc.priceline.com (OOS)
• URL: api-gnae1-poc.priceline.com (OOS)
• URL: ace-qa.corp.priceline.com (OOS)
• URL: 1psb.priceline.com (OOS)
• URL: img1.priceline.com (OOS)

In Scope Assets:

• SOURCE_CODE: https://www.npmjs.com/package/@privy-io/react-auth
• URL: auth.privy.io
• URL: dashboard.privy.io

Out of Scope Assets:

• URL: privy.io (OOS)
• URL: blog.privy.io (OOS)
• URL: docs.privy.io (OOS)
• URL: demo.privy.io (OOS)

In Scope Assets:

• WILDCARD: *.quora.com
• IOS: com.quora.app.mobile
• ANDROID: com.quora.android
• URL: poe.com

In Scope Assets:

• SOURCE_CODE: https://github.com/rails/rails

Out of Scope Assets:

• WILDCARD: *.rubyonrails.org (OOS)

In Scope Assets:

• URL: dashboard.razorpay.com
• URL: api.razorpay.com
• URL: checkout.razorpay.com
• URL: invoices.razorpay.com
• URL: payroll.razorpay.com
• URL: x.razorpay.com

In Scope Assets:

• URL: www.recordedfuture.com
• URL: therecord.media
• URL: api.recordedfuture.com
• IOS: com.recordedfuture.mobile
• ANDROID: com.recordedfuture.mobile
• URL: app.recordedfuture.com
• URL: id.recordedfuture.com
• URL: securitytrails.com
• URL: geminiadvisory.io
• URL: hatching.io
• URL: tria.ge
• URL: dns.watch
• URL: bgpview.io

Out of Scope Assets:

• URL: rescan.io (OOS)

In Scope Assets:

• URL: new.reddit.com
• WILDCARD: *.redditinc.com
• WILDCARD: *.redditblog.com
• WILDCARD: *.reddithelp.com
• URL: api.reddit.com
• URL: mod.reddit.com
• URL: ads.reddit.com
• URL: gql.reddit.com
• URL: accounts.reddit.com
• URL: gateway.reddit.com
• URL: strapi.reddit.com
• URL: m.reddit.com
• URL: amp.reddit.com
• URL: meta-api.reddit.com
• WILDCARD: *.snooguts.net
• WILDCARD: *.redditmedia.com
• URL: sh.reddit.com
• WILDCARD: *.reddit.com
• URL: redditforbusiness.com
• URL: matrix.redditspace.com
• WILDCARD: *.spiketrap.io
• OTHER: Android App
• OTHER: iOS App
• OTHER: Core Assets
• OTHER: Non-Core Assets
• URL: developers.reddit.com
• URL: business.reddithelp.com
• WILDCARD: *.memorable.io

Out of Scope Assets:

• URL: reddit.secure.force.com (OOS)

In Scope Assets:

• URL: 10x.redoxengine.com
• URL: testapp.redoxengine.com
• URL: testapi.redoxengine.com
• WILDCARD: test*.redoxengine.com
• URL: docs.redoxengine.com
• URL: fhir.redoxengine.com
• URL: explore.redoxengine.com
• URL: www.redoxengine.com
• URL: help.redoxengine.com
• URL: api.gamma.redoxstage.com
• URL: app.gamma.redoxstage.com
• URL: blob.gamma.redoxstage.com
• URL: clientcert.gamma.redoxstage.com
• URL: dashboard.gamma.redoxstage.com
• URL: eets-sftp-listener.gamma.redoxstage.com
• URL: eets.gamma.redoxstage.com
• URL: evening-earth.gamma.redoxstage.com
• URL: gamma.redoxstage.com
• URL: launch.gamma.redoxstage.com
• URL: sftp.gamma.redoxstage.com
• URL: webhooks.gamma.redoxstage.com

Out of Scope Assets:

• URL: dashboard.redoxengine.com (OOS)
• URL: candi.redoxengine.com (OOS)
• URL: api.redoxengine.com (OOS)
• URL: sso.redoxengine.com (OOS)
• URL: redox.slack.com (OOS)
• URL: https://redoxengine.atlassian.net (OOS)
• URL: gamma.redoxengine.com (OOS)

In Scope Assets:

• URL: rei.com
• OTHER: Any public cloud resource or infrastructure operated and managed by REI.
• OTHER: Android & iOS App for REI Customers
• URL: login.rei.com
• URL: http://www.rei.com/learn/expert-advice
• URL: http://collaboration.rei.com

Out of Scope Assets:

• URL: http://rei.com/used (OOS)
• URL: http://rei.com/blog (OOS)
• URL: http://rei.com/rentals (OOS)
• URL: http://rei.com/rei-garage (OOS)
• URL: rei.jobs (OOS)
• URL: reifund.org (OOS)
• URL: destinations.rei.com (OOS)
• URL: partners2.rei.com (OOS)
• URL: greenvestrentals.rei.com (OOS)
• URL: reicasting.com (OOS)
• URL: engineering.rei.com (OOS)
• URL: test-login.rei.com (OOS)
• WILDCARD: *.rentals.rei.com (OOS)
• URL: wpvip.rei.com (OOS)
• URL: vpn.rei.com (OOS)
• URL: desktop.rei.com (OOS)
• URL: foryourbenefit-rei.com/ (OOS)
• URL: rei.gladly.com (OOS)
• URL: http://rei.com/lists (OOS)

In Scope Assets:

• URL: remitly.com
• URL: blog.remitly.com
• ANDROID: com.remitly.androidapp
• IOS: 674258465
• URL: api.remitly.io
• URL: cards.remitly.io
• URL: rewire.com
• URL: app.rewire.to
• URL: rates.rewire.com
• URL: app3.rewire.to
• WILDCARD: *.dev.remitly.com
• WILDCARD: *.int.remitly.com
• URL: funding-webhooks.remitly.io
• URL: media.remitly.io
• URL: hub-api-sandbox.remitly.io
• URL: cardpayments.remitly.io
• URL: partner-webhook.remitly.io
• URL: ablink.info.remitly.com
• URL: careers.remitly.com
• URL: ir.remitly.com
• URL: metrics.int.remitly.com
• URL: news.remitly.com
• URL: access.remitly.com
• URL: access-sandbox.remitly.com
• URL: auth.remitly.com
• URL: site.rewire.com

Out of Scope Assets:

• OTHER: https://www.remitly.com/blog (OOS)