Bugcrowd targets all

Filter

target_in_scope

project type target
other http://www.abacus.com?utm_source=bugcrowd&utm_medium=security
other Acorns for Android
other Acorns for iOS
other https://app.acorns.com
other https://client.acorns.com
website https://signup.acorns.com/
other <Account (Business, Family) signup page --> https://start.1password.com
other <White Box Test team --> https://bugcrowd-test.1password.com
other <Your own 1Password subdomain --> https://<your account domain>.1password.com/
other Level 3, please contact whitehat@arkoselabs.com for access
website dashboard.arkoselabs.com
other https://client-demo.arkoselabs.com/solo-animals
other https://client-demo.arkoselabs.com/stacked-animals
iot Arlo
api Arlo APIs
android Arlo Android App
iot Arlo Baby
iot Arlo Base Station
iot Arlo Bridge
iot Arlo Go
iot Arlo Pro
iot Arlo Pro 2
iot Arlo Q
iot Arlo Q+
iot Arlo Security Light
website Arlo Web App
ios Arlo iOS App
website https://arlo-device.messaging.netgear.com
website https://arlo.netgear.com
website https://updates.netgear.com/arlo
website https://www.arlo.com
other Any associated *.atlassian.io or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance
other Bamboo
website Bitbucket Pipelines (https://bitbucket.org/product/features/pipelines)
other Bitbucket Server
other Confluence
website Confluence (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
android Confluence Cloud Mobile App for Android
ios Confluence Cloud Mobile App for iOS
other Confluence Questions
website Confluence Team Calendars (https://www.atlassian.com/software/confluence/team-calendars)
other Crowd
other Crucible
other FishEye
other HipChat Data Center
other HipChat Desktop Client
other HipChat Mobile Client
website JIRA (bugbounty-test-<bugcrowd-name>.atlassian.net)
other JIRA Core
other JIRA Service Desk
website JIRA Service Desk (bugbounty-test-<bugcrowd-name>.atlassian.net)
other JIRA Software
android Jira Cloud Mobile App for Android
ios Jira Cloud Mobile App for iOS
other Jira Portfolio
other Other - (all other Atlassian targets)
other SourceTree (https://www.sourcetreeapp.com/)
other Stride (bugbounty-test-<bugcrowd-name>.atlassian.net)
other Stride Desktop Client
android Stride Mobile Application for Android
ios Stride Mobile Application for iOS
website https://admin.atlassian.com/atlassian-access
website https://bitbucket.org/
website https://stride.video/<your-video>
other Avira Free Antivirus (PC client side application)
other Avira Launcher Windows (PC client side application)
other Barracuda ADC
other Barracuda Firewall
other Barracuda Message Archiver
other Barracuda NG Firewall
other Barracuda SSLVPN
other Barracuda Spam & Virus Firewall
other Barracuda Web Application Firewall
other Barracuda Web Filter
website *.binance.com
api api.binance.com
website *.bitdefender.com
website *.bitdefender.net
other Bitdefender GravityZone Business Security
other Bitdefender Total Security 2017
iot Bitdefender BOX v2
api https://api.pentest.blendlabs.com/
other https://knox.blendlabs.com
website app.blockport.io
api app.blockport.io/api
website blockport.io
android BlueJeans Android Application
other BlueJeans Browser-based Web Meeting Clients
other BlueJeans Mac Client
other BlueJeans Windows Client
ios BlueJeans iOS Application
website https://a2m.bluejeans.com
api https://api.bluejeans.com/
website https://bluejeans.com/
other https://huddle.bluejeans.com
website https://primetime.bluejeans.com
other https://static.bluejeans.com/
website https://www.bluejeans.com/
api api.bugcrowd.com
website bugcrowd.com
website tracker.bugcrowd.com
ios Caffeine iOS Application
other caffeine-helper.x64.exe
other caffeine-helper.x86.exe
other caffeine.exe
api https://api.caffeine.tv/
website https://build.caffeine.tv/
api https://images.caffeine.tv/
api https://payments.caffeine.tv
website https://preview.caffeine.tv/
api https://realtime.caffeine.tv/
other https://static.caffeine.tv/
website https://www.caffeine.tv/
other Card Android Mobile Application
other Card iOS Mobile Application
other https://www.card.com
ios Centrify iOS App
other Centrify Agent for Windows
android Centrify Android App
other Centrify Browser Extension
other Centrify Cloud Connector
website Centrify Identity Service / Centrify Privilege Service Portals
api Centrify Service API
other Local Client Launcher
website https://www.centrify.com
website pod12.centrify.com
website pod23.centrify.com
website *.ikarem.io
website *.meraki.com
website *.network-auth.com
other Cisco Meraki Dashboard Mobile Application (iOS and Android)
hardware Cisco Meraki MC Phones
hardware Cisco Meraki MR Access Points
hardware Cisco Meraki MS Switches
hardware Cisco Meraki MV Security Cameras
hardware Cisco Meraki MX Security Appliances
other Cisco Meraki Systems Manager
other Cisco Meraki Virtual Security Appliances
website meraki.cisco.com
other All services officially provided by Concur are in scope and eligible for the responsible disclosure program, including mobile applications.
android Tripit Mobile Application: Android
ios Tripit Mobile Application: iOS
api Tripit Mobile Web Services/Public web services used by the Tripit Mobile applications: https://api.tripit.com/
website Tripit Teams: https://www.tripit.com/teams/
website Tripit Web Application: https://www.tripit.com
website https://m.tripit.com/
other All API SDKs
other All Constant Contact APIs - api.constantcontact.com
other All Constant Contact websites - *.constantcontact.com
other All Single Platform websites - *.singleplatform.com
other Constant Contact mobile applications [iOS and Android]
android Credit Karma Android Mobile Application
ios Credit Karma Canada iOS App
ios Credit Karma iOS Mobile Application
api api.creditkarma.com
website https://*.creditkarma.com
website https://accounts.creditkarma.com
website https://blog.creditkarma.com/
website https://help.creditkarma.com/
website https://tax.creditkarma.com
website https://www.creditkarma.ca/
other Dash Core
android Dash Wallet Mobile Application for Android
ios Dash Wallet Mobile Application for iOS
api *.digitaloceanspaces.com
api https://api.digitalocean.com
website https://cloud.digitalocean.com
api eero APIs
android eero Android Mobile Application
hardware eero Node
ios eero iOS Mobile Application
api Etsy API (see documentation below)
android Etsy Mobile Application (Android)
ios Etsy Mobile Application (iPhone)
website blog.etsy.com (payouts are half for this target, and do not include vulns in WP itself or its plugins)
api icht.etsysecure.com
website www.etsy.com
website *.fanduel.com
website *.fdbox.net
other FanDuel Android App
other FanDuel iOS App
website https://fanduel.design
other Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against
other https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8 (iOS)
other https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8
ios https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8 (iOS Ver. 3.1.3)
other https://play.google.com/store/apps/details?id=com.acn.uc&hl=en (Android)
other https://play.google.com/store/apps/details?id=com.acn.uconnectmobile&hl=en (Android)
android https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect (Android Ver. 3.1.3)
other www.driveuconnect.com
other www.driveuconnect.eu
android "Fitbit Coach" app for Android
other "Fitbit Coach" app for Windows 10 & Mobile
ios "Fitbit Coach" app for iOS
android "Fitbit" app for Android
other "Fitbit" app for Windows 10 & Mobile
ios "Fitbit" app for iOS
ios "Fitstar Yoga" app for iOS
other Fitbit Connect for MacOS & Windows
iot Fitbit Ionic
iot Fitbit OS
iot Fitbit Versa
website android-api.fitbit.com
website android-client.fitbit.com
website api.fitbit.com
website api.fitstar.com
website coach.fitbit.com
website corporate.fitbit.com
website desktop-api.fitbit.com
website desktop-client.fitbit.com
website dev.fitbit.com
website iphone-api.fitbit.com
website iphone-client.fitbit.com
website studio.fitbit.com
api web-api.fitbit.com
website www.fitbit.com
other Ford
other *-bugcrowd.foxycart.com (read below for details)
other api-sandbox.foxycart.com
other api.foxycart.com
other https://admin.foxycart.com
other https://foxycart-demo.foxycart.com
other https://github.com/freedomofpress/securedrop
api *.gojekapi.com
android GO-JEK Android
ios GO-JEK iOS
api api.gojek.co.id
other Testing the Bugcrowd platform
website www.bugcrowd.com
other Source code (excluding demo and deprecated repos) only available at github.com/heroku/
other Vulnerabilities which affect multi-tenant integrity of the Heroku Platform
website addons-next.heroku.com
website http://registry.heroku.com/
other http://status.heroku.com/
other https://addons.heroku.com
other https://api.heroku.com
other https://connect.heroku.com
other https://dashboard.heroku.com
other https://data.heroku.com
other https://dataclips.heroku.com
other https://devcenter.heroku.com
other https://elements.heroku.com
website https://git.heroku.com/
other https://help.heroku.com
other https://id.heroku.com
other https://longboard.hit.heroku.com
other https://provider.heroku.com
other https://signup.heroku.com
other https://telex.heroku.com/
other https://toolbelt.heroku.com
other https://www.heroku.com
website *.hs-sites.com
other *.hubapi.com
other *.hubspot.com
other *.hubspot.net
android HubSpot Mobile Application: Android
ios HubSpot Mobile Application: iOS
website growth.org
other https://www.humblebundle.com/
other *.indeed.com/*
other https://itunes.apple.com/us/app/job-search/id309735670?mt=8
other https://play.google.com/store/apps/details?id=com.indeed.android.jobsearch
other https://play.google.com/store/apps/details?id=com.indeed.androidemployers
other https://play.google.com/store/apps/details?id=com.indeed.jobsnearby&hl=en
other *.intercomassets.com / *.intercomcdn.com
android Android SDK
other https://api.intercom.io
other https://app.intercom.io/
ios iOS SDK
other Muz.li Browser Add-Ons (Chrome & Safari)
website https://freehand.invisionapp.com
website https://muz.li
other https://projects.invisionapp.com
website https://www.invisionapp.com
website https://community.isc2.org
website https://isc2latamcongress.com
website https://learn.isc2.org
other https://vulnerability.isc2.org
other https://webportal.isc2.org
other https://www.isc2.org
website iamcybersafe.org
website safeandsecure.org
other *.jet.com
other *.notjet.net
other Android application - https://play.google.com/store/apps/details?id=com.jet.jet.app&hl=en
api JET.com API
other https://merchant.qa.notjet.net/
other iOS application - https://itunes.apple.com/us/app/jet-smartest-way-to-shop-save/id950022424?mt=8
other Keeper Backend API (Keeper Commander)
other Keeper Desktop Application for Mac and PC
android Keeper Password Manager for Android
other Keeper Password Manager for BlackBerry
other Keeper Password Manager for Windows Mobile
other Keeper Password Manager for Windows Store
ios Keeper Password Manager for iOS
website Keeper Security Website (keepersecurity.com | .eu)
website KeeperChat Website (keeperchat.com | .eu)
android KeeperChat for Android
other KeeperChat for Mac
other KeeperChat for Windows
ios KeeperChat for iOS
other KeeperFill Browser Extension (Chrome, Safari, Firefox, Edge, IE)
other Any host verified to be owned by Kenna (domains/IP space/etc.)
website https://[your-subdomain].kennasecurity.com
android Android mobile app
android LastPass Authenticator Android app
other LastPass Authenticator Windows Phone app
ios LastPass Authenticator iOS app
other LastPass browser extensions
other Local computer apps, e.g. OS X App, Window App, Windows/Mac Installers
other Windows Phone app
other https://lastpass.com
ios iOS Mobile app
other Magento 1 CE & EE
other Magento 2 CE & EE
website developer.magento.com
website magento.com
website magentocommerce.com
website marketplace.magento.com
website repo.magento.com
website *.magicleap.com
api api.magicleap.com
website auth.magicleap.com
website creator.magicleap.com
website developer-content.magicleap.com
website developer-documentation.magicleap.com
website developer-static-1.magicleap.com
website id-static-1.magicleap.com
website id.magicleap.com
website www.magicleap.com
other Latest public release of LuminOS, ML1
website Core Priceless.com - www.priceless.com
website MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html
website MasterCard.ch - (German) - www.mastercard.ch/de-ch.html
website MasterCard.com.au - www.mastercard.com.au/en-au.html
website MasterCard.nl - www.mastercard.nl/nl-nl.html
website MasterCard.ru - www.mastercard.ru/ru-ru.html
website MasterCard.us - www.mastercard.us/en-us.html
website Simplify Commerce - www.simplify.com/commerce/
website https://d-msg.com/
ios Moneytree iOS Mobile Application (production; see below)
android Moneytree staging Android Mobile Application (see below)
website app-staging.getmoneytree.com
api au-api-staging.getmoneytree.com
api jp-api-staging.getmoneytree.com
api myaccount-staging.getmoneytree.com
website wwws-staging.moneytree.jp/link/
website wwws-staging.moneytree.jp/link/mobile/
website wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh
other Multicraft 2.1.0 - Linux 64bit (primary target) - see Access Information below
other Sample installation @ http://78.46.123.96/multicraft/index.php
other *.nflxext.com
other *.nflximg.net
other *.nflxvideo.net
android Netflix Mobile Application for Android
ios Netflix Mobile Application for iOS
other api*.netflix.com
other beacon.netflix.com
other customerevents.netflix.com
other dockhand.netflix.com
other help.netflix.com
other ichnaea.netflix.com
other nmtracking.netflix.com
other presentationtracking.netflix.com
other secure.netflix.com
other www.netflix.com
android Insight Android App
website Insight Cloud Portal
iot Insight Managed Smart Cloud Wireless Access Point
ios Insight iOS App
android Nighthawk Android App
iot Nighthawk Pro Gaming Router
iot Nighthawk Pro Gaming Switch
iot Nighthawk Router
iot Nighthawk Switch
ios Nighthawk iOS App
iot Orbi
android Orbi Android App
ios Orbi iOS App
api https://api.netgear.com
website https://updates.netgear.com
other Okta Browser Plugin (IE / Firefox / Chrome)
android Okta Mobile MDM (Android)
ios Okta Mobile MDM (iOS)
android Okta Verify (Android)
ios Okta Verify (iOS)
other bugcrowd-%username%-1.oktapreview.com
other bugcrowd-%username%-2.oktapreview.com
api https://api.optimizely.com/
website https://app.optimizely.com/
website https://cdn-pci.optimizely.com/
website https://cdn.optimizely.com/
website https://www.optimizely.com/
other *.overstock.com
other Overstock Android Mobile App
other Overstock iOS Mobile App
website cars.overstock.com
other https://api.overstock.com
website pets.overstock.com
website www.overstock.com
other https://github.com/OWASP/OWASPBugBounty/tree/master/CRSFGuard
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder/war-files
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaHTMLSanitizer/war-files
other Latest ZAP version (2.7.0)
other https://dashboard.pantheon.io
website *.pinterest.com
other Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en)
other Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b )
other Firefox extension (download at: assets.pinterest.com/ext/Pinterest_Firefox.xpi)
other Open source projects listed at github.com/pinterest/
other Pinterest Android Mobile Application
other Pinterest Buyable Pins / eCommerce features
other Pinterest iOS Mobile Application
other Safari extension (download at: assets.pinterest.com/ext/Pinterest-Safari.safariextz)
api api.planethoster.net
website my.planethoster.com
website world.planethoster.net
website www.planethoster.com
android PureVPN Android App
other PureVPN Chrome Extension
other PureVPN DDwrt Applet
other PureVPN Firefox Extension
other PureVPN Kodi Add-on
other PureVPN Linux App
other PureVPN MAC App
other PureVPN Windows App
ios PureVPN iOS App
other https://www.sendsafely.com/
other *.simple.com
android Simple for Android
ios Simple for iOS
other https://api.smartsheet.com/1.1
other https://api.smartsheet.com/2.0
other https://app.smartsheet.com/
website SmartThings Graph Console
iot SmartThings Hub
android SmartThings Mobile Application for Android
ios SmartThings Mobile Application for iOS
api SmartThings Rest APIs
other https://opendata-demo.test-socrata.com
other https://opendata.test-socrata.com
other *.astaro-tech.com
other *.astaro.at
other *.astaro.ch
website *.astaro.com
other *.astaro.de
other *.astaro.info
other *.astaro.net
other *.astaro.org
website *.cyberoam.com
other *.fw-notify.net
other *.hitmanpro.com
other *.hitmanpro.nl
other *.mojave.net
other *.myastaro.com
other *.reflexion.net
other *.sophos.com
other *.surfright.nl
other *.who-is-using-me.com
other Invincea X NextGen Anti-Virus
other astaro.uservoice.com
website dev.phishthreat.com
android Sprout Social for Android
ios Sprout Social for iOS
website app.sproutsocial.com
api app.sproutsocial.com/api
website sproutsocial.com
website *.cash.me
website *.square.com
other *.squareup.com
android Cash App Mobile Application for Android
ios Cash App Mobile Application for iOS
android Square Point of Sale Mobile Application for Android
ios Square Point of Sale Mobile Application for iOS
other https://github.com/square/ghostunnel
other https://github.com/square/git-fastclone
other https://github.com/square/go-jose
other https://github.com/square/js-jose
other https://github.com/square/keysync
other https://github.com/square/keywhiz
other https://github.com/square/keywhiz-fs
other https://github.com/square/okhttp
other https://github.com/square/okio
other https://github.com/square/pam_krb_cache
other https://github.com/square/rails-auth
other https://github.com/square/retrofit
other https://github.com/square/squalor
other https://github.com/square/valet
other https://github.com/square/wire
website *.statuspage.io
website manage.statuspage.io
website *.tesla.cn
website *.tesla.com
website *.tesla.services
website *.teslamotors.com
hardware A hardware product that you own or are authorized to test against (Vehicle/PowerWall/etc.)
website Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.)
android Official Tesla Android apps
ios Official Tesla iOS apps
website *.trello.services
website api.trello.com
website trello.com
other *.authy.com
website *.twilio.com
other Any host/ web property verified to be owned by Twilio (domains/IP space/etc.)
api api.twilio.com
android Endomondo Android
ios Endomondo iOS
android MapMyFitness Android
ios MapMyFitness iOS
android MyFitnessPal Android
ios MyFitnessPal iOS
other UA Gemini Record Equipped running shoe that you own or have authorization to test
website UA HOVR Equipped running shoe that you own or have authorization to test
android UA Record Android
ios UA Record iOS
android UA Shop Android
ios UA Shop iOS
other api.myfitnesspal.com/v2/
other https://record.underarmour.com/
website https://www.endomondo.com/
other https://www.mapmyfitness.com
other https://www.mapmyride.com
other https://www.mapmyrun.com
other https://www.mapmywalk.com
other https://www.myfitnesspal.com
website https://www.underarmour.co.uk
website https://www.underarmour.com
other mapmyfitness.api.ua.com
other *.upwork.com
other Upwork - iOS and Android Applications
other Upwork Dash Messanger Desktop Version (www.upwork.com/downloads)
api https://www.upwork.com/api
android USAA Mobile Application for Android
ios USAA Mobile Application for iOS
website mobile.usaa.com
other partners.usaa.com
website www.usaa.com
other https://www.VolusionPenTest1.com
website http://globalpay.westernunion.com
website https://agentportal.westernunion.com
website https://auth.globalpay.westernunion.com
other https://cuba.westernunion.com
website https://ebanking.westernunionbank.com
other https://egypt.westernunion.com
website https://gpfi.globalpay.westernunion.com
other https://hk.westernunion.com
other https://india.westernunion.com
other https://jamaica.westernunion.com
other https://locations.westernunion.com
other https://m.westernunion.com
website https://paynow40.speedpay.com
website https://paynow7.speedpay.com/
other https://senegal.westernunion.com
other https://sg.westernunion.com
website https://westernunionbank.com
website https://wuagentportal.westernunion.com
other https://www.westernunion.at
other https://www.westernunion.be
other https://www.westernunion.ca
other https://www.westernunion.ch
other https://www.westernunion.co.nz
other https://www.westernunion.co.uk
other https://www.westernunion.com
other https://www.westernunion.com.au
other https://www.westernunion.de
other https://www.westernunion.dk
other https://www.westernunion.ee
other https://www.westernunion.es
other https://www.westernunion.fi
other https://www.westernunion.fr
other https://www.westernunion.gr
other https://www.westernunion.ie
other https://www.westernunion.it
other https://www.westernunion.lu
other https://www.westernunion.nl
other https://www.westernunion.no
other https://www.westernunion.pl
other https://www.westernunion.pt
other https://www.westernunion.se
other https://www2.westernunion.com
website iwgo.westernunion.com
website partnernet.westernunion.com
website payee.globalpay.westernunion.com
website payments.westernunion.com
website transvision.westernunion.com
website www.speedpay.com
website www.wuprepaid.de
website *.youneedabudget.com
website https://ynab-api-staging.herokuapp.com
website *.statuspage.io
website manage.statuspage.io
api https://api.mailgun.net
website https://app.mailgun.com
website https://signup.mailgun.com
website *.nflxext.com
website *.nflximg.net
website *.nflxvideo.net
api api*.netflix.com
website beacon.netflix.com
website customerevents.netflix.com
website dockhand.netflix.com
website help.netflix.com
website ichnaea.netflix.com
website nmtracking.netflix.com
website presentationtracking.netflix.com
website secure.netflix.com
website www.netflix.com
android Forge of Empires Mobile App (Andriod - via HockeyApp - see below for more details)
ios Forge of Empires Mobile App (iOS - via HockeyApp - see below for more details)
website xs.forgeofempires.com
website xs0.forgeofempires.com
website xs1.forgeofempires.com
website *.igpayment.com
website *.innogames.com
website *.innogames.de
android IOTA Android Client
other IOTA Desktop Client (all Operating Systems)
ios IOTA iOS Client
other Barracuda ADC
other Barracuda Firewall
other Barracuda Message Archiver
other Barracuda NG Firewall
other Barracuda SSLVPN
other Barracuda Spam & Virus Firewall
other Barracuda Web Application Firewall
other Barracuda Web Filter
website katim.com
website www.darkmatter.ae
website xen1thlabs.com
website http://agenttraining.westernunion.com
website https://business.westernunion.com/
website https://foundation.westernunion.com
website https://paymentstatus.westernunion.com
website https://particleboard.heroku.com
website https://developer.mastercard.com
android Skyscanner Android App
ios Skyscanner iOS App
api gateway.skyscanner.net/*
website partnerportal.skyscanner.net/*
website skyscanner.net/*
website *.sandbox.directly.com/
website app.sandbox.directly.com
website http://directly.github.io/demosite/qa/rtm/sandbox.html
website https://sandbox.directly.com/dashboard/index
website *.flex.twilio.com
website corporate.westernunion.com
website https://partners.westernunion.com
website secure.westernunion.com
website wucare.westernunion.com
other *.rtcdn.caffeine.tv
website *.alditalk-kundenbetreuung.de
website *.ayyildiz.de
website *.base.de
website *.blau.de
website *.fonic-mobile.de
website *.fonic.de
website *.geeny.io
website *.k-classic-mobil.de
website *.mediamarkt.o2service.de
website *.mein.aetkasmart.de
website *.mein.simfinity.de
website *.minodes.com
website *.nettokom.de
website *.netzclub.net
website *.next.telefonica.de
website *.norma-mobil.de
website *.o2.de
website *.o2online.de
website *.onlineservice.o2business.de
website *.ortelmobile.de
website *.saturn.o2service.de
website *.sim-karte-aktivierung.blauworld.de
website *.telefonica.de
website *.whatsappsim.de
other Bitdefender Total Security 2019
website https://online.westernunion.com/mp.en/pages/loginform.aspx
website https://onlinefx.westernunion.com/
website https://rewardcircle.westernunion.com
website https://www.wuprepaid.at/
website Any publicly accessible TripAdvisor web asset or host (domains, ip space, etc) - except for what’s explicitly listed as Out-of-Scope below
android Western Union Android app (link below)
ios Western Union iOS app (link below)
website https://butlerfortrello.com/
api *.jobapi.io
api *.jobapi.net
website *.myseek.xyz
website *.outfra.xyz
website *.seek.com.au
website *.skinfra.xyz
api *.sol-data.com
other Seek iOS and Android mobile applications
other https://seekcdn.com
website *.o2service.de
website https://www.einfachprepaid.de
website *.einfachprepaid.de
website *.epos.vertriebspartner.de.o2.com
website *.o2business.de
website *.o2spin.de
website *.turkei-sim.de
website https://vertriebspartner.de.o2.com/partos
website community.etsy.com (payouts are half for this target)
website Any host / web property verified to be owned by Segment (domains/IP space/etc.)
other Source code of Website, Mobile, or Server Libraries (https://segment.com/docs/sources/)
api api.segment.io
website app.segment.com
website skyscanner.net/hotels/book/*
other *.sip.*.twilio.com
android Authy Android Application
ios Authy iOS Application
api Twilio APIs
other Twilio CDNs (static*.twilio.com)
other Twilio Helper Libraries
other Twilio WebRTC Client
other Twilio Wireless
website build.twilio.com
other tsock.us1.twilio.com
website *.speedpay.*
website *.westernunion.*
other Any host or verified to be owned by Western Union (domains/IP space/etc.)
other Moonlet wallet Chrome extension (https://github.com/cryptolandtech/moonlet/releases/tag/v0.3.0)
other Moonlet-core JS library (https://github.com/cryptolandtech/moonlet-core/releases/tag/v0.0.1)
other The Zilliqa codebase and local testnet (https://github.com/Zilliqa/Zilliqa)
other The savant-ide codebase (https://github.com/Zilliqa/savant-ide)
other The scilla codebase and local testnet (https://github.com/Zilliqa/scilla)
api Zilliqa Javascript library (https://github.com/Zilliqa/Zilliqa-JavaScript-Library)
other Zilliqa Wallet (testnet)
website https://savant-ide.zilliqa.com
website *.zynga.com
website *.zyngagames.com
android Zynga branded games - Android
other Zynga branded games - Windows
ios Zynga branded games - ioS
android Mein O2 Android Application
ios Mein O2 iOS Application
android O2 Business Android Application
ios O2 Business iOS Application
android PartOS Android Application
ios PartOS iOS Application
website downloads.sproutsocial.com
website getbambu.com
website media.sproutsocial.com
website simplymeasured.com
website sproutsocial.com/adapt/
website sproutsocial.com/es/
website sproutsocial.com/insights
api sproutsocial.com/mktapi
website sproutsocial.com/pt/
other Secondary Targets (read below)
website masspay.api.westernunion.com
website remoteaccess.westernunion.com
website secureauth.westernunion.com
website trackpayments.westernunion.com
website wuinsights.westernunion.com
website www.wuedge.com
website Centrify Privilege Service Portal
api *-dex.binance.org
website *.binance.org
other Binance Chain
website *.opsgeni.us
website app.opsgeni.us
website mobileapp.opsgeni.us
android Opsgenie (Android)
ios Opsgenie (IoS)
other Zilliqa testnet wallet (nucleus wallet) codebase (https://github.com/Zilliqa/nucleus-wallet)
website https://dev-wallet.zilliqa.com/
api api.cloudways.com
api developers.cloudways.com
website platform.cloudways.com
website 10x.redoxengine.com
website developer.redoxengine.com/
api testapp.redoxengine.com
website www.redoxengine.com/
website *.boomi.com/*
website *.dell.com/*
website *.dellemc.com/*
website *.delltechnologies.com/*
website *.emc.com/*
website *.rsa.com/*
android Dell EMC E-Lab Navigator (Android)
ios Dell EMC E-Lab Navigator (iOS)
android RSA Conference Mobile Application (Android) - see below for details
ios RSA Conference Mobile Application (iOS) - see below for details
website 10x.redoxengine.com
website developer.redoxengine.com/
api testapp.redoxengine.com
website https://www.rsaconference.com/
other github.com/jet/* repos that have security.md file defined
api Crypto layer (verification and validation of payloads (blocks, transactions))
api P2P Network API
api Public API V2
api Transaction Pool (accessible via Public API)
website *.trycaviar.com
android Caviar Android Mobile Application
ios Caviar iOS Mobile Application
website https://memotrader.com
website *.stackpath.com
website *.stackpath.net
website Any product/service offered by StackPath (CDN/DNS/WAF/etc)
website Any publicly facing host owned by StackPath - (ip space, domains, etc)
iot Arlo Ultra
website https://arlo-device.messaging.arlo.com
website https://my.arlo.com
website https://updates.arlo.com/arlo
other merchant.notjet.net
website *.certsy.com
website *.certsynonprod.com
website *.secureworks.com/*
website http://www.irobot.com
ios https://itunes.apple.com/us/app/irobot-home/id1012014442?mt=8
android https://play.google.com/store/apps/details?id=com.irobot.home
website https://store.irobot.com
hardware iRobot cloud-connected robot that you own (e.g., i7, 980, 960, 690, Braava, etc.)
other ATOM SDK
api api.purevpn.com
website https://my.purevpn.com
website https://support.purevpn.com
website https://www.purevpn.com
android SoundCloud Android Pulse
android SoundCloud Android app
ios SoundCloud iOS Pulse
ios SoundCloud iOS app
api api-deck.soundcloud.com
api api-mobi.soundcloud.com
api api-mobile-creators.soundcloud.com
api api-mobile.soundcloud.com
api api-partners.soundcloud.com
api api-v2.soundcloud.com
api api-widget.soundcloud.com
api api.soundcloud.com
website checkout.soundcloud.com
website developers.soundcloud.com
website m.soundcloud.com
website mobi.soundcloud.com
website secure.soundcloud.com
website soundcloud.com
other soundcloudmail.com
website w.soundcloud.com
website *.studiopress.com
website *.wpengine.io
website *.wpesvc.net
website my.wpengine.com
website wpengine.com
other Moonlet wallet Chrome extension (https://github.com/cryptolandtech/moonlet/releases)
other https://github.com/square/sudo_pair
hardware Cisco Meraki Z Series (Z1,Z3(C))
website secureworks.com/*
other Keeper Backend API (Keeper Commander)
other Keeper Desktop Application for Mac and PC
android Keeper Password Manager for Android
other Keeper Password Manager for BlackBerry
other Keeper Password Manager for Windows Mobile
other Keeper Password Manager for Windows Store
ios Keeper Password Manager for iOS
website Keeper Security Website (keepersecurity.com | .eu)
website KeeperChat Website (keeperchat.com | .eu)
android KeeperChat for Android
other KeeperChat for Mac
other KeeperChat for Windows
ios KeeperChat for iOS
other KeeperFill Browser Extension (Chrome, Safari, Firefox, Edge, IE)
website https://keepersecurity.com/en_US/console (Admin Console)
website https://keepersecurity.com/password-manager-free-trial.html (Keeper SSO Connect)
website https://keepersecurity.com/vault/
website https://keepersecurity.eu/console (Admin Console EU)
website https://keepersecurity.eu/vault
api api-curators.soundcloud.com
website spressforumstg.wpengine.com
website studiopress.blog
website https://keepersecurity.com/password-manager-free-trial.html (Keeper Enterprise Product)
ios RealSelf
website assets.realself.com
api auth.realself.com
api charon.realself.com
website ei.realself.com
website fi.realself.com
website i.realself.com
api kraken.realself.com
other log.realself.com
website realself.com
api search-faf.realself.com
api search.realself.com
other style.realself.com
website wwa.realself.com
website wwf.realself.com
website www.realself.com
api https://api.kennasecurity.com
website https://www.kennasecurity.com
website Core Priceless.com - demo.priceless.com
website Order placement on demo.priceless.com
api https://api.cloudinary.com
website https://cloudinary.com/console
api https://res.cloudinary.com
website widget.cloudinary.com
api https://batman-api.notjet.net/swagger
android Android application - https://play.google.com/store/apps/details?id=com.jet.jet.app&hl=en
ios iOS application - https://itunes.apple.com/us/app/jet-smartest-way-to-shop-save/id950022424?mt=8
other Algorand Golang SDK - https://github.com/algorand/go-algorand-sdk
other Algorand Java SDK - https://github.com/algorand/java-algorand-sdk
other Algorand JavaScript SDK - https://github.com/algorand/js-algorand-sdk
other Algorand Ledger App - https://github.com/algorand/ledger-app-algorand
other Algorand Node - https://github.com/algorand/go-algorand
other Algorand TestNet
other Any Algorand publicly facing property
other https://knox.beta.blendlabs.com
website https://app.ezesoftcloud.com/
website https://cdn.ezesoftcloud.com/
website https://t51r0.ezesoftcloud.com/
website https://tqqbf.ezesoftcloud.com/
website https://ws-prod.ezesoftcloud.com/
ios https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8
ios https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8
ios https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8
android https://play.google.com/store/apps/details?id=com.acn.uc&hl=en
android https://play.google.com/store/apps/details?id=com.acn.uconnectmobile&hl=en
android https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect
website www.driveuconnect.com
website www.driveuconnect.eu
other LastPass browser extensions (Chrome / Safari / Edge / Firefox)
other Local computer apps (UWP application / Windows installer (MSI))
website https://lastpass.com
website https://login.mailgun.com/
other Latest ZAP version (2.8.0)
website *.better.com
website api.better.com
website better.com/api
website https://devstaging.pcapcloud.com/*
api api*.soundcloud.com
api *dex.binance.org
ios https://apps.apple.com/us/app/confluence-server/id1288365159
android https://play.google.com/store/apps/details?id=com.atlassian.confluence.server
website donate.mastercard.com
website Bitbucket Cloud (https://bitbucket.org)
website https://staging-app.youneedabudget.com/
website Other youneedabudget.com domains not listed
website Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
website Jira Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
website DigitalOcean products associated with an account you created (e.g. droplets, load balancers, etc.)
other Barracuda CloudGen Firewall
other Barracuda Email Security Gateway
other Barracuda Web Security Gateway
website *.aips-internal.com
website *.aips-services.com
website https://my.wpengine.com
website *.healthifyme.com
website Any publicly facing asset owned by HealthifyMe (ip space, domains, etc)
ios https://itunes.apple.com/in/app/healthifyme-weight-loss-coach/id943712366?mt=8
android https://play.google.com/store/apps/details?id=com.healthifyme.basic&hl=en
website blog.isc2.org
other Confluence Server
other Jira Core Server
website Jira Service Desk Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
other Jira Service Desk Server
other Jira Software Server
website Confluence Premium - https://www.atlassian.com/software/confluence/premium
android Confluence Server Android App
ios Confluence Server iOS App
android Jira Server Android App
ios Jira Server iOS App
website http://shop.arlo.com/
website binance.je
other Binance Desktop Application
android Binance Mobile Application for Android
ios Binance Mobile Application for iOS
other Binance macOS Application
website binance.co.ug
website binance.sg
website *.myacademy.io
website *.naspers.com
website *.naspersventures.com
website *.prosus.com
website analytics.naspers.com
website brandportal.naspers.com
website conference.naspers.com
website conferences.naspers.com
website dashboard.naspers.com
website development.naspers.com
website drreporting.naspers.com
website ftp.naspers.com
website legal.naspers.com
website mymobility.naspers.com
website openline.naspers.com
website reporting.naspers.com
website secure.naspers.com
website testanalytics.naspers.com
website tms.naspers.com
website *.naspers.co
website *.naspers.co.in
website *.naspers.fr
website *.naspers.us
other Okta Agent Linux
other Okta Agent Windows
website bugcrowd-%username%-1.oktapreview.com
website bugcrowd-%username%-2.oktapreview.com
website https://id.atlassian.com/login
website binance.us
website Home.xfinity.com (see below)
android Xfinity Home Android mobile app
hardware Xfinity Home Starter Kit (see below)
iot Xfinity Home cameras
ios Xfinity Home iOS mobile app
api API keys originating from or accessing Cisco Meraki infrastructure
website Core Priceless.com - demo.priceless.com
website https://5one.mastercard.com
website https://Globalrisk.mastercard.com
website https://bezcenneniespodzianki.pl
website https://cashpickup.mastercard.com
website https://cocreation.mastercard.com
website https://global-learning.mastercard.com
website https://graphic.mastercard.com
website https://isencaoderolha.mastercard.com.br/
website https://mobilepartner.mastercard.com
website https://mpos.mastercard.com
website https://no-minimums.com.au
website https://pathway.mastercard.com
website https://pme.mastercard.com
website https://pricelessspecials.nl
website https://procurement.mastercard.com
website https://qkrguide.mastercard.com
website https://smartdatademo.mastercard.com
website https://tasteofpremium.jp
other Trello Desktop Client
android Trello Mobile App for Android
ios Trello Mobile App for iOS
api Java API Bucket
website PHP Bucket
website Vue+Express Bucket
website WP Bucket
website http://calculations.bigbank.fi/
website https://bank-link.bigbank.lt/
website https://ca.bigbank.eu/
website https://id-card.bigbank.ee/
website https://smart-id.bigbank.eu/
website *.ibotta.com
other Ibotta App Data & Memory
ios http://itunes.apple.com/us/app/ibotta/id559887125
android http://market.android.com/details?id=com.ibotta.android
api https://api.ibops.net
api https://api.ibotta.com
api https://api.int.ibops.net
api https://api.int.ibops.net/customer-loyalty-service
website https://backend.ibotta.com/
api https://content-server.ibotta.com/graphql
other 118.143.229.114 | China, Shenzhen | Hong Kong Internet | Juniper SRX240H2
other 12.207.197.2 | US, San Jose | San Jose ATT Internet | Juniper SRX240H2
other 12.207.197.44 | US, San Jose | ATT Internet | Cisco ASA5525
other 122.249.69.25 | Japan, Takao | Takao NTT Internet | Juniper SRX240H2
other 122.249.69.26 | Japan, Takao | Takao NTT Internet | Cisco ASA5515
other 14.21.44.66 | China, Shenzhen | China Telecom Internet | Juniper SRX550-645AP
other 14.21.44.71 | China, Shenzhen | China Telecom Internet | Cisco ASA5525
other 180.42.3.34 | Japan, Hachioji | Internet Firewall | Juniper SRX240H2
other 209.36.104.2 | US, San Jose-2 | ATT Internet | Cisco ASA5525
other 50.202.127.206 | US, San Jose | San Jose ComCast Internet | Juniper SRX240H2
other 50.226.10.2 | US, San Jose-2 | Comcast Internet | Cisco ASA5525
website https://acceptance.mastercard.com/
website https://acceptancematters.mastercard.com
website https://checkout.mastercard.com/
website https://citypossible.com
website https://cxresearch.mastercard.com
website https://debit.mastercard.com.au/
website https://digitalintel.mastercard.com
website https://eu.mastercard.com/a/az/qiymetsiz
website https://europe.priceless.com/
website https://europe.priceless.com/shb
website https://incontroldemo.mastercard.com/
website https://insideconnect.mastercard.com/
website https://investmentmojo.com/
website https://lacinnovation.mastercard.com/
website https://learning.mastercard.com/
website https://mastercard-lounge.cz/cz/
website https://mastercardbiz.com/
website https://news.mastercard.com/
website https://newsroom.mastercard.com/
website https://partners.mastercard.com/en-us/issuers/
website https://pl.priceless.com/
website https://priceless.com/aa/
website https://priceless.com/aviator/
website https://priceless.com/citiaadvantage/
website https://priceless.com/golf/
website https://pricelesssurprises.com/
website https://showcase.mastercard.com/login
website https://taptotokyo.com
website https://uk.mastercard.com/ucl
website https://ve.priceless.com/
website https://www.heforshe.mastercard.com/
website https://www.mastercardbiz.ca/
website https://www1.mastercard.com/
api https://api.ibops.net/ad-management
api https://test-pointclickcare.redoxengine.com
api https://testblob.redoxengine.com/upload
api https://testcarequality.redoxengine.com
api https://testclientcert.redoxengine.com
api https://testflatfileparser.redoxengine.com
api https://webhooks10x.redoxengine.com
api testftp.redoxengine.com
website api.convertkit.com
api app.convertkit.com
website el2.convertkit.com
website pages.convertkit.com
website ibotta.com
website app.gusto-demo.com
website https://gusto.com
website manage.gusto-demo.com
website https://gusto-demo.com
website http://ibotta.com
website https://learnscilla.com/
website Any publicly facing host owned by Etsy, including the below:
website blog.etsy.com
website community.etsy.com
website https://knox.beta.blendlabs.com
website https://send.blend.com/
api *-api.fitbit.com
api *-client.fitbit.com
hardware Fitbit Hardware Devices
website https://homesupport.irobot.com
website *.seek.com
iot Arlo Pro 3
other *.highwinds.com
other Any product/service offered by StackPath (CDN/DNS/WAF/etc)
other Any publicly facing host or service owned by StackPath - (ip space, domains, etc)
website https://mtf.mastercard.co.za/en-za.html
website *.bitdiscovery.com
website Any publicly facing asset of BitDiscovery (ASNs, domains, ip addresses, etc)
website assetinventory.bugcrowd.com
other https://github.com/binance-chain/bep3-deputy
other https://github.com/binance-chain/bep3-smartcontracts
other https://github.com/binance-chain/ledger-app-binance
other https://github.com/binance-chain/tss-lib
api https://api.lime.bike
ios https://apps.apple.com/us/app/lime-your-ride-anytime/id1199780189
api https://juicer.lime.bike
android https://play.google.com/store/apps/details?id=com.limebike&hl=en_US
api https://webviews.lime.bike
android Mastercard Receipt Management Android Application
ios Mastercard Receipt Management iOS Application
api https://stage.services.mastercard.com/dm/ugc/moderator/comment
api https://stage.services.mastercard.com/dm/ugc/moderator/comment/pending
api https://stage.services.mastercard.com/dm/ugc/user/comment
api https://stage.services.mastercard.com/dm/ugc/user/comment/dislike
api https://stage.services.mastercard.com/dm/ugc/user/comment/like
api https://stage.services.mastercard.com/dm/ugc/user/feedback
api https://stage.services.mastercard.com/dm/ugc/user/feedback?
api https://stage.services.mastercard.com/dm/ugc/user/reply
api https://stage.services.mastercard.com/dm/ugc/user/reply/dislike
api https://stage.services.mastercard.com/dm/ugc/user/reply/like
api https://stage.services.mastercard.com/dxp/captcha/generate
api https://stage.services.mastercard.com/dxp/form/submit
api https://stage.services.mastercard.com/dxp/offers/getofferdetails/774cc452-1f91-49d9-8a95-5c896ee70b63
api https://stage.services.mastercard.com/dxp/offers/getofferdetails/8e6a1d47-0489-4cd6-9263-b349b30b91fc
api https://stage.services.mastercard.com/dxp/search/dm-mccom
api https://stage.services.mastercard.com/dxp/send/email
api https://stage.services.mastercard.com/dxp/suggest/dm-mccom
api https://stage.services.mastercard.com/dxp/twitter/hashtag?hashtag=Priceless
api https://stage.services.mastercard.com/dxp/twitter/timeline?screenName=MastercardUK
other Confluence Companion App
website *.boozt.com
website *.booztlet.com
android Boozt Android App
ios Boozt iOS App
website https://admintool.lime.bike
api https://ops.lime.bike
api proxy-production.lime.bike
website https://contact-world.net
website https://developer.nexmo.com
website https://www.newvoicemedia.com
website https://www.nexmo.com/
website https://www.vonage.com
api *.lime.bike
website https://marketplace.atlassian.com
website *.comcast.com
website *.xfinity.com
website Flex - Xfinity hardware and services
hardware Internet - All devices, including Broadband Gateways
other Mobile Apps iOS and Android
website TV - Xfinity hardware and services
website Voice - Hardware and service
other Xfinity Home
website business.comcast.com/*
website *.opsgeni.us
android Opsgenie (Android)
ios Opsgenie (IoS)
website app.opsgeni.us
website mobileapp.opsgeni.us
other PureVPN Linux Application
other Latest ZAP version (2.9.0)
website https://www.zaproxy.org
other PureVPN DDWRT Router Applet
ios https://apps.apple.com/us/app/lime/id1199780189
android https://play.google.com/store/apps/details?id=com.limebike
api api.convertkit.com
website app.convertkit.com
other https://github.com/freedomofpress/securedrop-client
other https://github.com/freedomofpress/securedrop-debian-packaging
other https://github.com/freedomofpress/securedrop-export
other https://github.com/freedomofpress/securedrop-log
other https://github.com/freedomofpress/securedrop-proxy
other https://github.com/freedomofpress/securedrop-sdk
other https://github.com/freedomofpress/securedrop-workstation
api https://graphql.acorns.com
website https://help.acorns.com
android Pinterest Android Mobile Application
ios Pinterest iOS Mobile Application
website Any publicly accessible TripAdvisor web asset or host (domains, ip space, etc) - except for what’s explicitly listed as Out-of-Scope below
website Home.xfinity.com (see below)
website Internet.xfinity.com (see below)
android Xfinity Home Android mobile app
hardware Xfinity Home Starter Kit (see below)
iot Xfinity Home cameras
ios Xfinity Home iOS mobile app
android xFi Android mobile app
ios xFi iOS mobile app
website *-cvr-aws-*.sys.comcast.net
website *signalservice.comcast.net
website Internet.xfinity.com
api api.sc.xfinity.com
website oauth.xfinity.com
website orc-xfi.com
website siorc.xfinity.com
website smartinet.xfinity.com
website speedtest.xfinity.com
api xhomeapi-*.cloud.comcast.net
api xhomeapi-*.codebig2.net

target_out_of_scope

type target
other https://api.acorns.com
other https://dev-app.acorns.com
website *.agilebits.com
website arkoselabs.com
website status.arkoselabs.com
website *.bitbucket.io
website Any internal or development services.
website Any repository that you are not an owner of - do not impact Atlassian customers in any way.
website Third party add-ons from the marketplace are strictly excluded (vulnerabilities that exist within third party apps in any way) - we will pass on any vulnerabilities found, however they will not be eligible for bounty.
website bytebucket.org
website https://blog.bitbucket.org
website support.binance.com
website cloud.bitdefender.net
website community.bitdefender.com
website countrypartners.bitdefender.com
website dlab-box.bitdefender.net
website elearning.bitdefender.com
android Bitdefender Central (Android App)
ios Bitdefender Central (iOS App)
website https://central.bitdefender.com
website https://blend.com
website https://www.blend.com
website https://www.blendlabs.com
website https://a.bluejeans.com/
website https://community.bluejeans.com
website https://hub.bluejeans.com
website https://www-a.bluejeans.com/
website https://www-dev.bluejeans.com/
website blog.bugcrowd.com
website bounce.bugcrowd.com
website collateral.bugcrowd.com
website docs.bugcrowd.com
website email.bugcrowd.com
website email.forum.bugcrowd.com
website forum.bugcrowd.com
website go.bugcrowd.com
website pages.bugcrowd.com
website researcherdocs.bugcrowd.com
website www.bugcrowd.com
website Any Third Party Software Applications (Zendesk, etc)
api https://events.caffeine.tv/
website community.meraki.com
website developers.meraki.com
website meraki.cisco.com/form/contact
website merakipartners.com
website smhelp.meraki.com
other Sites and companies not owned by, maintained by, or under the control of Concur
website concurmobile.freshdesk.com
website forum.developer.concur.com
website help.expenseit.com
website http://store.hipmunk.com
website media.hipmunk.com
website sentry.hipmunk.com
website tmcservices.co.in
website www.concurinc.com
website www.tmcservices.net
website appsflyer.com
website crashlytics.com
website http://socialverification.creditkarma.com/
website http://socialverification.stage.creditkarma.com/
website https://www.creditkarma.com/all/advice
website https://www.creditkarma.com/article/*
website https://www.creditkarma.com/reviews/
website taplytics.com
website https://d-msg.com/
website http://foo.eero.com/
website https://myaccount.fanduel.com
website https://myaccountmobile.fanduel.com
other https://newsroom.fanduel.com
website https://www.sportsbook.fanduel.com/
website partners.fanduel.com
other m.driveuconnect.eu
website go-jek.com
website https://github.com/heroku/windmil
other *.getsidekick.com
other *.inbound.org
website https://brand.ai
website https://invisionapp.com/blog
website marketplace.invisionapp.com
website support.invisionapp.com
website trackduck.com
website Any Kenna Security customer subdomain not created by you
website https://blog.lastpass.com/
website https://enterprise.lastpass.com/
website https://forums.lastpass.com/
website https://helpdesk.lastpass.com/
website Any production asset of Moneytree KK (excepting the iOS app)
website moneytree.jp
website blog.overstock.com
website financehub.overstock.com
website help.overstock.com
website hotels.overstock.com
website investors.overstock.com
other miq.overstock.com
website snow.overstock.com
other *.purevpn.com
website www.purevpn.com
website All third party applications not under Simple's control.
website cmail.simple.com
website email.simple.com
website links.simple.com
website *.Sandboxie.com (including downloadable product)
other *.astaro-security.com
other *.astaroedu.com
website *.ddns.cyberoam.com
website *.releaseportal.cyberoam.com
website *.spotflux.com (including downloadable product)
website *eventreg.sophos.com
website app.reflexion.net
other autodiscover.hitmanpro.com
other lyncdiscover.hitmanpro.com
website mev.hitmanpro.com
other shop.hitmanpro.com
other sip.hitmanpro.com
other support.hitmanpro.com
website surveys.sophos.com
website tickets.reflexion.net
website *.sproutsocial.com/insights
website *.sproutsocial.com/wp-includes
other Anything that CNAMEs to a third party
website jobboard.sproutsocial.com
website pagely.sproutsocial.com
website sproutsocial.com/insights
website sproutsocial.com/wp-includes
website Any SolarCity property, including *.solarcity.com
website Any other third-party websites hosted by non-Tesla entities
website feedback.teslamotors.com
website ir.tesla.com
website ir.teslamotors.com
website mkto.teslamotors.com
website shop.eu.teslamotors.com
website e.trello.com
website help.trello.com
website trello-attachments.s3.amazonaws.com
website Any Third-party Services
other Any subdomain/domain/property not listed in the 'in scope' section, is out of scope.
website community.upwork.com
website support.upwork.com (Any vuln related to a support ticket)
website Any asset not listed above as 'In Scope'
other https://www.inmateservices.westernunion.com
website http://docs.youneedabudget.com/
website https://app.youneedabudget.com/
website https://forum.youneedabudget.com/
website https://documentation.mailgun.com
website https://www.mailgun.com/
website energysupport.tesla.com (you can report vulnerabilities to bugbounty.zoho.com)
website Any vulnerabilities found in Third-party software
api All Available Mastercard Developer APIs
website https://developer.mastercard.com
other Corporate Email (*@skyscanner.net)
website Subdomains (*.skyscanner.net/*)
website *.sandbox.directly.com/schedule-a-demo/* OR /product/* OR /careers/* OR /about/* OR /legal/* OR /trust/*
website resources.directly.com/*
website www.directly.com
website Heroku Customer Applications (*.herokuapp.com)
other LastPass Authenticator Windows Phone app
other Windows Phone app
other Lastpass cli tool
website *.dyn.telefonica.de
website https://mobilfunk.tchibo.de
website https://shop-fanseite.telefonica.de
website https://www.alditalk.de
website https://www.einfachprepaid.de
website https://www.think-big.org
website https://www.turkei-sim.de
website https://www.udldigital.de
website https://www.wayra.co.uk
website employeefeedback.tesla.com
other *.redshift.segment.com
other *.sql.segment.com
website community.segment.com
website segment.com/contact
website segment.com/jobs
website All Kurento domains
website All Third party hosted services, such as support.twilio.com are explicitly out of scope.
other Authy Desktop App
website Demo websites e.g. lab.authy.com
other TwimlBins
website Ytica and its assets
website store.twilio.com
website twiliotraining.com
website www.twilio.com/labs
website www.twilio.com/quest
website SendGrid and its Assets
other Zilliqa Wallet (testnet)
website *boards.cruisecritic.*
website *forums.cruisecritic.*
website messages.cruisecritic.*
website events.bugcrowd.com
ios Centrify iOS App
android Centrify Android App
other Centrify Browser Extension
api https://api.pentest.blendlabs.com/
hardware Cisco Meraki MC Phones
website community.binance.org
other Ops Genie Production (*.opsgenie.com, billing systems, third parties)
website community-staging.meraki.com
website https://rewardcircle.westernunion.com
api api.redoxengine.com
api candi.redoxengine.com
website dashboard.redoxengine.com
website www.redoxengine.com/support-request/
website https://jobs.lever.co/redoxengine/
website Opsgenie Production (*.opsgenie.com, billing systems, third parties)
website https://www.redoxengine.com/contact-us/
website https://www.redoxengine.com/support-request/
website *.cruisecritic.*/rollcall/entry_cl.cfm*
other Dell, Dell EMC and RSA products
website Sites not owned by, maintained by, or under the control of Dell
website Sites, applications, services and products that are not explicitly identified as “in scope”
website www.redoxengine.com/
api api.redoxengine.com
api candi.redoxengine.com
website dashboard.redoxengine.com
website https://jobs.lever.co/redoxengine/
website https://www.redoxengine.com/contact-us/
website https://www.redoxengine.com/support-request/
website www.redoxengine.com/
website www.redoxengine.com/support-request/
website https://www.cruisecritic.co.uk/rollcall/entry_cl.cfm.*
website https://www.cruisecritic.com.au/rollcall/entry_cl.cfm.*
website https://www.cruisecritic.com/rollcall/entry_cl.cfm.*
website AgileCraft and any Related Assets
website StackPath customer instances (e.g. *.stackpathdns.com)
website https://homesupport.irobot.com
website irobot.in
website advertising.soundcloud.com
website blog.soundcloud.com
website copyright.soundcloud.com
website help.soundcloud.com
website press.soundcloud.com
website soundcloudcommunity.com
website status.soundcloud.com
website wpengine.com/contact/
website Order placement on www.priceless.com
website www.priceless.com/golf
website www.priceless.com/standup
website www.priceless.com/travel
website community.soundcloud.com
other Studio
other https://redox.slack.com
website Any Kenna Security Platform Subdomain Not Created By You
website demo.priceless.com/golf
website demo.priceless.com/standup
website demo.priceless.com/travel
website https://support.cloudinary.com
website wiki.cloudinary.com
other Algorand MainNet
website Algorand.com
website Algorand.org
other Distributed denial of service
other Hosting Infrastructure of TestNet (AWS, Kubernetes, Other Participants, etc)
website https://algorand.foundation/
website https://support.logmeininc.com/lastpass
website Any asset not explicitly listed as 'In Scope' above is explicitly out of scope
android LastPass MFA Android App
ios LastPass MFA iOS app
website https://idaas.lastpass.com/
website Any domains from acquisitions, such as maxwell.com
other Any previous version of the desktop apps: YNAB 4, YNAB 3, YNAB Pro, YNAB Basic (Spreadsheet)
website https://docs.youneedabudget.com/
website https://support.youneedabudget.com
website https://isc2latamcongress.com
other https://vulnerability.isc2.org
other https://webportal.isc2.org
website safeandsecure.org
website behtarkhao.healthifyme.com
website feedback.tesla.com
other Heroku Stack Images
website Core Priceless.com - demo.priceless.com
website community.stage.upwork.com/
website community.stage.upwork.com
website *.opsgeni.us/devops*
iot 3rd Party Devices (known as Works with Xfinity)
website login.xfinity.com
api Customer API Keys
website Order placement on demo.priceless.com
website convertkit.com
website developers.convertkit.com
website help.convertkit.com
website *.gusto.com
website http://sampling.ibotta.com/
website docs.bugcrowd.com
website blog.isc2.org
other HipChat (inc. HipChat Data Center, HipChat Desktop, HipChat Mobile)
other Stride (inc. Stride Video, Stride Desktop, Stride Mobile)
api https://api.pentest.blendlabs.com/
website https://blend.com/
website https://paynow40.speedpay.com
website https://paynow7.speedpay.com/
website www.speedpay.com
website https://enterprise.magicleap.com/en/post-login#/signup
api https://backend.ibotta.com/duplicate_receipt_moderation
website https://homesupport.irobot.com/app/chat/chat_launch
website StackPath customer instances (e.g. *.stackpathdns.com, *.hwcdn.net)
website stage.upwork.com
website https://identity.lastpass.com/
website https://www.li.me
website payments.westernunion.com
website https://*.li.me
website https://help.li.me (zendesk)
website https://li.me (hubspot)
website community.fitbit.com
website fitbit.com/store
website help.fitbit.com
website store-*.fitbit.com
website https://nvmnetworks.com
website newvoicemedia.atlassian.net
website newvoicemedia.info
android newvoicemedia.mobi
website newvoicemedia.my.salesforce.com
website newvoicemedia.net
website nvmdevops.hipchat.com
website nvmtest.net
website https://dashboard.nexmo.com
other All Hipmunk assets are out of scope as this product line has been discontinued.
website *.opsgeni.us/devops*
website Opsgenie Production (*.opsgenie.com, billing systems, third parties)
website https://e.upwork.com/
website http://www.irobot.com
website https://store.irobot.com
other https://projects.invisionapp.com
website https://status.upwork.com/
other Social media hijacking
website *.cruisecritic.*/rollcall/entry_cl.cfm*
website *boards.cruisecritic.*
website *forums.cruisecritic.*
website https://www.cruisecritic.co.uk/rollcall/entry_cl.cfm.*
website https://www.cruisecritic.com.au/rollcall/entry_cl.cfm.*
website https://www.cruisecritic.com/rollcall/entry_cl.cfm.*
website messages.cruisecritic.*
iot 3rd Party Devices (known as Works with Xfinity)
website login.xfinity.com