Coinbase

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.cbhq.net URL high high high critical
*.coinbase.com URL high high high critical
54.175.255.192/27 CIDR high high high critical
com.coinbase.android GOOGLE_PLAY_APP_ID high high high critical
com.coinbase.ios APPLE_STORE_APP_ID high high high critical
Other - Please describe OTHER low low low medium
coinbase.com URL high high high critical
commerce.coinbase.com URL medium medium high critical
custody.coinbase.com URL high high high critical
org.toshi GOOGLE_PLAY_APP_ID low high high critical
org.toshi.distribution APPLE_STORE_APP_ID medium high high critical
paradex.io URL high high high critical
prime.coinbase.com URL high high high critical
pro.coinbase.com URL high high high critical
api.coinbase.com URL critical
com.coinbase.pro APPLE_STORE_APP_ID high high high critical
com.coinbase.pro GOOGLE_PLAY_APP_ID high high high critical
com.shiftpayments.shiftcard APPLE_STORE_APP_ID high high high critical
com.coinbase.wallite GOOGLE_PLAY_APP_ID critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
institutional.coinbase.com URL none
This domain is out of scope.
support.coinbase.com URL none
This domain is out of scope.
blog.coinbase.com URL none
developers.coinbase.com URL none
engineering.coinbase.com URL none
https://support.pro.coinbase.com/ URL none
status.coinbase.com URL none
*.blockspring.com URL none
N/A - Not Coinbase owned or operated OTHER none
This asset labelling is used to signal to a reporter that the asset in question is not owned or operated by Coinbase in any capacity.
custody.coinbase.com URL high high high none