Bugcrowd targets all

Filter

target_in_scope

project type target
other http://www.abacus.com?utm_source=bugcrowd&utm_medium=security
other Acorns for Android
other Acorns for iOS
other https://app.acorns.com
other https://client.acorns.com
website https://signup.acorns.com/
other <Account (Business, Family) signup page --> https://start.1password.com
other <White Box Test team --> https://bugcrowd-test.1password.com
other <Your own 1Password subdomain --> https://<your account domain>.1password.com/
other Level 3, please contact whitehat@arkoselabs.com for access
website dashboard.arkoselabs.com
other https://client-demo.arkoselabs.com/solo-animals
other https://client-demo.arkoselabs.com/stacked-animals
iot Arlo
api Arlo APIs
android Arlo Android App
iot Arlo Baby
iot Arlo Base Station
iot Arlo Bridge
iot Arlo Go
iot Arlo Pro
iot Arlo Pro 2
iot Arlo Q
iot Arlo Q+
iot Arlo Security Light
website Arlo Web App
ios Arlo iOS App
website https://arlo-device.messaging.netgear.com
website https://arlo.netgear.com
website https://updates.netgear.com/arlo
website https://www.arlo.com
other Any associated *.atlassian.io or *.atl-paas.net domain that can be exploited DIRECTLY from the *.atlassian.net instance
other Bamboo
website Bitbucket Pipelines (https://bitbucket.org/product/features/pipelines)
other Bitbucket Server
other Confluence
website Confluence (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
android Confluence Cloud Mobile App for Android
ios Confluence Cloud Mobile App for iOS
other Confluence Questions
website Confluence Team Calendars (https://www.atlassian.com/software/confluence/team-calendars)
other Crowd
other Crucible
other FishEye
other HipChat Data Center
other HipChat Desktop Client
other HipChat Mobile Client
website JIRA (bugbounty-test-<bugcrowd-name>.atlassian.net)
other JIRA Core
other JIRA Service Desk
website JIRA Service Desk (bugbounty-test-<bugcrowd-name>.atlassian.net)
other JIRA Software
android Jira Cloud Mobile App for Android
ios Jira Cloud Mobile App for iOS
other Jira Portfolio
other Other - (all other Atlassian targets)
other SourceTree (https://www.sourcetreeapp.com/)
other Stride (bugbounty-test-<bugcrowd-name>.atlassian.net)
other Stride Desktop Client
android Stride Mobile Application for Android
ios Stride Mobile Application for iOS
website https://admin.atlassian.com/atlassian-access
website https://bitbucket.org/
website https://stride.video/<your-video>
other Avira Free Antivirus (PC client side application)
other Avira Launcher Windows (PC client side application)
other Barracuda ADC
other Barracuda Firewall
other Barracuda Message Archiver
other Barracuda NG Firewall
other Barracuda SSLVPN
other Barracuda Spam & Virus Firewall
other Barracuda Web Application Firewall
other Barracuda Web Filter
website *.binance.com
api api.binance.com
website *.bitdefender.com
website *.bitdefender.net
other Bitdefender GravityZone Business Security
other Bitdefender Total Security 2017
iot Bitdefender BOX v2
api https://api.pentest.blendlabs.com/
other https://knox.blendlabs.com
website app.blockport.io
api app.blockport.io/api
website blockport.io
android BlueJeans Android Application
other BlueJeans Browser-based Web Meeting Clients
other BlueJeans Mac Client
other BlueJeans Windows Client
ios BlueJeans iOS Application
website https://a2m.bluejeans.com
api https://api.bluejeans.com/
website https://bluejeans.com/
other https://huddle.bluejeans.com
website https://primetime.bluejeans.com
other https://static.bluejeans.com/
website https://www.bluejeans.com/
api api.bugcrowd.com
website bugcrowd.com
website tracker.bugcrowd.com
ios Caffeine iOS Application
other caffeine-helper.x64.exe
other caffeine-helper.x86.exe
other caffeine.exe
api https://api.caffeine.tv/
website https://build.caffeine.tv/
api https://images.caffeine.tv/
api https://payments.caffeine.tv
website https://preview.caffeine.tv/
api https://realtime.caffeine.tv/
other https://static.caffeine.tv/
website https://www.caffeine.tv/
other Card Android Mobile Application
other Card iOS Mobile Application
other https://www.card.com
ios Centrify iOS App
other Centrify Agent for Windows
android Centrify Android App
other Centrify Browser Extension
other Centrify Cloud Connector
website Centrify Identity Service / Centrify Privilege Service Portals
api Centrify Service API
other Local Client Launcher
website https://www.centrify.com
website pod12.centrify.com
website pod23.centrify.com
website *.ikarem.io
website *.meraki.com
website *.network-auth.com
other Cisco Meraki Dashboard Mobile Application (iOS and Android)
hardware Cisco Meraki MC Phones
hardware Cisco Meraki MR Access Points
hardware Cisco Meraki MS Switches
hardware Cisco Meraki MV Security Cameras
hardware Cisco Meraki MX Security Appliances
other Cisco Meraki Systems Manager
other Cisco Meraki Virtual Security Appliances
website meraki.cisco.com
other All services officially provided by Concur are in scope and eligible for the responsible disclosure program, including mobile applications.
android Tripit Mobile Application: Android
ios Tripit Mobile Application: iOS
api Tripit Mobile Web Services/Public web services used by the Tripit Mobile applications: https://api.tripit.com/
website Tripit Teams: https://www.tripit.com/teams/
website Tripit Web Application: https://www.tripit.com
website https://m.tripit.com/
other All API SDKs
other All Constant Contact APIs - api.constantcontact.com
other All Constant Contact websites - *.constantcontact.com
other All Single Platform websites - *.singleplatform.com
other Constant Contact mobile applications [iOS and Android]
android Credit Karma Android Mobile Application
ios Credit Karma Canada iOS App
ios Credit Karma iOS Mobile Application
api api.creditkarma.com
website https://*.creditkarma.com
website https://accounts.creditkarma.com
website https://blog.creditkarma.com/
website https://help.creditkarma.com/
website https://tax.creditkarma.com
website https://www.creditkarma.ca/
other Dash Core
android Dash Wallet Mobile Application for Android
ios Dash Wallet Mobile Application for iOS
api *.digitaloceanspaces.com
api https://api.digitalocean.com
website https://cloud.digitalocean.com
api eero APIs
android eero Android Mobile Application
hardware eero Node
ios eero iOS Mobile Application
api Etsy API (see documentation below)
android Etsy Mobile Application (Android)
ios Etsy Mobile Application (iPhone)
website blog.etsy.com (payouts are half for this target, and do not include vulns in WP itself or its plugins)
api icht.etsysecure.com
website www.etsy.com
website *.fanduel.com
website *.fdbox.net
other FanDuel Android App
other FanDuel iOS App
website https://fanduel.design
other Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against
other https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8 (iOS)
other https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8
ios https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8 (iOS Ver. 3.1.3)
other https://play.google.com/store/apps/details?id=com.acn.uc&hl=en (Android)
other https://play.google.com/store/apps/details?id=com.acn.uconnectmobile&hl=en (Android)
android https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect (Android Ver. 3.1.3)
other www.driveuconnect.com
other www.driveuconnect.eu
android "Fitbit Coach" app for Android
other "Fitbit Coach" app for Windows 10 & Mobile
ios "Fitbit Coach" app for iOS
android "Fitbit" app for Android
other "Fitbit" app for Windows 10 & Mobile
ios "Fitbit" app for iOS
ios "Fitstar Yoga" app for iOS
other Fitbit Connect for MacOS & Windows
iot Fitbit Ionic
iot Fitbit OS
iot Fitbit Versa
website android-api.fitbit.com
website android-client.fitbit.com
website api.fitbit.com
website api.fitstar.com
website coach.fitbit.com
website corporate.fitbit.com
website desktop-api.fitbit.com
website desktop-client.fitbit.com
website dev.fitbit.com
website iphone-api.fitbit.com
website iphone-client.fitbit.com
website studio.fitbit.com
api web-api.fitbit.com
website www.fitbit.com
other Ford
other *-bugcrowd.foxycart.com (read below for details)
other api-sandbox.foxycart.com
other api.foxycart.com
other https://admin.foxycart.com
other https://foxycart-demo.foxycart.com
other https://github.com/freedomofpress/securedrop
api *.gojekapi.com
android GO-JEK Android
ios GO-JEK iOS
api api.gojek.co.id
other Testing the Bugcrowd platform
website www.bugcrowd.com
other Source code (excluding demo and deprecated repos) only available at github.com/heroku/
other Vulnerabilities which affect multi-tenant integrity of the Heroku Platform
website addons-next.heroku.com
website http://registry.heroku.com/
other http://status.heroku.com/
other https://addons.heroku.com
other https://api.heroku.com
other https://connect.heroku.com
other https://dashboard.heroku.com
other https://data.heroku.com
other https://dataclips.heroku.com
other https://devcenter.heroku.com
other https://elements.heroku.com
website https://git.heroku.com/
other https://help.heroku.com
other https://id.heroku.com
other https://longboard.hit.heroku.com
other https://provider.heroku.com
other https://signup.heroku.com
other https://telex.heroku.com/
other https://toolbelt.heroku.com
other https://www.heroku.com
website *.hs-sites.com
other *.hubapi.com
other *.hubspot.com
other *.hubspot.net
android HubSpot Mobile Application: Android
ios HubSpot Mobile Application: iOS
website growth.org
other https://www.humblebundle.com/
other *.indeed.com/*
other https://itunes.apple.com/us/app/job-search/id309735670?mt=8
other https://play.google.com/store/apps/details?id=com.indeed.android.jobsearch
other https://play.google.com/store/apps/details?id=com.indeed.androidemployers
other https://play.google.com/store/apps/details?id=com.indeed.jobsnearby&hl=en
other *.intercomassets.com / *.intercomcdn.com
android Android SDK
other https://api.intercom.io
other https://app.intercom.io/
ios iOS SDK
other Muz.li Browser Add-Ons (Chrome & Safari)
website https://freehand.invisionapp.com
website https://muz.li
other https://projects.invisionapp.com
website https://www.invisionapp.com
website https://community.isc2.org
website https://isc2latamcongress.com
website https://learn.isc2.org
other https://vulnerability.isc2.org
other https://webportal.isc2.org
other https://www.isc2.org
website iamcybersafe.org
website safeandsecure.org
other *.jet.com
other *.notjet.net
other Android application - https://play.google.com/store/apps/details?id=com.jet.jet.app&hl=en
api JET.com API
other https://merchant.qa.notjet.net/
other iOS application - https://itunes.apple.com/us/app/jet-smartest-way-to-shop-save/id950022424?mt=8
other Keeper Backend API (Keeper Commander)
other Keeper Desktop Application for Mac and PC
android Keeper Password Manager for Android
other Keeper Password Manager for BlackBerry
other Keeper Password Manager for Windows Mobile
other Keeper Password Manager for Windows Store
ios Keeper Password Manager for iOS
website Keeper Security Website (keepersecurity.com | .eu)
website KeeperChat Website (keeperchat.com | .eu)
android KeeperChat for Android
other KeeperChat for Mac
other KeeperChat for Windows
ios KeeperChat for iOS
other KeeperFill Browser Extension (Chrome, Safari, Firefox, Edge, IE)
other Any host verified to be owned by Kenna (domains/IP space/etc.)
website https://[your-subdomain].kennasecurity.com
android Android mobile app
android LastPass Authenticator Android app
other LastPass Authenticator Windows Phone app
ios LastPass Authenticator iOS app
other LastPass browser extensions
other Local computer apps, e.g. OS X App, Window App, Windows/Mac Installers
other Windows Phone app
other https://lastpass.com
ios iOS Mobile app
other Magento 1 CE & EE
other Magento 2 CE & EE
website developer.magento.com
website magento.com
website magentocommerce.com
website marketplace.magento.com
website repo.magento.com
website *.magicleap.com
api api.magicleap.com
website auth.magicleap.com
website creator.magicleap.com
website developer-content.magicleap.com
website developer-documentation.magicleap.com
website developer-static-1.magicleap.com
website id-static-1.magicleap.com
website id.magicleap.com
website www.magicleap.com
other Latest public release of LuminOS, ML1
website Core Priceless.com - www.priceless.com
website MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html
website MasterCard.ch - (German) - www.mastercard.ch/de-ch.html
website MasterCard.com.au - www.mastercard.com.au/en-au.html
website MasterCard.nl - www.mastercard.nl/nl-nl.html
website MasterCard.ru - www.mastercard.ru/ru-ru.html
website MasterCard.us - www.mastercard.us/en-us.html
website Simplify Commerce - www.simplify.com/commerce/
website https://d-msg.com/
ios Moneytree iOS Mobile Application (production; see below)
android Moneytree staging Android Mobile Application (see below)
website app-staging.getmoneytree.com
api au-api-staging.getmoneytree.com
api jp-api-staging.getmoneytree.com
api myaccount-staging.getmoneytree.com
website wwws-staging.moneytree.jp/link/
website wwws-staging.moneytree.jp/link/mobile/
website wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh
other Multicraft 2.1.0 - Linux 64bit (primary target) - see Access Information below
other Sample installation @ http://78.46.123.96/multicraft/index.php
other *.nflxext.com
other *.nflximg.net
other *.nflxvideo.net
android Netflix Mobile Application for Android
ios Netflix Mobile Application for iOS
other api*.netflix.com
other beacon.netflix.com
other customerevents.netflix.com
other dockhand.netflix.com
other help.netflix.com
other ichnaea.netflix.com
other nmtracking.netflix.com
other presentationtracking.netflix.com
other secure.netflix.com
other www.netflix.com
android Insight Android App
website Insight Cloud Portal
iot Insight Managed Smart Cloud Wireless Access Point
ios Insight iOS App
android Nighthawk Android App
iot Nighthawk Pro Gaming Router
iot Nighthawk Pro Gaming Switch
iot Nighthawk Router
iot Nighthawk Switch
ios Nighthawk iOS App
iot Orbi
android Orbi Android App
ios Orbi iOS App
api https://api.netgear.com
website https://updates.netgear.com
other Okta Browser Plugin (IE / Firefox / Chrome)
android Okta Mobile MDM (Android)
ios Okta Mobile MDM (iOS)
android Okta Verify (Android)
ios Okta Verify (iOS)
other bugcrowd-%username%-1.oktapreview.com
other bugcrowd-%username%-2.oktapreview.com
api https://api.optimizely.com/
website https://app.optimizely.com/
website https://cdn-pci.optimizely.com/
website https://cdn.optimizely.com/
website https://www.optimizely.com/
other *.overstock.com
other Overstock Android Mobile App
other Overstock iOS Mobile App
website cars.overstock.com
other https://api.overstock.com
website pets.overstock.com
website www.overstock.com
other https://github.com/OWASP/OWASPBugBounty/tree/master/CRSFGuard
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder/war-files
other https://github.com/OWASP/OWASPBugBounty/tree/master/JavaHTMLSanitizer/war-files
other Latest ZAP version (2.7.0)
other https://dashboard.pantheon.io
website *.pinterest.com
other Chrome extension (download at: chrome.google.com/webstore/detail/pinterest-save-button/gpdjojdkbbmdfjfahjcgigfpmkopogic?hl=en)
other Edge extension (download at: ms-windows-store://pdp/?productid=9nblggh4v89b )
other Firefox extension (download at: assets.pinterest.com/ext/Pinterest_Firefox.xpi)
other Open source projects listed at github.com/pinterest/
other Pinterest Android Mobile Application
other Pinterest Buyable Pins / eCommerce features
other Pinterest iOS Mobile Application
other Safari extension (download at: assets.pinterest.com/ext/Pinterest-Safari.safariextz)
api api.planethoster.net
website my.planethoster.com
website world.planethoster.net
website www.planethoster.com
android PureVPN Android App
other PureVPN Chrome Extension
other PureVPN DDwrt Applet
other PureVPN Firefox Extension
other PureVPN Kodi Add-on
other PureVPN Linux App
other PureVPN MAC App
other PureVPN Windows App
ios PureVPN iOS App
other https://www.sendsafely.com/
other *.simple.com
android Simple for Android
ios Simple for iOS
other https://api.smartsheet.com/1.1
other https://api.smartsheet.com/2.0
other https://app.smartsheet.com/
website SmartThings Graph Console
iot SmartThings Hub
android SmartThings Mobile Application for Android
ios SmartThings Mobile Application for iOS
api SmartThings Rest APIs
other https://opendata-demo.test-socrata.com
other https://opendata.test-socrata.com
other *.astaro-tech.com
other *.astaro.at
other *.astaro.ch
website *.astaro.com
other *.astaro.de
other *.astaro.info
other *.astaro.net
other *.astaro.org
website *.cyberoam.com
other *.fw-notify.net
other *.hitmanpro.com
other *.hitmanpro.nl
other *.mojave.net
other *.myastaro.com
other *.reflexion.net
other *.sophos.com
other *.surfright.nl
other *.who-is-using-me.com
other Invincea X NextGen Anti-Virus
other astaro.uservoice.com
website dev.phishthreat.com
android Sprout Social for Android
ios Sprout Social for iOS
website app.sproutsocial.com
api app.sproutsocial.com/api
website sproutsocial.com
website *.cash.me
website *.square.com
other *.squareup.com
android Cash App Mobile Application for Android
ios Cash App Mobile Application for iOS
android Square Point of Sale Mobile Application for Android
ios Square Point of Sale Mobile Application for iOS
other https://github.com/square/ghostunnel
other https://github.com/square/git-fastclone
other https://github.com/square/go-jose
other https://github.com/square/js-jose
other https://github.com/square/keysync
other https://github.com/square/keywhiz
other https://github.com/square/keywhiz-fs
other https://github.com/square/okhttp
other https://github.com/square/okio
other https://github.com/square/pam_krb_cache
other https://github.com/square/rails-auth
other https://github.com/square/retrofit
other https://github.com/square/squalor
other https://github.com/square/valet
other https://github.com/square/wire
website *.statuspage.io
website manage.statuspage.io
website *.tesla.cn
website *.tesla.com
website *.tesla.services
website *.teslamotors.com
hardware A hardware product that you own or are authorized to test against (Vehicle/PowerWall/etc.)
website Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.)
android Official Tesla Android apps
ios Official Tesla iOS apps
website *.trello.services
website api.trello.com
website trello.com
other *.authy.com
website *.twilio.com
other Any host/ web property verified to be owned by Twilio (domains/IP space/etc.)
api api.twilio.com
android Endomondo Android
ios Endomondo iOS
android MapMyFitness Android
ios MapMyFitness iOS
android MyFitnessPal Android
ios MyFitnessPal iOS
other UA Gemini Record Equipped running shoe that you own or have authorization to test
website UA HOVR Equipped running shoe that you own or have authorization to test
android UA Record Android
ios UA Record iOS
android UA Shop Android
ios UA Shop iOS
other api.myfitnesspal.com/v2/
other https://record.underarmour.com/
website https://www.endomondo.com/
other https://www.mapmyfitness.com
other https://www.mapmyride.com
other https://www.mapmyrun.com
other https://www.mapmywalk.com
other https://www.myfitnesspal.com
website https://www.underarmour.co.uk
website https://www.underarmour.com
other mapmyfitness.api.ua.com
other *.upwork.com
other Upwork - iOS and Android Applications
other Upwork Dash Messanger Desktop Version (www.upwork.com/downloads)
api https://www.upwork.com/api
android USAA Mobile Application for Android
ios USAA Mobile Application for iOS
website mobile.usaa.com
other partners.usaa.com
website www.usaa.com
other https://www.VolusionPenTest1.com
website http://globalpay.westernunion.com
website https://agentportal.westernunion.com
website https://auth.globalpay.westernunion.com
other https://cuba.westernunion.com
website https://ebanking.westernunionbank.com
other https://egypt.westernunion.com
website https://gpfi.globalpay.westernunion.com
other https://hk.westernunion.com
other https://india.westernunion.com
other https://jamaica.westernunion.com
other https://locations.westernunion.com
other https://m.westernunion.com
website https://paynow40.speedpay.com
website https://paynow7.speedpay.com/
other https://senegal.westernunion.com
other https://sg.westernunion.com
website https://westernunionbank.com
website https://wuagentportal.westernunion.com
other https://www.westernunion.at
other https://www.westernunion.be
other https://www.westernunion.ca
other https://www.westernunion.ch
other https://www.westernunion.co.nz
other https://www.westernunion.co.uk
other https://www.westernunion.com
other https://www.westernunion.com.au
other https://www.westernunion.de
other https://www.westernunion.dk
other https://www.westernunion.ee
other https://www.westernunion.es
other https://www.westernunion.fi
other https://www.westernunion.fr
other https://www.westernunion.gr
other https://www.westernunion.ie
other https://www.westernunion.it
other https://www.westernunion.lu
other https://www.westernunion.nl
other https://www.westernunion.no
other https://www.westernunion.pl
other https://www.westernunion.pt
other https://www.westernunion.se
other https://www2.westernunion.com
website iwgo.westernunion.com
website partnernet.westernunion.com
website payee.globalpay.westernunion.com
website payments.westernunion.com
website transvision.westernunion.com
website www.speedpay.com
website www.wuprepaid.de
website *.youneedabudget.com
website https://ynab-api-staging.herokuapp.com
website *.statuspage.io
website manage.statuspage.io
api https://api.mailgun.net
website https://app.mailgun.com
website https://signup.mailgun.com
website *.nflxext.com
website *.nflximg.net
website *.nflxvideo.net
api api*.netflix.com
website beacon.netflix.com
website customerevents.netflix.com
website dockhand.netflix.com
website help.netflix.com
website ichnaea.netflix.com
website nmtracking.netflix.com
website presentationtracking.netflix.com
website secure.netflix.com
website www.netflix.com
android Forge of Empires Mobile App (Andriod - via HockeyApp - see below for more details)
ios Forge of Empires Mobile App (iOS - via HockeyApp - see below for more details)
website xs.forgeofempires.com
website xs0.forgeofempires.com
website xs1.forgeofempires.com
website *.igpayment.com
website *.innogames.com
website *.innogames.de
android IOTA Android Client
other IOTA Desktop Client (all Operating Systems)
ios IOTA iOS Client
other Barracuda ADC
other Barracuda Firewall
other Barracuda Message Archiver
other Barracuda NG Firewall
other Barracuda SSLVPN
other Barracuda Spam & Virus Firewall
other Barracuda Web Application Firewall
other Barracuda Web Filter
website katim.com
website www.darkmatter.ae
website xen1thlabs.com
website http://agenttraining.westernunion.com
website https://business.westernunion.com/
website https://foundation.westernunion.com
website https://paymentstatus.westernunion.com
website https://particleboard.heroku.com
website https://developer.mastercard.com
android Skyscanner Android App
ios Skyscanner iOS App
api gateway.skyscanner.net/*
website partnerportal.skyscanner.net/*
website skyscanner.net/*
website *.sandbox.directly.com/
website app.sandbox.directly.com
website http://directly.github.io/demosite/qa/rtm/sandbox.html
website https://sandbox.directly.com/dashboard/index
website *.flex.twilio.com
website corporate.westernunion.com
website https://partners.westernunion.com
website secure.westernunion.com
website wucare.westernunion.com
other *.rtcdn.caffeine.tv
website *.alditalk-kundenbetreuung.de
website *.ayyildiz.de
website *.base.de
website *.blau.de
website *.fonic-mobile.de
website *.fonic.de
website *.geeny.io
website *.k-classic-mobil.de
website *.mediamarkt.o2service.de
website *.mein.aetkasmart.de
website *.mein.simfinity.de
website *.minodes.com
website *.nettokom.de
website *.netzclub.net
website *.next.telefonica.de
website *.norma-mobil.de
website *.o2.de
website *.o2online.de
website *.onlineservice.o2business.de
website *.ortelmobile.de
website *.saturn.o2service.de
website *.sim-karte-aktivierung.blauworld.de
website *.telefonica.de
website *.whatsappsim.de
other Bitdefender Total Security 2019
website https://online.westernunion.com/mp.en/pages/loginform.aspx
website https://onlinefx.westernunion.com/
website https://rewardcircle.westernunion.com
website https://www.wuprepaid.at/
website Any publicly accessible TripAdvisor web asset or host (domains, ip space, etc) - except for what’s explicitly listed as Out-of-Scope below
android Western Union Android app (link below)
ios Western Union iOS app (link below)
website https://butlerfortrello.com/
api *.jobapi.io
api *.jobapi.net
website *.myseek.xyz
website *.outfra.xyz
website *.seek.com.au
website *.skinfra.xyz
api *.sol-data.com
other Seek iOS and Android mobile applications
other https://seekcdn.com
website *.o2service.de
website https://www.einfachprepaid.de
website *.einfachprepaid.de
website *.epos.vertriebspartner.de.o2.com
website *.o2business.de
website *.o2spin.de
website *.turkei-sim.de
website https://vertriebspartner.de.o2.com/partos
website community.etsy.com (payouts are half for this target)
website Any host / web property verified to be owned by Segment (domains/IP space/etc.)
other Source code of Website, Mobile, or Server Libraries (https://segment.com/docs/sources/)
api api.segment.io
website app.segment.com
website skyscanner.net/hotels/book/*
other *.sip.*.twilio.com
android Authy Android Application
ios Authy iOS Application
api Twilio APIs
other Twilio CDNs (static*.twilio.com)
other Twilio Helper Libraries
other Twilio WebRTC Client
other Twilio Wireless
website build.twilio.com
other tsock.us1.twilio.com
website *.speedpay.*
website *.westernunion.*
other Any host or verified to be owned by Western Union (domains/IP space/etc.)
other Moonlet wallet Chrome extension (https://github.com/cryptolandtech/moonlet/releases/tag/v0.3.0)
other Moonlet-core JS library (https://github.com/cryptolandtech/moonlet-core/releases/tag/v0.0.1)
other The Zilliqa codebase and local testnet (https://github.com/Zilliqa/Zilliqa)
other The savant-ide codebase (https://github.com/Zilliqa/savant-ide)
other The scilla codebase and local testnet (https://github.com/Zilliqa/scilla)
api Zilliqa Javascript library (https://github.com/Zilliqa/Zilliqa-JavaScript-Library)
other Zilliqa Wallet (testnet)
website https://savant-ide.zilliqa.com
website *.zynga.com
website *.zyngagames.com
android Zynga branded games - Android
other Zynga branded games - Windows
ios Zynga branded games - ioS
android Mein O2 Android Application
ios Mein O2 iOS Application
android O2 Business Android Application
ios O2 Business iOS Application
android PartOS Android Application
ios PartOS iOS Application
website downloads.sproutsocial.com
website getbambu.com
website media.sproutsocial.com
website simplymeasured.com
website sproutsocial.com/adapt/
website sproutsocial.com/es/
website sproutsocial.com/insights
api sproutsocial.com/mktapi
website sproutsocial.com/pt/
other Secondary Targets (read below)
website masspay.api.westernunion.com
website remoteaccess.westernunion.com
website secureauth.westernunion.com
website trackpayments.westernunion.com
website wuinsights.westernunion.com
website www.wuedge.com
website Centrify Privilege Service Portal
api *-dex.binance.org
website *.binance.org
other Binance Chain
website *.opsgeni.us
website app.opsgeni.us
website mobileapp.opsgeni.us
android Opsgenie (Android)
ios Opsgenie (IoS)
other Zilliqa testnet wallet (nucleus wallet) codebase (https://github.com/Zilliqa/nucleus-wallet)
website https://dev-wallet.zilliqa.com/
api api.cloudways.com
api developers.cloudways.com
website platform.cloudways.com
website 10x.redoxengine.com
website developer.redoxengine.com/
api testapp.redoxengine.com
website www.redoxengine.com/
website *.boomi.com/*
website *.dell.com/*
website *.dellemc.com/*
website *.delltechnologies.com/*
website *.emc.com/*
website *.rsa.com/*
android Dell EMC E-Lab Navigator (Android)
ios Dell EMC E-Lab Navigator (iOS)
android RSA Conference Mobile Application (Android) - see below for details
ios RSA Conference Mobile Application (iOS) - see below for details
website 10x.redoxengine.com
website developer.redoxengine.com/
api testapp.redoxengine.com
website https://www.rsaconference.com/
other github.com/jet/* repos that have security.md file defined
api Crypto layer (verification and validation of payloads (blocks, transactions))
api P2P Network API
api Public API V2
api Transaction Pool (accessible via Public API)
website *.trycaviar.com
android Caviar Android Mobile Application
ios Caviar iOS Mobile Application
website https://memotrader.com
website *.stackpath.com
website *.stackpath.net
website Any product/service offered by StackPath (CDN/DNS/WAF/etc)
website Any publicly facing host owned by StackPath - (ip space, domains, etc)
iot Arlo Ultra
website https://arlo-device.messaging.arlo.com
website https://my.arlo.com
website https://updates.arlo.com/arlo
other merchant.notjet.net
website *.certsy.com
website *.certsynonprod.com
website *.secureworks.com/*
website http://www.irobot.com
ios https://itunes.apple.com/us/app/irobot-home/id1012014442?mt=8
android https://play.google.com/store/apps/details?id=com.irobot.home
website https://store.irobot.com
hardware iRobot cloud-connected robot that you own (e.g., i7, 980, 960, 690, Braava, etc.)
other ATOM SDK
api api.purevpn.com
website https://my.purevpn.com
website https://support.purevpn.com
website https://www.purevpn.com
android SoundCloud Android Pulse
android SoundCloud Android app
ios SoundCloud iOS Pulse
ios SoundCloud iOS app
api api-deck.soundcloud.com
api api-mobi.soundcloud.com
api api-mobile-creators.soundcloud.com
api api-mobile.soundcloud.com
api api-partners.soundcloud.com
api api-v2.soundcloud.com
api api-widget.soundcloud.com
api api.soundcloud.com
website checkout.soundcloud.com
website developers.soundcloud.com
website m.soundcloud.com
website mobi.soundcloud.com
website secure.soundcloud.com
website soundcloud.com
other soundcloudmail.com
website w.soundcloud.com
website *.studiopress.com
website *.wpengine.io
website *.wpesvc.net
website my.wpengine.com
website wpengine.com
other Moonlet wallet Chrome extension (https://github.com/cryptolandtech/moonlet/releases)
other https://github.com/square/sudo_pair
hardware Cisco Meraki Z Series (Z1,Z3(C))
website secureworks.com/*
other Keeper Backend API (Keeper Commander)
other Keeper Desktop Application for Mac and PC
android Keeper Password Manager for Android
other Keeper Password Manager for BlackBerry
other Keeper Password Manager for Windows Mobile
other Keeper Password Manager for Windows Store
ios Keeper Password Manager for iOS
website Keeper Security Website (keepersecurity.com | .eu)
website KeeperChat Website (keeperchat.com | .eu)
android KeeperChat for Android
other KeeperChat for Mac
other KeeperChat for Windows
ios KeeperChat for iOS
other KeeperFill Browser Extension (Chrome, Safari, Firefox, Edge, IE)
website https://keepersecurity.com/en_US/console (Admin Console)
website https://keepersecurity.com/password-manager-free-trial.html (Keeper SSO Connect)
website https://keepersecurity.com/vault/
website https://keepersecurity.eu/console (Admin Console EU)
website https://keepersecurity.eu/vault
api api-curators.soundcloud.com
website spressforumstg.wpengine.com
website studiopress.blog
website https://keepersecurity.com/password-manager-free-trial.html (Keeper Enterprise Product)
ios RealSelf
website assets.realself.com
api auth.realself.com
api charon.realself.com
website ei.realself.com
website fi.realself.com
website i.realself.com
api kraken.realself.com
other log.realself.com
website realself.com
api search-faf.realself.com
api search.realself.com
other style.realself.com
website wwa.realself.com
website wwf.realself.com
website www.realself.com
api https://api.kennasecurity.com
website https://www.kennasecurity.com
website Core Priceless.com - demo.priceless.com
website Order placement on demo.priceless.com
api https://api.cloudinary.com
website https://cloudinary.com/console
api https://res.cloudinary.com
website widget.cloudinary.com
api https://batman-api.notjet.net/swagger
android Android application - https://play.google.com/store/apps/details?id=com.jet.jet.app&hl=en
ios iOS application - https://itunes.apple.com/us/app/jet-smartest-way-to-shop-save/id950022424?mt=8
other Algorand Golang SDK - https://github.com/algorand/go-algorand-sdk
other Algorand Java SDK - https://github.com/algorand/java-algorand-sdk
other Algorand JavaScript SDK - https://github.com/algorand/js-algorand-sdk
other Algorand Ledger App - https://github.com/algorand/ledger-app-algorand
other Algorand Node - https://github.com/algorand/go-algorand
other Algorand TestNet
other Any Algorand publicly facing property
other https://knox.beta.blendlabs.com
website https://app.ezesoftcloud.com/
website https://cdn.ezesoftcloud.com/
website https://t51r0.ezesoftcloud.com/
website https://tqqbf.ezesoftcloud.com/
website https://ws-prod.ezesoftcloud.com/
ios https://itunes.apple.com/gb/app/uconnect-live/id881830261?mt=8
ios https://itunes.apple.com/pl/app/panda-uconnect/id1117321678?mt=8
ios https://itunes.apple.com/us/app/uconnect/id1229236724?mt=8
android https://play.google.com/store/apps/details?id=com.acn.uc&hl=en
android https://play.google.com/store/apps/details?id=com.acn.uconnectmobile&hl=en
android https://play.google.com/store/apps/details?id=com.fcagroup.us.uconnect
website www.driveuconnect.com
website www.driveuconnect.eu
other LastPass browser extensions (Chrome / Safari / Edge / Firefox)
other Local computer apps (UWP application / Windows installer (MSI))
website https://lastpass.com
website https://login.mailgun.com/
other Latest ZAP version (2.8.0)
website *.better.com
website api.better.com
website better.com/api
website https://devstaging.pcapcloud.com/*
api api*.soundcloud.com
api *dex.binance.org
ios https://apps.apple.com/us/app/confluence-server/id1288365159
android https://play.google.com/store/apps/details?id=com.atlassian.confluence.server
website donate.mastercard.com
website Bitbucket Cloud (https://bitbucket.org)
website https://staging-app.youneedabudget.com/
website Other youneedabudget.com domains not listed
website Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
website Jira Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
website DigitalOcean products associated with an account you created (e.g. droplets, load balancers, etc.)
other Barracuda CloudGen Firewall
other Barracuda Email Security Gateway
other Barracuda Web Security Gateway
website *.aips-internal.com
website *.aips-services.com
website https://my.wpengine.com
website *.healthifyme.com
website Any publicly facing asset owned by HealthifyMe (ip space, domains, etc)
ios https://itunes.apple.com/in/app/healthifyme-weight-loss-coach/id943712366?mt=8
android https://play.google.com/store/apps/details?id=com.healthifyme.basic&hl=en
website blog.isc2.org
other Confluence Server
other Jira Core Server
website Jira Service Desk Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
other Jira Service Desk Server
other Jira Software Server
website Confluence Premium - https://www.atlassian.com/software/confluence/premium
android Confluence Server Android App
ios Confluence Server iOS App
android Jira Server Android App
ios Jira Server iOS App
website http://shop.arlo.com/
website binance.je
other Binance Desktop Application
android Binance Mobile Application for Android
ios Binance Mobile Application for iOS
other Binance macOS Application
website binance.co.ug
website binance.sg
website *.myacademy.io
website *.naspers.com
website *.naspersventures.com
website *.prosus.com
website analytics.naspers.com
website brandportal.naspers.com
website conference.naspers.com
website conferences.naspers.com
website dashboard.naspers.com
website development.naspers.com
website drreporting.naspers.com
website ftp.naspers.com
website legal.naspers.com
website mymobility.naspers.com
website openline.naspers.com
website reporting.naspers.com
website secure.naspers.com
website testanalytics.naspers.com
website tms.naspers.com
website *.naspers.co
website *.naspers.co.in
website *.naspers.fr
website *.naspers.us
other Okta Agent Linux
other Okta Agent Windows
website bugcrowd-%username%-1.oktapreview.com
website bugcrowd-%username%-2.oktapreview.com
website https://id.atlassian.com/login
website binance.us
website Home.xfinity.com (see below)
android Xfinity Home Android mobile app
hardware Xfinity Home Starter Kit (see below)
iot Xfinity Home cameras
ios Xfinity Home iOS mobile app
api API keys originating from or accessing Cisco Meraki infrastructure
website Core Priceless.com - demo.priceless.com
website https://5one.mastercard.com
website https://Globalrisk.mastercard.com
website https://bezcenneniespodzianki.pl
website https://cashpickup.mastercard.com
website https://cocreation.mastercard.com
website https://global-learning.mastercard.com
website https://graphic.mastercard.com
website https://isencaoderolha.mastercard.com.br/
website https://mobilepartner.mastercard.com
website https://mpos.mastercard.com
website https://no-minimums.com.au
website https://pathway.mastercard.com
website https://pme.mastercard.com
website https://pricelessspecials.nl
website https://procurement.mastercard.com
website https://qkrguide.mastercard.com
website https://smartdatademo.mastercard.com
website https://tasteofpremium.jp
other Trello Desktop Client
android Trello Mobile App for Android
ios Trello Mobile App for iOS
api Java API Bucket
website PHP Bucket
website Vue+Express Bucket
website WP Bucket
website http://calculations.bigbank.fi/
website https://bank-link.bigbank.lt/
website https://ca.bigbank.eu/
website https://id-card.bigbank.ee/
website https://smart-id.bigbank.eu/
website *.ibotta.com
other Ibotta App Data & Memory
ios http://itunes.apple.com/us/app/ibotta/id559887125
android http://market.android.com/details?id=com.ibotta.android
api https://api.ibops.net
api https://api.ibotta.com
api https://api.int.ibops.net
api https://api.int.ibops.net/customer-loyalty-service
website https://backend.ibotta.com/
api https://content-server.ibotta.com/graphql
other 118.143.229.114 | China, Shenzhen | Hong Kong Internet | Juniper SRX240H2
other 12.207.197.2 | US, San Jose | San Jose ATT Internet | Juniper SRX240H2
other 12.207.197.44 | US, San Jose | ATT Internet | Cisco ASA5525
other 122.249.69.25 | Japan, Takao | Takao NTT Internet | Juniper SRX240H2
other 122.249.69.26 | Japan, Takao | Takao NTT Internet | Cisco ASA5515
other 14.21.44.66 | China, Shenzhen | China Telecom Internet | Juniper SRX550-645AP
other 14.21.44.71 | China, Shenzhen | China Telecom Internet | Cisco ASA5525
other 180.42.3.34 | Japan, Hachioji | Internet Firewall | Juniper SRX240H2
other 209.36.104.2 | US, San Jose-2 | ATT Internet | Cisco ASA5525
other 50.202.127.206 | US, San Jose | San Jose ComCast Internet | Juniper SRX240H2
other 50.226.10.2 | US, San Jose-2 | Comcast Internet | Cisco ASA5525
website https://acceptance.mastercard.com/
website https://acceptancematters.mastercard.com
website https://checkout.mastercard.com/
website https://citypossible.com
website https://cxresearch.mastercard.com
website https://debit.mastercard.com.au/
website https://digitalintel.mastercard.com
website https://eu.mastercard.com/a/az/qiymetsiz
website https://europe.priceless.com/
website https://europe.priceless.com/shb
website https://incontroldemo.mastercard.com/
website https://insideconnect.mastercard.com/
website https://investmentmojo.com/
website https://lacinnovation.mastercard.com/
website https://learning.mastercard.com/
website https://mastercard-lounge.cz/cz/
website https://mastercardbiz.com/
website https://news.mastercard.com/
website https://newsroom.mastercard.com/
website https://partners.mastercard.com/en-us/issuers/
website https://pl.priceless.com/
website https://priceless.com/aa/
website https://priceless.com/aviator/
website https://priceless.com/citiaadvantage/
website https://priceless.com/golf/
website https://pricelesssurprises.com/
website https://showcase.mastercard.com/login
website https://taptotokyo.com
website https://uk.mastercard.com/ucl
website https://ve.priceless.com/
website https://www.heforshe.mastercard.com/
website https://www.mastercardbiz.ca/
website https://www1.mastercard.com/
api https://api.ibops.net/ad-management
api https://test-pointclickcare.redoxengine.com
api https://testblob.redoxengine.com/upload
api https://testcarequality.redoxengine.com
api https://testclientcert.redoxengine.com
api https://testflatfileparser.redoxengine.com
api https://webhooks10x.redoxengine.com
api testftp.redoxengine.com
website api.convertkit.com
api app.convertkit.com
website el2.convertkit.com
website pages.convertkit.com
website ibotta.com
website app.gusto-demo.com
website https://gusto.com
website manage.gusto-demo.com
website https://gusto-demo.com
website http://ibotta.com
website https://learnscilla.com/
website Any publicly facing host owned by Etsy, including the below:
website blog.etsy.com
website community.etsy.com
website https://knox.beta.blendlabs.com
website https://send.blend.com/
api *-api.fitbit.com
api *-client.fitbit.com
hardware Fitbit Hardware Devices
website https://homesupport.irobot.com
website *.seek.com
iot Arlo Pro 3
other *.highwinds.com
other Any product/service offered by StackPath (CDN/DNS/WAF/etc)
other Any publicly facing host or service owned by StackPath - (ip space, domains, etc)
website https://mtf.mastercard.co.za/en-za.html
website *.bitdiscovery.com
website Any publicly facing asset of BitDiscovery (ASNs, domains, ip addresses, etc)
website assetinventory.bugcrowd.com
other https://github.com/binance-chain/bep3-deputy
other https://github.com/binance-chain/bep3-smartcontracts
other https://github.com/binance-chain/ledger-app-binance
other https://github.com/binance-chain/tss-lib
api https://api.lime.bike
ios https://apps.apple.com/us/app/lime-your-ride-anytime/id1199780189
api https://juicer.lime.bike
android https://play.google.com/store/apps/details?id=com.limebike&hl=en_US
api https://webviews.lime.bike
android Mastercard Receipt Management Android Application
ios Mastercard Receipt Management iOS Application
api https://stage.services.mastercard.com/dm/ugc/moderator/comment
api https://stage.services.mastercard.com/dm/ugc/moderator/comment/pending
api https://stage.services.mastercard.com/dm/ugc/user/comment
api https://stage.services.mastercard.com/dm/ugc/user/comment/dislike
api https://stage.services.mastercard.com/dm/ugc/user/comment/like
api https://stage.services.mastercard.com/dm/ugc/user/feedback
api https://stage.services.mastercard.com/dm/ugc/user/feedback?
api https://stage.services.mastercard.com/dm/ugc/user/reply
api https://stage.services.mastercard.com/dm/ugc/user/reply/dislike
api https://stage.services.mastercard.com/dm/ugc/user/reply/like
api https://stage.services.mastercard.com/dxp/captcha/generate
api https://stage.services.mastercard.com/dxp/form/submit
api https://stage.services.mastercard.com/dxp/offers/getofferdetails/774cc452-1f91-49d9-8a95-5c896ee70b63
api https://stage.services.mastercard.com/dxp/offers/getofferdetails/8e6a1d47-0489-4cd6-9263-b349b30b91fc
api https://stage.services.mastercard.com/dxp/search/dm-mccom
api https://stage.services.mastercard.com/dxp/send/email
api https://stage.services.mastercard.com/dxp/suggest/dm-mccom
api https://stage.services.mastercard.com/dxp/twitter/hashtag?hashtag=Priceless
api https://stage.services.mastercard.com/dxp/twitter/timeline?screenName=MastercardUK
other Confluence Companion App
website *.boozt.com
website *.booztlet.com
android Boozt Android App
ios Boozt iOS App
website https://admintool.lime.bike
api https://ops.lime.bike
api proxy-production.lime.bike
website https://contact-world.net
website https://developer.nexmo.com
website https://www.newvoicemedia.com
website https://www.nexmo.com/
website https://www.vonage.com
api *.lime.bike
website https://marketplace.atlassian.com
website *.comcast.com
website *.xfinity.com
website Flex - Xfinity hardware and services
hardware Internet - All devices, including Broadband Gateways
other Mobile Apps iOS and Android
website TV - Xfinity hardware and services
website Voice - Hardware and service
other Xfinity Home
website business.comcast.com/*
website *.opsgeni.us
android Opsgenie (Android)
ios Opsgenie (IoS)
website app.opsgeni.us
website mobileapp.opsgeni.us
other PureVPN Linux Application
other Latest ZAP version (2.9.0)
website https://www.zaproxy.org
other PureVPN DDWRT Router Applet
ios https://apps.apple.com/us/app/lime/id1199780189
android https://play.google.com/store/apps/details?id=com.limebike
api api.convertkit.com
website app.convertkit.com
other https://github.com/freedomofpress/securedrop-client
other https://github.com/freedomofpress/securedrop-debian-packaging
other https://github.com/freedomofpress/securedrop-export
other https://github.com/freedomofpress/securedrop-log
other https://github.com/freedomofpress/securedrop-proxy
other https://github.com/freedomofpress/securedrop-sdk
other https://github.com/freedomofpress/securedrop-workstation
api https://graphql.acorns.com
website https://help.acorns.com
android Pinterest Android Mobile Application
ios Pinterest iOS Mobile Application
website Any publicly accessible TripAdvisor web asset or host (domains, ip space, etc) - except for what’s explicitly listed as Out-of-Scope below
website Home.xfinity.com (see below)
website Internet.xfinity.com (see below)
android Xfinity Home Android mobile app
hardware Xfinity Home Starter Kit (see below)
iot Xfinity Home cameras
ios Xfinity Home iOS mobile app
android xFi Android mobile app
ios xFi iOS mobile app
website *-cvr-aws-*.sys.comcast.net
website *signalservice.comcast.net
website Internet.xfinity.com
api api.sc.xfinity.com
website oauth.xfinity.com
website orc-xfi.com
website siorc.xfinity.com
website smartinet.xfinity.com
website speedtest.xfinity.com
api xhomeapi-*.cloud.comcast.net
api xhomeapi-*.codebig2.net
website app.files.com
api files.com
other files.com Desktop Application
website www.files.com
website your-assigned-subdomain.files.com
iot Arlo Video Doorbell
android Android Viator Tours & Activities App
website http://www.viator.com
website https://supplier.viator.com/
api https://viatorapi.viator.com/service/directory
website https://www.partner.viator.com/en/8878
api https://www.toursgds.com/
api https://www.toursgds.com/SupplierService?wsdl
api https://www.toursgds.com/ToursGdsService?wsdl
ios iOS Viator Tours & Activities App
website zynga.com
website zyngagames.com
website https://airflow.limeinternal.com
website https://data-staging.limeinternal.com
website https://data.limeinternal.com
website https://golden-airflow.limeinternal.com
website https://ml-flower-staging.limeinternal.com
website https://ml-flower.limeinternal.com
website https://ml-prod.limeinternal.com
website https://ml-staging.limeinternal.com
website https://orchard.limeinternal.com
website https://tab.limeinternal.com
website *.upwork.com
android Upwork - Android Application
ios Upwork - iOS Application
hardware Upwork Dash Messanger Desktop Version (www.upwork.com/downloads)
website *.limeinternal.com
website www.aboutcookies.org
website www.eupatentsmatter.com
website www.hh1.uk
website www.pinsentmasonsvario.com
website Support.cloudways.com
website www.cloudways.com
website *.citymeal.com
website *.lieferando.at
website *.lieferando.de
website *.pyszne.pl
website *.scoober.com
website *.takeaway.com
website *.thuisbezorgd.nl
website *.yourdelivery.de
ios https://itunes.apple.com/us/app/lieferando-de/id419724490?l=es&mt=8
android https://play.google.com/store/apps/details?id=com.yopeso.lieferando&hl=en_US
api restaurant-api.takeaway.com
website https://www.partners.viator.com
other Bitdefender Antimalware Engines
other Bitdefender Total Security 2020
website central.bitdefender.com
website nimbus.bitdefender.net
website www.bitdefender.com
website *.overstock.com
android Overstock Android Mobile App
ios Overstock iOS Mobile App
api http(s)://api.overstock.com
other AWS infrastructure and services in use by TransferWise (eg: S3 buckets)
android Latest version of Transferwise Android App
ios Latest version of Transferwise iOS App
api api.transferwise.com
other github.com/transferwise/*
website transferwise.com
android Caffeine Android Application
website https://business.comcast.com/account
website *.handmade.com
website *.supplieroasis.com
api https://business-*-prod.codebig2.net/*/v1
website *.bugcrowd.com
website 185.235.160.4
website https://ide.zilliqa.com/
website Direct Contracts BETA
other *.serverdensity.com API, Websites, etc..
website <your-instance>.serverdensity.io
api https://api.cdbaby.com
website https://app.soundrop.com
website https://auth.cdbaby.com
website https://members.cdbaby.com
other etsypayments.com
api https://api.mailjet.com/
website https://app.mailjet.com/
other https://in.mailjet.com:587/
website https://www.mailjet.com/
api *.repostnetwork.com
website repostnetwork.com
website https://unilever.com/
other https://github.com/Zilliqa/staking-contract
other vonage.com
hardware Upwork Dash Messenger Desktop Version (www.upwork.com/downloads)
website meechum.netflix.com
other *.highwinds.com - Any host or services
other *.maxcdn.com - Any host or services
other *.maxcdn.net - Any host or services
other *.serverdensity.com - Any host or services
other *.stackpath.com - Any host or services
other *.stackpath.net - Any host or services
other <your-instance>.serverdensity.io
other Any host owned by StackPath
other Any product/service offered by StackPath
api api.serverdensity.io
api api.stackpath.com
website control.stackpath.com
website cp.maxcdn.com
website login.serverdensity.io
api reseller-docs.maxcdn.com
api stackpath.dev
website striketracker.highwinds.com
other *.stackpath.dev - Any host or services
website login.xfinity.com
android Tripit Mobile Application: Android (https://play.google.com/store/apps/details?id=com.tripit)
ios Tripit Mobile Application: iOS (https://apps.apple.com/us/app/tripit-travel-planner/id311035142)
ios api.upwork.com/graphql
website https://mg.n0c.com/
website *.nflxso.net
api *.prod.cloud.netflix.com
api *.prod.dradis.netflix.com
api *.prod.ftl.netflix.com
website graphql.gusto-demo.com
android Trustwallet Android App
ios Trustwallet iOS App
other https://github.com/trustwallet/wallet-core/
other All IT-Managed Third-Party Services and Infrastructure
android Zynga branded games - Android
other Zynga branded games - Windows
ios Zynga branded games - ioS
website zynga.com
website zyngagames.com
website apvieno.bigbank.lv
website arilaen.bigbank.ee
website auth.bigbank.eu
website banking.bigbank.ee
website banking.bigbank.lv
website biznesam.bigbank.lv
website ca.bigbank.eu
website calculations.bigbank.fi
website feedback.bigbank.eu
website login.bigbank.eu
website paraiska.bigbank.lt
website partner-api.bigbank.ee
website paskolos.bigbank.lt
website refinansavimas.bigbank.lt
website taotlus.bigbank.ee
website uilab.bigbank.ee
website verkkopankki.bigbank.fi
website verslui.bigbank.lt
website *.skyscanner.net
other Latest ZAP version (2.9.0)
website https://www.zaproxy.org
website Zynga Poker - WebGL (zyngapoker.com)
android JumboPrivacy Android Application
ios JumboPrivacy iOS Application
api https://takeawaypay-internal-api-ase.tenbis-ase.p.azurewebsites.net/
website https://takeawaypay.azurefd.net/en/takeawaypay/
api https://takeawaypayapi-ase.tenbis-ase.p.azurewebsites.net/api
website *.sys.comcast.net
api testing https://graphql.acorns.com
website testing https://help.acorns.com
website testing https://signup.acorns.com/
website testing dashboard.arkoselabs.com
api testing Arlo APIs
website testing Arlo Web App
website testing http://shop.arlo.com/
website testing https://arlo-device.messaging.arlo.com
website testing https://my.arlo.com
website testing https://updates.arlo.com/arlo
website testing https://www.arlo.com
website testing Bitbucket Cloud (https://bitbucket.org)
website testing Bitbucket Pipelines (https://bitbucket.org/product/features/pipelines)
website testing Confluence Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net/wiki)
website testing Confluence Premium - https://www.atlassian.com/software/confluence/premium
website testing Jira Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
website testing Jira Service Desk Cloud (bugbounty-test-<bugcrowd-name>.atlassian.net)
website testing https://admin.atlassian.com/atlassian-access
website testing https://id.atlassian.com/login
website testing https://marketplace.atlassian.com
website testing *.better.com
website testing api.better.com
website testing better.com/api
api testing Java API Bucket
website testing PHP Bucket
website testing Vue+Express Bucket
website testing WP Bucket
website testing apvieno.bigbank.lv
website testing arilaen.bigbank.ee
website testing auth.bigbank.eu
website testing banking.bigbank.ee
website testing banking.bigbank.lv
website testing biznesam.bigbank.lv
website testing ca.bigbank.eu
website testing calculations.bigbank.fi
website testing feedback.bigbank.eu
website testing login.bigbank.eu
website testing paraiska.bigbank.lt
website testing partner-api.bigbank.ee
website testing paskolos.bigbank.lt
website testing refinansavimas.bigbank.lt
website testing taotlus.bigbank.ee
website testing uilab.bigbank.ee
website testing verkkopankki.bigbank.fi
website testing verslui.bigbank.lt
website testing *.binance.com
website testing *.binance.org
api testing *dex.binance.org
api testing api.binance.com
website testing binance.co.ug
website testing binance.je
website testing binance.sg
website testing binance.us
website testing *.bitdefender.com
website testing *.bitdefender.net
website testing *.bitdiscovery.com
website testing Any publicly facing asset of BitDiscovery (ASNs, domains, ip addresses, etc)
website testing assetinventory.bugcrowd.com
website testing https://knox.beta.blendlabs.com
website testing https://send.blend.com/
website testing https://a2m.bluejeans.com
api testing https://api.bluejeans.com/
website testing https://bluejeans.com/
website testing https://primetime.bluejeans.com
website testing https://www.bluejeans.com/
website testing *.boozt.com
website testing *.booztlet.com
api testing api.bugcrowd.com
website testing bugcrowd.com
website testing tracker.bugcrowd.com
api testing https://api.caffeine.tv/
website testing https://build.caffeine.tv/
api testing https://images.caffeine.tv/
api testing https://payments.caffeine.tv
website testing https://preview.caffeine.tv/
api testing https://realtime.caffeine.tv/
website testing https://www.caffeine.tv/
website testing Centrify Privilege Service Portal
api testing Centrify Service API
website testing https://www.centrify.com
website testing pod12.centrify.com
website testing pod23.centrify.com
website testing *.ikarem.io
website testing *.meraki.com
website testing *.network-auth.com
api testing API keys originating from or accessing Cisco Meraki infrastructure
hardware testing Cisco Meraki MR Access Points
hardware testing Cisco Meraki MS Switches
hardware testing Cisco Meraki MV Security Cameras
hardware testing Cisco Meraki MX Security Appliances
hardware testing Cisco Meraki Z Series (Z1,Z3(C))
website testing meraki.cisco.com
api testing https://api.cloudinary.com
website testing https://cloudinary.com/console
api testing https://res.cloudinary.com
website testing widget.cloudinary.com
website testing *.comcast.com
website testing *.sys.comcast.net
website testing *.xfinity.com
website testing Flex - Xfinity hardware and services
hardware testing Internet - All devices, including Broadband Gateways
website testing TV - Xfinity hardware and services
website testing Voice - Hardware and service
website testing https://business.comcast.com/account
api testing Tripit Mobile Web Services/Public web services used by the Tripit Mobile applications: https://api.tripit.com/
website testing Tripit Teams: https://www.tripit.com/teams/
website testing Tripit Web Application: https://www.tripit.com
website testing https://m.tripit.com/
api testing api.creditkarma.com
website testing https://*.creditkarma.com
website testing https://accounts.creditkarma.com
website testing https://blog.creditkarma.com/
website testing https://help.creditkarma.com/
website testing https://tax.creditkarma.com
website testing https://www.creditkarma.ca/
website testing *.boomi.com/*
website testing *.dell.com/*
website testing *.dellemc.com/*
website testing *.delltechnologies.com/*
website testing *.emc.com/*
website testing *.rsa.com/*
website testing https://www.rsaconference.com/
website testing secureworks.com/*
website testing *.sandbox.directly.com/
website testing app.sandbox.directly.com
website testing http://directly.github.io/demosite/qa/rtm/sandbox.html
website testing https://sandbox.directly.com/dashboard/index
api testing eero APIs
hardware testing eero Node
website testing Any publicly facing host owned by Etsy, including the below:
api testing Etsy API (see documentation below)
website testing blog.etsy.com
website testing community.etsy.com
website testing www.etsy.com
website testing www.driveuconnect.com
website testing www.driveuconnect.eu
website testing app.files.com
api testing files.com
website testing www.files.com
website testing your-assigned-subdomain.files.com
api testing *-api.fitbit.com
api testing *-client.fitbit.com
hardware testing Fitbit Hardware Devices
website testing api.fitbit.com
website testing api.fitstar.com
website testing coach.fitbit.com
website testing corporate.fitbit.com
website testing dev.fitbit.com
website testing studio.fitbit.com
website testing www.fitbit.com
api testing *.gojekapi.com
api testing api.gojek.co.id
website testing app.gusto-demo.com
website testing graphql.gusto-demo.com
website testing manage.gusto-demo.com
website testing *.bugcrowd.com
website testing *.healthifyme.com
website testing Any publicly facing asset owned by HealthifyMe (ip space, domains, etc)
website testing *.hs-sites.com
website testing growth.org
website testing http://ibotta.com
api testing https://api.ibops.net
api testing https://api.ibops.net/ad-management
api testing https://api.ibotta.com
api testing https://api.int.ibops.net
api testing https://api.int.ibops.net/customer-loyalty-service
website testing https://backend.ibotta.com/
api testing https://content-server.ibotta.com/graphql
website testing https://muz.li
website testing https://www.invisionapp.com
hardware testing iRobot cloud-connected robot that you own (e.g., i7, 980, 960, 690, Braava, etc.)
website testing iamcybersafe.org
website testing Keeper Security Website (keepersecurity.com | .eu)
website testing https://keepersecurity.com/en_US/console (Admin Console)
website testing https://keepersecurity.com/password-manager-free-trial.html (Keeper Enterprise Product)
website testing https://keepersecurity.com/vault/
website testing https://keepersecurity.eu/console (Admin Console EU)
website testing https://keepersecurity.eu/vault
website testing https://[your-subdomain].kennasecurity.com
api testing https://api.kennasecurity.com
website testing https://www.kennasecurity.com
website testing https://lastpass.com
api testing *.lime.bike
website testing *.limeinternal.com
website testing https://admintool.lime.bike
website testing https://airflow.limeinternal.com
api testing https://api.lime.bike
website testing https://data.limeinternal.com
api testing https://juicer.lime.bike
api testing https://ops.lime.bike
website testing https://orchard.limeinternal.com
website testing https://tab.limeinternal.com
api testing https://webviews.lime.bike
api testing proxy-production.lime.bike
api testing https://api.mailgun.net
api testing https://api.mailjet.com/
website testing https://app.mailgun.com
website testing https://app.mailjet.com/
website testing https://login.mailgun.com/
website testing https://signup.mailgun.com
website testing https://www.mailjet.com/
website testing MasterCard.ch - (French) - www.mastercard.ch/fr-ch.html
website testing MasterCard.ch - (German) - www.mastercard.ch/de-ch.html
website testing MasterCard.com.au - www.mastercard.com.au/en-au.html
website testing MasterCard.nl - www.mastercard.nl/nl-nl.html
website testing MasterCard.ru - www.mastercard.ru/ru-ru.html
website testing MasterCard.us - www.mastercard.us/en-us.html
website testing Simplify Commerce - www.simplify.com/commerce/
website testing donate.mastercard.com
website testing https://developer.mastercard.com
website testing Core Priceless.com - demo.priceless.com
website testing https://5one.mastercard.com
website testing https://Globalrisk.mastercard.com
website testing https://acceptance.mastercard.com/
website testing https://acceptancematters.mastercard.com
website testing https://bezcenneniespodzianki.pl
website testing https://cashpickup.mastercard.com
website testing https://checkout.mastercard.com/
website testing https://citypossible.com
website testing https://cocreation.mastercard.com
website testing https://cxresearch.mastercard.com
website testing https://debit.mastercard.com.au/
website testing https://digitalintel.mastercard.com
website testing https://eu.mastercard.com/a/az/qiymetsiz
website testing https://europe.priceless.com/
website testing https://europe.priceless.com/shb
website testing https://global-learning.mastercard.com
website testing https://graphic.mastercard.com
website testing https://incontroldemo.mastercard.com/
website testing https://insideconnect.mastercard.com/
website testing https://investmentmojo.com/
website testing https://isencaoderolha.mastercard.com.br/
website testing https://lacinnovation.mastercard.com/
website testing https://learning.mastercard.com/
website testing https://mastercard-lounge.cz/cz/
website testing https://mastercardbiz.com/
website testing https://mobilepartner.mastercard.com
website testing https://mpos.mastercard.com
website testing https://mtf.mastercard.co.za/en-za.html
website testing https://news.mastercard.com/
website testing https://newsroom.mastercard.com/
website testing https://no-minimums.com.au
website testing https://partners.mastercard.com/en-us/issuers/
website testing https://pathway.mastercard.com
website testing https://pl.priceless.com/
website testing https://pme.mastercard.com
website testing https://priceless.com/aa/
website testing https://priceless.com/aviator/
website testing https://priceless.com/citiaadvantage/
website testing https://priceless.com/golf/
website testing https://pricelessspecials.nl
website testing https://pricelesssurprises.com/
website testing https://procurement.mastercard.com
website testing https://qkrguide.mastercard.com
website testing https://showcase.mastercard.com/login
website testing https://smartdatademo.mastercard.com
website testing https://taptotokyo.com
website testing https://tasteofpremium.jp
website testing https://uk.mastercard.com/ucl
website testing https://ve.priceless.com/
website testing https://www.heforshe.mastercard.com/
website testing https://www.mastercardbiz.ca/
website testing https://www1.mastercard.com/
api testing https://stage.services.mastercard.com/dm/ugc/moderator/comment
api testing https://stage.services.mastercard.com/dm/ugc/moderator/comment/pending
api testing https://stage.services.mastercard.com/dm/ugc/user/comment
api testing https://stage.services.mastercard.com/dm/ugc/user/comment/dislike
api testing https://stage.services.mastercard.com/dm/ugc/user/comment/like
api testing https://stage.services.mastercard.com/dm/ugc/user/feedback
api testing https://stage.services.mastercard.com/dm/ugc/user/feedback?
api testing https://stage.services.mastercard.com/dm/ugc/user/reply
api testing https://stage.services.mastercard.com/dm/ugc/user/reply/dislike
api testing https://stage.services.mastercard.com/dm/ugc/user/reply/like
api testing https://stage.services.mastercard.com/dxp/captcha/generate
api testing https://stage.services.mastercard.com/dxp/form/submit
api testing https://stage.services.mastercard.com/dxp/offers/getofferdetails/774cc452-1f91-49d9-8a95-5c896ee70b63
api testing https://stage.services.mastercard.com/dxp/offers/getofferdetails/8e6a1d47-0489-4cd6-9263-b349b30b91fc
api testing https://stage.services.mastercard.com/dxp/search/dm-mccom
api testing https://stage.services.mastercard.com/dxp/send/email
api testing https://stage.services.mastercard.com/dxp/suggest/dm-mccom
api testing https://stage.services.mastercard.com/dxp/twitter/hashtag?hashtag=Priceless
api testing https://stage.services.mastercard.com/dxp/twitter/timeline?screenName=MastercardUK
website testing app-staging.getmoneytree.com
api testing au-api-staging.getmoneytree.com
api testing jp-api-staging.getmoneytree.com
api testing myaccount-staging.getmoneytree.com
website testing wwws-staging.moneytree.jp/link/
website testing wwws-staging.moneytree.jp/link/mobile/
website testing wwws-staging.moneytree.jp/link/mobile/#/signup?client_id=38d99a6e8e9fc87c866f5aa82bdc2569c464b2323a55e0b28f658efa678e9623&redirect_uri=https://wwws-staging.moneytree.jp/link/mobile/callback&response_type=token&scope=guest_read+accounts_read+transactions_read+request_refresh
website testing *.naspers.co
website testing *.naspers.co.in
website testing *.naspers.com
website testing *.naspers.fr
website testing *.naspers.us
website testing *.naspersventures.com
website testing *.prosus.com
website testing *.nflxext.com
website testing *.nflximg.net
website testing *.nflxso.net
website testing *.nflxvideo.net
api testing *.prod.cloud.netflix.com
api testing *.prod.dradis.netflix.com
api testing *.prod.ftl.netflix.com
api testing api*.netflix.com
website testing beacon.netflix.com
website testing customerevents.netflix.com
website testing dockhand.netflix.com
website testing help.netflix.com
website testing ichnaea.netflix.com
website testing meechum.netflix.com
website testing nmtracking.netflix.com
website testing presentationtracking.netflix.com
website testing secure.netflix.com
website testing www.netflix.com
website testing Insight Cloud Portal
api testing https://api.netgear.com
website testing https://updates.netgear.com
website testing bugcrowd-%username%-1.oktapreview.com
website testing bugcrowd-%username%-2.oktapreview.com
website testing *.opsgeni.us
website testing app.opsgeni.us
website testing mobileapp.opsgeni.us
api testing https://api.optimizely.com/
website testing https://app.optimizely.com/
website testing https://cdn-pci.optimizely.com/
website testing https://cdn.optimizely.com/
website testing *.handmade.com
website testing *.overstock.com
website testing *.supplieroasis.com
website testing cars.overstock.com
api testing http(s)://api.overstock.com
website testing pets.overstock.com
website testing www.overstock.com
website testing https://www.zaproxy.org
website testing https://devstaging.pcapcloud.com/*
website testing *.pinterest.com
api testing api.planethoster.net
website testing https://mg.n0c.com/
website testing my.planethoster.com
website testing world.planethoster.net
website testing www.planethoster.com
api testing api.purevpn.com
website testing https://my.purevpn.com
website testing https://support.purevpn.com
website testing https://www.purevpn.com
website testing assets.realself.com
api testing auth.realself.com
api testing charon.realself.com
website testing ei.realself.com
website testing fi.realself.com
website testing i.realself.com
api testing kraken.realself.com
website testing realself.com
api testing search-faf.realself.com
api testing search.realself.com
website testing wwa.realself.com
website testing wwf.realself.com
website testing www.realself.com
website testing 10x.redoxengine.com
website testing developer.redoxengine.com/
api testing https://test-pointclickcare.redoxengine.com
api testing https://testblob.redoxengine.com/upload
api testing https://testcarequality.redoxengine.com
api testing https://testclientcert.redoxengine.com
api testing https://testflatfileparser.redoxengine.com
api testing https://webhooks10x.redoxengine.com
api testing testapp.redoxengine.com
api testing testftp.redoxengine.com
website testing *.aips-internal.com
website testing *.aips-services.com
website testing *.certsy.com
website testing *.certsynonprod.com
api testing *.jobapi.io
api testing *.jobapi.net
website testing *.myseek.xyz
website testing *.outfra.xyz
website testing *.seek.com
website testing *.seek.com.au
website testing *.skinfra.xyz
api testing *.sol-data.com
website testing Any host / web property verified to be owned by Segment (domains/IP space/etc.)
api testing api.segment.io
website testing app.segment.com
website testing *.skyscanner.net
api testing gateway.skyscanner.net/*
website testing partnerportal.skyscanner.net/*
website testing skyscanner.net/*
website testing skyscanner.net/hotels/book/*
website testing SmartThings Graph Console
api testing SmartThings Rest APIs
website testing *.astaro.com
website testing *.cyberoam.com
website testing dev.phishthreat.com
api testing *.repostnetwork.com
api testing api*.soundcloud.com
website testing checkout.soundcloud.com
website testing developers.soundcloud.com
website testing m.soundcloud.com
website testing mobi.soundcloud.com
website testing repostnetwork.com
website testing secure.soundcloud.com
website testing soundcloud.com
website testing w.soundcloud.com
website testing app.sproutsocial.com
api testing app.sproutsocial.com/api
website testing downloads.sproutsocial.com
website testing getbambu.com
website testing media.sproutsocial.com
website testing simplymeasured.com
website testing sproutsocial.com
website testing sproutsocial.com/adapt/
website testing sproutsocial.com/es/
website testing sproutsocial.com/insights
api testing sproutsocial.com/mktapi
website testing sproutsocial.com/pt/
website testing *.square.com
website testing control.stackpath.com
website testing cp.maxcdn.com
website testing login.serverdensity.io
website testing striketracker.highwinds.com
website testing *.statuspage.io
website testing manage.statuspage.io
website testing *.citymeal.com
website testing *.lieferando.at
website testing *.lieferando.de
website testing *.pyszne.pl
website testing *.scoober.com
website testing *.takeaway.com
website testing *.thuisbezorgd.nl
website testing *.yourdelivery.de
api testing https://takeawaypay-internal-api-ase.tenbis-ase.p.azurewebsites.net/
website testing https://takeawaypay.azurefd.net/en/takeawaypay/
api testing https://takeawaypayapi-ase.tenbis-ase.p.azurewebsites.net/api
api testing restaurant-api.takeaway.com
website testing *.alditalk-kundenbetreuung.de
website testing *.ayyildiz.de
website testing *.base.de
website testing *.blau.de
website testing *.einfachprepaid.de
website testing *.epos.vertriebspartner.de.o2.com
website testing *.fonic-mobile.de
website testing *.fonic.de
website testing *.k-classic-mobil.de
website testing *.mediamarkt.o2service.de
website testing *.mein.aetkasmart.de
website testing *.mein.simfinity.de
website testing *.nettokom.de
website testing *.netzclub.net
website testing *.norma-mobil.de
website testing *.o2.de
website testing *.o2business.de
website testing *.o2online.de
website testing *.o2service.de
website testing *.o2spin.de
website testing *.ortelmobile.de
website testing *.saturn.o2service.de
website testing *.sim-karte-aktivierung.blauworld.de
website testing *.telefonica.de
website testing *.turkei-sim.de
website testing *.whatsappsim.de
website testing https://vertriebspartner.de.o2.com/partos
website testing *.tesla.cn
website testing *.tesla.com
website testing *.tesla.services
website testing *.teslamotors.com
hardware testing A hardware product that you own or are authorized to test against (Vehicle/PowerWall/etc.)
website testing Any host verified to be owned by Tesla Motors Inc. (domains/IP space/etc.)
api testing api.transferwise.com
website testing transferwise.com
website testing *.trello.services
website testing api.trello.com
website testing https://butlerfortrello.com/
website testing trello.com
website testing Any publicly accessible TripAdvisor web asset or host (domains, ip space, etc) - except for what’s explicitly listed as Out-of-Scope below
website testing *.flex.twilio.com
website testing *.twilio.com
api testing Twilio APIs
api testing api.twilio.com
website testing build.twilio.com
website testing UA HOVR Equipped running shoe that you own or have authorization to test
website testing https://www.endomondo.com/
website testing https://www.underarmour.co.uk
website testing https://www.underarmour.com
website testing https://unilever.com/
website testing *.upwork.com
website testing Direct Contracts BETA
hardware testing Upwork Dash Messenger Desktop Version (www.upwork.com/downloads)
api testing https://www.upwork.com/api
website testing mobile.usaa.com
website testing www.usaa.com
website testing http://www.viator.com
website testing https://supplier.viator.com/
api testing https://viatorapi.viator.com/service/directory
website testing https://www.partners.viator.com
api testing https://www.toursgds.com/
api testing https://www.toursgds.com/SupplierService?wsdl
api testing https://www.toursgds.com/ToursGdsService?wsdl
website testing corporate.westernunion.com
website testing http://agenttraining.westernunion.com
website testing http://globalpay.westernunion.com
website testing https://agentportal.westernunion.com
website testing https://auth.globalpay.westernunion.com
website testing https://business.westernunion.com/
website testing https://ebanking.westernunionbank.com
website testing https://foundation.westernunion.com
website testing https://gpfi.globalpay.westernunion.com
website testing https://online.westernunion.com/mp.en/pages/loginform.aspx
website testing https://onlinefx.westernunion.com/
website testing https://partners.westernunion.com
website testing https://paymentstatus.westernunion.com
website testing https://westernunionbank.com