Target Policy

https://hackerone.com/airbnb?type=team

---

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• *.muscache.com

  ---

  Lower Impact Scope

  URL

  critical
• *.hoteltonight.com

  ---

  Lower Impact Scope

  WILDCARD

  critical
• *.airbnb-aws.com

  ---

  Lower Impact Scope

  URL

  critical
• www.hoteltonight.com

  ---

  Lower Impact Scope

  URL

  critical
• *.withairbnb.com

  ---

  Lower Impact Scope

  URL

  critical
• *.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• *.hoteltonight-test.com

  ---

  Lower Impact Scope

  URL

  critical
• www.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• next.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• com.airbnb.android

  ---

  Higher Impact Scope

  GOOGLE_PLAY_APP_ID

  critical
• *.airbnb.org

  WILDCARD

  critical
• luckey.partners

  URL

  none
• support-api.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• m.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• omgpro.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• open.airbnb.com

  ---

  Lower Impact Scope

  URL

  critical
• callbacks.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• Localized airbnb sites listed at the link below:

  ---

  **https://www.airbnb.com/sitemaps/localized**
  Higher Impact Scope

  OTHER

  critical
• *.airbnbcitizen.com

  ---

  Lower Impact Scope

  URL

  critical
• *.byairbnb.com

  ---

  Lower Impact Scope

  URL

  critical
• com.luxuryretreats.ios

  ---

  Lower Impact Scope

  APPLE_STORE_APP_ID

  critical
• demo.urbandoor.com

  URL

  none
• provider.demo.urbandoor.com

  URL

  none
• admin.demo.urbandoor.com

  URL

  none
• luckeyhomes.com

  URL

  none
• luckey.fr

  URL

  none
• luckey.app

  URL

  none
• luckey.in

  URL

  none
• api.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• one.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• assets.airbnb.com

  ---

  Higher Impact Scope

  URL

  critical
• *.atairbnb.com

  ---

  Lower Impact Scope

  URL

  critical
• *.luxuryretreats.com

  ---

  Lower Impact Scope

  URL

  critical
• com.airbnb.app

  ---

  Higher Impact Scope

  APPLE_STORE_APP_ID

  critical

Target Scope Domains

• airbnb-aws.com
• airbnb.com
• airbnb.org
• airbnbcitizen.com
• api.airbnb.com
• assets.airbnb.com
• atairbnb.com
• byairbnb.com
• callbacks.airbnb.com
• hoteltonight-test.com
• hoteltonight.com
• luxuryretreats.com
• m.airbnb.com
• muscache.com
• next.airbnb.com
• omgpro.airbnb.com
• one.airbnb.com
• open.airbnb.com
• support-api.airbnb.com
• withairbnb.com
• www.airbnb.com
• www.hoteltonight.com

Domain Scope

• airbnb.com
• atairbnb.com
• withairbnb.com
• airbnbcitizen.com
• airbnb.org
• byairbnb.com
• muscache.com
• airbnb-aws.com
• luxuryretreats.com
• airbnbopen.com
• urbandoor.com
• luckey.in
• luckey.fr
• luckey.es
• luckey.ca
• luckey.app
• luckey.com
• luckey.partners
• hoteltonight-test.com
• hoteltonight.com

• 444 Hosts
• 5667 Subdomains
• 335983 Endpoints
• Download wordlist

---

Last Finished Scan:

---