Every Sunday I host a stream on twitch.tv/nahamsec where I do live recon and go through the data I have collected. You are free to use this data to find vulnerabilities to report to VerizonMedia's bug bounty program. Just let me know if you do end up finding anything :)
All the interesting domains based on keywords like dev, stg, api, etc.
Is all the domains I have found through crt.sh
All the domains that are resolving by using httprobe by tomnomnom