In this subsection of the report, all the defined in-scope URLs, IPs, endpoints, and so on should be mentioned. This information helps the C-level executives quickly notice the affected asset, which could have a business-critical impact on the organization.