QIWI

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.contact-sys.com URL high high high critical
*.flocktory.com URL high high high critical
Only **High severity** bugs accepted and eligible for bounty.
*.qiwi.com URL high high high critical
*.qiwi.me URL high high high critical
*.rapida.ru URL high high high critical
*.rocketbank.ru URL high high high critical
Only **High severity** bugs accepted and eligible for bounty.
*.sovest.ru URL high high high critical
Main domain OTHER critical
qiwi.com / sovest.ru / rapida.ru / contact-sys.com / rocketbank.ru / flocktory.com (Do not use this asset for reporting)
Payment functionality OTHER critical
Do not use this asset for reporting
Qiwi kiosks software HARDWARE high high high critical
Only software bugs eligible. Reports based on OS version are not accepted.
Subdomains OTHER high high high critical
*.qiwi.com / *.sovest.ru / *.rapida.ru / *.contact-sys.com / *.rocketbank.ru / *.flocktory.com (Do not use this asset for reporting)
com.qiwi.cashier.ru GOOGLE_PLAY_APP_ID high high high critical
com.qiwi.sovest APPLE_STORE_APP_ID high high high critical
https://github.com/qiwi SOURCE_CODE low low low medium
Only **High severity** bugs accepted and eligible for bounty.
ru.mw GOOGLE_PLAY_APP_ID high high high critical
ru.qiwi.QIWI APPLE_STORE_APP_ID high high high critical
ru.qiwi.investor APPLE_STORE_APP_ID medium medium medium critical
ru.qiwi.qiwistock.release GOOGLE_PLAY_APP_ID high high high critical
ru.rocketbank.r2d2 GOOGLE_PLAY_APP_ID high high high critical
ru.rocketbank.r2d2 APPLE_STORE_APP_ID high high high critical
ru.sovest GOOGLE_PLAY_APP_ID high high high critical
com.rocketbank.app APPLE_STORE_APP_ID high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity