The Scope of Targets
GFG operates various services, but only submissions under the following domains are eligible for rewards. Any GFG-owned domains not listed below are considered out of scope, not eligible for rewards, and are not covered by our legal safe harbor.
If you happen to identify a security vulnerability on a target that is not within the defined scope, but it demonstrably belongs to Global Fashion Group org, we still appreciate your report. After review, we may consider rewarding vulnerabilities with severe impact on a case-by-case basis. While it is not guaranteed, we value the contributions of security researchers and their efforts to enhance the security of our organization.
In Scope Targets ✓
1. global-fashion-group.com
The main domain of Global Fashion Group hosts our static website. All subdomains under global-fashion-group.com are considered in-scope for our bug bounty program.
2. sellercenter.net
The sellercenter.net, hosting Global Fashion Group's SellerCenter platform, is included in the scope of our bug bounty program. All subdomains under sellercenter.net are in-scope.
3. gfgtech.com
The gfgtech.com domain, which encompasses the infrastructure and backend endpoints of Global Fashion Group, is considered within the scope of our bug bounty program. All subdomains under gfgtech.com are included and eligible for security vulnerability reports.
4. datajet.io
The datajet.io domain, dedicated to our search and recommendation service, is fully within the scope of our bug bounty program. This includes all subdomains under datajet.io, which are eligible for reporting security vulnerabilities.
5. sellercenter.com.br
The domain has sellercenter web application. Not all subdomains are in scope, only the following:
- sellercenter.com.br - api.sellercenter.com.br - static.sellercenter.com.br - staging.sellercenter.com.br - staging-api.sellercenter.com.br - staging-static.sellercenter.com.br
Out of Scope Targets ✕
1. bounty.global-fashion-group.com
This subdomain is out of scope.
2. *.ads.global-fashion-group.com
ads.global-fashion-group.com along with its all subdomains is out of scope.