The Scope of Targets

GFG operates various services, but only submissions under the following domains are eligible for rewards. Any GFG-owned domains not listed below are considered out of scope, not eligible for rewards, and are not covered by our legal safe harbor.

If you happen to identify a security vulnerability on a target that is not within the defined scope, but it demonstrably belongs to Global Fashion Group org, we still appreciate your report. After review, we may consider rewarding vulnerabilities with severe impact on a case-by-case basis. While it is not guaranteed, we value the contributions of security researchers and their efforts to enhance the security of our organization.

In Scope Targets ✓

1. global-fashion-group.com

The main domain of Global Fashion Group hosts our static website. All subdomains under global-fashion-group.com are considered in-scope for our bug bounty program.

2. sellercenter.net

The sellercenter.net, hosting Global Fashion Group's SellerCenter platform, is included in the scope of our bug bounty program. All subdomains under sellercenter.net are in-scope.

3. gfgtech.com

The gfgtech.com domain, which encompasses the infrastructure and backend endpoints of Global Fashion Group, is considered within the scope of our bug bounty program. All subdomains under gfgtech.com are included and eligible for security vulnerability reports.

4. datajet.io

The datajet.io domain, dedicated to our search and recommendation service, is fully within the scope of our bug bounty program. This includes all subdomains under datajet.io, which are eligible for reporting security vulnerabilities.

5. sellercenter.com.br

The domain has sellercenter web application. Not all subdomains are in scope, only the following:

  -  sellercenter.com.br 
  -  api.sellercenter.com.br 
  -  static.sellercenter.com.br 
  -  staging.sellercenter.com.br 
  -  staging-api.sellercenter.com.br 
  -  staging-static.sellercenter.com.br

Out of Scope Targets ✕

`1. bounty.global-fashion-group.com`

This subdomain is out of scope.

`2. *.ads.global-fashion-group.com`

ads.global-fashion-group.com along with its all subdomains is out of scope.

`3. Testing Subdomains are not in-scope:`

-  preprod.sellercenter.com.br 
-  lucanet.gfgtech.com 
-  sellercenter-staging.gfgtech.com 
-  sellercenter.global-fashion-group.com 
-  sonarqube.svc.sellercenter.net 
-  central-soc-os.gfgtech.com