Program Removed
This program is no longer available on YesWeHack. The scope data shown below is historical and may not reflect the final state of the program.
bug-bounty-sncf-connect-1
8
In Scope
44
Out of Scope
In-Scope Assets (8)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https//monidentifiant.sncf | URL | Yes | - | |
| https://monidentifiant.sncf | URL | Yes | ||
| https://sncf-connect.com | URL | Yes | ||
| https://sncf-connect.com | URL | Yes | ||
| https://www.sncf-connect.com | URL | Yes | ||
| https://www.sncf-connect.com | URL | Yes | ||
| https://www.sncf-connect.com/bff | URL | Yes | ||
| https://www.sncf-connect.com/bff | URL | Yes |
Out-of-Scope Assets (44)
| Asset | Category | Bounty | |
|---|---|---|---|
| - hiflow.sncf-connect.com | OTHER | Yes | |
| - https://tgvinoui.sncf | OTHER | No | |
| - https://www.malocationavis.sncf-connect.com | OTHER | No | |
| - https://www.maxjeune-tgvinoui.sncf | OTHER | No | |
| - https://www.sncf-voyageurs.com | OTHER | No | |
| - https://www.sncf.com | OTHER | No | |
| - office-web-sncf-a.sips-services.com | OTHER | Yes | |
| - ouigo.com | OTHER | Yes | |
| - sncf-voyageurs.com | OTHER | Yes | |
| - ter.sncf.com | OTHER | Yes | |
| - tgvinoui.sncf | OTHER | Yes | |
| - www.garesetconnexions.sncf | OTHER | Yes | |
| - www.groupe-sncf.com | OTHER | Yes | |
| - www.malocationavis.sncf-connect.com | OTHER | Yes | |
| - www.maxjeune-tgvinoui.sncf | OTHER | Yes | |
| - www.sncf-connect-tech.fr | OTHER | Yes | |
| - www.sncf-voyageurs.com | OTHER | Yes | |
| - www.sncf.com | OTHER | Yes | |
| all domains and subdomains that are not listed within the scope of the bug bounty program | OTHER | Yes | |
| all domains and subdomains that are not listed within the scope of the bug bounty program | OTHER | Yes | |
| anything that is not listed as part of the scope, example : | OTHER | Yes | |
| hiflow.sncf-connect.com | URL | Yes | |
| https://tgvinoui.sncf/ | URL | Yes | |
| https://www.malocationavis.sncf-connect.com/ | URL | Yes | |
| https://www.maxjeune-tgvinoui.sncf/ | URL | Yes | |
| https://www.sncf-voyageurs.com/ | URL | Yes | |
| https://www.sncf.com/ | URL | Yes | |
| office-web-sncf-a.sips-services.com | URL | Yes | |
| ouigo.com | URL | Yes | |
| please note sncf-connect.com doesn't own the sncf.com domains | OTHER | Yes | |
| sncf-voyageurs.com | URL | Yes | |
| ter.sncf.com | URL | Yes | |
| tgvinoui.sncf | URL | Yes | |
| the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Yes | |
| the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Yes | |
| the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Yes | |
| the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Yes | |
| www.garesetconnexions.sncf | URL | Yes | |
| www.groupe-sncf.com | URL | Yes | |
| www.malocationavis.sncf-connect.com | URL | Yes | |
| www.maxjeune-tgvinoui.sncf | URL | Yes | |
| www.sncf-connect-tech.fr | URL | Yes | |
| www.sncf-voyageurs.com | URL | Yes | |
| www.sncf.com | URL | Yes |
Scope Changes (142)
Jun 16, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Program Removed | — | — | — | 08:26 |
Apr 27, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | all domains and subdomains that are not listed within the scope of the bug bounty program | OTHER | Out of Scope | 12:26 |
| Removed | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 12:26 |
| Removed | - www.sncf-connect-tech.fr | OTHER | Out of Scope | 12:26 |
| Removed | - www.sncf.com | OTHER | Out of Scope | 12:26 |
| Removed | - sncf-voyageurs.com | OTHER | Out of Scope | 12:26 |
| Removed | - www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 12:26 |
| Removed | - www.groupe-sncf.com | OTHER | Out of Scope | 12:26 |
| Removed | - www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 12:26 |
| Removed | - www.garesetconnexions.sncf | OTHER | Out of Scope | 12:26 |
| Removed | - ter.sncf.com | OTHER | Out of Scope | 12:26 |
| Removed | - www.sncf-voyageurs.com | OTHER | Out of Scope | 12:26 |
| Removed | - office-web-sncf-a.sips-services.com | OTHER | Out of Scope | 12:26 |
| Removed | - ouigo.com | OTHER | Out of Scope | 12:26 |
| Added | all domains and subdomains that are not listed within the scope of the bug bounty program | OTHER | Out of Scope | 12:26 |
| Removed | - tgvinoui.sncf | OTHER | Out of Scope | 12:26 |
| Removed | - hiflow.sncf-connect.com | OTHER | Out of Scope | 12:26 |
Mar 26, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https//monidentifiant.sncf | URL | In Scope | 17:21 |
| Added | - tgvinoui.sncf | URL | Out of Scope | 17:21 |
| Added | - sncf-voyageurs.com | URL | Out of Scope | 17:21 |
| Added | - www.sncf-connect-tech.fr | URL | Out of Scope | 17:21 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 17:21 |
| Added | - www.groupe-sncf.com | URL | Out of Scope | 17:21 |
| Added | - www.sncf.com | URL | Out of Scope | 17:21 |
| Added | https://www.sncf-connect.com/bff | URL | In Scope | 17:21 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 17:21 |
| Added | https://www.sncf-connect.com | URL | In Scope | 17:21 |
| Added | https://sncf-connect.com | URL | In Scope | 17:21 |
| Added | https//monidentifiant.sncf | URL | In Scope | 17:21 |
| Added | https://www.sncf-connect.com/bff | URL | In Scope | 17:21 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 17:21 |
| Added | - www.sncf-connect-tech.fr | OTHER | Out of Scope | 17:21 |
| Added | - office-web-sncf-a.sips-services.com | OTHER | Out of Scope | 17:21 |
| Added | - www.sncf.com | OTHER | Out of Scope | 17:21 |
| Added | - www.groupe-sncf.com | OTHER | Out of Scope | 17:21 |
| Added | - www.garesetconnexions.sncf | OTHER | Out of Scope | 17:21 |
| Added | - sncf-voyageurs.com | OTHER | Out of Scope | 17:21 |
| Added | - www.sncf-voyageurs.com | OTHER | Out of Scope | 17:21 |
| Added | - tgvinoui.sncf | OTHER | Out of Scope | 17:21 |
| Added | - ter.sncf.com | OTHER | Out of Scope | 17:21 |
| Added | - ouigo.com | OTHER | Out of Scope | 17:21 |
| Added | - www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 17:21 |
| Added | - www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 17:21 |
| Added | - hiflow.sncf-connect.com | OTHER | Out of Scope | 17:21 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 17:21 |
| Added | - office-web-sncf-a.sips-services.com | URL | Out of Scope | 17:21 |
| Added | - www.sncf-voyageurs.com | URL | Out of Scope | 17:21 |
| Added | - ter.sncf.com | URL | Out of Scope | 17:21 |
| Added | - www.maxjeune-tgvinoui.sncf | URL | Out of Scope | 17:21 |
| Added | - hiflow.sncf-connect.com | URL | Out of Scope | 17:21 |
| Added | https://www.sncf-connect.com | URL | In Scope | 17:21 |
| Added | https://sncf-connect.com | URL | In Scope | 17:21 |
| Added | - www.malocationavis.sncf-connect.com | URL | Out of Scope | 17:21 |
| Added | - ouigo.com | URL | Out of Scope | 17:21 |
| Added | - www.garesetconnexions.sncf | URL | Out of Scope | 17:21 |
| Program Removed | — | — | — | 16:06 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | - www.malocationavis.sncf-connect.com | URL | Out of Scope | 19:08 |
| Added | - ouigo.com | URL | Out of Scope | 19:08 |
| Added | - www.maxjeune-tgvinoui.sncf | URL | Out of Scope | 19:08 |
| Added | https://www.sncf-connect.com | URL | In Scope | 19:08 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 19:08 |
| Added | - www.groupe-sncf.com | URL | Out of Scope | 19:08 |
| Added | - www.garesetconnexions.sncf | URL | Out of Scope | 19:08 |
| Added | - www.sncf-voyageurs.com | URL | Out of Scope | 19:08 |
| Added | - www.sncf-connect-tech.fr | URL | Out of Scope | 19:08 |
| Added | - office-web-sncf-a.sips-services.com | URL | Out of Scope | 19:08 |
| Added | - www.sncf.com | URL | Out of Scope | 19:08 |
| Added | - hiflow.sncf-connect.com | URL | Out of Scope | 19:08 |
| Added | https://sncf-connect.com | URL | In Scope | 19:08 |
| Added | https//monidentifiant.sncf | URL | In Scope | 19:08 |
| Added | https://www.sncf-connect.com/bff | URL | In Scope | 19:08 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 19:08 |
| Added | - sncf-voyageurs.com | URL | Out of Scope | 19:08 |
| Added | - tgvinoui.sncf | URL | Out of Scope | 19:08 |
| Added | - ter.sncf.com | URL | Out of Scope | 19:08 |
Feb 23, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | - sncf-voyageurs.com | URL | Out of Scope | 09:43 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 09:43 |
| Added | - www.sncf-connect-tech.fr | OTHER | Out of Scope | 09:43 |
| Added | - office-web-sncf-a.sips-services.com | OTHER | Out of Scope | 09:43 |
| Added | - www.sncf.com | OTHER | Out of Scope | 09:43 |
| Added | - www.groupe-sncf.com | OTHER | Out of Scope | 09:43 |
| Added | - www.garesetconnexions.sncf | OTHER | Out of Scope | 09:43 |
| Added | - sncf-voyageurs.com | OTHER | Out of Scope | 09:43 |
| Added | - www.sncf-voyageurs.com | OTHER | Out of Scope | 09:43 |
| Added | - tgvinoui.sncf | OTHER | Out of Scope | 09:43 |
| Added | - ter.sncf.com | OTHER | Out of Scope | 09:43 |
| Added | - ouigo.com | OTHER | Out of Scope | 09:43 |
| Added | - www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 09:43 |
| Added | - www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 09:43 |
| Added | - hiflow.sncf-connect.com | OTHER | Out of Scope | 09:43 |
| Removed | please note sncf-connect.com doesn't own the sncf.com domains | OTHER | Out of Scope | 09:43 |
| Removed | - https://www.sncf.com | OTHER | Out of Scope | 09:43 |
| Removed | - https://www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 09:43 |
| Removed | - https://www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 09:43 |
| Removed | anything that is not listed as part of the scope, example : | OTHER | Out of Scope | 09:43 |
| Removed | - https://tgvinoui.sncf | OTHER | Out of Scope | 09:43 |
| Removed | - https://www.sncf-voyageurs.com | OTHER | Out of Scope | 09:43 |
| Added | the scope of the bug bounty program is defined in the preceding section. to remove any potential ambiguity regarding this scope, the following non‑exhaustive examples illustrate domains that are not included in the program: | OTHER | Out of Scope | 09:43 |
| Added | - www.sncf-connect-tech.fr | URL | Out of Scope | 09:43 |
| Added | - hiflow.sncf-connect.com | URL | Out of Scope | 09:43 |
| Added | - office-web-sncf-a.sips-services.com | URL | Out of Scope | 09:43 |
| Added | - www.sncf.com | URL | Out of Scope | 09:43 |
| Added | - www.groupe-sncf.com | URL | Out of Scope | 09:43 |
| Added | - tgvinoui.sncf | URL | Out of Scope | 09:43 |
| Added | - www.malocationavis.sncf-connect.com | URL | Out of Scope | 09:43 |
| Added | - www.garesetconnexions.sncf | URL | Out of Scope | 09:43 |
| Added | - ouigo.com | URL | Out of Scope | 09:43 |
| Added | - www.sncf-voyageurs.com | URL | Out of Scope | 09:43 |
| Added | - ter.sncf.com | URL | Out of Scope | 09:43 |
| Added | - www.maxjeune-tgvinoui.sncf | URL | Out of Scope | 09:43 |
Feb 22, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | - https://www.malocationavis.sncf-connect.com | URL | Out of Scope | 00:52 |
| Added | https//monidentifiant.sncf | URL | In Scope | 00:52 |
| Added | please note sncf-connect.com doesn't own the sncf.com domains | OTHER | Out of Scope | 00:52 |
| Added | - https://www.sncf.com | URL | Out of Scope | 00:52 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 00:52 |
| Added | https://www.sncf-connect.com | URL | In Scope | 00:52 |
| Added | https://sncf-connect.com | URL | In Scope | 00:52 |
| Added | anything that is not listed as part of the scope, example : | OTHER | Out of Scope | 00:52 |
| Added | - https://tgvinoui.sncf | URL | Out of Scope | 00:52 |
| Added | - https://www.sncf-voyageurs.com | URL | Out of Scope | 00:52 |
| Added | - https://www.maxjeune-tgvinoui.sncf | URL | Out of Scope | 00:52 |
| Added | https://www.sncf-connect.com/bff | URL | In Scope | 00:52 |
Feb 21, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Removed | https://www.sncf-connect.com | URL | In Scope | 21:40 |
| Removed | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 21:40 |
| Removed | - https://www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 21:40 |
| Removed | - https://www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 21:40 |
| Removed | - https://www.sncf-voyageurs.com | OTHER | Out of Scope | 21:40 |
| Removed | - https://tgvinoui.sncf | OTHER | Out of Scope | 21:40 |
| Removed | - https://www.sncf.com | OTHER | Out of Scope | 21:40 |
| Removed | anything that is not listed as part of the scope, example : | OTHER | Out of Scope | 21:40 |
| Removed | please note sncf-connect.com doesn't own the sncf.com domains | OTHER | Out of Scope | 21:40 |
| Removed | https://www.sncf-connect.com/bff | URL | In Scope | 21:40 |
| Removed | https//monidentifiant.sncf | URL | In Scope | 21:40 |
| Removed | https://sncf-connect.com | URL | In Scope | 21:40 |
| Added | - https://www.sncf.com | OTHER | Out of Scope | 00:33 |
| Added | - https://tgvinoui.sncf | OTHER | Out of Scope | 00:33 |
| Added | - https://www.sncf-voyageurs.com | OTHER | Out of Scope | 00:33 |
| Added | - https://www.maxjeune-tgvinoui.sncf | OTHER | Out of Scope | 00:33 |
| Added | - https://www.malocationavis.sncf-connect.com | OTHER | Out of Scope | 00:33 |
| Added | the sncf connect mobile applications (android and apple) are out of scope even if the web services they use are in scope (accessible through paths beginning by 'https://www.sncf-connect.com/bff') | OTHER | Out of Scope | 00:33 |
| Added | please note sncf-connect.com doesn't own the sncf.com domains | OTHER | Out of Scope | 00:33 |
| Added | anything that is not listed as part of the scope, example : | OTHER | Out of Scope | 00:33 |