urlscan.io logo urlscan.io
SecurityTrails logo

idp.sncf.fr Open in urlscan Pro
171.16.250.81  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mon-id.sncf.fr/
Effective URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2F...
Submission Tags: falconsandbox
Submission: On February 16 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 14 HTTP transactions. The main IP is 171.16.250.81, located in France and belongs to AS-COMPLETEL, FR. The main domain is idp.sncf.fr.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on June 19th 2020. Valid for: 2 years.
This is the only time idp.sncf.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 4 18.197.58.79 16509 (AMAZON-02)
4 17 171.16.250.81 12670 (AS-COMPLETEL)
14 3
Apex Domain
Subdomains		 Transfer
21 sncf.fr
mon-id.sncf.fr
idp.sncf.fr
236 KB
14 1
Domain Requested by
17 idp.sncf.fr 4 redirects idp.sncf.fr
4 mon-id.sncf.fr 3 redirects
14 2

This site contains no links.

Subject Issuer Validity Valid
mon-id.sncf.fr
QuoVadis Global SSL ICA G3		 2020-06-24 -
2022-06-24		 2 years crt.sh
*.sncf.fr
QuoVadis Global SSL ICA G3		 2020-06-19 -
2022-06-19		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Frame ID: 42452F998B3057CCF1E47D99FD9DB6FD
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Authentification SNCF

Page URL History Show full URLs

  1. https://mon-id.sncf.fr/ HTTP 302
    https://mon-id.sncf.fr/site HTTP 302
    https://mon-id.sncf.fr/site/ Page URL
  2. https://mon-id.sncf.fr/site/motdepasse/determinerAccueil.action HTTP 302
    https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.... HTTP 302
    https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.... HTTP 301
    https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

86 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

2
Countries

230 kB
Transfer

228 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mon-id.sncf.fr/ HTTP 302
    https://mon-id.sncf.fr/site HTTP 302
    https://mon-id.sncf.fr/site/ Page URL
  2. https://mon-id.sncf.fr/site/motdepasse/determinerAccueil.action HTTP 302
    https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.sncf.fr/site/oidc-redirect_uri&response_type=code&state=YgGbfskn9f&scope=openid%20client_id%20profile%20roles&acr_values=password&prompt=login HTTP 302
    https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.sncf.fr/site/oidc-redirect_uri&response_type=code&state=YgGbfskn9f&scope=openid%20client_id%20profile%20roles&acr_values=password&prompt=login&ui_locales=fr HTTP 301
    https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://mon-id.sncf.fr/ HTTP 302
  • https://mon-id.sncf.fr/site HTTP 302
  • https://mon-id.sncf.fr/site/
Request Chain 6
  • https://idp.sncf.fr/images/dot.gif HTTP 302
  • https://idp.sncf.fr/openam/
Request Chain 11
  • https://idp.sncf.fr/px HTTP 302
  • https://idp.sncf.fr/openam/

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mon-id.sncf.fr/site/
Redirect Chain
  • https://mon-id.sncf.fr/
  • https://mon-id.sncf.fr/site
  • https://mon-id.sncf.fr/site/
131 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mon-id.sncf.fr/site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.58.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-58-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
936cb648c9333add42b98545ed40788c57aab3df67e2c50fc171f2fe1faaa81f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9

Response headers

Date
Wed, 16 Feb 2022 07:48:31 GMT
Content-Type
text/html;charset=UTF-8
Connection
keep-alive
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Pragma
no-cache
Expires
0
Strict-Transport-Security
max-age=16070400
X-XSS-Protection
1; mode=block
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
ETag
W/"131-1644105874978-gzip"
Last-Modified
Sun, 06 Feb 2022 00:04:34 GMT
Vary
Accept-Encoding
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 16 Feb 2022 07:48:30 GMT
Content-Length
0
Connection
keep-alive
Location
/site/
Strict-Transport-Security
max-age=16070400
Primary Request Login
idp.sncf.fr/openam/UI/
Redirect Chain
  • https://mon-id.sncf.fr/site/motdepasse/determinerAccueil.action
  • https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.sncf.fr/site/oidc-redirect_uri&response_type=code&state=YgGbfskn9f&scope=openid%20client_id%20profile...
  • https://idp.sncf.fr/openam/oauth2/IDP/authorize?client_id=MONCOMPTE&redirect_uri=https://mon-id.sncf.fr/site/oidc-redirect_uri&response_type=code&state=YgGbfskn9f&scope=openid%20client_id%20profile...
  • https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%...
15 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 / JSP/2.2
Resource Hash
541f5ca71a40c60db8bd4d03d9aa7fac606a351d2da02ea71370835d58d85056
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9
Referer
https://mon-id.sncf.fr/site/

Response headers

Date
Wed, 16 Feb 2022 07:48:31 GMT
Server
Apache-Coyote/1.1
Strict-Transport-Security
max-age=15768000
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
0
AM_CLIENT_TYPE
genericHTML
X-Powered-By
JSP/2.2
Content-Type
text/html;charset=UTF-8
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 16 Feb 2022 07:48:31 GMT
Server
Apache-Coyote/1.1
Strict-Transport-Security
max-age=15768000
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Max-Age
1000
Access-Control-Allow-Headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token ,x-openam-password,x-openam-username,iPlanetDirectoryPro
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
Vary
Accept-Charset,Accept-Encoding,Accept-Language,Accept
Pragma
no-cache
Content-Length
0
Expires
0
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Location
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Keep-Alive
timeout=5, max=83
Connection
Keep-Alive
Content-Type
text/plain
sncf.commons.min.css
idp.sncf.fr/openam/css/ 		43 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/css/sncf.commons.min.css
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
cf73e10e877ba5fa7e9efdd58dd8463c499366835346a4e51b3a769a65267e11
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:17 GMT
Server
Apache-Coyote/1.1
ETag
W/"44498-1644706337000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/css
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=82
Content-Length
44498
X-XSS-Protection
1; mode=block
sncf.login.min.css
idp.sncf.fr/openam/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/css/sncf.login.min.css
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
48b56932e2dda8b828a72fec4f59cb5f2ea8a9c8e2aad533d893928ad232ff5c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"2938-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/css
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
2938
X-XSS-Protection
1; mode=block
sncf.jquery.min.js
idp.sncf.fr/openam/js/ 		94 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/js/sncf.jquery.min.js
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
7291a3cfcd1035a69735da1316f3afa18fba47ba5351564a4f712efccc7880c9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:17 GMT
Server
Apache-Coyote/1.1
ETag
W/"96100-1644706337000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/javascript
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
96100
X-XSS-Protection
1; mode=block
sncf.commons.min.js
idp.sncf.fr/openam/js/ 		21 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/js/sncf.commons.min.js
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
836e2f87b9e0bc244b492cafb370753a7a80904f19e246f3a385da9c31f18d37
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"21607-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/javascript
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=79
Content-Length
21607
X-XSS-Protection
1; mode=block
help-gray.svg
idp.sncf.fr/openam/css/svg/sncf/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/css/svg/sncf/help-gray.svg
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
c2dcb3c88abf040ddccffea01b4816759d98911024ffdf9437f912d57df7f42e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"1300-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
image/svg+xml
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=78
Content-Length
1300
X-XSS-Protection
1; mode=block
/
idp.sncf.fr/openam/
Redirect Chain
  • https://idp.sncf.fr/images/dot.gif
  • https://idp.sncf.fr/openam/
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"1626-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/html
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
1626
X-XSS-Protection
1; mode=block
Expires
0

Redirect headers

Date
Wed, 16 Feb 2022 07:48:32 GMT
Server
Apache
Strict-Transport-Security
max-age=15768000
Content-Type
text/html; charset=iso-8859-1
Location
https://idp.sncf.fr/openam/
Connection
Keep-Alive
Keep-Alive
timeout=5, max=77
Content-Length
211
sncf.login.min.js
idp.sncf.fr/openam/js/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.sncf.fr/openam/js/sncf.login.min.js
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
5cafa0acd1843f37c7aa08b56d8a91126507520a905e3000fc399682b06c9744
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"1477-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/javascript
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
1477
X-XSS-Protection
1; mode=block
logo.svg
idp.sncf.fr/openam/css/svg/sncf/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/css/svg/sncf/logo.svg
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/css/sncf.commons.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
11c417b0bfe7c03ee14d9efb9220c99a1273aac66f02bf71a4b384ea9e4b3fb3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/css/sncf.commons.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"2799-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
image/svg+xml
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=89
Content-Length
2799
X-XSS-Protection
1; mode=block
new-window-blue.svg
idp.sncf.fr/openam/css/svg/sncf/ 		507 B
961 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/css/svg/sncf/new-window-blue.svg
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/css/sncf.commons.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
9182a1ff5f9bb4f499bab16e1065c061c7bac38260232b4ec74a4b95e210362b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/css/sncf.commons.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"507-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
image/svg+xml
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
507
X-XSS-Protection
1; mode=block
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26efbbf1bbcf4721f7a206e1fd2ab7b085157221a71882c68094fd269c9c07ae

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/gif
/
idp.sncf.fr/openam/
Redirect Chain
  • https://idp.sncf.fr/px
  • https://idp.sncf.fr/openam/
2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"1626-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
text/html
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
1626
X-XSS-Protection
1; mode=block
Expires
0

Redirect headers

Date
Wed, 16 Feb 2022 07:48:32 GMT
Server
Apache
Strict-Transport-Security
max-age=15768000
Content-Type
text/html; charset=iso-8859-1
Location
https://idp.sncf.fr/openam/
Connection
Keep-Alive
Keep-Alive
timeout=5, max=94
Content-Length
211
circle-up.svg
idp.sncf.fr/openam/css/svg/sncf/ 		582 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/css/svg/sncf/circle-up.svg
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/css/sncf.commons.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
897216efc5e71a1dd80f5713e64e9379c0329c76cc22496c4164a057b84dd6b3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/css/sncf.commons.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:18 GMT
Server
Apache-Coyote/1.1
ETag
W/"582-1644706338000"
Strict-Transport-Security
max-age=15768000
Content-Type
image/svg+xml
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=88
Content-Length
582
X-XSS-Protection
1; mode=block
people.jpg
idp.sncf.fr/openam/images/packshots/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.sncf.fr/openam/images/packshots/people.jpg
Requested by
Host: idp.sncf.fr
URL: https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
171.16.250.81 , France, ASN12670 (AS-COMPLETEL, FR),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
c49c7da469e362fea27196d0cef193e6920f6826d47174a9787204fd273cb646
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://idp.sncf.fr/openam/UI/Login?realm=%2FIDP&locale=fr&service=LoginMotDePasse&goto=https%3A%2F%2Fidp.sncf.fr%2Fopenam%2Foauth2%2FIDP%2Fauthorize%3Fclient_id%3DMONCOMPTE%26redirect_uri%3Dhttps%253A%252F%252Fmon-id.sncf.fr%252Fsite%252Foidc-redirect_uri%26response_type%3Dcode%26state%3DYgGbfskn9f%26scope%3Dopenid%2520client_id%2520profile%2520roles%26acr_values%3Dpassword%26prompt%3D%26ui_locales%3Dfr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Feb 2022 07:48:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 12 Feb 2022 22:52:17 GMT
Server
Apache-Coyote/1.1
ETag
W/"38168-1644706337000"
Strict-Transport-Security
max-age=15768000
Content-Type
image/jpeg
Cache-Control
max-age=2592000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=81
Content-Length
38168
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone string| lang function| $ function| jQuery string| defaultBtn number| elmCount boolean| rememberLogin function| useRememberLogin function| passwordPolicy function| setMessage function| LoginReplay function| LoginSubmit function| createCookie function| readCookie function| eraseCookie function| GetURLParameter function| getElementsByClass function| loginInit object| means object| blank object| html object| body number| bfs function| mobile object| scripts object| jQBrowser number| y object| jQuery111305944927613532434 object| outer number| j

9 Cookies

Domain/Path Name / Value
idp.sncf.fr/openam Name: JSESSIONID
Value: jyU8WLEAPGlI5jvB9sCgmQeq
mon-id.sncf.fr/site Name: JSESSIONID
Value: 79C446CDE89D844D05FAEFB5B1FDF177
mon-id.sncf.fr/site Name: TS01897b5b
Value: 01c10b3bdf7e18bba97cd1492cc5fe6885f20d9caa9b4dddc66cc165fd11770a53654e0de067d0cbc715291233bb4b71286b0bbdddeb977fd6683e36c9964ec18b5b14b0adcecf427def3e781cab0e56e5448dc5b33e5705fb81ffbe96a472be7df425f086130f32c370f289075cd310534eb53cfb
mon-id.sncf.fr/ Name: BIGipServerk70IjrVT20yfxTPgc3BPxQ
Value: !+UawwkC5zJyUyCH6iQlEuBorweLHOaAOdv3Gw91drVx5DdOJfe0QYeRO/QLsJgDfYT3L2tz283LJgw==
mon-id.sncf.fr/ Name: AWSALB
Value: yjnBHuQ+4/AR7eGFNLTqEXTyN19pgRTB1Ph2G6MVB/S0ZLadz9hZUdJkHLMwGVjK1KXigQDqjN6mwqUN4F/C/aND7EXw/UYs+gm+xEtsbuMRHTvmMMWVGmrkZwJF
mon-id.sncf.fr/ Name: AWSALBCORS
Value: yjnBHuQ+4/AR7eGFNLTqEXTyN19pgRTB1Ph2G6MVB/S0ZLadz9hZUdJkHLMwGVjK1KXigQDqjN6mwqUN4F/C/aND7EXw/UYs+gm+xEtsbuMRHTvmMMWVGmrkZwJF
mon-id.sncf.fr/ Name: TS01cbc594
Value: 01c10b3bdfb3c3213d36cea2ed28ded1327b76fc3a9b4dddc66cc165fd11770a53654e0de067d0cbc715291233bb4b71286b0bbddd87649d047512c36b1f3c53d3dfcc181da18f2263bdc7de275ffc047741282654202730ea5ee0c8cc3c8a89d3fc54b751
.sncf.fr/ Name: AMAuthCookie
Value: AQIC5wM2LY4Sfcw2OHpS2Lq4eD-gRQkJm1IYDziutUGEK8s.*AAJTSQACMDIAAlNLABQtMTgyMzI1MTQ3ODQ0MjM3ODE5MQACUzEAAjA2*
.sncf.fr/ Name: amlbcookie
Value: 06

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block