![](/screenshots/5c604c03-ace9-424e-a876-3da023b55b9b.png)
auth-staging.api.gouv.fr
Open in
urlscan Pro
149.202.185.156
Public Scan
Effective URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Submission Tags: phishingrod
Submission: On April 17 via api from DE — Scanned from FR
Summary
TLS certificate: Issued by R3 on March 17th 2023. Valid for: 3 months.
This is the only time auth-staging.api.gouv.fr was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 149.202.169.91 149.202.169.91 | 16276 (OVH) (OVH) | |
2 15 | 149.202.185.156 149.202.185.156 | 16276 (OVH) (OVH) | |
2 | 149.202.75.82 149.202.75.82 | 16276 (OVH) (OVH) | |
15 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
api.gouv.fr
5 redirects
monitoring.particulier-staging.api.gouv.fr auth-staging.api.gouv.fr |
964 KB |
2 |
data.gouv.fr
stats.data.gouv.fr — Cisco Umbrella Rank: 560385 |
21 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
15 | auth-staging.api.gouv.fr |
2 redirects
auth-staging.api.gouv.fr
|
3 | monitoring.particulier-staging.api.gouv.fr | 3 redirects |
2 | stats.data.gouv.fr |
auth-staging.api.gouv.fr
stats.data.gouv.fr |
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
legifrance.gouv.fr |
gouvernement.fr |
service-public.fr |
data.gouv.fr |
moncomptepro.beta.gouv.fr |
datapass.api.gouv.fr |
beta.gouv.fr |
github.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
app-staging.moncomptepro.beta.gouv.fr R3 |
2023-03-17 - 2023-06-15 |
3 months | crt.sh |
stats.data.gouv.fr R3 |
2023-02-19 - 2023-05-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth-staging.api.gouv.fr/users/start-sign-in
Frame ID: E6900CDB7C36C49C69889AC12064F929
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/5c604c03-ace9-424e-a876-3da023b55b9b.png)
Page Title
MonCompteProPage URL History Show full URLs
-
https://monitoring.particulier-staging.api.gouv.fr/
HTTP 302
https://monitoring.particulier-staging.api.gouv.fr/login HTTP 307
https://monitoring.particulier-staging.api.gouv.fr/login/generic_oauth HTTP 302
https://auth-staging.api.gouv.fr/oauth/authorize?access_type=online&client_id=vu7qehrgvmynk7s2ssguuzth2fmyhum... HTTP 303
https://auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO HTTP 302
https://auth-staging.api.gouv.fr/users/start-sign-in Page URL
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: legifrance.gouv.fr
Search URL Search Domain Scan URL
Title: gouvernement.fr
Search URL Search Domain Scan URL
Title: service-public.fr
Search URL Search Domain Scan URL
Title: data.gouv.fr
Search URL Search Domain Scan URL
Title: Devenir partenaire
Search URL Search Domain Scan URL
Title: À propos
Search URL Search Domain Scan URL
Title: Conditions générales d'utilisation
Search URL Search Domain Scan URL
Title: Une réalisation beta.gouv.fr
Search URL Search Domain Scan URL
Title: licence etalab-2.0
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://monitoring.particulier-staging.api.gouv.fr/
HTTP 302
https://monitoring.particulier-staging.api.gouv.fr/login HTTP 307
https://monitoring.particulier-staging.api.gouv.fr/login/generic_oauth HTTP 302
https://auth-staging.api.gouv.fr/oauth/authorize?access_type=online&client_id=vu7qehrgvmynk7s2ssguuzth2fmyhum74xqjd7rca9edraq9ggkebey73hkgysw2dq3vu6kp2xzrndumurw7eq964826yypqgb5bjr53wkk7ejdjc6wrhyqktqge6qma&redirect_uri=https%3A%2F%2Fmonitoring.particulier-staging.api.gouv.fr%2Flogin%2Fgeneric_oauth&response_type=code&scope=openid+email+profile+organizations&state=bjZk_ZU1yHyTYU4vpcQyTbPb7iD1nL0ebHhAUVLj3TM%3D HTTP 303
https://auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO HTTP 302
https://auth-staging.api.gouv.fr/users/start-sign-in Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
start-sign-in
auth-staging.api.gouv.fr/users/ Redirect Chain
|
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application_20230109.css
auth-staging.api.gouv.fr/assets/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dsfr.min.css
auth-staging.api.gouv.fr/assets/ |
502 KB 502 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utility.css
auth-staging.api.gouv.fr/assets/utility/ |
306 KB 307 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
matomo.js
auth-staging.api.gouv.fr/assets/ |
514 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_moncomptepro_label.svg
auth-staging.api.gouv.fr/assets/ |
14 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
go-back.js
auth-staging.api.gouv.fr/assets/ |
226 B 971 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
matomo.js
stats.data.gouv.fr/ |
64 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-right-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ |
189 B 910 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-left-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ |
184 B 905 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Marianne-Bold.woff2
auth-staging.api.gouv.fr/assets/fonts/ |
41 KB 42 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Marianne-Regular.woff2
auth-staging.api.gouv.fr/assets/fonts/ |
40 KB 41 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
external-link-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ |
230 B 951 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Marianne-Medium.woff2
auth-staging.api.gouv.fr/assets/fonts/ |
41 KB 42 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
matomo.php
stats.data.gouv.fr/ |
0 193 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| _paq object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
auth-staging.api.gouv.fr/oauth/authorize/TYEXPJQWjcH8QLEIpSaMO | Name: api_gouv_interaction_resume Value: TYEXPJQWjcH8QLEIpSaMO |
|
auth-staging.api.gouv.fr/oauth/authorize/TYEXPJQWjcH8QLEIpSaMO | Name: api_gouv_interaction_resume.sig Value: TH4d0abU07O5WYoLUzRi_Kq5E6g |
|
auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO | Name: api_gouv_interaction Value: TYEXPJQWjcH8QLEIpSaMO |
|
auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO | Name: api_gouv_interaction.sig Value: GuSD1xxhp39llnwg6CrQsH1Yhek |
|
monitoring.particulier-staging.api.gouv.fr/ | Name: redirect_to Value: %2F |
|
monitoring.particulier-staging.api.gouv.fr/ | Name: oauth_state Value: f398889140ecf11e895fe2c5fe23a310845274ed7b44a2d1b1fbceda612ed33a |
|
auth-staging.api.gouv.fr/ | Name: connect.sid Value: s%3ASdrTqwAWyBAk4DbZFpjo8ygo3iNZCRsh.ObsP22A%2FUIiKqbkl%2FlaVfRToE3mIUCg3eHwLvuSsvVA |
|
auth-staging.api.gouv.fr/ | Name: _pk_id.85.f00e Value: b2aeccb4aa1c29a2.1681768898. |
|
auth-staging.api.gouv.fr/ | Name: _pk_ses.85.f00e Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data: |
Strict-Transport-Security | max-age=15552000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth-staging.api.gouv.fr
monitoring.particulier-staging.api.gouv.fr
stats.data.gouv.fr
149.202.169.91
149.202.185.156
149.202.75.82
0a6a0b3829bb24f3695ed5d3b6fb6b502c9557be6a172da004932e3adf7a2dba
2929a4704a947bad8f1bb7cd2e442b4df9f6cd201a86c5e38302586c9db5bbda
2d47402782d5fe38d2d825b4acc655a43b40cd92c458484f4bb85a16171a7e66
3924b27232f6b1bec1a5ba365c38ecde5b44b15a035bae67937ce1a47ba2efbe
3f585632ed9bc498bc9fc995f1e7f8851b64ac667b8f8692662fe472bc0f6d65
42da0800190b4121261416ab83209ff03ce7d8dc41d6eabfea7022bb816741f7
6b613fd85cf9f0822d62b0d0d8ecfa314e0bf0298acfbde1d6d67e7859fef39c
7ce61538d829ac928d226e371c99066f6f697338a4a587d71236e86e39dbb821
870547f8ba73e71c8ca22420b26b6418c4d7e691c5c7279881edc5989d714590
b33d54f9b290249f723e1f7785cb0a230891fe2bb4b12d90734a21f8e188c8dd
bc750a156d8c73e0564197f87d01f6093dfe646a7402bcaed1f6e1e0f5d6c5ab
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
e259701c0139abf35cac8a0cc8dd2b02db853a3b850181f8285e75ecc351caf8
e2a4374e092811b786ccd1b48088f4f647f3699abec96fa0fa37e388306057ed
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6f54f5ea8ae2921980b307fa4b770105f9a607d055f88bbd8abc2207b5076c8
ea6aa5834670226ebde62f484f7caaa373afab7ca02b4a4cfd57845aa1f8e613