You have been redirected to this page from www.ssogf.generali.fr via the sourceURL parameter bypass.
This demonstrates that the Generali SSO redirects authenticated users to an attacker-controlled domain after login or logout, without proper domain validation.
Vulnerable endpoint:
https://www.ssogf.generali.fr/user/auth/logout?sourceURL=https://monespace.generali.fr.fernandes.es/
hostname.contains(".generali.fr.") — this domain passes because .generali.fr. appears as a substring of monespace.generali.fr.fernandes.es, even though it is fully controlled by the researcher.