firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 15 Oct 2022 21:50:16 GMT
Expires: Sat, 15 Oct 2022 22:25:17 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xgzysA4OrU_hQOaTt215hfSezDV7OAT13HznUeI0rU5VKLzCQ7LZ-Q==
Age: 1375
avis.us-southeast-1.linodeobjects.com/cpf15dolqrunatspnsorjedid888888888888.html?http:/advertising.php?r=3&l=//jgdqd-m.track%20dom.info&qurl=PWMcUHeIevMZW.syfdf
194.195.215.215200 OK 395 B URL HTTP/1.1 avis.us-southeast-1.linodeobjects.com/cpf15dolqrunatspnsorjedid888888888888.html?http:/advertising.php?r=3&l=//jgdqd-m.track%20dom.info&qurl=PWMcUHeIevMZW.syfdf
IP 194.195.215.215:0
File type HTML document, ASCII text, with CRLF line terminators
Hash c94389e9eb098db5f019924abadbfb23
5b7455db441f8f86fef5a0d7d4d636d8279362e4
ba48367b8413ef0cb006e091f744d18533a34af1ce0823fca40f4b29cc51fd26
GET /cpf15dolqrunatspnsorjedid888888888888.html?http:/advertising.php?r=3&l=//jgdqd-m.track%20dom.info&qurl=PWMcUHeIevMZW.syfdf HTTP/1.1
Host: avis.us-southeast-1.linodeobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:13:11 GMT
Content-Type: text/html
Content-Length: 395
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Sat, 15 Oct 2022 00:34:26 GMT
x-rgw-object-type: Normal
ETag: "c94389e9eb098db5f019924abadbfb23"
x-amz-request-id: tx0000000000000002ede87-00634b3077-8e29370-default
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07b3389fc24c0f8eb82a9d05b546d17e
02716741b8952e548b9a223adbb3f16204eef2b2
25e13458988115ae1f8176cb2328dbfebd612eabebf256b4af64594d5e23d6ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25E13458988115AE1F8176CB2328DBFEBD612EABEBF256B4AF64594D5E23D6CA"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3568
Expires: Sat, 15 Oct 2022 23:12:39 GMT
Date: Sat, 15 Oct 2022 22:13:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8756
Expires: Sun, 16 Oct 2022 00:39:07 GMT
Date: Sat, 15 Oct 2022 22:13:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: puWyiklMX2iCAgSJz5tiUWSPp8SXqDfIw360ca0CHXhJ2v5u/lYeyKWlW4Ji5sM4/DYLWH79+xQ=
x-amz-request-id: 9TS8DVJ90T1F38SZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 15 Oct 2022 21:34:47 GMT
age: 2304
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 22:13:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 15 Oct 2022 22:07:43 GMT
Cache-Control: max-age=3600
Expires: Sat, 15 Oct 2022 23:03:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OZTImdFDdzkUKyUys-Zkaly5djJwtkO4cGVgNQOOSN92bOcYR3RNuw==
Age: 328
track.gathedral.com/ofc/52595e70-0e54e70a-b641f4e3-9162-52fb/d9336a4e-9d1c17ed-9d250ced-8415-b6ba?Subid=15&sub_pubid=15&externalid=15
185.103.37.69303 See Other 308 B URL HTTP/2 track.gathedral.com/ofc/52595e70-0e54e70a-b641f4e3-9162-52fb/d9336a4e-9d1c17ed-9d250ced-8415-b6ba?Subid=15&sub_pubid=15&externalid=15
IP 185.103.37.69:0
ASN #29119 ServiHosting Networks S.L.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (383)
Hash fa18bf4fbda4e7be0923bbf87a30810b
5a6d236f529bd5de4a1957e3a65207d8ccdca7a3
007bcacef1aa949f365308795ccbe334b289c21c6bb38c8a4a786c3c8148be6f
GET /ofc/52595e70-0e54e70a-b641f4e3-9162-52fb/d9336a4e-9d1c17ed-9d250ced-8415-b6ba?Subid=15&sub_pubid=15&externalid=15 HTTP/1.1
Host: track.gathedral.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://avis.us-southeast-1.linodeobjects.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 303 See Other
date: Sat, 15 Oct 2022 22:13:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: no-cache, private
location: https://cpfv4.formation-subventions.fr?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
content-encoding: gzip
age: 0
vary: , Accept-Encoding
tp-cache: MISS
content-length: 308
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4406
Cache-Control: max-age=126429
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:13:12 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 09:20:21 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f24fabf1824f3b02a0dd8328367f8590
323c416aaefcec0ca81e0cccb4dc9aa53dacf384
b6e4b2812e490e27adf1a611f188d84bddf8673494974b2a3d18fe5809884a8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6E4B2812E490E27ADF1A611F188D84BDDF8673494974B2A3D18FE5809884A8F"
Last-Modified: Fri, 14 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 16 Oct 2022 04:13:12 GMT
Date: Sat, 15 Oct 2022 22:13:12 GMT
Connection: keep-alive
cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
52.16.240.242200 OK 8.1 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1078)
Hash a01c8416c24c2a224501f00e3cc7463d
9bacf7e0e2f49b0e2cea1a6c9bb44dc6f0529aa4
d5dbb21ef889674a6641427f3dda9ce19ab655fc7e8aa5ac2e18e81cf9576f88
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://avis.us-southeast-1.linodeobjects.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Sat, 15 Oct 2022 22:13:12 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; expires=Tue, 15-Nov-2022 08:13:12 GMT; Max-Age=2628000; path=/; samesite=lax
leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D; expires=Tue, 15-Nov-2022 08:13:12 GMT; Max-Age=2628000; path=/; httponly; samesite=lax
Content-Encoding: gzip
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
52.16.240.242200 OK 38 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
IP 52.16.240.242:0
Hash ff2874cf2b810904a86e75fb662dddf9
d01f2466cdb09c2869a00933b301d7b3eaa47c88
712cd40cf73ca483fb7fb2b4652d6f6fc8bb13f787d7b4205219e8d36531d2ad
GET /assets/landings/cpf-v4/assets/bootstrap-grid.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: text/css
Content-Length: 37644
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-930c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:13:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.240.140.78101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.140.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oIu2SL0H6YBknDT7c4tHOA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CSq5Wr5Mnz5EM7utqEaIRgCdafo=
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
52.16.240.242200 OK 8.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
IP 52.16.240.242:0
Hash 67e5e325edd3fb0b1fe63c87ead83537
acf360ef2d36a71711c0ba68435a8d14600d662f
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/octet-stream
Content-Length: 8028
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1f5c"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
142.250.74.168200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
IP 142.250.74.168:0
File type ASCII text, with very long lines (18991)
Hash 2b08670cba5e99b21afc899707e8a971
442c290245a5bb2be14367f113ee93664df53f59
f23984bc2014ace4539268e65a92b22e8824435622dc81023e71afbaa9cc990c
GET /gtag/js?id=G-WN8PVLP7SK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 15 Oct 2022 22:13:12 GMT
expires: Sat, 15 Oct 2022 22:13:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74915
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
IP 52.16.240.242:0
Hash 08d62b119695d97b0a4aa10cd745715b
846b60a28d2aa67ede6225d913be3baac91e50a0
b16ef5a9744c2d32965d61a0d54cd9861658be9dc35317bb0d169d3be1b5f08f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/style.css?v=1.0 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: text/css
Content-Length: 13111
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3337"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:13:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
52.16.240.242200 OK 46 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (460)
Hash 0c31c5438a896a73e3d88e3bb035a00a
4ed61d3db90d340eb945a0cf6bf19ef4ca7c3a69
185c5c9bbcb780984871e86bc73f6e9c8c8ffd699c3274716ab1d481ee64a7fd
GET /assets/landings/cpf-v4/assets/animate.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: text/css
Content-Length: 45766
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b2c6"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
52.16.240.242200 OK 49 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (48464)
Hash 10519cfd3206802f58315b877a9beab5
03232d7095b4a14b88810a0ffe76ae50726c23c6
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
GET /assets/landings/cpf-v4/assets/all.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: text/css
Content-Length: 48649
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-be09"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
52.16.240.242200 OK 660 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
IP 52.16.240.242:0
File type ASCII text, with very long lines (65470)
Size 660 kB (660408 bytes)
Hash 1af14b70bbb23b3b2bb69b56eb34c8d1
b3d7162e6cb996167eed2cd1c49874b1cf71b399
89601bb921da48d1f5138c767903e242d43500a4b20eb5fa0bfbe0b18f2f739d
Analyzer Verdict Alert fortinet Phishing
GET /assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 660408
Last-Modified: Mon, 11 Jul 2022 15:07:34 GMT
Connection: keep-alive
ETag: "62cc3cb6-a13b8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
52.16.240.242200 OK 96 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (32038)
Hash f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/jquery.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 95992
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-176f8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
52.16.240.242200 OK 1.4 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
IP 52.16.240.242:0
Hash e8620b11e5f539e459a4497875f5a888
f0614c24180891190c99c655dce65fae0dc48f7c
ece6d92e0083388d7fbd972acdf4d026665d3ee9539efa8229f53c27caf35ac2
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/showHide.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 1388
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-56c"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
52.16.240.242200 OK 2.9 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
IP 52.16.240.242:0
Hash b6669c3eec8db5cc3ccdcc33ea434014
1b3157d5d7b38de5824f6565a0fa5f5b5aebbfe2
e1ba56834ff8384f3f2d84534375c79a6d9cf4dfc34f8c9636fb380841b0c6f4
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/scroll.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 2884
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b44"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
52.16.240.242200 OK 124 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (317)
Size 124 kB (123765 bytes)
Hash 4bc939cd6b79a562e8d14bc7a4674520
096f4af97b2968cf43f08d5a39b8dbae7c74c7ae
f364953a3675a8b76babc5549808ac15aa424aad5ba606afb5741a0c62cf0008
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 123765
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1e375"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
52.16.240.242200 OK 142 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (65352)
Size 142 kB (141748 bytes)
Hash 700467aeaa622a813a841bb3e8887545
3bed6f0b8dc1d65dd767e6dbc8de496de6e93a74
fe1c98caa7fb5de953b472f2866f169e7332ef250d6a72edb454ebd5f5eb08fd
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/inputmask.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 141748
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-229b4"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
52.16.240.242200 OK 8.2 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (8096)
Hash 531647c81a24ea5ab59f55b04476049b
b26c2bf80d048a6794575bab088d5514302b45cd
04e47903ea6b22a81acd7a63131b2cd92614fc2dc79158fcace251869e715396
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/wow.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 8213
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2015"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
52.16.240.242200 OK 5.7 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
IP 52.16.240.242:0
Hash 55aa3f53ee3d2f02e08f283bb32b66d5
24f77a0dcaf050d99ed797d9675d97ea58a6e723
a9dc8a0a29ebe54549b7fa2b704bc50a233fca359e17445952b1fc370322f43f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/default.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 5688
Last-Modified: Thu, 11 Aug 2022 09:53:37 GMT
Connection: keep-alive
ETag: "62f4d1a1-1638"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash 0bc47eb3121362da3da572efcfe251d3
ab339a8d54d9fdc85720c8af31dc33af1e9ba2b0
c4f2fb9dab8a1e66dbe22e6e12f5286069fa663574326d516d4473a728b33032
GET /assets/landings/cpf-v4/assets/logonew.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 12804
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3204"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
52.16.240.242200 OK 212 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (307)
Size 212 kB (212345 bytes)
Hash 50a98c751c19ae5ea4fc42b2ba2da89b
56368d3745a9fb9e81628db25dd5995bc3c31add
3290ad3b8a579ef3bc11c67daadde34b8c60537e337ac6249885d85d13566363
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.bundle.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 212345
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-33d79"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2160, 8-bit/color RGBA, non-interlaced\012- data
Hash 194f9fac2ec24708a5cff38fa615ac9d
1c6bb263ceddae2e189574b7a07871fbcf2cf1f3
5153585d7e061db84b92e6c14e5e7d536003e37c3fb02257a378ebafe7a3954f
GET /assets/landings/cpf-v4/assets/word.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 64827
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-fd3b"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
52.16.240.242200 OK 101 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
IP 52.16.240.242:0
File type PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (100722 bytes)
Hash b3bba4a529cab7e8211c9019f1347b71
8e8f4514a5b2fdee304e88d12cd21772b0a39efe
5cee67a96f9fa2272be123080687322b21d536f3c2ef85a9eebb042c9a07fe11
GET /assets/landings/cpf-v4/assets/excel.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 100722
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-18972"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
52.16.240.242200 OK 55 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 1116, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f97ba846d45dd2bdb89d34d007479ce
ac6bcddb364ec3fbd11c98bd9ee9e2eca662a6a5
c5de0afede85344030af3f7baed8bdffa71131b7d9edaea5cab5f4ea42d9af58
GET /assets/landings/cpf-v4/assets/powerpoint.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 55090
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-d732"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
52.16.240.242200 OK 17 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash db4298ab4dbd04c9e9a2395533a01082
507a6ac3a84400172686cec9511965f01b81079a
19466439f97145616eeccc5e2cf409e7671cdd4f6c2ab62e293e40b3f58ce938
GET /assets/landings/cpf-v4/assets/wordpress.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 16745
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4169"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
52.16.240.242200 OK 22 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 6793474b36b8348d9f3494324f553bf0
9d64242952d7c9bcb21a4b93cdd3e0eb20b7f437
b758aa9397190855525f5ce0039263ec52f133f62b64acf0e762f3721303dad9
GET /assets/landings/cpf-v4/assets/photoshop.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 22319
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-572f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
52.16.240.242200 OK 23 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash ed1ab790c6ab593f77fe64e9ba02c027
d172c0a814b6811b97ee749d2b978da4abd6cecc
16a2d9bb577f6f0e20e5d6406acf2291897c7a2b06852c7ad4ec68fb505247eb
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/indesign.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/jpeg
Content-Length: 22703
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-58af"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2106, 8-bit/color RGBA, non-interlaced\012- data
Hash 6056a96b099b3d365f604968869583f6
9c73819f0af3507416f1a7f88179a775771fde2a
22c3d04097949bf66e3deaf534b8c34ba4add04a956dc74da8bbfef4899c3b9a
GET /assets/landings/cpf-v4/assets/illus.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 65343
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-ff3f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
52.16.240.242200 OK 27 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash 14235e36f44aa23b142a2faaad4f4b05
2ea250b0ec665f862d3eef1a191619cd8f1cd204
7a90cfcc8f5ae2deecb74b1bb210392a2f2d688bb944c72c5b88f93e3bac3083
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/montage_photo.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/jpeg
Content-Length: 26935
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-6937"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
52.16.240.242200 OK 11 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x730, components 3\012- data
Hash 78e52dbdf74603151c5c98ef65dea86c
44b4c369e1398c5c32db5804dc1741c84d048b69
3e19e40d0885c4dfd49d089492b20f39ba95cc1481cf9659046f53add0a9ada5
GET /assets/landings/cpf-v4/assets/banner.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665871994.1.0.1665871994.0.0.0; _ga=GA1.1.493920443.1665871995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/jpeg
Content-Length: 10854
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a66"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
52.16.240.242200 OK 6.5 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1170x230, components 3\012- data
Hash 51a1df3e2485d5d6b64fd830eb7c9d0c
78c477157c76b5f1ea901558bde62a3db5cc2ae2
dc2728cc97697b427ae12dc985791b1c4fa736b63a5d1a45caa0826bc4640cba
GET /assets/landings/cpf-v4/assets/project-bg-2.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665871994.1.0.1665871994.0.0.0; _ga=GA1.1.493920443.1665871995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/jpeg
Content-Length: 6494
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-195e"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
52.16.240.242200 OK 319 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
IP 52.16.240.242:0
File type PNG image data, 560 x 370, 8-bit/color RGB, interlaced\012- data
Size 319 kB (318929 bytes)
Hash f0366d93cee73d9ad9ff96af3503fe83
2961d5c8448bfe48be1ee133b2597e35c1d87032
6b03be43a135c88b5cac1e43d23b8a2f46e655c3f23ead75cc169bad4dd2f3f8
GET /assets/landings/cpf-v4/assets/img2.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 318929
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4ddd1"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
52.16.240.242200 OK 4.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
IP 52.16.240.242:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, interlaced\012- data
Hash 8604b4e2501cb5928e40d0623400e361
c94dbb348dd0222aa31c1ddc93793f889c18ff70
d3bb00c4c958c19ee9504845c697ab7d6315a1654604e816b795883b8c4d986f
GET /assets/landings/cpf-v4/assets/favicon.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665871994.1.0.1665871994.0.0.0; _ga=GA1.1.493920443.1665871995
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:13 GMT
Content-Type: image/png
Content-Length: 3989
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-f95"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dabc9909474f0f9c08eb8655c1bc19d6
21d8e9c482a94be79a802ec171820d90a4c4cddf
22c7da5a25fbbb3a98d52990c7717acbd270afdf977790993a775a1cd21d4b33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1256
Cache-Control: max-age=141617
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:13:13 GMT
Etag: "634ab1c2-1d7"
Expires: Mon, 17 Oct 2022 13:33:30 GMT
Last-Modified: Sat, 15 Oct 2022 13:12:34 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 24e72797c2387d3949fd48bff0869138
9987f23f7289affffb99587c703c95d4448f0d3c
ff6231326f473d1d8e7999bde0bb9c34aedd5e47aefdceb94629c75c771984f1
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: EvNt2csFQZ+InxNM14kORWzGj75P/jRAM5X0xmoGlTndBMyNZFy4J8bxDN3I00eFthClLE148L9+wJbm4Rwf8w==
priority: u=5,i
content-length: 27029
x-fb-trip-id: 1904183273
date: Sat, 15 Oct 2022 22:13:13 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dabc9909474f0f9c08eb8655c1bc19d6
21d8e9c482a94be79a802ec171820d90a4c4cddf
22c7da5a25fbbb3a98d52990c7717acbd270afdf977790993a775a1cd21d4b33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4940
Cache-Control: max-age=145301
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:13:13 GMT
Etag: "634ab1c2-1d7"
Expires: Mon, 17 Oct 2022 14:34:54 GMT
Last-Modified: Sat, 15 Oct 2022 13:12:34 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
www.clarity.ms/tag/dfukl0f7t6
13.107.246.53200 OK 1.3 kB URL HTTP/2 www.clarity.ms/tag/dfukl0f7t6
IP 13.107.246.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1317), with no line terminators
Hash 5c41f336fa5696d28467dcab5dfc1e17
f7d56ac26bbf9eb13c234ad1709747877c6069fb
8b43f0018f4270d657bd112ee29b207b7ec11864487390ab97552232a3b6cfd6
GET /tag/dfukl0f7t6 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-length: 1317
content-type: application/x-javascript
expires: -1
set-cookie: CLID=7b9d470c76794959b5adf81c6faa7c93.20221015.20231015; expires=Sun, 15 Oct 2023 22:13:13 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-cache: CONFIG_NOCACHE
x-azure-ref: 0eTBLYwAAAAD/dF+4bkLyRaAtzf3N4eWVU1ZHMjBFREdFMDUxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 15 Oct 2022 22:13:12 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&rl=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&if=false&ts=1665871995386&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665871995385.641206227&it=1665871995186&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&rl=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&if=false&ts=1665871995386&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665871995385.641206227&it=1665871995186&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&rl=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&if=false&ts=1665871995386&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665871995385.641206227&it=1665871995186&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sat, 15 Oct 2022 22:13:13 GMT
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oeaa0&_p=31918710&cid=493920443.1665871995&ul=en-us&sr=1280x1024&_s=1&sid=1665871994&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&dr=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oeaa0&_p=31918710&cid=493920443.1665871995&ul=en-us&sr=1280x1024&_s=1&sid=1665871994&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&dr=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-WN8PVLP7SK>m=2oeaa0&_p=31918710&cid=493920443.1665871995&ul=en-us&sr=1280x1024&_s=1&sid=1665871994&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101522-d057383bfb9b262f0cf6a135d0c00788%26var4%3D15%26spub%3D52595e70-0e54e70a-b641f4e3-9162-52fb&dr=http%3A%2F%2Favis.us-southeast-1.linodeobjects.com%2F&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://cpfv4.formation-subventions.fr
date: Sat, 15 Oct 2022 22:13:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.lordicon.com/nocovwne.json
143.204.55.84200 OK 3.4 kB URL HTTP/2 cdn.lordicon.com/nocovwne.json
IP 143.204.55.84:0
File type ASCII text, with very long lines (31195), with no line terminators
Hash 4afe23b675f3245ab332b386efbb993a
968c42e50a004ed6d814f7fdc250ff9ce020121e
e61cbafdec6da300aa199efca804b2954f76edc060480111104831bda877bd0a
GET /nocovwne.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:04 GMT
etag: W/"79db-17f04111a7e"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:09:49 GMT
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MPCnblNjP6w7wc4y6f_RrjdDcH0FC2TNLy7kIdDOdwiNUlaBrIpBMw==
age: 745403
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&RedC=c.clarity.ms&MXFR=3725FE0BF2B96BFF0B36EC35F6B965D4
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&RedC=c.clarity.ms&MXFR=3725FE0BF2B96BFF0B36EC35F6B965D4
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&RedC=c.clarity.ms&MXFR=3725FE0BF2B96BFF0B36EC35F6B965D4 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&MUID=2D71188C7803695205D90AB279F668DD
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=2D71188C7803695205D90AB279F668DD; domain=c.bing.com; expires=Thu, 09-Nov-2023 22:13:13 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4E78323467C4C158BF907BFC2B03E39 Ref B: OSL30EDGE0118 Ref C: 2022-10-15T22:13:13Z
date: Sat, 15 Oct 2022 22:13:12 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&MUID=2D71188C7803695205D90AB279F668DD
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&MUID=2D71188C7803695205D90AB279F668DD
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=74B92DC6B6C14028808FAD00BD2D61E7&MUID=2D71188C7803695205D90AB279F668DD HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sat, 15-Oct-2022 22:23:13 GMT; path=/; SameSite=None; Secure;
date: Sat, 15 Oct 2022 22:13:13 GMT
content-length: 42
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:13:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:13:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:13:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:13:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14219
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:13:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 547b1dc796288f5c4f2afee1cb5fa073
65221ad29339e14482d0f4520a116287936af308
3efc0ffc960d12ea1de4c1dde9b4356e1621ad17caef69690776638d697ce0a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11351
x-amzn-requestid: 8dea889d-00dd-4ac8-9992-a622ffe6cb4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENseG_XoAMFYfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2982-75a03a0d57ca7d6010516b54;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:43:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cbwjQWtMLkxVetKotUNS3nnjjHBJOuuFEch68uz17zlMOPx2q3kVeA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
age: 864
etag: "65221ad29339e14482d0f4520a116287936af308"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e20daa74ab04b1b9859672acfc070f7e
d291947f161c928e6c6682a05835478b5f0cffc5
ebbe051930f46dd25de2a4c5795f3bdddf1513c0657cdc986c48f3dfdc90f575
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9260
x-amzn-requestid: dfd8deb0-fc73-4321-b024-330b2a3d1759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENyFH9RoAMF24w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b29a6-0aaf75c43b51d5775bc48a95;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:44:06 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YVZ4EN-w7lmXTXKTy_A-9P0TW0zAqSa7j5_G2M1XnS-j3EfJSEFplw==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
age: 864
etag: "d291947f161c928e6c6682a05835478b5f0cffc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 440811a19987ddee099df289d9b61e79
ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1
1309e9dcb36858de70ef82900ec1ad429fbb795ddb9823fd1c290b18f4e2c1a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9623
x-amzn-requestid: b3d5bd8d-111b-4d50-9720-71f72c62f860
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7Q8oFLRIAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347951d-613e5e810f420e4c0ba3e6f6;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 04:33:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OA9iHADyiam26eo88jYDECifkqeBaTjsuoeHD2YOy0aZJZEGhG-xow==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 2177
etag: "ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f6f17e-fdd5-44d5-bb67-afeda66ec08c.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f6f17e-fdd5-44d5-bb67-afeda66ec08c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f852a58da0bf5c1c5b3d4c9531078b08
96b58ac0e71afe7d4ba43fa592130f3611eb6df7
d404e20f16943bf168b422da6477716f9b37f38927ce078bf19504a581558f75
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f6f17e-fdd5-44d5-bb67-afeda66ec08c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: be75e58e-a1b4-46fa-bdf2-b94a7270a86e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL3-EhrIAMFlcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2699-544110ce3f2002e57bc3422f;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:05 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wKNlz7C47Wd9aokVCdgEIgK4KijtdK5hlL6jmV96_Xv3t5osOzqcVQ==
via: 1.1 f83d0d4febf7c22c3236bd42fa6dcd96.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
etag: "96b58ac0e71afe7d4ba43fa592130f3611eb6df7"
content-type: image/jpeg
age: 864
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4adb9ea6-07d3-4cd7-8e5a-4b9f43b4662d.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4adb9ea6-07d3-4cd7-8e5a-4b9f43b4662d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7def5eab120c634c4324bd93629552f3
b938095d7c5feff5d5c428dfb1d2a23a1a2db3e5
cdb541ee2733431d2fe0cec6c87c8948db48b5247ddb00bb3017f79d6615f2cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4adb9ea6-07d3-4cd7-8e5a-4b9f43b4662d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7110
x-amzn-requestid: df096a12-3744-4b5c-a525-f0a782d4438a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEMu0GCjIAMFjFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b27f8-407b2510647ccbc374e4dac4;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:36:56 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dKhYX335XdSOWZ0z8EFjRrWnY4pcN5_91vJjrtFjmUPhgS9ECkeULw==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
etag: "b938095d7c5feff5d5c428dfb1d2a23a1a2db3e5"
content-type: image/jpeg
age: 2177
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69fc0752-6b07-48bd-b8a9-72181c2eda68.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69fc0752-6b07-48bd-b8a9-72181c2eda68.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fadc98d6bc21bda450cb9e1636983db
8cfa603d1b6d476695c06e31a906e9eeea638528
9f50f8c29af0752dfa8b1bfe6e80c462bec7308c94d770e99a1f5eb1a76bbc04
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69fc0752-6b07-48bd-b8a9-72181c2eda68.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6938
x-amzn-requestid: 0b81a240-35b7-4570-97d2-1efb1037c78a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM7eHDkIAMF0lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2849-6ca6b04355a2f6e61cf6da1a;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nVuf6wvP_7Majrgd3jtvOSWwUItWg_DDyjT2Zkg_E5DWACFV9RLY5Q==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
age: 864
etag: "8cfa603d1b6d476695c06e31a906e9eeea638528"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1009
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 22:13:13 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 65730
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 22:13:13 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 14759
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 22:13:15 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5607
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 22:13:19 GMT
X-Firefox-Spdy: h2
cdn.lordicon.com/yeallgsa.json
143.204.55.84200 OK 0 B URL HTTP/2 cdn.lordicon.com/yeallgsa.json
IP 143.204.55.84:0
GET /yeallgsa.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:30 GMT
etag: W/"9a9a-17f041180fa"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:17:05 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WjpHeqb8WPAziFS9W0aZKUGaziKrGv38qfn70Y99czHB5zyx3x3SSA==
age: 744967
X-Firefox-Spdy: h2
cdn.lordicon.com/gqdnbnwt.json
143.204.55.84200 OK 0 B URL HTTP/2 cdn.lordicon.com/gqdnbnwt.json
IP 143.204.55.84:0
GET /gqdnbnwt.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:38 GMT
etag: W/"56f3-17f04119f85"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:09:49 GMT
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FOhrzGn0EFOalLi1qI0Rlc3x6ij_GHng-uQ0fKVEnia8n6p90slnsg==
age: 745403
X-Firefox-Spdy: h2
www.clarity.ms/eus2/s/0.6.42/clarity.js
13.107.246.53200 OK 0 B URL HTTP/2 www.clarity.ms/eus2/s/0.6.42/clarity.js
IP 13.107.246.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
GET /eus2/s/0.6.42/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8de484d1af7d4"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0eTBLYwAAAAAkova8K3dyRauJk8+M1J+hU1ZHMjBFREdFMDUxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 15 Oct 2022 22:13:13 GMT
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/lord-icon-2.1.0.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: application/javascript
Content-Length: 279427
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-44383"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
IP 52.16.240.242:0
GET /assets/landings/cpf-v4/assets/bootstrap.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: text/css
Content-Length: 173597
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a61d"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
IP 52.16.240.242:0
GET /assets/landings/cpf-v4/assets/office-application.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101522-d057383bfb9b262f0cf6a135d0c00788&var4=15&spub=52595e70-0e54e70a-b641f4e3-9162-52fb
Cookie: XSRF-TOKEN=eyJpdiI6InVxbDVQbGI3c1lVblRvQTRDbkcrTnc9PSIsInZhbHVlIjoiZFBKa0thcVkzME4vQVlteUN3U3ErbVhGbXl4bXVEbCtOUVp6Y3VmRVQweldQTGY4enllZ0wzczlyUmFWQjRXRFlDVjBYTEt2MmdHNjFNL1NicUFVc2FQU3Jwd2d6MmZvRlkyWjhoZkVjTXZkcnRHR2loRVJOQlgzNXI5VnN4ZHUiLCJtYWMiOiI2MjE0YjA0OWZlMWQ1YTQzYjcwMDYwZWZmYTEyYWI3YTRmNTlmYzA3NWY1MzUyZGI3Y2ZjOWJhNDRmMzlmYzRkIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6ImFrYzZtdWxEbG9GdC9zbjJON0NtRlE9PSIsInZhbHVlIjoiNElkMHp3Q2lWeThrSW5Hajl5TkhHMlEvbnBOK2tnalpEUTlyN2FScmI1MTZVUXY2NG5CMWZaKzJQbjFHc09XcWJUUC8ycGxvVTJnVG1nQ0M0enlQWWFRNUs0UmJSUHRyRWhhQlZoR2hTcU5WM21saCtQb2dwejdzOERhZHB6NVUiLCJtYWMiOiI2ODU5N2FmODY0ODVhZTVlNWUyMDAxZDIyNzcyYzdlNGViYzg4MjYyNDI3MGYxODJlYjJhYThlOWY3ZTUzMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 22:13:12 GMT
Content-Type: image/png
Content-Length: 34351
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-862f"
Accept-Ranges: bytes