cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
52.16.240.242301 Moved Permanently 169 B URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:15 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20150
Expires: Sat, 03 Sep 2022 01:31:05 GMT
Date: Fri, 02 Sep 2022 19:55:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 19:13:51 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LwG4APidh55xu9tGqLz4lesFMso3X9htu6sv012xooab-RhMIeeHnw==
Age: 2484
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0GNtOKK3z0I57p7a8EBbZLmSIrGcurJlqzwlwJJfMTHeoHHb74JQwA==
age: 67198
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62f989817d8acde0f819245f50d099bd
f8f74161d0a5fedce7fd0d868c266ca8b5acadf4
931c9623ecf6432902e0d7311cab80f412a82319c385353ed202c8401807169b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "931C9623ECF6432902E0D7311CAB80F412A82319C385353ED202C8401807169B"
Last-Modified: Wed, 31 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3602
Expires: Fri, 02 Sep 2022 20:55:17 GMT
Date: Fri, 02 Sep 2022 19:55:15 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 19:55:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
52.16.240.242200 OK 8.1 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1078)
Hash d0cbe66dc5393318ad601f129c53c1b2
a0af86f891c0ce93c0e4bd61cd9a00b36720179c
17636d9a83acfc7aff7b4f75a06794612438099a38c3b55b2d0faa8599193b2e
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Fri, 02 Sep 2022 19:55:15 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; expires=Mon, 03-Oct-2022 05:55:15 GMT; Max-Age=2628000; path=/; samesite=lax
leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D; expires=Mon, 03-Oct-2022 05:55:15 GMT; Max-Age=2628000; path=/; httponly; samesite=lax
Content-Encoding: gzip
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
52.16.240.242200 OK 38 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
IP 52.16.240.242:0
Hash ff2874cf2b810904a86e75fb662dddf9
d01f2466cdb09c2869a00933b301d7b3eaa47c88
712cd40cf73ca483fb7fb2b4652d6f6fc8bb13f787d7b4205219e8d36531d2ad
GET /assets/landings/cpf-v4/assets/bootstrap-grid.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: text/css
Content-Length: 37644
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-930c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7040539fecb815b0cc84c15e3e2e99df
761de2d6da86cb1df6bb1fdd85ad71f75a825bb4
b1edf3547f6db4798d46a116924942acc48ad56da1fd61f9951acf93053a6578
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 19:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
52.16.240.242200 OK 8.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
IP 52.16.240.242:0
Hash 67e5e325edd3fb0b1fe63c87ead83537
acf360ef2d36a71711c0ba68435a8d14600d662f
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/octet-stream
Content-Length: 8028
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1f5c"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
142.250.74.72200 OK 74 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
IP 142.250.74.72:0
File type ASCII text, with very long lines (15517)
Hash e4e512003be55b6b35d4f8af18446b28
22c379db0effdd83a86626ff8affcae2ecca1225
6a00ee9b18b4f73a302460f71b24d46be457c09bd358c382d08aec7380d62ef3
GET /gtag/js?id=G-WN8PVLP7SK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Sep 2022 19:55:16 GMT
expires: Fri, 02 Sep 2022 19:55:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
IP 52.16.240.242:0
Hash 08d62b119695d97b0a4aa10cd745715b
846b60a28d2aa67ede6225d913be3baac91e50a0
b16ef5a9744c2d32965d61a0d54cd9861658be9dc35317bb0d169d3be1b5f08f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/style.css?v=1.0 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: text/css
Content-Length: 13111
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3337"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
52.16.240.242200 OK 46 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (460)
Hash 0c31c5438a896a73e3d88e3bb035a00a
4ed61d3db90d340eb945a0cf6bf19ef4ca7c3a69
185c5c9bbcb780984871e86bc73f6e9c8c8ffd699c3274716ab1d481ee64a7fd
GET /assets/landings/cpf-v4/assets/animate.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: text/css
Content-Length: 45766
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b2c6"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 19:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
52.16.240.242200 OK 49 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (48464)
Hash 10519cfd3206802f58315b877a9beab5
03232d7095b4a14b88810a0ffe76ae50726c23c6
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
GET /assets/landings/cpf-v4/assets/all.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: text/css
Content-Length: 48649
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-be09"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
52.16.240.242200 OK 174 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
IP 52.16.240.242:0
Size 174 kB (173597 bytes)
Hash d26ecc887c12f855a908679dae6704e3
eb513f44232e0854b251fc2b499bdbf9ad59e3e7
4a64845cd000ad3810f1247a90aa723ff37e8c0f1ff2af0aa46d2a4257522a8b
GET /assets/landings/cpf-v4/assets/bootstrap.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: text/css
Content-Length: 173597
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a61d"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
52.16.240.242200 OK 96 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (32038)
Hash f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/jquery.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 95992
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-176f8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
52.16.240.242200 OK 1.4 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
IP 52.16.240.242:0
Hash e8620b11e5f539e459a4497875f5a888
f0614c24180891190c99c655dce65fae0dc48f7c
ece6d92e0083388d7fbd972acdf4d026665d3ee9539efa8229f53c27caf35ac2
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/showHide.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 1388
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-56c"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
52.16.240.242200 OK 2.9 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
IP 52.16.240.242:0
Hash b6669c3eec8db5cc3ccdcc33ea434014
1b3157d5d7b38de5824f6565a0fa5f5b5aebbfe2
e1ba56834ff8384f3f2d84534375c79a6d9cf4dfc34f8c9636fb380841b0c6f4
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/scroll.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 2884
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b44"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
52.16.240.242200 OK 660 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
IP 52.16.240.242:0
File type ASCII text, with very long lines (65470)
Size 660 kB (660408 bytes)
Hash 1af14b70bbb23b3b2bb69b56eb34c8d1
b3d7162e6cb996167eed2cd1c49874b1cf71b399
89601bb921da48d1f5138c767903e242d43500a4b20eb5fa0bfbe0b18f2f739d
Analyzer Verdict Alert fortinet Phishing
GET /assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 660408
Last-Modified: Mon, 11 Jul 2022 15:07:34 GMT
Connection: keep-alive
ETag: "62cc3cb6-a13b8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
52.16.240.242200 OK 124 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (317)
Size 124 kB (123765 bytes)
Hash 4bc939cd6b79a562e8d14bc7a4674520
096f4af97b2968cf43f08d5a39b8dbae7c74c7ae
f364953a3675a8b76babc5549808ac15aa424aad5ba606afb5741a0c62cf0008
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 123765
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1e375"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
52.16.240.242200 OK 8.2 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (8096)
Hash 531647c81a24ea5ab59f55b04476049b
b26c2bf80d048a6794575bab088d5514302b45cd
04e47903ea6b22a81acd7a63131b2cd92614fc2dc79158fcace251869e715396
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/wow.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 8213
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2015"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
52.16.240.242200 OK 212 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (307)
Size 212 kB (212345 bytes)
Hash 50a98c751c19ae5ea4fc42b2ba2da89b
56368d3745a9fb9e81628db25dd5995bc3c31add
3290ad3b8a579ef3bc11c67daadde34b8c60537e337ac6249885d85d13566363
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.bundle.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 212345
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-33d79"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
52.16.240.242200 OK 20 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash a0f21f7bff7a0eb9ce4ebf9af7ef03c7
68cb32da14d6010c7cb2fb7cd83da713566edcc2
150d834f8224e78a8bb24c1386ca1142c2b13ce2e1d141323f3e972a9adc99ef
GET /assets/landings/cpf-v4/assets/uk.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 19591
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4c87"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash 0bc47eb3121362da3da572efcfe251d3
ab339a8d54d9fdc85720c8af31dc33af1e9ba2b0
c4f2fb9dab8a1e66dbe22e6e12f5286069fa663574326d516d4473a728b33032
GET /assets/landings/cpf-v4/assets/logonew.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 12804
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3204"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 19:38:16 GMT
Expires: Fri, 02 Sep 2022 20:15:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ugnV6K92_OGgiEvv9YDy8x0uyWaVgdIa7sFeFcr57OiRCz33u8gwvw==
Age: 1020
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
52.16.240.242200 OK 34 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash 69a571e00e27ea3a71c2c6f7af0a879f
c9c1d1e23b7211e52a32f5e3d753d153bc91b51c
f380502dcb03380da19940930be1734d6de95284044022272f095e03bd4ecb08
GET /assets/landings/cpf-v4/assets/office-application.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 34351
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-862f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2160, 8-bit/color RGBA, non-interlaced\012- data
Hash 194f9fac2ec24708a5cff38fa615ac9d
1c6bb263ceddae2e189574b7a07871fbcf2cf1f3
5153585d7e061db84b92e6c14e5e7d536003e37c3fb02257a378ebafe7a3954f
GET /assets/landings/cpf-v4/assets/word.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 64827
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-fd3b"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
52.16.240.242200 OK 55 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 1116, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f97ba846d45dd2bdb89d34d007479ce
ac6bcddb364ec3fbd11c98bd9ee9e2eca662a6a5
c5de0afede85344030af3f7baed8bdffa71131b7d9edaea5cab5f4ea42d9af58
GET /assets/landings/cpf-v4/assets/powerpoint.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 55090
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-d732"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
52.16.240.242200 OK 17 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash db4298ab4dbd04c9e9a2395533a01082
507a6ac3a84400172686cec9511965f01b81079a
19466439f97145616eeccc5e2cf409e7671cdd4f6c2ab62e293e40b3f58ce938
GET /assets/landings/cpf-v4/assets/wordpress.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 16745
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4169"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
52.16.240.242200 OK 101 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
IP 52.16.240.242:0
File type PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (100722 bytes)
Hash b3bba4a529cab7e8211c9019f1347b71
8e8f4514a5b2fdee304e88d12cd21772b0a39efe
5cee67a96f9fa2272be123080687322b21d536f3c2ef85a9eebb042c9a07fe11
GET /assets/landings/cpf-v4/assets/excel.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 100722
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-18972"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
52.16.240.242200 OK 22 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 6793474b36b8348d9f3494324f553bf0
9d64242952d7c9bcb21a4b93cdd3e0eb20b7f437
b758aa9397190855525f5ce0039263ec52f133f62b64acf0e762f3721303dad9
GET /assets/landings/cpf-v4/assets/photoshop.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 22319
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-572f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2106, 8-bit/color RGBA, non-interlaced\012- data
Hash 6056a96b099b3d365f604968869583f6
9c73819f0af3507416f1a7f88179a775771fde2a
22c3d04097949bf66e3deaf534b8c34ba4add04a956dc74da8bbfef4899c3b9a
GET /assets/landings/cpf-v4/assets/illus.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 65343
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-ff3f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
52.16.240.242200 OK 27 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash 14235e36f44aa23b142a2faaad4f4b05
2ea250b0ec665f862d3eef1a191619cd8f1cd204
7a90cfcc8f5ae2deecb74b1bb210392a2f2d688bb944c72c5b88f93e3bac3083
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/montage_photo.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/jpeg
Content-Length: 26935
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-6937"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
52.16.240.242200 OK 23 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash ed1ab790c6ab593f77fe64e9ba02c027
d172c0a814b6811b97ee749d2b978da4abd6cecc
16a2d9bb577f6f0e20e5d6406acf2291897c7a2b06852c7ad4ec68fb505247eb
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/indesign.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/jpeg
Content-Length: 22703
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-58af"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
52.16.240.242200 OK 319 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
IP 52.16.240.242:0
File type PNG image data, 560 x 370, 8-bit/color RGB, interlaced\012- data
Size 319 kB (318929 bytes)
Hash f0366d93cee73d9ad9ff96af3503fe83
2961d5c8448bfe48be1ee133b2597e35c1d87032
6b03be43a135c88b5cac1e43d23b8a2f46e655c3f23ead75cc169bad4dd2f3f8
GET /assets/landings/cpf-v4/assets/img2.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 318929
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4ddd1"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
52.16.240.242200 OK 11 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x730, components 3\012- data
Hash 78e52dbdf74603151c5c98ef65dea86c
44b4c369e1398c5c32db5804dc1741c84d048b69
3e19e40d0885c4dfd49d089492b20f39ba95cc1481cf9659046f53add0a9ada5
GET /assets/landings/cpf-v4/assets/banner.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662148514.1.0.1662148514.0.0.0; _ga=GA1.1.1903846129.1662148515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/jpeg
Content-Length: 10854
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a66"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
52.16.240.242200 OK 6.5 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1170x230, components 3\012- data
Hash 51a1df3e2485d5d6b64fd830eb7c9d0c
78c477157c76b5f1ea901558bde62a3db5cc2ae2
dc2728cc97697b427ae12dc985791b1c4fa736b63a5d1a45caa0826bc4640cba
GET /assets/landings/cpf-v4/assets/project-bg-2.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662148514.1.0.1662148514.0.0.0; _ga=GA1.1.1903846129.1662148515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/jpeg
Content-Length: 6494
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-195e"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
52.16.240.242200 OK 4.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
IP 52.16.240.242:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, interlaced\012- data
Hash 8604b4e2501cb5928e40d0623400e361
c94dbb348dd0222aa31c1ddc93793f889c18ff70
d3bb00c4c958c19ee9504845c697ab7d6315a1654604e816b795883b8c4d986f
GET /assets/landings/cpf-v4/assets/favicon.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662148514.1.0.1662148514.0.0.0; _ga=GA1.1.1903846129.1662148515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: image/png
Content-Length: 3989
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-f95"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4352
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 19:55:16 GMT
Last-Modified: Fri, 02 Sep 2022 18:42:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6597
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 19:55:16 GMT
Last-Modified: Fri, 02 Sep 2022 18:05:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 53e4933126779cbf269a5819d467ad4b
1c3c6b27a0660a44717be304d90834cf2f9cf3ce
ed5ad968f7d95b37c817e86b54062702bef60b1ffd3977248aad23072af06b87
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: EuoSV9GY68jdkHfLrPosLQ49nw53HTgu2g7uODZSMziIKiyII8C+4dtV4jBq9dvR9XVhJx+nVIl8mnNLHnAXLA==
priority: u=3,i
content-length: 26752
x-fb-trip-id: 2074150462
date: Fri, 02 Sep 2022 19:55:16 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4352
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 19:55:16 GMT
Last-Modified: Fri, 02 Sep 2022 18:42:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662148515261&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662148515261.1634661005&it=1662148515122&coo=false&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662148515261&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662148515261.1634661005&it=1662148515122&coo=false&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662148515261&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662148515261.1634661005&it=1662148515122&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Fri, 02 Sep 2022 19:55:16 GMT
expires: Fri, 02 Sep 2022 19:55:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.clarity.ms/eus2/s/0.6.40/clarity.js
104.212.67.144200 OK 23 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.40/clarity.js
IP 104.212.67.144:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (54745)
Hash 6a87d835543a151541da0ae963173dd7
80bac2abc74d2fa93a63ff82514fd64ee8caf9a0
c806647a143cb92f41ed1e60c6be245cd4e78b447c90adbed881ca54ecfa7337
GET /eus2/s/0.6.40/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 23442
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8bd4806fdad30"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0pF8SYwAAAACHKyrMSG21S4i5THGJCQbvRlJBMzFFREdFMDMxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 02 Sep 2022 19:55:16 GMT
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.13.69.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.69.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ctBKrAl7EXgaWt5n8L5xcA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /j5iJxxWoWoL9ZpjJ36hjJQ/msg=
region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=134571978&cid=1903846129.1662148515&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662148514&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=134571978&cid=1903846129.1662148515&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662148514&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=134571978&cid=1903846129.1662148515&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662148514&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://cpfv4.formation-subventions.fr
date: Fri, 02 Sep 2022 19:55:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&RedC=c.clarity.ms&MXFR=3FD7203732DF6F063FB3322436DF6188
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=3FD7203732DF6F063FB3322436DF6188; domain=.clarity.ms; expires=Wed, 27-Sep-2023 19:55:17 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Fri, 02 Sep 2022 19:55:16 GMT
content-length: 0
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&RedC=c.clarity.ms&MXFR=3FD7203732DF6F063FB3322436DF6188
204.79.197.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&RedC=c.clarity.ms&MXFR=3FD7203732DF6F063FB3322436DF6188
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&RedC=c.clarity.ms&MXFR=3FD7203732DF6F063FB3322436DF6188 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&MUID=31C57226828060AF23956035837561B2
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=31C57226828060AF23956035837561B2; domain=c.bing.com; expires=Wed, 27-Sep-2023 19:55:17 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7113F5EE24CF4C4489BB08518B4ADE00 Ref B: OSL30EDGE0111 Ref C: 2022-09-02T19:55:17Z
date: Fri, 02 Sep 2022 19:55:16 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&MUID=31C57226828060AF23956035837561B2
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&MUID=31C57226828060AF23956035837561B2
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=37A8B63A1A424BA3BC8A581AFD0E94D4&MUID=31C57226828060AF23956035837561B2 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
accept-ranges: bytes
etag: "de363c295b2d81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Fri, 02-Sep-2022 20:05:17 GMT; path=/; SameSite=None; Secure;
date: Fri, 02 Sep 2022 19:55:16 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1001
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Fri, 02 Sep 2022 19:55:17 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 102317
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Fri, 02 Sep 2022 19:55:17 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14866
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:55:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14866
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:55:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14866
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:55:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ba50b2fd1814c5ffc95aef40c69ce8c
cbb4546228115cccc122b16209e70171bef5c1f2
de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:01:10 GMT
age: 78848
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14866
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:55:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
age: 80272
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: fa921878-2054-453b-b313-681cdd9c9068
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj-Z_HUNIAMFltg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b110c-053ce81943fea70c2de7daa0;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 06:54:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CDyJUMKmUlrT3LgfeiZhQN1XEV2vKTIZtmV4QZYXaoM4PWbYo8IyJA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 14:46:29 GMT
age: 18529
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d848f7606889b048b6334e70d8a5e0
85239ef4f2fee8d3345e599bc942cab63ff3aaf6
da6cf33b440b51f72a70f309d62fd581aed246b6a78b8f329fa3899db15ff86d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5889
x-amzn-requestid: 42237574-f86e-4ece-b986-6d0c5910fcc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMVgHajoAMFmXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112756-48ff9d98464cf3c9680d97b4;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _7BBSlQQucoO5poncTYuX4fcmS4WFg3UcVFXalckGCCNFKJ0h5UpsQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:06:51 GMT
etag: "85239ef4f2fee8d3345e599bc942cab63ff3aaf6"
content-type: image/jpeg
age: 78507
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c3b7580a37e6eb7e5bd18491f1d4dd6
288b82ad8f924eb9570ae1c55da84d041f862366
046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: et3ZsWRVoBNMpArUk9CohTyMpS5F0eKiR6cZJRfwAEiiFJUaeay58g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:48:05 GMT
age: 79633
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e05660322f0368dd2bf8067d7e4554d
ec65cb47d86488f734c945a210d5f636a40fea2c
98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wLezqM4_yKqtOR7D43beBqm8TAD5y8eQ7xHOxjDJdHchCpyusuzMuQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:55:46 GMT
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
content-type: image/jpeg
age: 79172
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 13499
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Fri, 02 Sep 2022 19:55:19 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3438
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Fri, 02 Sep 2022 19:55:22 GMT
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/inputmask.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 141748
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-229b4"
Accept-Ranges: bytes
cdn.lordicon.com/nocovwne.json
143.204.55.122200 OK 0 B URL HTTP/2 cdn.lordicon.com/nocovwne.json
IP 143.204.55.122:0
GET /nocovwne.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
date: Wed, 31 Aug 2022 02:20:13 GMT
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=432000
etag: W/"79f1-UxsAyfYh7xT5Xf90JpQfrIKBCcg"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ho_tMSduNG1tQ_bOYrTizpT2rBoxmgwegLhy8PwoH-bD-jiyb_RHXw==
age: 236103
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/lord-icon-2.1.0.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090219-36f19d34ff7c0aeba81aeefd8a1b2a89&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IkZvM0lPNlZKdDZ6eU9UbnRhK1ArbGc9PSIsInZhbHVlIjoia0V1TE9CV3VFQWFuWkRyVzRKOWxCekVXUzlxUUJMdDB4QUhmaTV5RVZQcjVWS2RqL0RoMEw0UXR0bnRzQmw1Ym9UNHphRVQ1a2pCbmtDbzF6N1VRNHIxdktVT0JEQTdHQmRycDhKVDJJTUxJemU4eEJnK3hJVTR6elpsbmlFcnciLCJtYWMiOiIxODBmZWE3MjU0OTQ4ZDRkNTgwZWJlYTg2OTc5ZTMyN2EwYzM4NzhhZTBiNjQwYTExYmFjMDdiOGY0MGRiOWQ0IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IkszaUpFbVlQM0xkNWF1Wm9YSnkxNEE9PSIsInZhbHVlIjoiaE9JcnNhMlBETTRJUVJOWVp1a2tJSWx6VDlad2RxcVdXSk1jUlF0SklUTE4rQlZOZzczVFB1RkFOYURkekdJekZHbVVURWp3OVh2Zlo4UU90aXFWYVI5UWtZVHV5MmVnY0pPOEcvUjNKelc3T052cDdMK3c0N2lBOG9mNXlvN2kiLCJtYWMiOiI4NjM3YzRhZDRkMTNkMGU0YWE0MDNjMGZkMzQ1M2JlMGZkMGQ1MmVjNjdlMjdhNDczMzU4OTg1ZDg1ZjJkNjY5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Sep 2022 19:55:16 GMT
Content-Type: application/javascript
Content-Length: 279427
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-44383"
Accept-Ranges: bytes
cdn.lordicon.com/gqdnbnwt.json
143.204.55.122200 OK 0 B URL HTTP/2 cdn.lordicon.com/gqdnbnwt.json
IP 143.204.55.122:0
GET /gqdnbnwt.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
content-encoding: gzip
date: Tue, 30 Aug 2022 10:25:42 GMT
cache-control: public, max-age=432000
etag: W/"5709-Q74jOxx/0TTChQEylrX/ar5FXEs"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wdQ3UXAe2ycHChs8WBnmp8h6u4-REZ0XE-Si0KvqrUHA2PPGm_eGGg==
age: 293374
X-Firefox-Spdy: h2
cdn.lordicon.com/yeallgsa.json
143.204.55.122200 OK 0 B URL HTTP/2 cdn.lordicon.com/yeallgsa.json
IP 143.204.55.122:0
GET /yeallgsa.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
date: Sun, 28 Aug 2022 20:17:13 GMT
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=432000
etag: W/"9ab0-5vIXXjCvDaBT81QJOZQsoZrqWFI"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EOy_HgT-Iep7J251ahUSbhKn4rwjKlIkgAkJn6YFRCSmd902P_KYPg==
age: 430683
X-Firefox-Spdy: h2
www.clarity.ms/tag/dfukl0f7t6
104.212.67.144200 OK 0 B URL HTTP/2 www.clarity.ms/tag/dfukl0f7t6
IP 104.212.67.144:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/dfukl0f7t6 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=28407ba8ba72440490e6782cdd4639d5.20220902.20230902; expires=Sat, 02 Sep 2023 19:55:16 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0pF8SYwAAAAD2E42aa+vDQYSSs3KOh4X0RlJBMzFFREdFMDMxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 02 Sep 2022 19:55:16 GMT
X-Firefox-Spdy: h2