cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
52.16.240.242301 Moved Permanently 169 B URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 15 Oct 2022 14:50:11 GMT
Expires: Sat, 15 Oct 2022 15:09:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jV8US4xLg_ExLFus6G2_COXlbXFtKWyFDqdElKD8Ag2HrkBgPM-cvQ==
Age: 1549
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2b424d8c01b211c56d5b44b92e4e4153
b1fdab18f23271eee58ae1482f8af25badc2ffda
1c82a5fd2bc3f16a66becb5e1924e8c9edd39386622dc2e5ed296442f4307b2b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C82A5FD2BC3F16A66BECB5E1924E8C9EDD39386622DC2E5ED296442F4307B2B"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3151
Expires: Sat, 15 Oct 2022 16:08:32 GMT
Date: Sat, 15 Oct 2022 15:16:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16792
Expires: Sat, 15 Oct 2022 19:55:53 GMT
Date: Sat, 15 Oct 2022 15:16:01 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TU86CwleeAlKJ4FPV/ay9U95wRti3MjXIMJ1a5nAawsBBdgQVhnZcJmPFkDSVqMnVkO1jx1KzuM=
x-amz-request-id: 9ZQYB8X5X4JX6N8N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 15 Oct 2022 14:34:40 GMT
age: 2481
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 15:16:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0dc5b79e15e77f4f27210589688c8e01
d126959065025b7797e3b9b5e942ae38851994d3
c8790578109df0bab0e84a569d6dc0bfa4bca24fd0117224f6066d7f85e227e2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8790578109DF0BAB0E84A569D6DC0BFA4BCA24FD0117224F6066D7F85E227E2"
Last-Modified: Thu, 13 Oct 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Sat, 15 Oct 2022 21:15:12 GMT
Date: Sat, 15 Oct 2022 15:16:01 GMT
Connection: keep-alive
cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
52.16.240.242200 OK 8.1 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1078)
Hash c739541452de40487fbe4ad465fb6330
02cc5c7977f8fd1c47a8407ce19a65eb2935ed27
c51a82765620da33252d31d84061327d6679335fbcf9fa658b31dccaa0ba000a
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Sat, 15 Oct 2022 15:16:01 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; expires=Tue, 15-Nov-2022 01:16:01 GMT; Max-Age=2628000; path=/; samesite=lax
leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D; expires=Tue, 15-Nov-2022 01:16:01 GMT; Max-Age=2628000; path=/; httponly; samesite=lax
Content-Encoding: gzip
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
52.16.240.242200 OK 38 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
IP 52.16.240.242:0
Hash ff2874cf2b810904a86e75fb662dddf9
d01f2466cdb09c2869a00933b301d7b3eaa47c88
712cd40cf73ca483fb7fb2b4652d6f6fc8bb13f787d7b4205219e8d36531d2ad
GET /assets/landings/cpf-v4/assets/bootstrap-grid.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: text/css
Content-Length: 37644
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-930c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 15:16:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
142.250.74.168200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
IP 142.250.74.168:0
File type ASCII text, with very long lines (18991)
Hash b176a42ad4600369c57fdbac1332e759
ac0f5ade4e2527d68b5a63a843d57a0d71f94259
3098c19cd6999f93d0521e390896d61b4f52cf9853d180d7b92c68089f2ec4ec
GET /gtag/js?id=G-WN8PVLP7SK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 15 Oct 2022 15:16:01 GMT
expires: Sat, 15 Oct 2022 15:16:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74855
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
IP 52.16.240.242:0
Hash 08d62b119695d97b0a4aa10cd745715b
846b60a28d2aa67ede6225d913be3baac91e50a0
b16ef5a9744c2d32965d61a0d54cd9861658be9dc35317bb0d169d3be1b5f08f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/style.css?v=1.0 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: text/css
Content-Length: 13111
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3337"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 15 Oct 2022 15:07:43 GMT
Cache-Control: max-age=3600
Expires: Sat, 15 Oct 2022 16:00:01 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xIhr0QUf6PFZXVLZEdN0ovDa8jTsZqdbb5juEGvxsSilBqePYVAMnw==
Age: 498
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
52.16.240.242200 OK 46 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (460)
Hash 0c31c5438a896a73e3d88e3bb035a00a
4ed61d3db90d340eb945a0cf6bf19ef4ca7c3a69
185c5c9bbcb780984871e86bc73f6e9c8c8ffd699c3274716ab1d481ee64a7fd
GET /assets/landings/cpf-v4/assets/animate.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: text/css
Content-Length: 45766
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b2c6"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
52.16.240.242200 OK 49 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (48464)
Hash 10519cfd3206802f58315b877a9beab5
03232d7095b4a14b88810a0ffe76ae50726c23c6
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
GET /assets/landings/cpf-v4/assets/all.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: text/css
Content-Length: 48649
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-be09"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
52.16.240.242200 OK 660 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
IP 52.16.240.242:0
File type ASCII text, with very long lines (65470)
Size 660 kB (660408 bytes)
Hash 1af14b70bbb23b3b2bb69b56eb34c8d1
b3d7162e6cb996167eed2cd1c49874b1cf71b399
89601bb921da48d1f5138c767903e242d43500a4b20eb5fa0bfbe0b18f2f739d
Analyzer Verdict Alert fortinet Phishing
GET /assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 660408
Last-Modified: Mon, 11 Jul 2022 15:07:34 GMT
Connection: keep-alive
ETag: "62cc3cb6-a13b8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
52.16.240.242200 OK 174 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
IP 52.16.240.242:0
Size 174 kB (173597 bytes)
Hash d26ecc887c12f855a908679dae6704e3
eb513f44232e0854b251fc2b499bdbf9ad59e3e7
4a64845cd000ad3810f1247a90aa723ff37e8c0f1ff2af0aa46d2a4257522a8b
GET /assets/landings/cpf-v4/assets/bootstrap.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: text/css
Content-Length: 173597
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a61d"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 15:16:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
52.16.240.242200 OK 96 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (32038)
Hash f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/jquery.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 95992
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-176f8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
52.16.240.242200 OK 142 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (65352)
Size 142 kB (141748 bytes)
Hash 700467aeaa622a813a841bb3e8887545
3bed6f0b8dc1d65dd767e6dbc8de496de6e93a74
fe1c98caa7fb5de953b472f2866f169e7332ef250d6a72edb454ebd5f5eb08fd
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/inputmask.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 141748
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-229b4"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
52.16.240.242200 OK 279 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 279 kB (279427 bytes)
Hash 2be9e8022e0f459be54aceb378473dfd
f258e6797043c828d3387727d4d6d179cc56481d
1c176f11efed444d17b2af07e378b97bc8c4253d98a85d72ac8e4df095bb9ff7
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/lord-icon-2.1.0.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 279427
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-44383"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
52.16.240.242200 OK 5.7 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
IP 52.16.240.242:0
Hash 55aa3f53ee3d2f02e08f283bb32b66d5
24f77a0dcaf050d99ed797d9675d97ea58a6e723
a9dc8a0a29ebe54549b7fa2b704bc50a233fca359e17445952b1fc370322f43f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/default.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 5688
Last-Modified: Thu, 11 Aug 2022 09:53:37 GMT
Connection: keep-alive
ETag: "62f4d1a1-1638"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
52.16.240.242200 OK 8.2 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (8096)
Hash 531647c81a24ea5ab59f55b04476049b
b26c2bf80d048a6794575bab088d5514302b45cd
04e47903ea6b22a81acd7a63131b2cd92614fc2dc79158fcace251869e715396
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/wow.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 8213
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2015"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
52.16.240.242200 OK 34 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash 69a571e00e27ea3a71c2c6f7af0a879f
c9c1d1e23b7211e52a32f5e3d753d153bc91b51c
f380502dcb03380da19940930be1734d6de95284044022272f095e03bd4ecb08
GET /assets/landings/cpf-v4/assets/office-application.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: image/png
Content-Length: 34351
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-862f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
52.16.240.242200 OK 20 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash a0f21f7bff7a0eb9ce4ebf9af7ef03c7
68cb32da14d6010c7cb2fb7cd83da713566edcc2
150d834f8224e78a8bb24c1386ca1142c2b13ce2e1d141323f3e972a9adc99ef
GET /assets/landings/cpf-v4/assets/uk.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: image/png
Content-Length: 19591
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4c87"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2160, 8-bit/color RGBA, non-interlaced\012- data
Hash 194f9fac2ec24708a5cff38fa615ac9d
1c6bb263ceddae2e189574b7a07871fbcf2cf1f3
5153585d7e061db84b92e6c14e5e7d536003e37c3fb02257a378ebafe7a3954f
GET /assets/landings/cpf-v4/assets/word.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: image/png
Content-Length: 64827
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-fd3b"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
52.16.240.242200 OK 471 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
IP 52.16.240.242:0
Hash 301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.bundle.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: application/javascript
Content-Length: 212345
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-33d79"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
52.16.240.242200 OK 55 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 1116, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f97ba846d45dd2bdb89d34d007479ce
ac6bcddb364ec3fbd11c98bd9ee9e2eca662a6a5
c5de0afede85344030af3f7baed8bdffa71131b7d9edaea5cab5f4ea42d9af58
GET /assets/landings/cpf-v4/assets/powerpoint.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 55090
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-d732"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
52.16.240.242200 OK 17 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash db4298ab4dbd04c9e9a2395533a01082
507a6ac3a84400172686cec9511965f01b81079a
19466439f97145616eeccc5e2cf409e7671cdd4f6c2ab62e293e40b3f58ce938
GET /assets/landings/cpf-v4/assets/wordpress.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 16745
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4169"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2106, 8-bit/color RGBA, non-interlaced\012- data
Hash 6056a96b099b3d365f604968869583f6
9c73819f0af3507416f1a7f88179a775771fde2a
22c3d04097949bf66e3deaf534b8c34ba4add04a956dc74da8bbfef4899c3b9a
GET /assets/landings/cpf-v4/assets/illus.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 65343
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-ff3f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
52.16.240.242200 OK 22 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 6793474b36b8348d9f3494324f553bf0
9d64242952d7c9bcb21a4b93cdd3e0eb20b7f437
b758aa9397190855525f5ce0039263ec52f133f62b64acf0e762f3721303dad9
GET /assets/landings/cpf-v4/assets/photoshop.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 22319
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-572f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
52.16.240.242200 OK 23 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash ed1ab790c6ab593f77fe64e9ba02c027
d172c0a814b6811b97ee749d2b978da4abd6cecc
16a2d9bb577f6f0e20e5d6406acf2291897c7a2b06852c7ad4ec68fb505247eb
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/indesign.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/jpeg
Content-Length: 22703
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-58af"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
52.16.240.242200 OK 101 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
IP 52.16.240.242:0
File type PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (100722 bytes)
Hash b3bba4a529cab7e8211c9019f1347b71
8e8f4514a5b2fdee304e88d12cd21772b0a39efe
5cee67a96f9fa2272be123080687322b21d536f3c2ef85a9eebb042c9a07fe11
GET /assets/landings/cpf-v4/assets/excel.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: image/png
Content-Length: 100722
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-18972"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
52.16.240.242200 OK 27 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash 14235e36f44aa23b142a2faaad4f4b05
2ea250b0ec665f862d3eef1a191619cd8f1cd204
7a90cfcc8f5ae2deecb74b1bb210392a2f2d688bb944c72c5b88f93e3bac3083
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/montage_photo.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/jpeg
Content-Length: 26935
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-6937"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
52.16.240.242200 OK 6.5 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1170x230, components 3\012- data
Hash 51a1df3e2485d5d6b64fd830eb7c9d0c
78c477157c76b5f1ea901558bde62a3db5cc2ae2
dc2728cc97697b427ae12dc985791b1c4fa736b63a5d1a45caa0826bc4640cba
GET /assets/landings/cpf-v4/assets/project-bg-2.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665846963.1.0.1665846963.0.0.0; _ga=GA1.1.205753586.1665846964
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/jpeg
Content-Length: 6494
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-195e"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
52.16.240.242200 OK 11 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x730, components 3\012- data
Hash 78e52dbdf74603151c5c98ef65dea86c
44b4c369e1398c5c32db5804dc1741c84d048b69
3e19e40d0885c4dfd49d089492b20f39ba95cc1481cf9659046f53add0a9ada5
GET /assets/landings/cpf-v4/assets/banner.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665846963.1.0.1665846963.0.0.0; _ga=GA1.1.205753586.1665846964
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/jpeg
Content-Length: 10854
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a66"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
52.16.240.242200 OK 319 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
IP 52.16.240.242:0
File type PNG image data, 560 x 370, 8-bit/color RGB, interlaced\012- data
Size 319 kB (318929 bytes)
Hash f0366d93cee73d9ad9ff96af3503fe83
2961d5c8448bfe48be1ee133b2597e35c1d87032
6b03be43a135c88b5cac1e43d23b8a2f46e655c3f23ead75cc169bad4dd2f3f8
GET /assets/landings/cpf-v4/assets/img2.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 318929
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4ddd1"
Accept-Ranges: bytes
cdn.lordicon.com/nocovwne.json
143.204.55.117200 OK 3.9 kB URL HTTP/2 cdn.lordicon.com/nocovwne.json
IP 143.204.55.117:0
File type ASCII text, with very long lines (31195), with no line terminators
Hash 4e48e484242336350057c141b359b62d
06203fb08429e72ebcc9275ae83eaf0b335b931b
e270a1778dc0ef60abc25a4f1e390958f48fce70ddd0b2d0d2cbebe3be4e38c8
GET /nocovwne.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:04 GMT
etag: W/"79db-17f04111a7e"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:09:49 GMT
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gyI7VifkFqP5_x35N78aIh1ukcR2sWcWlJ7NwQ_1ujMmBCMV2fPb9Q==
age: 720373
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
52.16.240.242200 OK 4.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
IP 52.16.240.242:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, interlaced\012- data
Hash 8604b4e2501cb5928e40d0623400e361
c94dbb348dd0222aa31c1ddc93793f889c18ff70
d3bb00c4c958c19ee9504845c697ab7d6315a1654604e816b795883b8c4d986f
GET /assets/landings/cpf-v4/assets/favicon.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1665846963.1.0.1665846963.0.0.0; _ga=GA1.1.205753586.1665846964
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:02 GMT
Content-Type: image/png
Content-Length: 3989
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-f95"
Accept-Ranges: bytes
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 24e72797c2387d3949fd48bff0869138
9987f23f7289affffb99587c703c95d4448f0d3c
ff6231326f473d1d8e7999bde0bb9c34aedd5e47aefdceb94629c75c771984f1
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: ef5L9M3kUyZ6v3HuyfkNj8sP17/zHmP7JihqdNPANh3n9SPmnLXl2GXKIc3nKwQ63pAYt5TBwR19mgpOu3BmSw==
content-length: 27029
x-fb-trip-id: 1904183273
date: Sat, 15 Oct 2022 15:16:02 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3693b869a30652f2e5cededbf71e80e8
01ff56e45ff18ee14a80bd5b4e1c8152349d32e4
3973913ec49401d91d2a5e30cf8470b70def89e4333d24b1c073694feea14953
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4765
Cache-Control: max-age=95659
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 15:16:02 GMT
Etag: "63498ec0-1d7"
Expires: Sun, 16 Oct 2022 17:50:21 GMT
Last-Modified: Fri, 14 Oct 2022 16:30:56 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.81.125.88101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.125.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m9A9y8qQp2AjiCdbuDMaIQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mv2g/UH6VWhkoO+7GsNSBfOJYjM=
www.clarity.ms/eus2/s/0.6.42/clarity.js
13.107.246.53200 OK 23 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.42/clarity.js
IP 13.107.246.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (54141)
Hash f016daac053b80575e11e20b6644142b
bc23277b8eae567b77c3dfc3f03b91fb054feda7
ee91529c076bf5e87a26b3c045e0b6e63326e6aa871dafea1c1509f73454123d
GET /eus2/s/0.6.42/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8de484d1af7d4"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0ss5KYwAAAAD2mPa0Z/NRRImGuL1ahroUU1ZHMjBFREdFMDYwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 15 Oct 2022 15:16:02 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101515-1e211d1ee9ca8f9ae2631812727e9c96%26var4%3D924226487%26spub%3Dde1622f0-76e091f4-2fbc6bf8-ad8d-cd4e&rl=&if=false&ts=1665846964167&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665846964167.262203310&it=1665846963878&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101515-1e211d1ee9ca8f9ae2631812727e9c96%26var4%3D924226487%26spub%3Dde1622f0-76e091f4-2fbc6bf8-ad8d-cd4e&rl=&if=false&ts=1665846964167&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665846964167.262203310&it=1665846963878&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022101515-1e211d1ee9ca8f9ae2631812727e9c96%26var4%3D924226487%26spub%3Dde1622f0-76e091f4-2fbc6bf8-ad8d-cd4e&rl=&if=false&ts=1665846964167&sw=1280&sh=1024&v=2.9.85&r=stable&ec=0&o=30&fbp=fb.1.1665846964167.262203310&it=1665846963878&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sat, 15 Oct 2022 15:16:02 GMT
X-Firefox-Spdy: h2
www.clarity.ms/tag/dfukl0f7t6
13.107.246.53200 OK 1.3 kB URL HTTP/2 www.clarity.ms/tag/dfukl0f7t6
IP 13.107.246.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1317), with no line terminators
Hash 5c41f336fa5696d28467dcab5dfc1e17
f7d56ac26bbf9eb13c234ad1709747877c6069fb
8b43f0018f4270d657bd112ee29b207b7ec11864487390ab97552232a3b6cfd6
GET /tag/dfukl0f7t6 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=9d021ce48b5849c087f6f70578a71fc6.20221015.20231015; expires=Sun, 15 Oct 2023 15:16:02 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
x-cache: CONFIG_NOCACHE
x-azure-ref: 0ss5KYwAAAADc/J/34WpIQZlzh7q6bxwvU1ZHMjBFREdFMDYwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 15 Oct 2022 15:16:02 GMT
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&RedC=c.clarity.ms&MXFR=1AA28D9C1D726C7A392E9FA219726211
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&RedC=c.clarity.ms&MXFR=1AA28D9C1D726C7A392E9FA219726211
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&RedC=c.clarity.ms&MXFR=1AA28D9C1D726C7A392E9FA219726211 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&MUID=112DE9DE1DA06E4A1B70FBE01CF76FC0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=112DE9DE1DA06E4A1B70FBE01CF76FC0; domain=c.bing.com; expires=Thu, 09-Nov-2023 15:16:02 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7FFE42DA5A134208AED5B6D414A573B4 Ref B: OSL30EDGE0312 Ref C: 2022-10-15T15:16:02Z
date: Sat, 15 Oct 2022 15:16:02 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&MUID=112DE9DE1DA06E4A1B70FBE01CF76FC0
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&MUID=112DE9DE1DA06E4A1B70FBE01CF76FC0
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=CEEE875296DD4C268CC9B10CB8E3253B&MUID=112DE9DE1DA06E4A1B70FBE01CF76FC0 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sat, 15-Oct-2022 15:26:03 GMT; path=/; SameSite=None; Secure;
date: Sat, 15 Oct 2022 15:16:02 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 727
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 15:16:02 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 99889
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 15:16:03 GMT
X-Firefox-Spdy: h2
cdn.lordicon.com/yeallgsa.json
143.204.55.117200 OK 6.4 kB URL HTTP/2 cdn.lordicon.com/yeallgsa.json
IP 143.204.55.117:0
Hash 11e4b01447641947aca7bd8fa3411a2e
f36cc6c59ca87ef2ef07cecfe8abc6f233409056
bc17215da88456972fb655a82341e97f8d326bcd3917b805fa9efa522a078707
GET /yeallgsa.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:30 GMT
etag: W/"9a9a-17f041180fa"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:17:05 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MGMuHYOVv6KA4cs3549KcZ5D-egBlAWXbs7-Yk-Hhz6f_XsI4xv0UA==
age: 719937
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3556
Expires: Sat, 15 Oct 2022 16:15:19 GMT
Date: Sat, 15 Oct 2022 15:16:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6ea4d5d-0df9-4cfe-a9fc-e70b8e32f8ef.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6ea4d5d-0df9-4cfe-a9fc-e70b8e32f8ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54edb9ab897821172fc13756df376ee7
2010f9656d87e6f5220f131628c537720c3673e1
6694c1be0adf97fa77d1bfa29337d9e609b729a58d42e141e9bb55ed6367b1d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6ea4d5d-0df9-4cfe-a9fc-e70b8e32f8ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13261
x-amzn-requestid: dd760e09-701e-4956-9723-386edc97c694
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z0fH6FzIoAMFzJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6344deff-197cf4f048e146af5654d0bd;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 03:11:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FG87tXqLw2s9wd8SpMNGbYzroLHz4inDaCGnUMOUKhvEqSvqfBwR4A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 04:55:49 GMT
age: 37214
etag: "2010f9656d87e6f5220f131628c537720c3673e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 319cbf11bba3f159e5c9f606deded924
13f29acb7a694030fc2de0b42c0d95c4be49deb7
09aa7d94e4829f4daf33d5e2aed077afcc59628839c5d6e877172e8455879062
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15855
x-amzn-requestid: 6cd31f4a-e8b2-4258-9b64-2fad83a606c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3ekFH1-IAMFTDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6346114d-5fd284f41be669a972e84ed4;Sampled=0
x-amzn-remapped-date: Wed, 12 Oct 2022 00:58:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4PfJD4ZyH4fg4H6C1kQK_MHuWp4DdzA768vaMNt98y3_hKwkFbIpYg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 05:07:49 GMT
age: 36494
etag: "13f29acb7a694030fc2de0b42c0d95c4be49deb7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a3b2ace-090c-4763-8c3d-485b06c6db7f.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a3b2ace-090c-4763-8c3d-485b06c6db7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1c7702a6206faeb2ca8f81c15ad37ff
a63ad4f69b8f59f00cf06e06096488bc10af9d74
392e67ad7cc5ee65f30cab488861ccd06770cd1230814095185f81e895d5000e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a3b2ace-090c-4763-8c3d-485b06c6db7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4205
x-amzn-requestid: c94a4ce7-f219-4473-93f6-fdb6c506dbe0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7EhLGItoAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347813a-6cbcef6d3dd353dd21bb6080;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XZ7TmppwJQ-7gnH6VPsmH8MD-dvh9wruvlk2nIKln68ZRsPgJRPQkg==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 04:24:26 GMT
age: 39097
etag: "a63ad4f69b8f59f00cf06e06096488bc10af9d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7999439-dc4a-4cbd-853d-5a0822913e35.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7999439-dc4a-4cbd-853d-5a0822913e35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70e7ecb94b9d3b14d240fbbcf97b04a9
d38357e003fa7e3b0d73d62a0db3367af2151790
2e9e42f107e200cdcd2fd18ace09c396da1aa4504da97796757ee317e05b9e02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7999439-dc4a-4cbd-853d-5a0822913e35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5289
x-amzn-requestid: 32ceec61-c109-4bc8-a174-0aac12d32004
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3IN7H1qoAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6345ed8c-3bcffbb73e31871e3a61ba00;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 22:26:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zhSbm65t-LQqj3IWL9JDV9S-161rBbj3fWUDGZNGkY6Fhf0Rdm74HQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 11:45:56 GMT
age: 12607
etag: "d38357e003fa7e3b0d73d62a0db3367af2151790"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac5c50f8ffe0da11f1adb9f67d811cf
2b586d1c26208d6fe7df3a4cec286e28f21807ca
12414dcf4afa766503c9328fe626c2d1317a0d6838887e0dd30e9b56e85ea3d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8120
x-amzn-requestid: 42dc2299-203a-4269-a252-e239978fe80d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7EhLHX0IAMF89g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347813a-1357899758d9403e4b920418;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SR9bGKLTWYUWOjUddaTyA7fGSnBR5GqVPYKC6-1Zn-uHPoQkEW5TfQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 04:05:53 GMT
age: 40210
etag: "2b586d1c26208d6fe7df3a4cec286e28f21807ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0ccfd7-6dc6-469b-bee1-7de141fecb1c.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0ccfd7-6dc6-469b-bee1-7de141fecb1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 902f6b585d65d720ff096817ca1f2233
9b73cbeff3361c30600bea9f12a862ae2c4f1e01
8669095b4abaab1bbe1a9f65eb61e7caf713c36f8a24ed0979f482bb3356b79c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0ccfd7-6dc6-469b-bee1-7de141fecb1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6454
x-amzn-requestid: 4774f611-4ee1-40e7-804b-229bfff6c5a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjS3MGmdoAMFqKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfe94-451518b50ab53f2538d0c13f;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2Ra0AP60Ts4OidLByrMWpcUixuPQZGP8QliETUca6vdyqZfO9oxGDQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 14 Oct 2022 21:51:09 GMT
age: 62694
etag: "9b73cbeff3361c30600bea9f12a862ae2c4f1e01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 39538
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 15:16:04 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5139
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
date: Sat, 15 Oct 2022 15:16:08 GMT
X-Firefox-Spdy: h2
cdn.lordicon.com/gqdnbnwt.json
143.204.55.117200 OK 0 B URL HTTP/2 cdn.lordicon.com/gqdnbnwt.json
IP 143.204.55.117:0
GET /gqdnbnwt.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 16 Feb 2022 19:45:38 GMT
etag: W/"56f3-17f04119f85"
x-powered-by: lordicon
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 07 Oct 2022 07:09:49 GMT
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: JLBGGOorKKg9RpeSOCc1XjI4GdQiIkBZ_5S7M0OdCsUMydm8zi7hSQ==
age: 720373
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
IP 52.16.240.242:0
GET /assets/landings/cpf-v4/assets/logonew.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022101515-1e211d1ee9ca8f9ae2631812727e9c96&var4=924226487&spub=de1622f0-76e091f4-2fbc6bf8-ad8d-cd4e
Cookie: XSRF-TOKEN=eyJpdiI6IlgrcTVpcS9MdVRQYUNQZjBWaC9qeVE9PSIsInZhbHVlIjoiZGpPVEdBcDBuN3g5ZFAxcGpZTVpKMjlsZTFGSzBqQWlKbklyN2tIUm9NR2M5bkMyeHFBSjM1T2FwMkVEdVFNeHBOUmtHamF3YUxrMWczbnpIcEJrdXNEWnU3ZjN4OEZoUU12cDZvcEgzN1RYN1N2K01FNGtaT2lNQ0h0dzBRNVgiLCJtYWMiOiJiM2U0NTY5NjFlY2Q5MjEyYzdkNzVlMWMzOWZmZmJkYThlZWMwN2ExNzljOTZiZTUxZmYyZjRjNzZjZmE1YTIxIiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6Im1KMlEySVBIRkFicW9uREc0cVZsZ1E9PSIsInZhbHVlIjoiMzdjQlJtNkhzTHg0WUd2c0E3MUQwcVZkNjl6ZWtINVFMRDE4c3FGVlpFZm1RcDBhWitHek9SM1ZNUHFHcFlDN1JPRzBUZHVRcnBHQm5POEVMbHRLdGtXenU0bHQ5NWVkYld2RHhwMUMydUk5Nk9kNGhIL1ZjeDR2MnhINXdaSzgiLCJtYWMiOiI4MWM1NmNjMjM1NjFlYTEzNWNkNDM4MTRiOGZkMjZlNTJiNGQwNTAwMjllZDBmNTkxYjA2ZmQ3NTAyZWI1YmYzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 15 Oct 2022 15:16:01 GMT
Content-Type: image/png
Content-Length: 12804
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3204"
Accept-Ranges: bytes