be.tbatahealth.quest/index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5
51.75.251.185301 Moved Permanently 169 B URL HTTP/1.1 be.tbatahealth.quest/index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5
IP 51.75.251.185:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
Analyzer Verdict Alert fortinet Malware
GET /index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5 HTTP/1.1
Host: be.tbatahealth.quest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 11:09:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://be.tbatahealth.quest/index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6099
Expires: Thu, 01 Dec 2022 12:51:36 GMT
Date: Thu, 01 Dec 2022 11:09:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5294
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:09:57 GMT
Last-Modified: Thu, 01 Dec 2022 09:41:43 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 10:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3011
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9076
Expires: Thu, 01 Dec 2022 13:41:13 GMT
Date: Thu, 01 Dec 2022 11:09:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iIut6mQGamBbDCZOuhDsO1lHJSn+qjfW5dgKrPzrYChiQMBQMEQZy7G3Pt1MOUGH7Wjd7/KdVxA=
x-amz-request-id: 36RH4CKGNH7VVK1P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 10:45:38 GMT
age: 1459
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 612cf3c25ac0621054ebed154a345012
218f77905e07c9ff7fa28f1db898b1cf34fd4141
435ab18beae6fd369336d9d1363febd68c46f52a3363a03c36e7304047e3a424
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "435AB18BEAE6FD369336D9D1363FEBD68C46F52A3363A03C36E7304047E3A424"
Last-Modified: Tue, 29 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4396
Expires: Thu, 01 Dec 2022 12:23:13 GMT
Date: Thu, 01 Dec 2022 11:09:57 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
be.tbatahealth.quest/index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5
51.75.251.185301 Moved Permanently 0 B URL HTTP/1.1 be.tbatahealth.quest/index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5
IP 51.75.251.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /index.php/campaigns/hb2952a4yj7ee/track-url/dc562wpeqga9c/03924788a98820d59ba0826c52818e2c6e3182f5 HTTP/1.1
Host: be.tbatahealth.quest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 01 Dec 2022 11:09:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.2.24
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Thu, 01 Dec 2022 11:09:57 GMT
Location: https://clk.tradedoubler.com/click?p=278517&a=3042985&g=25083084&url=https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 63b77f0e8ecdb52768c9702ae21b4c03
6e4593cb7f41cf20afb04e90ad0f765f3f37393a
85c682d484403082296e47b739192492b494af8747dbb3392f68f528b6ac25ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85C682D484403082296E47B739192492B494AF8747DBB3392F68F528B6AC25CE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7177
Expires: Thu, 01 Dec 2022 13:09:35 GMT
Date: Thu, 01 Dec 2022 11:09:58 GMT
Connection: keep-alive
clk.tradedoubler.com/click?p=278517&a=3042985&g=25083084&url=https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921
35.186.231.97200 OK 1.0 kB URL HTTP/2 clk.tradedoubler.com/click?p=278517&a=3042985&g=25083084&url=https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921
IP 35.186.231.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (431)
Hash 9e407f6b6879dbb2160b8bea957f5c7b
78f6c90c6d99030e3f6a235a9597ef4e1e02aa3e
3380d4f51972e4c37ecb9a8ad994b2b85267217d5657a5d4148f0bd3951b81c3
GET /click?p=278517&a=3042985&g=25083084&url=https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921 HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=ISO-8859-1
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
referrer-policy: origin
date: Thu, 01 Dec 2022 11:09:57 GMT
content-length: 1026
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 63b77f0e8ecdb52768c9702ae21b4c03
6e4593cb7f41cf20afb04e90ad0f765f3f37393a
85c682d484403082296e47b739192492b494af8747dbb3392f68f528b6ac25ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85C682D484403082296E47B739192492B494AF8747DBB3392F68F528B6AC25CE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7177
Expires: Thu, 01 Dec 2022 13:09:35 GMT
Date: Thu, 01 Dec 2022 11:09:58 GMT
Connection: keep-alive
vht.tradedoubler.com/fp/prefs.js
54.230.111.48200 OK 3.7 kB URL HTTP/1.1 vht.tradedoubler.com/fp/prefs.js
IP 54.230.111.48:0
File type ASCII text, with very long lines (764)
Hash 9042aeefa6b50fd89dafd065aee87148
0903b60da6faa7a16b30fe42a0974ae20c0e09bf
dcde81d721f2b5f9e932b434eff9f39b07ce0803a772c991296ddd4e9e8e0b30
GET /fp/prefs.js HTTP/1.1
Host: vht.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 3705
Connection: keep-alive
Date: Fri, 25 Nov 2022 14:57:40 GMT
Server: Apache
Strict-Transport-Security: max-age=15552000; includeSubDomains
Last-Modified: Mon, 15 Oct 2018 09:28:46 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Rvw9qVDZLxxXRrExYMuntTCmSw0ha_T-Vx_Qd8JXlZXUbHIw1GxETA==
Age: 504738
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 11:08:56 GMT
cache-control: public,max-age=3600
age: 62
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5282
Cache-Control: max-age=170693
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:09:58 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:34:51 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921&tduid=f67f3d218844b1ed34d866e9eade17eb
94.23.165.179200 OK 2.5 kB URL HTTP/2 entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921&tduid=f67f3d218844b1ed34d866e9eade17eb
IP 94.23.165.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1652), with CRLF, LF line terminators
Hash f0ae97560dff474ef7a56abea44f2acb
85f9589ebf7ae845208994333be814bd09e86534
1e149e9a4e44adee0c89137a7e7bcb6f639d86c07ee2fe1f5d0176e2d8b57fdb
GET /1463_WI_FR_0921/?qcp=1463_WI_FR_0921&tduid=f67f3d218844b1ed34d866e9eade17eb HTTP/1.1
Host: entreprise-devis.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:58 GMT
content-type: text/html; charset=UTF-8
content-length: 2549
x-powered-by: PHP/5.6.32
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
entreprise-devis.pro/1463_WI_FR_0921/css/styles.css
94.23.165.179200 OK 1.7 kB URL HTTP/2 entreprise-devis.pro/1463_WI_FR_0921/css/styles.css
IP 94.23.165.179:0
File type ASCII text, with CRLF line terminators
Hash fd05ec43234ccdad8a6f6d79e7ffcec5
6403291c1152806f66e790bb5ce1677274600ff2
d395375e1c62e89a9323ac04359c46a60242e8d503d8b367f5733d2285e21b6b
GET /1463_WI_FR_0921/css/styles.css HTTP/1.1
Host: entreprise-devis.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921&tduid=f67f3d218844b1ed34d866e9eade17eb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:58 GMT
content-type: text/css
content-length: 1717
last-modified: Wed, 22 Sep 2021 12:14:02 GMT
etag: "1cfa-5cc94731d01d3-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
entreprise-devis.pro/1463_WI_FR_0921/img/image_lps.jpg
94.23.165.179200 OK 13 kB URL HTTP/2 entreprise-devis.pro/1463_WI_FR_0921/img/image_lps.jpg
IP 94.23.165.179:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 315x165, components 3\012- data
Hash 85d9168ae16d31affa6318e5c0e95131
a6d0cf75ca9ffeb3d82c93fe4b827d9ae477e5f5
ecaa6c88fdaaf6742b709aafad6b743e73e5f34638e161b93ebed63b155a3081
GET /1463_WI_FR_0921/img/image_lps.jpg HTTP/1.1
Host: entreprise-devis.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/1463_WI_FR_0921/?qcp=1463_WI_FR_0921&tduid=f67f3d218844b1ed34d866e9eade17eb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:58 GMT
content-type: image/jpeg
content-length: 13033
last-modified: Wed, 22 Sep 2021 12:14:02 GMT
etag: "32e9-5cc9473205d31"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:09:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-K2LSTN
172.217.21.168200 OK 94 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-K2LSTN
IP 172.217.21.168:0
File type ASCII text, with very long lines (65324)
Hash baf8c2f2703d1be4bd5a6fc52ee6d070
157862621bb6f4b69c81bc70b87a8298d23ac0d9
1fb48beefc780fdf2f69df8f8ce4c2132f966485579ea5d0e6ce230bb6c59a31
GET /gtm.js?id=GTM-K2LSTN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 11:09:58 GMT
expires: Thu, 01 Dec 2022 11:09:58 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.24.78.9101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.24.78.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8tQ9mP79Zr2wbhI9F5XJzQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: plN6xrGNIujQpMBwwB/lOfCYb64=
sdk.privacy-center.org/92502d09-0e0f-4b5a-8590-cad06e72159e/loader.js?target=entreprise-devis.pro
54.230.111.111200 OK 23 kB URL HTTP/2 sdk.privacy-center.org/92502d09-0e0f-4b5a-8590-cad06e72159e/loader.js?target=entreprise-devis.pro
IP 54.230.111.111:0
File type Unicode text, UTF-8 text, with very long lines (59388), with no line terminators
Hash a83d428100fac3c277135d4b2125c76d
6e7fad6ebbd5e1580b07ff3a3251c5728d8a7e5e
44976ae27629dfbea9bdd516ff2337efd26867bdb5f3b5f51b505561588fad35
GET /92502d09-0e0f-4b5a-8590-cad06e72159e/loader.js?target=entreprise-devis.pro HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 23304
server: CloudFront
date: Thu, 01 Dec 2022 11:09:59 GMT
x-didomi-remote-config-source: Lambda
content-encoding: gzip
cache-control: max-age=7200, public
etag: "11c9e2e6a61b4254264b4a97af1cd135"
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CqsovrDU25L-m2UTL2m1oEHc_MQsOj4HYD7-_d5LRODiUL95_UZWxg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c4288b5e0b4c7e86196864b4421c8976
68e78d0079a0b8842646f45b80876d07b243ce88
a482003cb367fb82be226ccd4d81d29b792a6be19496c523338e82b60c0aac1c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101721
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:09:59 GMT
Etag: "638775e0-117"
Expires: Fri, 02 Dec 2022 15:25:20 GMT
Last-Modified: Wed, 30 Nov 2022 15:25:20 GMT
Server: nginx
Content-Length: 279
www.companeo.com/api.php?lang=fr_FR&key=6bedec83694cb01c3f8f252fa2fa95ff
104.26.3.71200 OK 2.5 kB URL HTTP/2 www.companeo.com/api.php?lang=fr_FR&key=6bedec83694cb01c3f8f252fa2fa95ff
IP 104.26.3.71:0
Hash 86c955247d52fe1e0943fd0a93fe0ba6
a7b6df1478fb6587f85d339b61f021a57dfd374d
c36ef6565484423530784e2f9859162435a88fbde2152d927bddba275cd23eaa
GET /api.php?lang=fr_FR&key=6bedec83694cb01c3f8f252fa2fa95ff HTTP/1.1
Host: www.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:09:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.25
cache-control: no-cache, private
access-control-allow-origin: *
strict-transport-security: max-age=15552000
set-cookie: SRVNAME=S1; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVkXo%2BYkkZaDXGnqbRwGKnAgJqiskav6u07WKTRlgu6oRbTCmhwa6TZBdkT%2BlHZkk3kFCFrwRHFO73GT8YBF4pbl8sIbIe8G0YmAY51AWqH8ZeDrezs8nOAVNjAM6Qld2CE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772b5face93bb4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
entreprise-devis.pro/1463_WI_FR_0921/img/puce.jpg
94.23.165.179200 OK 439 B URL HTTP/2 entreprise-devis.pro/1463_WI_FR_0921/img/puce.jpg
IP 94.23.165.179:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 6x7, components 3\012- data
Hash fd92ec7a69ba1665e2c79d90ecabea17
743541e79bd0b262bf71328642f8c4fa22b2f5fd
5b9f095ee67f7b66024293931eb2ac7d50cff4c47e50c9134422f2ad04bfc1dc
GET /1463_WI_FR_0921/img/puce.jpg HTTP/1.1
Host: entreprise-devis.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/1463_WI_FR_0921/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:59 GMT
content-type: image/jpeg
content-length: 439
last-modified: Wed, 22 Sep 2021 12:14:02 GMT
etag: "1b7-5cc947320e9d1"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
entreprise-devis.pro/1463_WI_FR_0921/img/bg-mas.jpg
94.23.165.179200 OK 7.8 kB URL HTTP/2 entreprise-devis.pro/1463_WI_FR_0921/img/bg-mas.jpg
IP 94.23.165.179:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=75, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x100, components 3\012- data
Hash 060b34d63bcb756f234da37e2bc97722
0548dd9334c5ab1a8c4a976bf6c73e437ba09af7
7ec82924d8c50183bda9d4b5ad0077ea18720ef35342cef839f626195350a29c
GET /1463_WI_FR_0921/img/bg-mas.jpg HTTP/1.1
Host: entreprise-devis.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/1463_WI_FR_0921/css/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:59 GMT
content-type: image/jpeg
content-length: 7751
last-modified: Wed, 22 Sep 2021 12:14:02 GMT
etag: "1e47-5cc94731f24b2"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.companeo.com/fonts/roboto/roboto-v27-latin-regular.woff2
104.26.3.71200 OK 16 kB URL HTTP/2 www.companeo.com/fonts/roboto/roboto-v27-latin-regular.woff2
IP 104.26.3.71:0
File type Web Open Font Format (Version 2), TrueType, length 15688, version 1.0\012- data
Hash aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
GET /fonts/roboto/roboto-v27-latin-regular.woff2 HTTP/1.1
Host: www.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://entreprise-devis.pro
Connection: keep-alive
Referer: https://www.companeo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:10:00 GMT
content-type: application/octet-stream
content-length: 15688
last-modified: Tue, 20 Jul 2021 16:59:08 GMT
etag: "60f700dc-3d48"
access-control-allow-origin: *
accept-language: bytes
strict-transport-security: max-age=15552000
cache-control: private
cf-cache-status: BYPASS
set-cookie: SRVNAME=S1; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouXjsPIULEEHcgHk%2FiYpOW9FLpGwCkMV1UX%2FA8Ow2PSsaHjw1SpHDD7ifx2KITKALNl%2F7v3SUyZfQhmw8ZpDTINbwUonH%2FZZO%2Fx0%2B2e4s67CYs8OD1%2B5rDig1mCLnTkVyss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b5fb08e6db4f7-OSL
X-Firefox-Spdy: h2
sdk.privacy-center.org/sdk.b0923c718d4f102971bad68b2699543d26e1e20a.js
54.230.111.111200 OK 121 kB URL HTTP/2 sdk.privacy-center.org/sdk.b0923c718d4f102971bad68b2699543d26e1e20a.js
IP 54.230.111.111:0
Size 121 kB (120788 bytes)
Hash aac96b2a79e36e48e8f670b11a505716
c71b869867863be7935ff6657badd22b4e13d208
1f3cfd31b16d21ae18880246f6ca15cd0c90c043f3f1e800f739a4fcbb6524aa
GET /sdk.b0923c718d4f102971bad68b2699543d26e1e20a.js HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 28 Nov 2022 08:26:51 GMT
last-modified: Mon, 28 Nov 2022 08:22:18 GMT
etag: W/"e86c6609c35215c097c30717825710a0"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: atime:1669623408/ctime:1669623408/gid:0/gname:root/md5:e86c6609c35215c097c30717825710a0/mode:33188/mtime:1669623408/uid:0/uname:root
cache-control: public, max-age=31536000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zS40eJTacX_gAK5mChQoOJ2brEPxnUGSiMAzrY-sco0rMVH_rmgCYA==
age: 268989
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e79cb215debe155d279963c2154248ed
7b57f9d72ec7b71c0aeab8201c92241fed64d587
2b7f2866c88a9062c7af5329fc24846590a4d4857b4fefec2169c05313a927fb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 11:10:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 08:42:35 GMT
Expires: Mon, 05 Dec 2022 08:42:34 GMT
Etag: "7b57f9d72ec7b71c0aeab8201c92241fed64d587"
Cache-Control: max-age=336153,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772b5fb30d08b529-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8525
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:10:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8525
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:10:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8525
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:10:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:43:35 GMT
age: 44785
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 58314
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 47885
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 47880
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 47823
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 48150
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.companeo.com/fonts/iconfont/iconfont-surveyslider.ttf?uo3di4
104.26.3.71200 OK 4.0 kB URL HTTP/2 www.companeo.com/fonts/iconfont/iconfont-surveyslider.ttf?uo3di4
IP 104.26.3.71:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, iconfont-surveyslider\012- data
Hash 52ee5fd9fa03e129abe263cafcfd1936
43776691f1926c3242d25044ff32970560a9e84f
937ee60f7679c859a7368485f42c23852e33f4933d02373402bce9b2ac7f3257
GET /fonts/iconfont/iconfont-surveyslider.ttf?uo3di4 HTTP/1.1
Host: www.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://entreprise-devis.pro
Connection: keep-alive
Referer: https://www.companeo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:10:00 GMT
content-type: application/octet-stream
content-length: 4040
last-modified: Tue, 20 Jul 2021 16:59:08 GMT
etag: "60f700dc-fc8"
access-control-allow-origin: *
accept-language: bytes
strict-transport-security: max-age=15552000
cache-control: private
cf-cache-status: BYPASS
set-cookie: SRVNAME=S1; path=/
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqNG6EemGQwZbA6JDVj1ambL3RI1oLLjerifOro4DLABuMvoJDLDEujlozKXtOmZej1lID1PE9JvN4yxUCzvaaAHSbHtqGMSZ7f7z1MB%2BcsZkowLDWhuhhA%2BT9kNYCYepjI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b5fb4dc18b4f7-OSL
X-Firefox-Spdy: h2
api.companeo.com/api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null
54.36.212.233200 OK 38 kB URL HTTP/2 api.companeo.com/api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null
IP 54.36.212.233:0
Hash b8351e9b11113e1d6b65da779dab4d29
987108a2fd2927473267af4113c6965d0f6557f4
de115d6bae9cf95856883abc3528fe148a82457a02f98500826b185cd799d0cf
GET /api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null HTTP/1.1
Host: api.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://entreprise-devis.pro
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:10:00 GMT
content-type: application/json
x-powered-by: PHP/8.0.25
access-control-allow-origin: https://entreprise-devis.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, PUT
content-encoding: gzip
strict-transport-security: max-age=15768000
set-cookie: SRVNAME=S2; path=/
cache-control: private
X-Firefox-Spdy: h2
analytics.tradedoubler.com/
188.165.150.178200 OK 0 B URL HTTP/2 analytics.tradedoubler.com/
IP 188.165.150.178:0
POST / HTTP/1.1
Host: analytics.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 229
Origin: https://clk.tradedoubler.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:09:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-via-popn: primary
content-encoding: gzip
x-via-poph: replica1
X-Firefox-Spdy: h2
api.companeo.com/api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null
54.36.212.233200 OK 0 B URL HTTP/2 api.companeo.com/api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null
IP 54.36.212.233:0
OPTIONS /api/v1/survey/1463/fr_FR/?cc=1463&forcetpl=2&isLanding=true&force_lang=fr_FR&cid=null&email=null HTTP/1.1
Host: api.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://entreprise-devis.pro/
Origin: https://entreprise-devis.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:10:00 GMT
content-type: application/json
x-powered-by: PHP/8.0.25
access-control-allow-origin: https://entreprise-devis.pro
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, PUT
content-encoding: gzip
strict-transport-security: max-age=15768000
set-cookie: SRVNAME=S2; path=/
cache-control: private
X-Firefox-Spdy: h2
www.companeo.com/css/ph-survey-slider.css
104.26.3.71200 OK 0 B URL HTTP/2 www.companeo.com/css/ph-survey-slider.css
IP 104.26.3.71:0
GET /css/ph-survey-slider.css HTTP/1.1
Host: www.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:09:59 GMT
content-type: text/css
last-modified: Mon, 19 Sep 2022 12:52:59 GMT
etag: W/"6328662b-11638"
accept-language: bytes
strict-transport-security: max-age=15552000
cache-control: private
cf-cache-status: BYPASS
set-cookie: SRVNAME=S2; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOCuVkHvPVK6z%2Bptam8rxoebGWv0uY41BOz7FKE8ZLnunZAbuyZwzAYfW46IIfjBkYTH%2FCZ1eQta7uEeCBg0VpgCDU8XY657IB3PXg2RjX752PLME8br%2BEenpEMaC7NCiLo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b5faeeca8b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.companeo.com/js/surveyLoader.js
104.26.3.71200 OK 0 B URL HTTP/2 www.companeo.com/js/surveyLoader.js
IP 104.26.3.71:0
GET /js/surveyLoader.js HTTP/1.1
Host: www.companeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 11:10:00 GMT
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 10:33:51 GMT
etag: W/"6347e98f-143ad"
accept-language: bytes
strict-transport-security: max-age=15552000
cache-control: private
cf-cache-status: BYPASS
set-cookie: SRVNAME=S2; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLOdNxzlsYfVbg11riKUKtZwEdAVwfcq8yXjaegmvACR8MPpfOc2moQExc8lQQQJZmLX0%2FdNAtQv7dpxVx%2FzR34Fk%2BSDHfve6xjRJ48ZusD5%2BhY0l%2FitKx2Au5K00nPVZ0g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772b5fb09e7fb4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
sdk.privacy-center.org/ui-gdpr-en.b0923c718d4f102971bad68b2699543d26e1e20a.js
54.230.111.111200 OK 0 B URL HTTP/2 sdk.privacy-center.org/ui-gdpr-en.b0923c718d4f102971bad68b2699543d26e1e20a.js
IP 54.230.111.111:0
GET /ui-gdpr-en.b0923c718d4f102971bad68b2699543d26e1e20a.js HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://entreprise-devis.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 28 Nov 2022 08:27:04 GMT
last-modified: Mon, 28 Nov 2022 08:22:52 GMT
etag: W/"c0c2a3b2fcfbc4e4e41b2be7da7f4ae9"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: atime:1669623408/ctime:1669623408/gid:0/gname:root/md5:c0c2a3b2fcfbc4e4e41b2be7da7f4ae9/mode:33188/mtime:1669623408/uid:0/uname:root
cache-control: public, max-age=31536000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qDzq8zKKY8K093f_-6-6Ay4m9-bsvS6cWoZDEVQ3i_Q25wqYiHNYjw==
age: 268977
X-Firefox-Spdy: h2