cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
52.16.240.242301 Moved Permanently 169 B URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:40 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 10:44:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gnMDXcB-aJFG8AYrzmG9m0qRs4vnSBS34Q3ej3QP2Mp9fLnyp33EzQ==
Age: 3413
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12272
Expires: Mon, 05 Sep 2022 15:06:12 GMT
Date: Mon, 05 Sep 2022 11:41:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7MxiKVkIc7eVZyXD8BHO2tA_7OxqF35-PQsw1Zw5pPC3LDaBnp9rYQ==
age: 37583
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:41:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b4bbc67f8882199c0fac18b19f969fb
4e5deccbc5b675655e85d08ec1451720846f665d
c2d4b58c6d30c0d8567ccad1c7a74aefabbea54ef03ec67c929593a5e9716963
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2D4B58C6D30C0D8567CCAD1C7A74AEFABBEA54EF03EC67C929593A5E9716963"
Last-Modified: Sat, 03 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3683
Expires: Mon, 05 Sep 2022 12:43:04 GMT
Date: Mon, 05 Sep 2022 11:41:41 GMT
Connection: keep-alive
cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
52.16.240.242200 OK 8.1 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
IP 52.16.240.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1078)
Hash 7615fbb575b92ab5532ef3b560d3c794
5be986dabf891b75127995aea3998b7dc41fa121
37e3b7cb288839da3a93f4828c44c3cabe27bc64721fb2c32e3871519e257f86
GET /?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: Mon, 05 Sep 2022 11:41:41 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; expires=Wed, 05-Oct-2022 21:41:41 GMT; Max-Age=2628000; path=/; samesite=lax
leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D; expires=Wed, 05-Oct-2022 21:41:41 GMT; Max-Age=2628000; path=/; httponly; samesite=lax
Content-Encoding: gzip
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
52.16.240.242200 OK 38 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap-grid.css
IP 52.16.240.242:0
Hash ff2874cf2b810904a86e75fb662dddf9
d01f2466cdb09c2869a00933b301d7b3eaa47c88
712cd40cf73ca483fb7fb2b4652d6f6fc8bb13f787d7b4205219e8d36531d2ad
GET /assets/landings/cpf-v4/assets/bootstrap-grid.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: text/css
Content-Length: 37644
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-930c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:41:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
52.16.240.242200 OK 8.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/css
IP 52.16.240.242:0
Hash 67e5e325edd3fb0b1fe63c87ead83537
acf360ef2d36a71711c0ba68435a8d14600d662f
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/octet-stream
Content-Length: 8028
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1f5c"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
IP 52.16.240.242:0
Hash 08d62b119695d97b0a4aa10cd745715b
846b60a28d2aa67ede6225d913be3baac91e50a0
b16ef5a9744c2d32965d61a0d54cd9861658be9dc35317bb0d169d3be1b5f08f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/style.css?v=1.0 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: text/css
Content-Length: 13111
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3337"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
52.16.240.242200 OK 46 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/animate.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (460)
Hash 0c31c5438a896a73e3d88e3bb035a00a
4ed61d3db90d340eb945a0cf6bf19ef4ca7c3a69
185c5c9bbcb780984871e86bc73f6e9c8c8ffd699c3274716ab1d481ee64a7fd
GET /assets/landings/cpf-v4/assets/animate.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: text/css
Content-Length: 45766
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b2c6"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
142.250.74.72200 OK 74 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-WN8PVLP7SK
IP 142.250.74.72:0
File type ASCII text, with very long lines (15517)
Hash b3f6bf5022842142d28f2f05e7631bb0
22aa0e11bd568d1430990924d172aac6ca6e4d45
44ddb12b60164dfe5b0d2638ae4d917cb4edbc97311b60c9f620ad1a580bdb8f
GET /gtag/js?id=G-WN8PVLP7SK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Sep 2022 11:41:41 GMT
expires: Mon, 05 Sep 2022 11:41:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
52.16.240.242200 OK 49 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/all.css
IP 52.16.240.242:0
File type ASCII text, with very long lines (48464)
Hash 10519cfd3206802f58315b877a9beab5
03232d7095b4a14b88810a0ffe76ae50726c23c6
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
GET /assets/landings/cpf-v4/assets/all.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: text/css
Content-Length: 48649
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-be09"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
52.16.240.242200 OK 660 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1
IP 52.16.240.242:0
File type ASCII text, with very long lines (65470)
Size 660 kB (660408 bytes)
Hash 1af14b70bbb23b3b2bb69b56eb34c8d1
b3d7162e6cb996167eed2cd1c49874b1cf71b399
89601bb921da48d1f5138c767903e242d43500a4b20eb5fa0bfbe0b18f2f739d
Analyzer Verdict Alert fortinet Phishing
GET /assets/vendors/landings.js?id=1af14b70bbb23b3b2bb69b56eb34c8d1 HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 660408
Last-Modified: Mon, 11 Jul 2022 15:07:34 GMT
Connection: keep-alive
ETag: "62cc3cb6-a13b8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
52.16.240.242200 OK 174 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.css
IP 52.16.240.242:0
Size 174 kB (173597 bytes)
Hash d26ecc887c12f855a908679dae6704e3
eb513f44232e0854b251fc2b499bdbf9ad59e3e7
4a64845cd000ad3810f1247a90aa723ff37e8c0f1ff2af0aa46d2a4257522a8b
GET /assets/landings/cpf-v4/assets/bootstrap.css HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: text/css
Content-Length: 173597
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a61d"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
52.16.240.242200 OK 96 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/jquery.min.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (32038)
Hash f03e5a3bf534f4a738bc350631fd05bd
37b1db88b57438f1072a8ebc7559c909c9d3a682
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/jquery.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 95992
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-176f8"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
52.16.240.242200 OK 1.4 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/showHide.js
IP 52.16.240.242:0
Hash e8620b11e5f539e459a4497875f5a888
f0614c24180891190c99c655dce65fae0dc48f7c
ece6d92e0083388d7fbd972acdf4d026665d3ee9539efa8229f53c27caf35ac2
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/showHide.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 1388
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-56c"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
52.16.240.242200 OK 124 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (317)
Size 124 kB (123765 bytes)
Hash 4bc939cd6b79a562e8d14bc7a4674520
096f4af97b2968cf43f08d5a39b8dbae7c74c7ae
f364953a3675a8b76babc5549808ac15aa424aad5ba606afb5741a0c62cf0008
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 123765
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-1e375"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
52.16.240.242200 OK 2.9 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/scroll.js
IP 52.16.240.242:0
Hash b6669c3eec8db5cc3ccdcc33ea434014
1b3157d5d7b38de5824f6565a0fa5f5b5aebbfe2
e1ba56834ff8384f3f2d84534375c79a6d9cf4dfc34f8c9636fb380841b0c6f4
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/scroll.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 2884
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-b44"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
52.16.240.242200 OK 5.7 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/default.js
IP 52.16.240.242:0
Hash 55aa3f53ee3d2f02e08f283bb32b66d5
24f77a0dcaf050d99ed797d9675d97ea58a6e723
a9dc8a0a29ebe54549b7fa2b704bc50a233fca359e17445952b1fc370322f43f
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/default.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 5688
Last-Modified: Thu, 11 Aug 2022 09:53:37 GMT
Connection: keep-alive
ETag: "62f4d1a1-1638"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
52.16.240.242200 OK 8.2 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wow.js
IP 52.16.240.242:0
File type ASCII text, with very long lines (8096)
Hash 531647c81a24ea5ab59f55b04476049b
b26c2bf80d048a6794575bab088d5514302b45cd
04e47903ea6b22a81acd7a63131b2cd92614fc2dc79158fcace251869e715396
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/wow.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 8213
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2015"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:41:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
52.16.240.242200 OK 13 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/logonew.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 230, 8-bit/color RGBA, non-interlaced\012- data
Hash 0bc47eb3121362da3da572efcfe251d3
ab339a8d54d9fdc85720c8af31dc33af1e9ba2b0
c4f2fb9dab8a1e66dbe22e6e12f5286069fa663574326d516d4473a728b33032
GET /assets/landings/cpf-v4/assets/logonew.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 12804
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-3204"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
52.16.240.242200 OK 20 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/uk.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash a0f21f7bff7a0eb9ce4ebf9af7ef03c7
68cb32da14d6010c7cb2fb7cd83da713566edcc2
150d834f8224e78a8bb24c1386ca1142c2b13ce2e1d141323f3e972a9adc99ef
GET /assets/landings/cpf-v4/assets/uk.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 19591
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4c87"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
52.16.240.242200 OK 34 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/office-application.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 16-bit/color RGBA, non-interlaced\012- data
Hash 69a571e00e27ea3a71c2c6f7af0a879f
c9c1d1e23b7211e52a32f5e3d753d153bc91b51c
f380502dcb03380da19940930be1734d6de95284044022272f095e03bd4ecb08
GET /assets/landings/cpf-v4/assets/office-application.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 34351
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-862f"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 05 Sep 2022 11:38:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 05 Sep 2022 12:18:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: W6QMgXRvlbsvhQ1k9zwBJVsewq8IqLPkAunjJolubgsT8jY1TAlMhQ==
Age: 205
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/word.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2160, 8-bit/color RGBA, non-interlaced\012- data
Hash 194f9fac2ec24708a5cff38fa615ac9d
1c6bb263ceddae2e189574b7a07871fbcf2cf1f3
5153585d7e061db84b92e6c14e5e7d536003e37c3fb02257a378ebafe7a3954f
GET /assets/landings/cpf-v4/assets/word.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 64827
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-fd3b"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
52.16.240.242200 OK 55 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/powerpoint.png
IP 52.16.240.242:0
File type PNG image data, 1200 x 1116, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f97ba846d45dd2bdb89d34d007479ce
ac6bcddb364ec3fbd11c98bd9ee9e2eca662a6a5
c5de0afede85344030af3f7baed8bdffa71131b7d9edaea5cab5f4ea42d9af58
GET /assets/landings/cpf-v4/assets/powerpoint.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 55090
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-d732"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
52.16.240.242200 OK 17 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/wordpress.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash db4298ab4dbd04c9e9a2395533a01082
507a6ac3a84400172686cec9511965f01b81079a
19466439f97145616eeccc5e2cf409e7671cdd4f6c2ab62e293e40b3f58ce938
GET /assets/landings/cpf-v4/assets/wordpress.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 16745
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4169"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
52.16.240.242200 OK 22 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/photoshop.png
IP 52.16.240.242:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 6793474b36b8348d9f3494324f553bf0
9d64242952d7c9bcb21a4b93cdd3e0eb20b7f437
b758aa9397190855525f5ce0039263ec52f133f62b64acf0e762f3721303dad9
GET /assets/landings/cpf-v4/assets/photoshop.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 22319
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-572f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
52.16.240.242200 OK 65 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/illus.png
IP 52.16.240.242:0
File type PNG image data, 2160 x 2106, 8-bit/color RGBA, non-interlaced\012- data
Hash 6056a96b099b3d365f604968869583f6
9c73819f0af3507416f1a7f88179a775771fde2a
22c3d04097949bf66e3deaf534b8c34ba4add04a956dc74da8bbfef4899c3b9a
GET /assets/landings/cpf-v4/assets/illus.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 65343
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-ff3f"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
52.16.240.242200 OK 101 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/excel.png
IP 52.16.240.242:0
File type PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (100722 bytes)
Hash b3bba4a529cab7e8211c9019f1347b71
8e8f4514a5b2fdee304e88d12cd21772b0a39efe
5cee67a96f9fa2272be123080687322b21d536f3c2ef85a9eebb042c9a07fe11
GET /assets/landings/cpf-v4/assets/excel.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 100722
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-18972"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
52.16.240.242200 OK 23 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/indesign.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash ed1ab790c6ab593f77fe64e9ba02c027
d172c0a814b6811b97ee749d2b978da4abd6cecc
16a2d9bb577f6f0e20e5d6406acf2291897c7a2b06852c7ad4ec68fb505247eb
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/indesign.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/jpeg
Content-Length: 22703
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-58af"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
52.16.240.242200 OK 27 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/montage_photo.jpeg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3\012- data
Hash 14235e36f44aa23b142a2faaad4f4b05
2ea250b0ec665f862d3eef1a191619cd8f1cd204
7a90cfcc8f5ae2deecb74b1bb210392a2f2d688bb944c72c5b88f93e3bac3083
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/montage_photo.jpeg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/jpeg
Content-Length: 26935
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-6937"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
52.16.240.242200 OK 319 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/img2.png
IP 52.16.240.242:0
File type PNG image data, 560 x 370, 8-bit/color RGB, interlaced\012- data
Size 319 kB (318929 bytes)
Hash f0366d93cee73d9ad9ff96af3503fe83
2961d5c8448bfe48be1ee133b2597e35c1d87032
6b03be43a135c88b5cac1e43d23b8a2f46e655c3f23ead75cc169bad4dd2f3f8
GET /assets/landings/cpf-v4/assets/img2.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 318929
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-4ddd1"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4549
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:41:41 GMT
Last-Modified: Mon, 05 Sep 2022 10:25:52 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
52.16.240.242200 OK 11 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/banner.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x730, components 3\012- data
Hash 78e52dbdf74603151c5c98ef65dea86c
44b4c369e1398c5c32db5804dc1741c84d048b69
3e19e40d0885c4dfd49d089492b20f39ba95cc1481cf9659046f53add0a9ada5
GET /assets/landings/cpf-v4/assets/banner.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662378097.1.0.1662378097.0.0.0; _ga=GA1.1.2002051705.1662378097
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/jpeg
Content-Length: 10854
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-2a66"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
52.16.240.242200 OK 6.5 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/project-bg-2.jpg
IP 52.16.240.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1170x230, components 3\012- data
Hash 51a1df3e2485d5d6b64fd830eb7c9d0c
78c477157c76b5f1ea901558bde62a3db5cc2ae2
dc2728cc97697b427ae12dc985791b1c4fa736b63a5d1a45caa0826bc4640cba
GET /assets/landings/cpf-v4/assets/project-bg-2.jpg HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/style.css?v=1.0
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662378097.1.0.1662378097.0.0.0; _ga=GA1.1.2002051705.1662378097
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/jpeg
Content-Length: 6494
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-195e"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
52.16.240.242200 OK 4.0 kB URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/favicon.png
IP 52.16.240.242:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, interlaced\012- data
Hash 8604b4e2501cb5928e40d0623400e361
c94dbb348dd0222aa31c1ddc93793f889c18ff70
d3bb00c4c958c19ee9504845c697ab7d6315a1654604e816b795883b8c4d986f
GET /assets/landings/cpf-v4/assets/favicon.png HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D; _ga_WN8PVLP7SK=GS1.1.1662378097.1.0.1662378097.0.0.0; _ga=GA1.1.2002051705.1662378097
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: image/png
Content-Length: 3989
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-f95"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3d734db6d950acb609cd0ccfe98fd9ba
0201364c8b9d6e1963b6bf4abb63fef9b3e0886d
bbced6e776c18b28b6edbbb94659a19bb383fb65caf293249d58988c61769693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1233
Cache-Control: max-age=134125
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:41:41 GMT
Etag: "63154491-1d7"
Expires: Wed, 07 Sep 2022 00:57:06 GMT
Last-Modified: Mon, 05 Sep 2022 00:36:33 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 53e4933126779cbf269a5819d467ad4b
1c3c6b27a0660a44717be304d90834cf2f9cf3ce
ed5ad968f7d95b37c817e86b54062702bef60b1ffd3977248aad23072af06b87
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 6zZ2wmfVwCjYCuxyMfjUzM6lPSQxw4wsV1HzD9qFk93JGJGXOWzQq1OshmwYAir2UOUdMIBq0u5NGFSEpzUbaQ==
content-length: 26752
x-fb-trip-id: 1904183273
date: Mon, 05 Sep 2022 11:41:41 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3d734db6d950acb609cd0ccfe98fd9ba
0201364c8b9d6e1963b6bf4abb63fef9b3e0886d
bbced6e776c18b28b6edbbb94659a19bb383fb65caf293249d58988c61769693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1233
Cache-Control: max-age=134125
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 11:41:41 GMT
Etag: "63154491-1d7"
Expires: Wed, 07 Sep 2022 00:57:06 GMT
Last-Modified: Mon, 05 Sep 2022 00:36:33 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.148.17.90101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.17.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kukquI8rntJw8wp1hyoBKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6qFwOywO7IQiNoBAwZHP8M+ns84=
www.clarity.ms/tag/dfukl0f7t6
40.90.65.26200 OK 1.4 kB URL HTTP/2 www.clarity.ms/tag/dfukl0f7t6
IP 40.90.65.26:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1363), with no line terminators
Hash 52f4c28ed8fc95dd79014c81880d9be4
f61fd9227b91d8bfbc6222151c5c2e8b7298d498
03798ea17b9ae8f35e64df0153c30d1759267546c7fc6898409695b4ce11188f
GET /tag/dfukl0f7t6 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-length: 1363
content-type: application/x-javascript
expires: -1
set-cookie: CLID=97e14b57b85b421bb28c7f236184d850.20220905.20230905; expires=Tue, 05 Sep 2023 11:41:42 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0duAVYwAAAAASo5hg21uiRaq1gCgdTmowSVNUMzBFREdFMDUxOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Mon, 05 Sep 2022 11:41:41 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662378097799&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662378097797.1282182843&it=1662378097589&coo=false&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662378097799&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662378097797.1282182843&it=1662378097589&coo=false&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=505067384389800&ev=PageView&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&rl=&if=false&ts=1662378097799&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662378097797.1282182843&it=1662378097589&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Mon, 05 Sep 2022 11:41:42 GMT
expires: Mon, 05 Sep 2022 11:41:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=1480026773&cid=2002051705.1662378097&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662378097&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=1480026773&cid=2002051705.1662378097&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662378097&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-WN8PVLP7SK>m=2oe8v0&_p=1480026773&cid=2002051705.1662378097&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662378097&sct=1&seg=0&dl=https%3A%2F%2Fcpfv4.formation-subventions.fr%2F%3Fc%3D8n5i3Pu2M%26co%3D1%26tx_id%3DM2022090511-e2e54046eabc1ab6e0c9796d3da49c19%26var4%3D%7BYOUR_PUBID_HERE%7D%26spub%3D1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64&dt=D%C3%A9veloppez%20vos%20comp%C3%A9tences%20gratuitement%20gr%C3%A2ce%20au%20dispositif%20CPF&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://cpfv4.formation-subventions.fr
date: Mon, 05 Sep 2022 11:41:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.lordicon.com/nocovwne.json
143.204.55.122200 OK 27 kB URL HTTP/2 cdn.lordicon.com/nocovwne.json
IP 143.204.55.122:0
Hash d1b7099c545f6ee35e1fe5ae6a1cff64
92b35b9747f5ab0eb39fc70259d0837be638691d
d81386a89c374c0399cbf1fe2dcac6306c2bbd50d2df92064d9417c5fdb02d93
GET /nocovwne.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
content-encoding: gzip
date: Mon, 05 Sep 2022 07:22:41 GMT
cache-control: public, max-age=432000
etag: W/"79f1-UxsAyfYh7xT5Xf90JpQfrIKBCcg"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Rp6fNPMZ1mciyTmFvnTVB6UcG4cIK_oGY9_5lQ0xD6Rk8lp-vyrXgA==
age: 33653
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&RedC=c.clarity.ms&MXFR=11742AA8100F6AAE08D738BE140F642A
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=11742AA8100F6AAE08D738BE140F642A; domain=.clarity.ms; expires=Sat, 30-Sep-2023 11:41:42 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Mon, 05 Sep 2022 11:41:42 GMT
content-length: 0
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&RedC=c.clarity.ms&MXFR=11742AA8100F6AAE08D738BE140F642A
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&RedC=c.clarity.ms&MXFR=11742AA8100F6AAE08D738BE140F642A
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&RedC=c.clarity.ms&MXFR=11742AA8100F6AAE08D738BE140F642A HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&MUID=3326CE8112B26F0533FEDC9713476ED2
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=3326CE8112B26F0533FEDC9713476ED2; domain=c.bing.com; expires=Sat, 30-Sep-2023 11:41:42 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D812BA15EB3D49EABABEEC5F95D128EF Ref B: OSL30EDGE0111 Ref C: 2022-09-05T11:41:42Z
date: Mon, 05 Sep 2022 11:41:41 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&MUID=3326CE8112B26F0533FEDC9713476ED2
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&MUID=3326CE8112B26F0533FEDC9713476ED2
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=5E93C3C1BDDA4C62BD3FD8641D705DBB&MUID=3326CE8112B26F0533FEDC9713476ED2 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
accept-ranges: bytes
etag: "de363c295b2d81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Mon, 05-Sep-2022 11:51:42 GMT; path=/; SameSite=None; Secure;
date: Mon, 05 Sep 2022 11:41:42 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1001
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Mon, 05 Sep 2022 11:41:42 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:41:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:41:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:41:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:41:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6076
Expires: Mon, 05 Sep 2022 13:22:59 GMT
Date: Mon, 05 Sep 2022 11:41:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GuATNx2xnWnEl0cr_2ZWZo_jOWbHlSBYksIeHFDoHAK9o5Tf0PPliQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:03:29 GMT
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
age: 49094
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.lordicon.com/yeallgsa.json
143.204.55.122200 OK 18 kB URL HTTP/2 cdn.lordicon.com/yeallgsa.json
IP 143.204.55.122:0
Hash 07705d74f6a83ce0819acef5cdd4c92f
724e410c89f615463bfbad235a3807388ba3fc38
9f85b191bdb1f12b818f4fd27bcb327a285cd67add3b1af3d9337648f7342213
GET /yeallgsa.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
content-encoding: gzip
date: Fri, 02 Sep 2022 20:17:21 GMT
cache-control: public, max-age=432000
etag: W/"9ab0-5vIXXjCvDaBT81QJOZQsoZrqWFI"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XPUTcewgjcwl7jObOTG0k3rZflgKMbxN8Fg7Q4vOYvlJdQlufRgVmw==
age: 228260
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1be72d8-944d-4a7e-9b1e-ad82d49d9cf3.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1be72d8-944d-4a7e-9b1e-ad82d49d9cf3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 236f57d73839def5d9ddd1b993394bac
a32ddb91fce6c75ee39530117afcf31d6c6eea94
5c4eab322f6c6a7462a4350dde8d32fc321e6d026e72c0bdb282a56da72c9664
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1be72d8-944d-4a7e-9b1e-ad82d49d9cf3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11654
x-amzn-requestid: 7dec27e0-0959-435b-b155-6afeb503dac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxJUJGf-oAMFZNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631055b3-15838b603291931a4d236ff2;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 06:48:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wWaGFAA7vsAS2zhpSM0Cy5CueNSI8s-cS8sTOWUZGdy-AW2vhbNrBA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 19:05:28 GMT
age: 59775
etag: "a32ddb91fce6c75ee39530117afcf31d6c6eea94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7fe061740ad833cfe7ff0fe078d6810d
15d0fc3fdced758b5797361bae0fd53341e0581d
5409b6775bca5afd03901975c61c27f267efe2c8a8e739f05ebc52a938c5a368
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5459
x-amzn-requestid: a75bf8a5-dc96-4a88-9de5-b79d1d62ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxB_bFMFoAMFkEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631049fc-2685c90962d8af5f4a7b5908;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 05:58:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZh0s85w1Nt6qZdZybNBcQHEXMWQIJvtAyCbF4oWsYUOlIKuNS5Fpg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:38:48 GMT
age: 46975
etag: "15d0fc3fdced758b5797361bae0fd53341e0581d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3fa914e288ca54908967c65ae6000607
b470ee66546236df6932247b8de7982a081e3170
04dc2796377fdd129e03e1a1902207ba57f23933f4296908794097353f2de13f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9632
x-amzn-requestid: aee8c394-86b7-4b7e-8a1b-134b4de8454f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxZF0rIAMFodg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2f2a9e20556d8899447fc662;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 77bXbuBtQ1AUHqlplB8HwTfSd83WZTTsmHsN2hZiTk83XvP5Bdpfhg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 19:05:29 GMT
age: 59774
etag: "b470ee66546236df6932247b8de7982a081e3170"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VgP7BDBmd5A5bAmRgO88geep419uZ0TQop4jEmRkx-q9rX4PUJZOCQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:16:55 GMT
age: 48288
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 80962
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Mon, 05 Sep 2022 11:41:42 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 10731
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Mon, 05 Sep 2022 11:41:44 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 28671
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://cpfv4.formation-subventions.fr
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Mon, 05 Sep 2022 11:41:47 GMT
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/lord-icon-2.1.0.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/lord-icon-2.1.0.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 279427
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-44383"
Accept-Ranges: bytes
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/bootstrap.bundle.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/bootstrap.bundle.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 212345
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-33d79"
Accept-Ranges: bytes
cdn.lordicon.com/gqdnbnwt.json
143.204.55.122200 OK 0 B URL HTTP/2 cdn.lordicon.com/gqdnbnwt.json
IP 143.204.55.122:0
GET /gqdnbnwt.json HTTP/1.1
Host: cdn.lordicon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cpfv4.formation-subventions.fr/
Origin: https://cpfv4.formation-subventions.fr
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx/1.14.2
date: Wed, 31 Aug 2022 21:54:00 GMT
x-powered-by: lordicon
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=432000
etag: W/"5709-Q74jOxx/0TTChQEylrX/ar5FXEs"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VLZXE_shcdXMuFROy71MMp0K9F1XmkR7zuJu4r3f8qG6x4bLN5w-9w==
age: 395261
X-Firefox-Spdy: h2
cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
52.16.240.242200 OK 0 B URL HTTP/1.1 cpfv4.formation-subventions.fr/assets/landings/cpf-v4/assets/inputmask.min.js
IP 52.16.240.242:0
Analyzer Verdict Alert fortinet Phishing
GET /assets/landings/cpf-v4/assets/inputmask.min.js HTTP/1.1
Host: cpfv4.formation-subventions.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpfv4.formation-subventions.fr/?c=8n5i3Pu2M&co=1&tx_id=M2022090511-e2e54046eabc1ab6e0c9796d3da49c19&var4={YOUR_PUBID_HERE}&spub=1f9bd5b5-10c3c4d8-0b58aba5-403c-1a64
Cookie: XSRF-TOKEN=eyJpdiI6IklleGtqblFhbDB6RkpCSzJjRE5TYVE9PSIsInZhbHVlIjoiM1lsRTZqRUdTMXlQTGRJWWhNMkxmRG90c051WUpUWU9xY0hpY3Q1UlZ5akN6RGRKN3F2TW1ySEc0KzhNemg5UmJZQ3d3MCtwTGFkcTNFRVhhVk5jeVRuU054OTVrY1J5VlFncGw3ODRRTnV1WTJrRlNXdGw5K1NoekYwb2l3b24iLCJtYWMiOiI0MzIwOTMzNmYzNTk2NzhkNzM4NWEyMjZhYTI2ODA3ODUyMDg2OTE4ZDEyMjBkM2E5ZDc1YjE4NmNmN2MxYjA3IiwidGFnIjoiIn0%3D; leadsmetal_session=eyJpdiI6IjRKZmFKUUxXZ2V3S2ZGNTRucU5XVGc9PSIsInZhbHVlIjoib1FQM2w1QVpuWnd1UGgrRXJiOFJ3OEo3bm9aZDhDMDd1Vjh0dU5oblpvbEhobjdDZGF1OGJzajlYTmNkcDlQL01jMjJ4dURhbVc3dUMwNFF5SlVJOTNlUFpMOGlxN1UzSlZ6UnRNWkF0UFBnZDBhZHZCUU90NnRORnRGT3hoRC8iLCJtYWMiOiIxZTc2NGQwMTFkNDFjOWY5YWFhMmFmMjUxMWMyZDVjZmZmMDJiY2M5YjcwYWYyZTQxNzBhYzg1MWUwMjY3ZjQxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Sep 2022 11:41:41 GMT
Content-Type: application/javascript
Content-Length: 141748
Last-Modified: Wed, 20 Jul 2022 08:15:52 GMT
Connection: keep-alive
ETag: "62d7b9b8-229b4"
Accept-Ranges: bytes