co20341.tw1.ru/
185.114.245.124200 OK 15 kB IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2355)
Hash 9f0bc8ca4e78939d054eff61bcec36cf
75581a82aec173e89dbff82c21c98cee4239e5f4
32cc6480a4e2231be3d95721071b85ffafaac7df04d0a072044f49715ed21dbc
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
phishtank Other
fortinet Phishing
GET / HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7615
Expires: Wed, 30 Nov 2022 00:16:46 GMT
Date: Tue, 29 Nov 2022 22:09:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3665
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:51 GMT
Etag: "638650c5-37"
Last-Modified: Tue, 29 Nov 2022 18:34:45 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9796
Expires: Wed, 30 Nov 2022 00:53:07 GMT
Date: Tue, 29 Nov 2022 22:09:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 21:17:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3116
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LnUtbEOt9k5MOIY1NKziUqLYHDOYDW8SfoM1AVfpodbGJvWIT5C3LIb6FKzcydCK8E2z7d9glyw=
x-amz-request-id: KWPAJHVTK73QRD4T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 21:45:37 GMT
age: 1454
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/css
185.114.245.124200 OK 5.4 kB IP 185.114.245.124:0
Hash 31bf65bad488ba7dba0c772f144f2877
c97f8e58ed66c1db55d658386c36dceeadade24c
9062b283108aee3d80a32cada8435bd6e2b642f3532de4ec9460136e98d6bc3e
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 5380
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:49 GMT
ETag: "1504-5ee7d6e266278"
Accept-Ranges: bytes
co20341.tw1.ru/bin/t
185.114.245.124200 OK 131 B IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash 5dc58eb8269206ece17124848baca47d
28bc6018fda1689fb87c3af08b0fccfb5255c561
e403c718464355917d8171f86d6f05316e22aa0d682202b7f7da1a2aff6bc030
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/t HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 131
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:11 GMT
ETag: "83-5ee7d6f6c30e2"
Accept-Ranges: bytes
co20341.tw1.ru/bin/t(1)
185.114.245.124200 OK 125 B IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash 3c430265f71b3c001056d14bd575cda6
51ab4d0247f0bdfca17d0fdf87cb3db43c481e26
f82ed62e62790f6ed3bdd94e80de9141f537f304e826b88c269f7bcb9eef49ce
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/t(1) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 125
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:11 GMT
ETag: "7d-5ee7d6f6fea02"
Accept-Ranges: bytes
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 22:09:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/base.min.css
185.114.245.124200 OK 72 kB URL HTTP/1.1 co20341.tw1.ru/bin/base.min.css
IP 185.114.245.124:0
File type ASCII text, with very long lines (880)
Hash 357f5301852fe6ee17ecea034f9ef7b0
1ddd9c6af6999cf807ccfa42c5756a309bbed760
cd47d7d8bf0b664a3a1b0c0b458c8fcbb9e9059bc6061fbaf5564d5bb0d79881
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/base.min.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b8-7f266"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/t(2)
185.114.245.124200 OK 122 B IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash 293c9021be400c34e79b22f963f94bd8
12359dcc8a220cf1da51f5ab2acf06c9b68a855e
e7c188508104cf9ccb2af7394cb581ac38dc539352db381ca713d04701828965
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/t(2) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 122
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:11 GMT
ETag: "7a-5ee7d6f74acc3"
Accept-Ranges: bytes
co20341.tw1.ru/bin/f.txt
185.114.245.124200 OK 12 kB IP 185.114.245.124:0
File type ASCII text, with very long lines (1955)
Hash 0167381e961c46ba80845458967f34e5
8f5f41fe83ab8ca43d7d9c62a695e90582b8d5ee
1f228fde1f7aa2f91b4b7891313af143122ec20830b71bd009fd962a29790063
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/f.txt HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 28 Nov 2022 01:02:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408bd-7826"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/6545227.js
185.114.245.124200 OK 12 kB URL HTTP/1.1 co20341.tw1.ru/bin/6545227.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (640)
Hash 9afbb353d04f677387af8bc1f78bfeae
3ce253fc6b8d9d2dd88e415df01b28b01db709b9
8385346060e47ebc2c76d9974e16f52f5192d4114d71c0c856ac772bd6ca06cb
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/6545227.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b4-18abf"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/js
185.114.245.124200 OK 98 kB IP 185.114.245.124:0
File type ASCII text, with very long lines (2644)
Hash 4e78cad5fb261a43d1dd6ed338af990d
9df806b71fe2eab302a45fd99e4a880e63fab42d
07abb29dfdcaa1050b7f8070e5c4c77dc1bba0ca504175a74e875007cc19f082
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 98197
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:02 GMT
ETag: "17f95-5ee7d6ee760d1"
Accept-Ranges: bytes
co20341.tw1.ru/bin/exec.js
185.114.245.124200 OK 144 B URL HTTP/1.1 co20341.tw1.ru/bin/exec.js
IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash e7fe3e96d2e6c828c4e52af5d94b338d
6c9be0d34539084a9677cde7cd15827d142f2787
661e7bd7e2b6ffc300a30ea6720c147cccebb197c4b87714aa88894382c845db
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/exec.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 144
Last-Modified: Mon, 28 Nov 2022 01:02:52 GMT
Connection: keep-alive
ETag: "638408bc-90"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/1928.js
185.114.245.124200 OK 771 B URL HTTP/1.1 co20341.tw1.ru/bin/1928.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (509)
Hash a2637b70441909b18037e57fa9889054
a934ef5dcdb1bba73646354db8ddbd7d7c6e40e5
c11d68f4a06808e2fa28fd43c648b16865253b8235117b26f04f471d3ab8b5a3
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/1928.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 771
Last-Modified: Mon, 28 Nov 2022 01:02:41 GMT
Connection: keep-alive
ETag: "638408b1-303"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/insight.beta.min.js
185.114.245.124200 OK 1.8 kB URL HTTP/1.1 co20341.tw1.ru/bin/insight.beta.min.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (4105)
Hash 7a7bc6e6d4c16e11089f3839bc55f138
14b118421c83fc1cd21ddb6d28f7cd06adc5a9a4
a91633bd20c87892391ce1c051adf8fdc68804531d295ad84b8430c67912be5d
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/insight.beta.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c3-100a"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/1929.js
185.114.245.124200 OK 771 B URL HTTP/1.1 co20341.tw1.ru/bin/1929.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (509)
Hash 3f25bf0a82b68e1c76f694c5a4d7e5b3
3a17a172c379a5cb302bc15b05a01bca516160b6
48d78a43e9bf99db5daedb39e7b9b06d5358d470bdb45cc6bfd98afad3ac8c83
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/1929.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 771
Last-Modified: Mon, 28 Nov 2022 01:02:42 GMT
Connection: keep-alive
ETag: "638408b2-303"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/1938.js
185.114.245.124200 OK 766 B URL HTTP/1.1 co20341.tw1.ru/bin/1938.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (765)
Hash af0050e67a79f169a5affc39ed8a547e
f715d28bd14eb8c3a633f74a82905fe44adfd83b
87f8580d2648332c05e7f77442a7243c4769102e18ce0224df9e5d3ff173c575
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/1938.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 766
Last-Modified: Mon, 28 Nov 2022 01:02:42 GMT
Connection: keep-alive
ETag: "638408b2-2fe"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/insight.min.js
185.114.245.124200 OK 965 B URL HTTP/1.1 co20341.tw1.ru/bin/insight.min.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (964)
Hash 1682c15c32a384857cf7bb18701fd5cf
bd8f13bc5354c361fecf6b487f8a5dd68f3bbdab
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/insight.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 965
Last-Modified: Mon, 28 Nov 2022 01:03:00 GMT
Connection: keep-alive
ETag: "638408c4-3c5"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/all.js
185.114.245.124200 OK 9.7 kB URL HTTP/1.1 co20341.tw1.ru/bin/all.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (29415)
Hash 126c345f45e6c6447a380d01afed480a
9998678fdd81b9fec064ced223d43c6e2fbc89fa
1746e33d8c2d1fe42beab6d00b3938684a267f7418e50269818e96cdbad5a71f
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/all.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b6-7318"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/bsd
185.114.245.124200 OK 17 B IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash e5704dfa7641dfd171ce12e90e86454e
97e96054fa38107d18a484b97c86e2f484a3e268
33e91ef748f0af8ef6ee182576422ffdac615b0611a46823d2df553142755b7c
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/bsd HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 17
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:49 GMT
ETag: "11-5ee7d6e1dc757"
Accept-Ranges: bytes
co20341.tw1.ru/bin/iframe_api
185.114.245.124200 OK 810 B URL HTTP/1.1 co20341.tw1.ru/bin/iframe_api
IP 185.114.245.124:0
File type CSV text\012- , ASCII text, with very long lines (507)
Hash 2c7c0978cb581d95ad74c550d29a29be
9b7dae9fe842924dbb0083589867545c29891358
3688bd001b9e577922afc541fb6930088841b6e4bc1ae80ddd6e3dea3802c745
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/iframe_api HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 810
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:56 GMT
ETag: "32a-5ee7d6e8c3105"
Accept-Ranges: bytes
co20341.tw1.ru/bin/tro.js
185.114.245.124200 OK 5.1 kB URL HTTP/1.1 co20341.tw1.ru/bin/tro.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (529)
Hash 03869579c2657881d8e10292bd392ee8
facb340a6135abf3b4faa69d2570079d4fd79478
bae3fa0e17b495252237167d254aa3bddd18a6ea0d80b348bd86a18e771a5cf3
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/tro.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d2-3cde"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/script.js
185.114.245.124200 OK 892 B URL HTTP/1.1 co20341.tw1.ru/bin/script.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (1662), with no line terminators
Hash af9e8c71f28293d7c37e34331eafc672
e13585ecaff1ebc1b64a41006fa4709be010eb3f
2a478013c4ae8907351ded3119c30de16b95a5e64205a06dcbcad793c42cc50d
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/script.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408cd-67e"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/bat.js
185.114.245.124200 OK 8.4 kB URL HTTP/1.1 co20341.tw1.ru/bin/bat.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (28050), with no line terminators
Hash bcef5d8d4ed8cad056421afe265cb6f3
75664549511a3bbc54e3afba00e3f19031efa403
02721c650cbaf269f1442803ed5671e4b702b80c5b578d00b4c34ae09410c83e
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/bat.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b8-6d92"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/wamfactory_dpm.laposte.min.js
185.114.245.124200 OK 3.3 kB URL HTTP/1.1 co20341.tw1.ru/bin/wamfactory_dpm.laposte.min.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (8964), with no line terminators
Hash 210a4f097e01528088f924b297af0a0f
cbb02b2b288cfbc1c3e0a2325fb6623352fcb1ca
bf7c5b4af24ddb1148321695965a11dc5aef362446fe82ab9746ce1f48840fa2
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/wamfactory_dpm.laposte.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d4-2304"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/uwt.js
185.114.245.124200 OK 2.0 kB URL HTTP/1.1 co20341.tw1.ru/bin/uwt.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (5160), with no line terminators
Hash e8a0565c3285dd985150b4f68901c6e8
aa4139af89a2e1089e49a577f941e77e7b037953
d1ffe2771c87ab0174518b51fe21f88660335fde2ec198f074eb3dbe352a0e16
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/uwt.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d3-1428"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/wreport_wcm.js
185.114.245.124200 OK 3.8 kB URL HTTP/1.1 co20341.tw1.ru/bin/wreport_wcm.js
IP 185.114.245.124:0
Hash bfef5120f9d465d6eb8a2b6dbeece3ea
3cee58020a72f84513af01a551373700e4bc7763
2878002e1a996e15fb4910d7a538b09b76f98aa55edc06cf68651c836fc95261
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/wreport_wcm.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d4-32de"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/iadvize.js
185.114.245.124200 OK 14 kB URL HTTP/1.1 co20341.tw1.ru/bin/iadvize.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (29030)
Hash 43d07b2f00caa883399106ef8a0dd1fe
0b38daaa252b7e709f7b6ba18857ee5423cadc68
bf54d70ffae7b040a95081624c43453ecdacf09813c3d9cd8fe4363597bb2fc8
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/iadvize.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c0-c732"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/base.min.js
185.114.245.124200 OK 8.7 kB URL HTTP/1.1 co20341.tw1.ru/bin/base.min.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (1708)
Hash e723bb321c337aba5aab63e811d45c02
b33488f0d6fedb74af21af7a10160c282b54693b
9253d0dc78d04f2617832f072d6f522d9f61ed9f98662f443cbef43c250291cb
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/base.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b8-54e5"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/script.min.js
185.114.245.124200 OK 4.6 kB URL HTTP/1.1 co20341.tw1.ru/bin/script.min.js
IP 185.114.245.124:0
File type C source, Unicode text, UTF-8 text, with very long lines (17876)
Hash dc2eff9f2d7d757903e33df67869aae8
3e874a4c8d4e8be6f3642759b2ef3525b067beda
c13324ca4aca653e8b763070572634b351e5e522ec1ed67a1aa4f9f15ebfa2b8
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/script.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408ce-480d"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/e1e16f7b41.js
185.114.245.124200 OK 7.0 kB URL HTTP/1.1 co20341.tw1.ru/bin/e1e16f7b41.js
IP 185.114.245.124:0
File type C source, ASCII text, with very long lines (2799)
Hash af325880ba94fc9dc0516159f635aa30
4ea9ccb5afc87066b83d680191473fbd4ea1a08e
b4f2170a816f6c48a4c713f7726d51224807f396965bfb879754d78a6bfba9b7
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/e1e16f7b41.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408bb-4b10"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/tc_4.js
185.114.245.124200 OK 14 kB URL HTTP/1.1 co20341.tw1.ru/bin/tc_4.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (26524)
Hash 90c284d033f726219b01d70eb69e863a
04f0d046bba559750b7c69cb4bed8493a9cb1b04
a16ac926a153542d77a529de990ef69f176363f34fa965945934062784a9ea38
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/tc_4.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d0-df03"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-core.min.css
185.114.245.124200 OK 2.0 kB URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-core.min.css
IP 185.114.245.124:0
Hash 41121103662db31986d7013997473765
bb13c805d6598d8e48efc0723c563c38facd47ea
ae12aafe100f133960a5803fb816f46b8a2b4cd56837ffb2d77c3be4b80872bc
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/inbenta-core.min.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c1-2c92"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-core.min.js
185.114.245.124200 OK 10 kB URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-core.min.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (33644)
Hash 66f31efcb844efaec5011fd7a2764dd4
f316a106c105cb3cac25a2e2da5250eb45979dea
68de294b4ac3eb58ab4a6d6c05d937b002d7f862e6c6c368fdce78edd681bcf0
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/inbenta-core.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c1-8375"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/f(1).txt
185.114.245.124200 OK 1.1 kB URL HTTP/1.1 co20341.tw1.ru/bin/f(1).txt
IP 185.114.245.124:0
File type ASCII text, with very long lines (2474), with no line terminators
Hash 33405a740b198e228113eb702badad0d
f501e753bbe430eeca3acfd41a84873a85b3401f
696a2136fcd695e81ca914feed6eaccbae22b9b49dbad22ebf854cc44b7686ce
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/f(1).txt HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 28 Nov 2022 01:02:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408bc-9aa"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/space-cowboy.css
185.114.245.124200 OK 5.8 kB URL HTTP/1.1 co20341.tw1.ru/bin/space-cowboy.css
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (39336), with no line terminators
Hash 14c522bfdab85ac22c806fc7a58c7e79
367f21eceb829afef4963bb7e39b1a3df983aa20
dba24d7b773a27840cd6bb478af89aaf2feb58c43c7249d400067bc850cf357b
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/space-cowboy.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:03:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408ce-99b0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/991002.js
185.114.245.124200 OK 1.9 kB URL HTTP/1.1 co20341.tw1.ru/bin/991002.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (593)
Hash 6fa0a528b85d6c11fa72977e3f73aefd
d66e8a8758e4462dcf10e23a95c813c2f20b130d
3c64b180bcb04a5711006ad6e5d5054729433ca551800d2787630349f5250597
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/991002.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b5-14b8"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/991000.js
185.114.245.124200 OK 1.9 kB URL HTTP/1.1 co20341.tw1.ru/bin/991000.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (625)
Hash 9ca67c17c55696f4236bd6d29748ad49
be1b7ab63f0723bb24ce59359cec2df5d6c9f5ae
e1a395056ee19d684b3171e1c5110e6636ce5fcabe998780b6b8bb64db0be563
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/991000.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b4-14d8"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-search-sdk.js
185.114.245.124200 OK 252 kB URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-search-sdk.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 252 kB (251527 bytes)
Hash cb6fc17bef3eef6dbdd1cd61d85f49e9
3e45b467ac78c73db8175cafe34e09d379acd413
5aff888d47ca2ee56641faecbedd202959b655bf88d93be6b0f597949f64f554
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/inbenta-search-sdk.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c4-ce85a"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/991001.js
185.114.245.124200 OK 1.9 kB URL HTTP/1.1 co20341.tw1.ru/bin/991001.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (601)
Hash 201ce410a70e45cca91d8744f12961bf
5647c5e3b545afff6b13c054a5d25c8b5a79b526
0223e1dae684d35bb350c29ace1809054b616e2a1d12d62e5fbfb9f5e8e3c6f7
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/991001.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b4-14c0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/targeting.c6d2c504.js
185.114.245.124200 OK 80 kB URL HTTP/1.1 co20341.tw1.ru/bin/targeting.c6d2c504.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (50111)
Hash 95769fbfdb797b49e451830be3b5648e
a6e317a9184122fb8e12a88ab7b48b6f369b2559
fb717deb2dbe470f445844da3778bf44967c5d4d0ab02cd75791b35747243b09
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/targeting.c6d2c504.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d0-47238"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-search-sdk-space-cowboy.min.css
185.114.245.124200 OK 6.4 kB URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-search-sdk-space-cowboy.min.css
IP 185.114.245.124:0
File type ASCII text, with very long lines (47344), with no line terminators
Hash ffbef414f70049d9f0183b61a78ab810
2dabbca3cad2e8f17dfd5f6639e374e13ef17fa0
c16ade9e0de97d1d519870995eb19587fee8f832a308e57baadb4505ea684844
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/inbenta-search-sdk-space-cowboy.min.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c2-b8f0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/privacy_v2_3.js
185.114.245.124200 OK 12 kB URL HTTP/1.1 co20341.tw1.ru/bin/privacy_v2_3.js
IP 185.114.245.124:0
File type C source, ASCII text, with very long lines (40517)
Hash 7f6641455f4ffb760ecd7eeb94efeee5
707896f9bbfe170eab2a6366ab6fa135311edebc
fe93612f054bbafa3a864cfd8999e3c32d09769e4b12380c366c12bd89c1619a
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/privacy_v2_3.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408cc-9f6c"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/tc_6.js
185.114.245.124200 OK 31 kB URL HTTP/1.1 co20341.tw1.ru/bin/tc_6.js
IP 185.114.245.124:0
File type C source, Unicode text, UTF-8 text, with very long lines (31728)
Hash f51667cd805681dd27433f75c6f24c04
f96b664212842a78b569ed4cad02314a87ae65f2
4a4d6afb264c7891b0b75e2e5e606c30d75ed650efdcb4b1e54a7265e716cdfd
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/tc_6.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d1-255b7"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/tc_5.js
185.114.245.124200 OK 51 kB URL HTTP/1.1 co20341.tw1.ru/bin/tc_5.js
IP 185.114.245.124:0
File type C source, Unicode text, UTF-8 text, with very long lines (31724)
Hash 5cf64fe3e729cf60e7f3f992a41fefad
b68dbc33d137961538b8ac495f1cb306d9ee2247
27ef981e9c0b4dafc69036bc5b12d631f83c2f443e0c9e51e6c35a12940bf28d
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/tc_5.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d1-4bf4f"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/clientlib-iadvize.min.js
185.114.245.124200 OK 345 B URL HTTP/1.1 co20341.tw1.ru/bin/clientlib-iadvize.min.js
IP 185.114.245.124:0
Hash 0cb83389e176a4bc2d657cb1b9796a54
7aaefa9d5e60c115eca0f95a5dc4f31aea62ca35
806aad512868056b5b26505bbb2d2396198c8baac280e959c2fe1858b59dda22
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/clientlib-iadvize.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Content-Length: 345
Last-Modified: Mon, 28 Nov 2022 01:02:49 GMT
Connection: keep-alive
ETag: "638408b9-159"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/base-footer.min.css
185.114.245.124200 OK 5.3 kB URL HTTP/1.1 co20341.tw1.ru/bin/base-footer.min.css
IP 185.114.245.124:0
File type ASCII text, with very long lines (6430)
Hash 96f9bd29e153eeacde46091f65ecc3dd
11d4768811c89ffd76eadb85d8e76fc659cda518
f5b23383985174100d1aa2eeb1381cc50f5759b61f4253314063f5229a39aad5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/base-footer.min.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b6-6191"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-prod.min.js
185.114.245.124200 OK 720 B URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-prod.min.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (2080), with no line terminators
Hash 7aa81abd1f9911b9e56b3e962f082b5c
ce0d1a3c87f770a973baab9ce2c648e3e8c751a5
5efef5755f88885fed3d737a456a0f3811d14c39ea8b6c00b7a62c0ba8fc8398
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/inbenta-prod.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c1-820"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/2135.js
185.114.245.124200 OK 2.6 kB URL HTTP/1.1 co20341.tw1.ru/bin/2135.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (518)
Hash e8e2acc1934a78e938bb2f88981f126c
04e508ff2ef2b20c1edabb2861528cb353ee7775
c33fd65b0d81fa1bfb50c0e3ff4ac82c26aa752ea196874322466bed02496acd
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/2135.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b2-1bbd"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/1156839.js
185.114.245.124200 OK 1.8 kB URL HTTP/1.1 co20341.tw1.ru/bin/1156839.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (573)
Hash 7eb8d4a2158ae7bf2018979bc198fe71
1b490854a25721c3c018a64423db36894e81fedb
b2858774f16e258f0443e8cafcc3cf33ae87c140fdfe6e18bea3ca938ca6319c
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/1156839.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b1-1383"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/2135.js(1)
185.114.245.124200 OK 7.1 kB URL HTTP/1.1 co20341.tw1.ru/bin/2135.js(1)
IP 185.114.245.124:0
File type ASCII text, with very long lines (518)
Hash a8abc02c39b7287b0f19d82b533bbb31
ea31ae5d5508ebc6becbc825440410a9afde3bf5
1306b25aace96607b313f03fd25f8bd7185ba2d8c622913cb76c7d5cfa0964f5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/2135.js(1) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 7101
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:42 GMT
ETag: "1bbd-5ee7d6dbcabeb"
Accept-Ranges: bytes
co20341.tw1.ru/bin/2135.js(2)
185.114.245.124200 OK 7.1 kB URL HTTP/1.1 co20341.tw1.ru/bin/2135.js(2)
IP 185.114.245.124:0
File type ASCII text, with very long lines (518)
Hash a8abc02c39b7287b0f19d82b533bbb31
ea31ae5d5508ebc6becbc825440410a9afde3bf5
1306b25aace96607b313f03fd25f8bd7185ba2d8c622913cb76c7d5cfa0964f5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/2135.js(2) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 7101
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:43 GMT
ETag: "1bbd-5ee7d6dc2f54b"
Accept-Ranges: bytes
co20341.tw1.ru/bin/996576.js
185.114.245.124200 OK 1.9 kB URL HTTP/1.1 co20341.tw1.ru/bin/996576.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (601)
Hash 62a9107c7f16bd0546f053d797154cc0
6177347fa54268e54a8e791194a0d16d7bc36abd
49f9729d19b3dddb277ee0789e7eaba0be1c57f0b8ad3327703209ecbc7923c9
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/996576.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b5-14c0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/inbenta-common.min.js
185.114.245.124200 OK 1.7 kB URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-common.min.js
IP 185.114.245.124:0
File type Unicode text, UTF-8 text, with very long lines (2278)
Hash ef80e86ca817c03d3a19aa4f1d43ed50
dc92c9fe637184f274774110b3d37b6f67e175ea
9b1d0de4aff5b3d301c0af412106913ecc0942529cdddb119f483c9091a4039c
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/inbenta-common.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c0-1183"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/libs/granite/csrf/token.json
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/libs/granite/csrf/token.json
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /libs/granite/csrf/token.json HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/bin/getuid
185.114.245.124200 OK 53 B URL HTTP/1.1 co20341.tw1.ru/bin/getuid
IP 185.114.245.124:0
File type ASCII text, with no line terminators
Hash 6c9dc9d94d596e868f65b714b5dbb2a3
0cc7ba4d73c740a5687d52c5d020f82c7d290513
162deaa82c91c8e2e585d87de183b7c5c7c1ac33793a50e6c775077af8733267
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/getuid HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 53
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:53 GMT
ETag: "35-5ee7d6e5e4aff"
Accept-Ranges: bytes
co20341.tw1.ru/bin/3639-citoyenne.png
185.114.245.124200 OK 4.0 kB URL HTTP/1.1 co20341.tw1.ru/bin/3639-citoyenne.png
IP 185.114.245.124:0
File type PNG image data, 363 x 139, 8-bit colormap, non-interlaced\012- data
Hash 5ab747a0f1485a7fb9721bb545956131
0fcbe52eaf5f99d02cdd7dc2aff0121d215d9634
3d95b45cc5877442dca599e880b56df2ce5de8b440f41817a6046f4b7f403b12
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/3639-citoyenne.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 4031
Last-Modified: Mon, 28 Nov 2022 01:02:43 GMT
Connection: keep-alive
ETag: "638408b3-fbf"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/saved_resource
185.114.245.124200 OK 43 B URL HTTP/1.1 co20341.tw1.ru/bin/saved_resource
IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/saved_resource HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:08 GMT
ETag: "2b-5ee7d6f4167bc"
Accept-Ranges: bytes
co20341.tw1.ru/
185.114.245.124200 OK 15 kB IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2355)
Hash 9f0bc8ca4e78939d054eff61bcec36cf
75581a82aec173e89dbff82c21c98cee4239e5f4
32cc6480a4e2231be3d95721071b85ffafaac7df04d0a072044f49715ed21dbc
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
phishtank Other
fortinet Phishing
GET / HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c124fa71b940afe9c0623e7499cceb67
fd8bcc8f33b69001651b1147f58aa7a1917a9e93
7528debdb5991c8b6763d96322b9b7e4bfb3d5080ce17c3be32277e7fe0560ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7528DEBDB5991C8B6763D96322B9B7E4BFB3D5080CE17C3BE32277E7FE0560EC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9963
Expires: Wed, 30 Nov 2022 00:55:54 GMT
Date: Tue, 29 Nov 2022 22:09:51 GMT
Connection: keep-alive
co20341.tw1.ru/bin/logo-lbp.png
185.114.245.124200 OK 4.8 kB URL HTTP/1.1 co20341.tw1.ru/bin/logo-lbp.png
IP 185.114.245.124:0
File type PNG image data, 140 x 140, 8-bit colormap, non-interlaced\012- data
Hash d319def83abb4b0868a2c6cae43ccca3
15a7ec3b9fca0c16aae0d39053bb340e7885f200
6c2ecc8d8ed497ccfd5de46495d86ec26eb29234a7b65a48cb3bb60ea1519a0a
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/logo-lbp.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 4818
Last-Modified: Mon, 28 Nov 2022 01:03:07 GMT
Connection: keep-alive
ETag: "638408cb-12d2"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c124fa71b940afe9c0623e7499cceb67
fd8bcc8f33b69001651b1147f58aa7a1917a9e93
7528debdb5991c8b6763d96322b9b7e4bfb3d5080ce17c3be32277e7fe0560ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7528DEBDB5991C8B6763D96322B9B7E4BFB3D5080CE17C3BE32277E7FE0560EC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9963
Expires: Wed, 30 Nov 2022 00:55:54 GMT
Date: Tue, 29 Nov 2022 22:09:51 GMT
Connection: keep-alive
co20341.tw1.ru/bin/Interstitiel_stmarphone.png
185.114.245.124200 OK 33 kB URL HTTP/1.1 co20341.tw1.ru/bin/Interstitiel_stmarphone.png
IP 185.114.245.124:0
File type PNG image data, 310 x 592, 8-bit colormap, non-interlaced\012- data
Hash 2c70a0821722ed030244ecd8ed49fc65
a2fb2bc26fd456707ac72afbf157be96dcbb2e6a
d598e785f0c08fb9984bd847e1cfc15a4cbd620de68f455174ada1627b0ce99f
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/Interstitiel_stmarphone.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 32759
Last-Modified: Mon, 28 Nov 2022 01:03:01 GMT
Connection: keep-alive
ETag: "638408c5-7ff7"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
cdn.tagcommander.com/privacy/2623/privacy_v2_3.js
23.13.251.114200 OK 13 kB URL HTTP/2 cdn.tagcommander.com/privacy/2623/privacy_v2_3.js
IP 23.13.251.114:0
File type C source, Unicode text, UTF-8 text, with very long lines (48434)
Hash ff7ae45f2c843cd7bfa3f65fe66c524f
21d4cc0569258ab4632f233d3d35477253d57939
446e513e068c108e184b1df81acae4138fb728a5528865dc368e9fd407745e04
GET /privacy/2623/privacy_v2_3.js HTTP/1.1
Host: cdn.tagcommander.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript
etag: "e3c6d0cc520f9bafdf4126df1cb1b4fa+gzip"
last-modified: Mon, 14 Dec 2020 18:27:09 GMT
server: ECS (frb/6794)
vary: Accept-Encoding
x-amz-id-2: a+1gz8N62YIEgCjtWb71esi4aT2syO/nRoVRFYSC1AeeqNuOU3t1ytgUG+KUYf4X+9nATl6Afio=
x-amz-request-id: R1Y79ZENJP6CDBYZ
x-cdn: VDMS
content-length: 13055
cache-control: must-revalidate, max-age=86400
date: Tue, 29 Nov 2022 22:09:51 GMT
access-control-max-age: 31536000
access-control-allow-methods: HEAD, GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
sync.adotmob.com/user
185.183.112.155200 OK 24 B IP 185.183.112.155:0
ASN #60350 Vente-privee.com SA
File type ASCII text, with no line terminators
Hash 37aee96c71abe81af55dbf410b62edaf
d1b0b82dead7f3739784a0eb7aace5c279bd477d
05528be441c1eb772dd0fc2afa435864ee563e0fc27e7541a9e83d796514b5fb
GET /user HTTP/1.1
Host: sync.adotmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: http://co20341.tw1.ru
vary: Origin
access-control-allow-credentials: true
set-cookie: uid=086e220425038f043aed4984; Domain=.adotmob.com; Path=/; Expires=Fri, 29 Dec 2023 22:09:51 GMT; Secure; SameSite=None
uuid=086e220425038f043aed4984; Domain=.adotmob.com; Path=/; Expires=Fri, 29 Dec 2023 22:09:51 GMT; Secure; SameSite=None
partners=AYL%3A1669759791863%3BAPN%3A1669759791863%3BDMX%3A1669759791863%3BGOO%3A1669759791863%3BQUA%3A1669759791863%3BRUB%3A1669759791863%3BSCM%3A1669759791863%3BSMA%3A1669759791863%3BSTI%3A1669759791863%3BTEA%3A1669759791863; Domain=.adotmob.com; Path=/; Expires=Fri, 29 Dec 2023 22:09:51 GMT; Secure; SameSite=None
content-type: text/plain; charset=utf-8
date: Tue, 29 Nov 2022 22:09:51 GMT
keep-alive: timeout=5
content-length: 24
co20341.tw1.ru/bin/Interstitiel_tablette.png
185.114.245.124200 OK 64 kB URL HTTP/1.1 co20341.tw1.ru/bin/Interstitiel_tablette.png
IP 185.114.245.124:0
File type PNG image data, 750 x 573, 8-bit colormap, non-interlaced\012- data
Hash e6a7db5b2aeef4018fc8612041927c28
0ee6a1492759eb4fead49765c6095fa9ca600211
81e3cb15ea36ad13a06a9b67c66ea31522bc8b4c92cc27ad848526ef2ef05560
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/Interstitiel_tablette.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 63511
Last-Modified: Mon, 28 Nov 2022 01:03:01 GMT
Connection: keep-alive
ETag: "638408c5-f817"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1938&cb=promoUpdate&output=js
83.150.244.138200 OK 0 B URL HTTP/1.1 tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1938&cb=promoUpdate&output=js
IP 83.150.244.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1938&cb=promoUpdate&output=js HTTP/1.1
Host: tgt.mmtro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 29 Nov 2022 22:09:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
p3p: policyref="http://mmtro.com/w3c/p3p.xml", CP="ALL DSP LAW CUR TAIi PSAi PSDi IVAi IVDi OUR BUS UNI"
expires: Wed, 23 Feb 2000 00:00:01 GMT
x-rid: 6386832f1f2b6fd285e54ffa
strict-transport-security: max-age=15724800; includeSubDomains
x-envoy-upstream-service-time: 11
server: envoy
co20341.tw1.ru/bin/lbp-app-android.png
185.114.245.124200 OK 12 kB URL HTTP/1.1 co20341.tw1.ru/bin/lbp-app-android.png
IP 185.114.245.124:0
File type PNG image data, 310 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 760e212125b4ba47678fdfe132bf758f
d7e6f00af2a1bac11dcdd634ab64a4b21fac872b
89770d6bb0c7f868fc89cb4a3f498e26dbdc4224c533d1ad3e5275e0856be5fc
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/lbp-app-android.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 11936
Last-Modified: Mon, 28 Nov 2022 01:03:03 GMT
Connection: keep-alive
ETag: "638408c7-2ea0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1929&cb=promoUpdate&output=js
83.150.244.138200 OK 0 B URL HTTP/1.1 tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1929&cb=promoUpdate&output=js
IP 83.150.244.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1929&cb=promoUpdate&output=js HTTP/1.1
Host: tgt.mmtro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 29 Nov 2022 22:09:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
p3p: policyref="http://mmtro.com/w3c/p3p.xml", CP="ALL DSP LAW CUR TAIi PSAi PSDi IVAi IVDi OUR BUS UNI"
expires: Wed, 23 Feb 2000 00:00:01 GMT
x-rid: 6386832f928d6669542b6a43
strict-transport-security: max-age=15724800; includeSubDomains
x-envoy-upstream-service-time: 19
server: envoy
co20341.tw1.ru/bin/lbp-app-ios.png
185.114.245.124200 OK 8.6 kB URL HTTP/1.1 co20341.tw1.ru/bin/lbp-app-ios.png
IP 185.114.245.124:0
File type PNG image data, 310 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash ff6f443dec165d98cce21be0968d76f3
83b3ba54a0d093afeac60079503c2a68e1cb17d0
ad870bae449ef6b31ff821d333b78ae01783d988b94b60e8c11c81844dd882a1
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/lbp-app-ios.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 8586
Last-Modified: Mon, 28 Nov 2022 01:03:04 GMT
Connection: keep-alive
ETag: "638408c8-218a"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/lbp-app-windows.png
185.114.245.124200 OK 6.3 kB URL HTTP/1.1 co20341.tw1.ru/bin/lbp-app-windows.png
IP 185.114.245.124:0
File type PNG image data, 310 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 9887f88bde4ea7a37358d5142ace04db
e3f4b1e027a8cd6b536dc1bde41f6653c89c8de1
89ef0383ca4523cbac45fe1203a10f4fd83138015e91e86680c2a1d2d15d5e09
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/lbp-app-windows.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 6345
Last-Modified: Mon, 28 Nov 2022 01:03:04 GMT
Connection: keep-alive
ETag: "638408c8-18c9"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c124fa71b940afe9c0623e7499cceb67
fd8bcc8f33b69001651b1147f58aa7a1917a9e93
7528debdb5991c8b6763d96322b9b7e4bfb3d5080ce17c3be32277e7fe0560ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7528DEBDB5991C8B6763D96322B9B7E4BFB3D5080CE17C3BE32277E7FE0560EC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9963
Expires: Wed, 30 Nov 2022 00:55:54 GMT
Date: Tue, 29 Nov 2022 22:09:51 GMT
Connection: keep-alive
co20341.tw1.ru/bin/LBP-inondation-maison-picto.jpg
185.114.245.124200 OK 18 kB URL HTTP/1.1 co20341.tw1.ru/bin/LBP-inondation-maison-picto.jpg
IP 185.114.245.124:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash cf9bab2efc22e019910ac35d39b8ea16
4abcdad66a94f5c178b5817ae5fe8e9b15418c74
5780d7821d7d08f3f3cfdb922b4739739e761bb16769ad5be92cd4474c584548
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/LBP-inondation-maison-picto.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/jpeg
Content-Length: 17634
Last-Modified: Mon, 28 Nov 2022 01:03:04 GMT
Connection: keep-alive
ETag: "638408c8-44e2"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/vignette-semaine-finance-responsable.jpg
185.114.245.124200 OK 108 kB URL HTTP/1.1 co20341.tw1.ru/bin/vignette-semaine-finance-responsable.jpg
IP 185.114.245.124:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=628, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], progressive, precision 8, 639x625, components 3\012- data
Size 108 kB (107718 bytes)
Hash 4235c1d5ebb3b8a8db43943feae93b9f
e2f4a50c0c8696717924dba3493ff13522a80238
a1764810cf4826872534fd86d38ca39a58ed4eb6a9adbab218f34ad7218318fe
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/vignette-semaine-finance-responsable.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/jpeg
Content-Length: 107718
Last-Modified: Mon, 28 Nov 2022 01:03:16 GMT
Connection: keep-alive
ETag: "638408d4-1a4c6"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/LBP-senior-rachat-credits-picto.jpg
185.114.245.124200 OK 8.7 kB URL HTTP/1.1 co20341.tw1.ru/bin/LBP-senior-rachat-credits-picto.jpg
IP 185.114.245.124:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 200x200, components 3\012- data
Hash 732e4dbda226c7f6b53c5c329d1d8f12
fbf52fcd4ef7b79180872bcc1941d783a568e991
172b6549f2e5fa8f607629409e63a358c9b307e47f734f54633fec2940da634b
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/LBP-senior-rachat-credits-picto.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/jpeg
Content-Length: 8652
Last-Modified: Mon, 28 Nov 2022 01:03:04 GMT
Connection: keep-alive
ETag: "638408c8-21cc"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/0
185.114.245.124200 OK 0 B IP 185.114.245.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/0 HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:40 GMT
ETag: "0-5ee7d6d9c23c6"
Accept-Ranges: bytes
co20341.tw1.ru/bin/LBP-TalentBooster-Epargne-jeunes-Picto-Header.png
185.114.245.124200 OK 6.9 kB URL HTTP/1.1 co20341.tw1.ru/bin/LBP-TalentBooster-Epargne-jeunes-Picto-Header.png
IP 185.114.245.124:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash f072f8d0f780badf63e355b486c57349
679b4686b7e08e090dbbab206c09c8d5ffb98a01
b092e6a5a411f3f39bb19b7e986424d26bedabbaccc9029d8dcafbb7d22c0257
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/LBP-TalentBooster-Epargne-jeunes-Picto-Header.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 6934
Last-Modified: Mon, 28 Nov 2022 01:03:05 GMT
Connection: keep-alive
ETag: "638408c9-1b16"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
co20341.tw1.ru/bin/LBP-TB-Reorientation-PictoHeader.png
185.114.245.124200 OK 3.3 kB URL HTTP/1.1 co20341.tw1.ru/bin/LBP-TB-Reorientation-PictoHeader.png
IP 185.114.245.124:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 74c9fa6557ee5f9c8af1df2f571b6b2e
6cd3450dabce032624640fba73bc5dc464c53992
9306276d1e48c6fa3951832a30aa1f06cff7640379caf820d4f55b375cf9c6e1
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/LBP-TB-Reorientation-PictoHeader.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 3280
Last-Modified: Mon, 28 Nov 2022 01:03:06 GMT
Connection: keep-alive
ETag: "638408ca-cd0"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=DC-6927651
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-6927651
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 8b0eef7cfa29ebfddbaa1391dd011179
21c89b0b93bcb5af21f3afe754d5cb8fbb7da256
b29c34517f6e5c78c1d8e54364e2587756b5a8ee248c0c0322e02dee288d05d6
GET /gtag/js?id=DC-6927651 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 22:09:51 GMT
expires: Tue, 29 Nov 2022 22:09:51 GMT
cache-control: private, max-age=900
last-modified: Tue, 29 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/LBP-TalentBooster-mode-de-vie-responsable-environnement-Picto-Header.png
185.114.245.124200 OK 12 kB URL HTTP/1.1 co20341.tw1.ru/bin/LBP-TalentBooster-mode-de-vie-responsable-environnement-Picto-Header.png
IP 185.114.245.124:0
File type PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced\012- data
Hash 7555cd04e48b67cd560737bd35d5574c
71f3d5a452651fd50fef7245eb9b1461c1ee5211
616afc2ed861c109bc192ec6b727a5a80f3bd16ad5e5450ae321158b6dcc9b8e
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/LBP-TalentBooster-mode-de-vie-responsable-environnement-Picto-Header.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: image/png
Content-Length: 12166
Last-Modified: Mon, 28 Nov 2022 01:03:05 GMT
Connection: keep-alive
ETag: "638408c9-2f86"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
cstatic.weborama.fr/iframe/external_libs.v2.js
93.184.221.133200 OK 3.1 kB URL HTTP/2 cstatic.weborama.fr/iframe/external_libs.v2.js
IP 93.184.221.133:0
File type ASCII text, with very long lines (8579), with no line terminators
Hash 7671f8fcc99aee9ca8ab26ca1e2fde9e
a4fe9860d1c1fe5f65f8de511754dc3570a90592
f05e772820ca83b004d5d5e21fda87b97cd68c847c62868fc9cf882203ee2d63
GET /iframe/external_libs.v2.js HTTP/1.1
Host: cstatic.weborama.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cstatic.weborama.fr/iframe/external_ids_sync.html?d.r=1669759790612
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 423897
cache-control: max-age=604800
content-type: text/javascript
date: Tue, 29 Nov 2022 22:09:51 GMT
etag: "3142978827+gzip"
expires: Tue, 06 Dec 2022 22:09:51 GMT
last-modified: Mon, 20 Sep 2021 08:52:49 GMT
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
server: ECAcc (ska/F68B)
vary: Accept-Encoding
x-cache: HIT
content-length: 3062
X-Firefox-Spdy: h2
tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1928&cb=promoUpdate&output=js
83.150.244.138200 OK 0 B URL HTTP/1.1 tgt.mmtro.com/t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1928&cb=promoUpdate&output=js
IP 83.150.244.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /t?&tagid=6550672-db22507a7e49c14c1eb9aa1ea269b70a&zid=1928&cb=promoUpdate&output=js HTTP/1.1
Host: tgt.mmtro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Tue, 29 Nov 2022 22:09:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
p3p: policyref="http://mmtro.com/w3c/p3p.xml", CP="ALL DSP LAW CUR TAIi PSAi PSDi IVAi IVDi OUR BUS UNI"
expires: Wed, 23 Feb 2000 00:00:01 GMT
x-rid: 6386832f928d6669542b6a44
strict-transport-security: max-age=15724800; includeSubDomains
x-envoy-upstream-service-time: 19
server: envoy
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
142.250.74.162200 OK 223 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (446), with no line terminators
Hash e02e2eb5acf7d7bc3757c0abc6b4e6e3
f8dfb7cdaea044f36e83127ae562bf91cd027c2c
a0e39748fb7f93ab50b650ce23a763871d11f48cf524fdde34d3c3a44ad43554
GET /ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://6927651.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:52 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 223
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
co20341.tw1.ru/content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-credit-conso-defaut.jpg
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-credit-conso-defaut.jpg
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-credit-conso-defaut.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/bin/dispatch.html
185.114.245.124200 OK 48 kB URL HTTP/1.1 co20341.tw1.ru/bin/dispatch.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (804)
Hash 6e65c12833e20b336c17a58eb5220259
65f9d3cdbeacd00be7d7cd4844865ae8863b3358
b686a429a015ea00f5d979634462c64acd7d30ca09f9a680c04d4a5d877faff7
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/dispatch.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 01:02:51 GMT
ETag: W/"28844-5ee7d6e42471c"
Content-Encoding: gzip
co20341.tw1.ru/bin/identif.html
185.114.245.124200 OK 2.5 kB URL HTTP/1.1 co20341.tw1.ru/bin/identif.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ISO-8859 text, with very long lines (663)
Hash 98ae7d490638a1d4181cb3c896c07b12
f0caa8fd84df4e5477ff10cbf7c4eda99252202c
d9ac3aa53e33b49b9a3b3450903edfaa8dab1916601d0e6453e1e9e04c97b025
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/identif.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 01:02:55 GMT
ETag: W/"210a-5ee7d6e8376a4"
Content-Encoding: gzip
co20341.tw1.ru/bin/js(1)
185.114.245.124200 OK 78 kB IP 185.114.245.124:0
File type gzip compressed data, from Unix\012- data
Hash fd427c83c05f5d9d3297cdc1e1093253
e97daeff36eefb01a4b848a917319f1351b9a314
a6d3066e5ca359628d3b1767b2625634fa2ccb782a31eaa59cc2a41e4040d9e0
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/js(1) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Length: 98175
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:03 GMT
ETag: "17f7f-5ee7d6ef059b2"
Accept-Ranges: bytes
halc.iadvize.com/iadvize.js?sid=null&tpl=laposte2&lang=fr
54.230.111.32302 Found 127 B URL HTTP/1.1 halc.iadvize.com/iadvize.js?sid=null&tpl=laposte2&lang=fr
IP 54.230.111.32:0
File type HTML document, ASCII text
Hash 09d64af6fb787613189e978affe2e5fb
f027d1409cc950c046e850949572aa3d1b77454e
88e89066170b56c807fc5f5e1cb3e9e2395aa1046921afb9433094ee585e3b44
GET /iadvize.js?sid=null&tpl=laposte2&lang=fr HTTP/1.1
Host: halc.iadvize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Content-Length: 127
Connection: keep-alive
Date: Tue, 29 Nov 2022 22:09:52 GMT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Resource-Policy: cross-origin
Location: https://halc.iadvize.com/static/livechat/9f1365c5167791d4b6defa2d7d3dcfd2b641812a/live.js
Server: fc5031e0-c371-f0dc-4a99-2fb15fd30b67
Strict-Transport-Security: max-age=31536000;
Vary: Accept-Encoding, Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2U_JceKHDLRI8SRif8wnhqca-eyN9MCcu-1LR48EzWEqsz6O8n8yyw==
co20341.tw1.ru/
185.114.245.124200 OK 15 kB IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2355)
Hash 9f0bc8ca4e78939d054eff61bcec36cf
75581a82aec173e89dbff82c21c98cee4239e5f4
32cc6480a4e2231be3d95721071b85ffafaac7df04d0a072044f49715ed21dbc
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
phishtank Other
fortinet Phishing
GET / HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
co20341.tw1.ru/content/dam/refonte_Particulier/Home/new-homepage/commerciale/AFMTelethon_LBP_HP_30ko.jpg
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/content/dam/refonte_Particulier/Home/new-homepage/commerciale/AFMTelethon_LBP_HP_30ko.jpg
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /content/dam/refonte_Particulier/Home/new-homepage/commerciale/AFMTelethon_LBP_HP_30ko.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-argent-quotidien-ouvrir-compte-defaut.jpg
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-argent-quotidien-ouvrir-compte-defaut.jpg
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /content/dam/refonte_Particulier/Home/1000-mercis/mea-ps-740x430-argent-quotidien-ouvrir-compte-defaut.jpg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
co20341.tw1.ru/bin/icomoon-library/icons.ttf?9h9ppi
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/bin/icomoon-library/icons.ttf?9h9ppi
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /bin/icomoon-library/icons.ttf?9h9ppi HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/base.min.css
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/content/dam/refonte_Particulier/Home/new-homepage/commerciale/mea-hp-740x430-nba-playground.png
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/content/dam/refonte_Particulier/Home/new-homepage/commerciale/mea-hp-740x430-nba-playground.png
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /content/dam/refonte_Particulier/Home/new-homepage/commerciale/mea-hp-740x430-nba-playground.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23248, version 1.0\012- data
Hash 98d8cf792834c0bef59c2be99dc3533d
f48e6d698147781b82f573a71f904355274015cd
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
GET /s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 05:58:33 GMT
expires: Sat, 25 Nov 2023 05:58:33 GMT
cache-control: public, max-age=31536000
age: 403879
last-modified: Tue, 15 Sep 2020 18:12:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 21:11:13 GMT
cache-control: public,max-age=3600
age: 3519
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17640, version 1.0\012- data
Hash a21767e20d27a9c06007c981a8e5f827
a9130de32c87c3fc72b963df80267b1144864b51
afdd5b03f94d18d31b86e4bdf19ad063f6917233f5605f2e4b34d055a2502b0e
GET /s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17640
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 14:21:07 GMT
expires: Sat, 25 Nov 2023 14:21:07 GMT
cache-control: public, max-age=31536000
age: 373725
last-modified: Tue, 15 Sep 2020 18:10:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23484, version 1.0\012- data
Hash b4d2c4c39853ee244272c04999b230ba
c82e22dde9716c40ba20e6c7ed03a1b66556de15
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23484
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 09:42:51 GMT
expires: Thu, 23 Nov 2023 09:42:51 GMT
cache-control: public, max-age=31536000
age: 563221
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22572, version 1.0\012- data
Hash 947e87c53b5765bfc8982613ccd789e9
521905bb4c4ce849285620eb0db5969d14d557ba
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
GET /s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22572
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 07:26:35 GMT
expires: Sat, 25 Nov 2023 07:26:35 GMT
cache-control: public, max-age=31536000
age: 398597
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22992, version 1.0\012- data
Hash 1efbd38aa76ddae2580fedf378276333
8a49976f2470ba2a1db6144245355d3b889312e4
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
GET /s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22992
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:45:27 GMT
expires: Wed, 29 Nov 2023 15:45:27 GMT
cache-control: public, max-age=31536000
age: 23065
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/base-footer.min.js
185.114.245.124200 OK 55 B URL HTTP/1.1 co20341.tw1.ru/bin/base-footer.min.js
IP 185.114.245.124:0
Hash 9f073354411bbaf7a319b1519f10b4b7
571498f38548829bf186f49f5be9d5fa6e689a68
4a7aaaa1c093dee8a191d4469c9f701c5e62e88896bc778a13cc4ffedf9be89a
Analyzer Verdict Alert openphish La Banque postale
fortinet Phishing
GET /bin/base-footer.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408b8-c86dd"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/saved_resource.html
185.114.245.124200 OK 568 B URL HTTP/1.1 co20341.tw1.ru/bin/saved_resource.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 1e422c96667d2accc671798ee8229f8e
d51b22b4d095821ec15993e199d6459804d516d9
2e4405ceaf5d2f7d56ac932547524e81ddd70b6e88974cd696e310615f55852f
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/saved_resource.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 568
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:09 GMT
ETag: "238-5ee7d6f52ccdf"
Accept-Ranges: bytes
co20341.tw1.ru/bin/icomoon-library/icons.woff?9h9ppi
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/bin/icomoon-library/icons.woff?9h9ppi
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/icomoon-library/icons.woff?9h9ppi HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/base.min.css
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/bin/cvs_all.css
185.114.245.124200 OK 1.7 kB URL HTTP/1.1 co20341.tw1.ru/bin/cvs_all.css
IP 185.114.245.124:0
File type ASCII text, with very long lines (365)
Hash f59a017840da1422b457e412dfd7b008
0a8596fd28da4add07f7c6214bf3c5cbf6fc35ee
d535db0aff674cedd944bc016189a727a3c525240b329afddbdb08857afcbd81
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/cvs_all.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408ba-1a93"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
halc.iadvize.com/static/livechat/9f1365c5167791d4b6defa2d7d3dcfd2b641812a/live.js
54.230.111.32200 OK 8.3 kB URL HTTP/2 halc.iadvize.com/static/livechat/9f1365c5167791d4b6defa2d7d3dcfd2b641812a/live.js
IP 54.230.111.32:0
Hash d2c5ca60b221d234e56ce0b6d96c8529
db1a1bcf4fdc8f7e115886f17e837f5115db4c25
c919e80884c8ac63d1c9bc50519324a419e2a4def0f354c73b37d639e0533c1b
GET /static/livechat/9f1365c5167791d4b6defa2d7d3dcfd2b641812a/live.js HTTP/1.1
Host: halc.iadvize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 15 Nov 2022 14:43:47 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-encoding: gzip
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: W/"e6d732250c75399c2b0297ebe785ba1b"
last-modified: Tue, 15 Nov 2022 13:08:39 GMT
server: f4bf7be6-62ab-d46a-b164-cdd9ae40430c, AmazonS3
strict-transport-security: max-age=31536000;
x-amz-server-side-encryption: AES256
x-amz-version-id: null
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: K1UKOmTzPr1rsG64M5onlt4VQot-4qH3AJsN-1JH8tQBH7d-jfmFAA==
age: 1236365
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/cvs_portable.css
185.114.245.124200 OK 405 B URL HTTP/1.1 co20341.tw1.ru/bin/cvs_portable.css
IP 185.114.245.124:0
Hash 247b0cbb870dc751b75d0ca99a87c0d6
d39c6643338e118b336d664d8f328e6fd5e54f25
1460238c70cdc60ce29810344f88b0d75d994087c18dc37c495174511511d928
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/cvs_portable.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/css
Last-Modified: Mon, 28 Nov 2022 01:02:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408ba-438"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/val_keypad_cvvs-unifie.js
185.114.245.124200 OK 3.5 kB URL HTTP/1.1 co20341.tw1.ru/bin/val_keypad_cvvs-unifie.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (750)
Hash 2ca2a6ac6729f9eefaf4eaaaad17c5ae
2bf30776894fb3d9927427c9b07bcce4cf2492b3
3a13be9c4175713c90ee950e2a8796530381a873bb53c954a8706d3247a9ddaa
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/val_keypad_cvvs-unifie.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d3-289a"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/jquery-3.4.1.min.js
185.114.245.124200 OK 31 kB URL HTTP/1.1 co20341.tw1.ru/bin/jquery-3.4.1.min.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (65451)
Hash 9abb42735168ac9e960b770179b642aa
11475bf8c7244af7a820108b7762e7a3f95aa52c
df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/jquery-3.4.1.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c6-15851"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/val_keypad_cvvs-commun-unifie.js
185.114.245.124200 OK 3.6 kB URL HTTP/1.1 co20341.tw1.ru/bin/val_keypad_cvvs-commun-unifie.js
IP 185.114.245.124:0
File type ASCII text, with very long lines (395)
Hash 6ea10c039c8999c5e786c9de8c5ae0fe
ab67d1341e0c39bfc3af26db3ee6c5879dbfae61
b86f5a84973ea9ec88755877908ec63ea314e7e2fdf8d62b3073cce03150f9f9
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/val_keypad_cvvs-commun-unifie.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:03:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408d3-3264"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
co20341.tw1.ru/bin/activityi.html
185.114.245.124200 OK 706 B URL HTTP/1.1 co20341.tw1.ru/bin/activityi.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash ee20b1b7e5cdd78d4ff4d74ecfe2bf06
35a6f833d687941f1e106c2d5a72383b9cc76acb
00bb9687de461afbb278a89f7cb5d0613f41eaf4c2e27ab073114a840a7b9cf1
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/activityi.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 01:02:45 GMT
ETag: W/"476-5ee7d6de4f470"
Content-Encoding: gzip
co20341.tw1.ru/bin/storage.html
185.114.245.124200 OK 927 B URL HTTP/1.1 co20341.tw1.ru/bin/storage.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1851)
Hash d472cc42587e1a6e71decbb381f18a3f
0df94108c67b25da1a755100cc80839a56f07990
d72103c040f9c3007ec3f593bc0103947a75da8e6c757667398710987b6b5796
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/storage.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 28 Nov 2022 01:03:10 GMT
ETag: W/"7ba-5ee7d6f671061"
Content-Encoding: gzip
co20341.tw1.ru/bin/i(4).html
185.114.245.124200 OK 490 B URL HTTP/1.1 co20341.tw1.ru/bin/i(4).html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8b4f20ad110982814f6cf32d157b43a7
2418eb15bdec528231c7ae8c88639fa895df028a
29641d72e8c6ecf6e51da8240daab138dd8dc7557b9a708b82c970d2e05cf1e9
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i(4).html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 490
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:55 GMT
ETag: "1ea-5ee7d6e789963"
Accept-Ranges: bytes
co20341.tw1.ru/assets/inbenta-common/js/inbenta-core.min.js
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/assets/inbenta-common/js/inbenta-core.min.js
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /assets/inbenta-common/js/inbenta-core.min.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
co20341.tw1.ru/assets/inbenta-common/css/inbenta-core.min.css
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/assets/inbenta-common/css/inbenta-core.min.css
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /assets/inbenta-common/css/inbenta-core.min.css HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
adservice.google.no/ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
142.250.74.98302 Found 0 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/i/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://6927651.fls.doubleclick.net/ddm/fls/r/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/i.html
185.114.245.124200 OK 487 B URL HTTP/1.1 co20341.tw1.ru/bin/i.html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d9f887cd58be496aa241ecba634ddc4e
58e06f29287c7325769c350824a5dc03c28d2044
311f560d35311e24e7432b398e9a2a853ea519b0b5749b0b5e82000c593cecd8
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i.html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 487
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:55 GMT
ETag: "1e7-5ee7d6e7a4ee3"
Accept-Ranges: bytes
co20341.tw1.ru/bin/i(3).html
185.114.245.124200 OK 490 B URL HTTP/1.1 co20341.tw1.ru/bin/i(3).html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ea6349e971a579be396e2d3d3ebc0540
8deec2db1993d304a402cfe9882d0085ef42f656
b90f1b2c364e7953e0d10c216c065513e54eba3681c5af5191d25b54eb38e26c
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i(3).html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 490
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:54 GMT
ETag: "1ea-5ee7d6e71a422"
Accept-Ranges: bytes
co20341.tw1.ru/bin/saved_resource(3).html
185.114.245.124200 OK 516 B URL HTTP/1.1 co20341.tw1.ru/bin/saved_resource(3).html
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash f87ce425ba9aaeebd3f6a9e580a1452b
b6c5e48b4928db04805e7fb04b5c6699caffb92e
e04425820e4cac243fb387f3352ecd596c39ac332506e58746aab0e263d23262
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/saved_resource(3).html HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 516
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:09 GMT
ETag: "204-5ee7d6f503c9e"
Accept-Ranges: bytes
co20341.tw1.ru/bin/base-edito-fonts/resources/svg/icon-interface-chevron-right.svg
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/bin/base-edito-fonts/resources/svg/icon-interface-chevron-right.svg
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/base-edito-fonts/resources/svg/icon-interface-chevron-right.svg HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/base.min.css
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
6927651.fls.doubleclick.net/ddm/fls/r/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
142.250.74.38200 OK 303 B URL HTTP/2 6927651.fls.doubleclick.net/ddm/fls/r/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 07ee47a35dcda659717c7885264c33a2
016eb5a038546f0289f7a2b088ebf7fe805c7613
927a9817df77e086cc28cf1a3884cb85f1ad139c22c64e23158a0d382fb84bc5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /ddm/fls/r/src=6927651;type=invmedia;cat=laban000;ord=9369902801637;gtm=2odb41;auiddc=121169973.1669759791;~oref=http%3A%2F%2Fco20341.tw1.ru%2F HTTP/1.1
Host: 6927651.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:52 GMT
expires: Tue, 29 Nov 2022 22:09:52 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 303
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 22:24:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
co20341.tw1.ru/bin/saved_resource(2)
185.114.245.124200 OK 42 B URL HTTP/1.1 co20341.tw1.ru/bin/saved_resource(2)
IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/saved_resource(2) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/saved_resource.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Length: 42
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:03:09 GMT
ETag: "2a-5ee7d6f4a31be"
Accept-Ranges: bytes
co20341.tw1.ru/bin/loginform?imgid=allunifie1&e=3&0.5195778855360447
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/bin/loginform?imgid=allunifie1&e=3&0.5195778855360447
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /bin/loginform?imgid=allunifie1&e=3&0.5195778855360447 HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/identif.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 11c13c6660744bf89408fbe667316d72
87e04a11efea9c876135f29e4cca1c77a7c6f9b4
2414ba47019c870c9d74cfd97d312f4faf4b87869c0197ee10e482754c4fda9a
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3387
Cache-Control: max-age=168717
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Etag: "638651bf-37"
Expires: Thu, 01 Dec 2022 19:45:48 GMT
Last-Modified: Tue, 29 Nov 2022 18:38:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b4b7b6468fc20f6805ee5612730796f7
435bf2d1b1f5ba870f225f9dbb6ac856b1342c0a
d4d57aecb8d284b11b6af1bafb9a13dd8f69583c7daade46aa987ec8a38d3db6
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3426
Cache-Control: max-age=103341
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Etag: "6385667b-1d7"
Expires: Thu, 01 Dec 2022 02:52:13 GMT
Last-Modified: Tue, 29 Nov 2022 01:55:07 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
co20341.tw1.ru/bin/f(2).txt
185.114.245.124200 OK 11 kB URL HTTP/1.1 co20341.tw1.ru/bin/f(2).txt
IP 185.114.245.124:0
File type ASCII text, with very long lines (2274)
Hash 396e465d585b8f4e151b2e782b98d033
ef578aee9a8510ff4afacef4299fabc47d7a9244
409f2b5858c1ae3185d41955fb65ca8dffb99449bd296c9aec73fc19cc3538d7
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/f(2).txt HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/activityi.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 28 Nov 2022 01:02:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408bc-753b"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/f(3).txt
185.114.245.124200 OK 1.2 kB URL HTTP/1.1 co20341.tw1.ru/bin/f(3).txt
IP 185.114.245.124:0
File type ASCII text, with very long lines (1938), with no line terminators
Hash fec5c14ab8a31c0b0c97d83ad30fbf09
fc2879e694a4ba4dd7333f339954c41b285e8b97
e7a20241a7b7e0f13f0ef6affb08bbf9b69b1c08eb6bd3b5954d8cc0ff92bb49
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/f(3).txt HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/activityi.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/plain; charset=utf-8
Last-Modified: Mon, 28 Nov 2022 01:02:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408bc-792"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
co20341.tw1.ru/bin/i(2)
185.114.245.124200 OK 48 B IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d8b1e5906a77a303b516c9a0f3e4bcaf
174178028c07150b75086abc291a5bb94601a89e
2c366efc13702d5bf379b6d5d072ff66fe1d602a6c3185ddd6d6009390fea0f5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i(2) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/i(4).html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Length: 48
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:54 GMT
ETag: "30-5ee7d6e6fcf61"
Accept-Ranges: bytes
co20341.tw1.ru/bin/orchestrator.39e27e60.js.t%C3%A9l%C3%A9chargement
185.114.245.124404 Not Found 196 B URL HTTP/1.1 co20341.tw1.ru/bin/orchestrator.39e27e60.js.t%C3%A9l%C3%A9chargement
IP 185.114.245.124:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/orchestrator.39e27e60.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/saved_resource(3).html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 404 Not Found
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive
push.services.mozilla.com/
52.88.220.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.220.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Jp0vYmSdZzILGbG1cjfLTg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XzesLB+RJXP+haCg6BgbvquBRqQ=
co20341.tw1.ru/bin/dc_pre=CJC3o8SFku0CFco14AodkgkIAQ
185.114.245.124200 OK 42 B URL HTTP/1.1 co20341.tw1.ru/bin/dc_pre=CJC3o8SFku0CFco14AodkgkIAQ
IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/dc_pre=CJC3o8SFku0CFco14AodkgkIAQ HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/activityi.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Length: 42
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:50 GMT
ETag: "2a-5ee7d6e372b5a"
Accept-Ranges: bytes
engage.commander1.com/reach?tc_s=2623
35.180.16.227307 Temporary Redirect 95 B URL HTTP/1.1 engage.commander1.com/reach?tc_s=2623
IP 35.180.16.227:0
File type ASCII text, with no line terminators
Hash 32b0ade4ff056202b6658e7eac131840
2da8b38da0f337d5e4d6ff4c3777dfb31b6f8168
342bc482fd280a992f1fd9e94aa19b12be2b86b9476010cb4a3c0d423fcbb238
GET /reach?tc_s=2623 HTTP/1.1
Host: engage.commander1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 95
Connection: keep-alive
set-cookie: TCID=202211292309525708003279; Domain=commander1.com; Path=/; Expires=Wed, 29 Nov 2023 22:09:52 GMT; HttpOnly; Secure; SameSite=None
WID=5aae3410-011d-4b42-9cb5-e0554c3aa724; Domain=commander1.com; Path=/; HttpOnly; Secure; SameSite=None
location: https://engage.commander1.com/reach?tc_firsttime=1&tc_s=2623
vary: Accept
co20341.tw1.ru/bin/i
185.114.245.124200 OK 48 B IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d8b1e5906a77a303b516c9a0f3e4bcaf
174178028c07150b75086abc291a5bb94601a89e
2c366efc13702d5bf379b6d5d072ff66fe1d602a6c3185ddd6d6009390fea0f5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/i.html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Length: 48
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:54 GMT
ETag: "30-5ee7d6e671500"
Accept-Ranges: bytes
co20341.tw1.ru/bin/i(1)
185.114.245.124200 OK 48 B IP 185.114.245.124:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d8b1e5906a77a303b516c9a0f3e4bcaf
174178028c07150b75086abc291a5bb94601a89e
2c366efc13702d5bf379b6d5d072ff66fe1d602a6c3185ddd6d6009390fea0f5
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
fortinet Phishing
GET /bin/i(1) HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/bin/i(3).html
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Length: 48
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 01:02:54 GMT
ETag: "30-5ee7d6e68da21"
Accept-Ranges: bytes
privacy.trustcommander.net/privacy-consent/
13.38.206.51200 OK 43 B URL HTTP/1.1 privacy.trustcommander.net/privacy-consent/
IP 13.38.206.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
POST /privacy-consent/ HTTP/1.1
Host: privacy.trustcommander.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 162
Origin: http://co20341.tw1.ru
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Cache-Control: private, max-age=486000, pre-check=486000
Pragma: private
Expires: Mon, 27 Feb 2023 22:09:52 GMT
Access-Control-Allow-Origin: http://co20341.tw1.ru
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Vary: Origin
snap.licdn.com/li.lms-analytics/insight.old.min.js
23.36.76.210200 OK 4.5 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.old.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12826)
Hash 806d185619a4ef5951ab91810117e4ba
f40031c0ea5718f6d9a0a35e8ca60262daedc440
06489a801966cb9e7b467aed4edb63aa10bc2e588d259054ef696ade54e4b19f
GET /li.lms-analytics/insight.old.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 06:30:58 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=9708
date: Tue, 29 Nov 2022 22:09:52 GMT
content-length: 4530
x-cdn: AKAM
X-Firefox-Spdy: h2
ib.adnxs.com/getuid?//its.tradelab.fr/?type=tlsync&uuid2=$UID&callback=tl_sync
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?//its.tradelab.fr/?type=tlsync&uuid2=$UID&callback=tl_sync
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?//its.tradelab.fr/?type=tlsync&uuid2=$UID&callback=tl_sync HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dtlsync%26uuid2%3D%24UID%26callback%3Dtl_sync
AN-X-Request-Uuid: efc3339d-0de8-402e-ab7a-ab314bd97434
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.youtube.com/s/player/a3726513/www-widgetapi.vflset/www-widgetapi.js
172.217.21.174200 OK 37 kB URL HTTP/2 www.youtube.com/s/player/a3726513/www-widgetapi.vflset/www-widgetapi.js
IP 172.217.21.174:0
File type ASCII text, with very long lines (1165)
Hash 3e0d9ddabcc84ec21518d872b3b2d1be
9f06cb642cf14a3304ada1e86f08b01f48472525
1e2ef8aa166357bb5c080ae458d3333ef979bfddb03498bf9944815f5572e70a
GET /s/player/a3726513/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 36745
date: Tue, 29 Nov 2022 22:09:52 GMT
expires: Wed, 29 Nov 2023 22:09:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Nov 2020 01:15:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/px?id=991000&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=991000&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=991000&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991000%26t%3D2
AN-X-Request-Uuid: 2e4f1f7b-539f-4893-acd2-f48f061c0841
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991000%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8178278%252C8178332%252C8217168%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
AN-X-Request-Uuid: 5e1c3410-6083-41cc-a14a-d2f1e3407bbb
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
googleads.g.doubleclick.net/pagead/viewthroughconversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=SDK4X6isGJeY-gaquZyoBw&sscte=1&crd=
142.250.74.162302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=SDK4X6isGJeY-gaquZyoBw&sscte=1&crd=
IP 142.250.74.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=SDK4X6isGJeY-gaquZyoBw&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 22:24:52 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991002%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22c%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991002%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22c%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991002%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22c%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991002%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522c%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
AN-X-Request-Uuid: f1e05846-0ddc-4cd8-8c03-915c7071c973
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/px?id=991002&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=991002&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=991002&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991002%26t%3D2
AN-X-Request-Uuid: afe2840d-59ca-406b-9774-2dc745aa6180
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?//its.tradelab.fr/?type=convr&x=1&uuid2=$UID&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991001%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
AN-X-Request-Uuid: 8dd50555-9faa-441a-85fc-2e700835ead4
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/px?id=991001&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=991001&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=991001&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991001%26t%3D2
AN-X-Request-Uuid: 8f597ab7-d347-4d23-a6e3-1821d93adde9
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/seg?add=2491894:09&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/seg?add=2491894:09&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=2491894:09&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A09%26t%3D2
AN-X-Request-Uuid: 38d90b5c-89c8-4fb0-be6b-e85b41932052
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cdn.tradelab.fr/fseg/2135.js?add=12608265
152.195.132.24200 OK 2.6 kB URL HTTP/1.1 cdn.tradelab.fr/fseg/2135.js?add=12608265
IP 152.195.132.24:0
File type ASCII text, with very long lines (518)
Hash e8e2acc1934a78e938bb2f88981f126c
04e508ff2ef2b20c1edabb2861528cb353ee7775
c33fd65b0d81fa1bfb50c0e3ff4ac82c26aa752ea196874322466bed02496acd
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /fseg/2135.js?add=12608265 HTTP/1.1
Host: cdn.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Origin: *
Age: 215
Cache-Control: max-age=1800
Content-Type: application/javascript
Date: Tue, 29 Nov 2022 22:09:52 GMT
Etag: "1bbd-59ff7646fd68a-gzip"
Expires: Tue, 29 Nov 2022 22:39:52 GMT
Last-Modified: Tue, 03 Mar 2020 18:22:54 GMT
Server: ECAcc (ska/F73F)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 2594
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1669759790634&url=http%3A%2F%2Fco20341.tw1.ru%2F
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1669759790634&url=http%3A%2F%2Fco20341.tw1.ru%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=&time=1669759790634&url=http%3A%2F%2Fco20341.tw1.ru%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&185b7ca6-c657-42cf-8f9d-c052ede5e5f6"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 29-Nov-2023 22:09:52 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2423:u=1:x=1:i=1669759792:t=1669846192:v=2:sig=AQG2kC7PzhwgnZ0BpMt6SJOuMFxKsg7H"; Expires=Wed, 30 Nov 2022 22:09:52 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXuoz9O+sPvinLzg/DEdw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: A21BC7C4600349D390ECBE5566A3482D Ref B: OSL30EDGE0109 Ref C: 2022-11-29T22:09:52Z
date: Tue, 29 Nov 2022 22:09:52 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.tradelab.fr/conv/991000.js
152.195.132.24200 OK 2.0 kB URL HTTP/1.1 cdn.tradelab.fr/conv/991000.js
IP 152.195.132.24:0
File type ASCII text, with very long lines (832)
Hash 866cef51cc7a1af978bd63d062ad7597
fc1a7e138eff4b50c0a722a777684720ff1a1450
339200fc612e99e909baf07bd33255243a505dbbb0b92ebe802b0ec89c843053
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /conv/991000.js HTTP/1.1
Host: cdn.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Origin: *
Age: 215
Cache-Control: max-age=1800
Content-Type: application/javascript
Date: Tue, 29 Nov 2022 22:09:52 GMT
Etag: "15a7-5c445be4e9274-gzip"
Expires: Tue, 29 Nov 2022 22:39:52 GMT
Last-Modified: Tue, 08 Jun 2021 18:58:28 GMT
Server: ECAcc (ska/F753)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 2034
ib.adnxs.com/px?id=1156839&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=1156839&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=1156839&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1156839%26t%3D2
AN-X-Request-Uuid: 3504bb25-e3bd-41db-a847-c7058bc26ed3
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
ib.adnxs.com/px?id=996576&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=996576&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=996576&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D996576%26t%3D2
AN-X-Request-Uuid: d14348ce-205e-42ef-bce2-a0d0db6e3537
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
ib.adnxs.com/px?id=1003722&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/px?id=1003722&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=1003722&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1003722%26t%3D2
AN-X-Request-Uuid: fddfa1b3-1b68-4646-bfd1-a750564b7cab
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
co20341.tw1.ru/etc/designs/favicon.png
185.114.245.124200 OK 2.8 kB URL HTTP/1.1 co20341.tw1.ru/etc/designs/favicon.png
IP 185.114.245.124:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 95148d7f825922493ef706dd98457ff4
a0a5b1c2f52bb002000a04de5aa74d8ed25fc703
c78d2b529472912245060a36f2393b664716b51511b6bdcfa385fba224ba3811
Analyzer Verdict Alert urlquery Phishing - La Banque postale
openphish La Banque postale
GET /etc/designs/favicon.png HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Cookie: _gcl_au=1.1.121169973.1669759791; tCdebugLib=1; cikneeto_uuid=id:f3dcc715-1585-42e1-b001-805289704940; TCPID=122112229503471076740
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: image/png
Content-Length: 2817
Last-Modified: Mon, 28 Nov 2022 01:00:07 GMT
Connection: keep-alive
ETag: "63840817-b01"
Expires: Fri, 30 Dec 2022 22:09:52 GMT
Cache-Control: max-age=2678400
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ecb3506821caec55c7bbba4661f05460
851aead7db5c43dba6547026590cd9a23cbcdadf
dc93906a7850df73e9052b353dee67b80bb5caf8e804370242e994fba3cf4152
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
engage.commander1.com/reach?tc_firsttime=1&tc_s=2623
35.180.16.227200 OK 43 B URL HTTP/1.1 engage.commander1.com/reach?tc_firsttime=1&tc_s=2623
IP 35.180.16.227:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /reach?tc_firsttime=1&tc_s=2623 HTTP/1.1
Host: engage.commander1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Cookie: TCID=202211292309525708003279; WID=5aae3410-011d-4b42-9cb5-e0554c3aa724
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:09:52 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
set-cookie: TCID=202211292309525708003279; Domain=commander1.com; Path=/; Expires=Wed, 29 Nov 2023 22:09:52 GMT; HttpOnly; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
cache-control: private, max-age=486000, pre-check=486000
pragma: private
expires: Mon, 27 Feb 2023 22:09:52 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ecb3506821caec55c7bbba4661f05460
851aead7db5c43dba6547026590cd9a23cbcdadf
dc93906a7850df73e9052b353dee67b80bb5caf8e804370242e994fba3cf4152
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion.js
142.250.74.130200 OK 17 kB URL HTTP/2 www.googleadservices.com/pagead/conversion.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (2772)
Hash ac7574cbc5b2e85b7ddfa76b8657e59d
2bbeec5531576d6352b1c2b74e0e05c1ea10251d
bdf1e52afba9d671ea698707f97e8609de6360c502dc7b6eed2f40f979e08387
GET /pagead/conversion.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6927651.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 29 Nov 2022 22:09:52 GMT
expires: Tue, 29 Nov 2022 22:09:52 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16359567893097152046
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 16827
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion/852773421/?random=1669759791686&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
142.250.74.130200 OK 1.0 kB URL HTTP/2 www.googleadservices.com/pagead/conversion/852773421/?random=1669759791686&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1720), with no line terminators
Hash 5e7f066d0b48a504b2099a91022de900
c64e4c784cc60bac0fb456376c8ae21de89952f9
cdf36ddb8168f99703dba5b7e9179ebe1d6982fef5f355c521f1eee5f5a0f41b
GET /pagead/conversion/852773421/?random=1669759791686&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1005
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect/?pid=1365721&conversionId=1259489&fmt=gif
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect/?pid=1365721&conversionId=1259489&fmt=gif
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect/?pid=1365721&conversionId=1259489&fmt=gif HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D1365721%26conversionId%3D1259489%26fmt%3Dgif%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJvbtERk4-MxgAAAYTFcHcfv96rISgpPJq4aUTD8XtP4GDC3w_smBwRymkl0Qa6HlVrWH8FdVZhew; Max-Age=2592000; Expires=Thu, 29 Dec 2022 22:09:52 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQLFimTD8O33ZQAAAYTFcHcfLy9aeQXF2fvr-_OxYtKcE66TsC8larPkpcIRryT-x_EGckLkmLE75MvHGwZuVA; Max-Age=2592000; Expires=Thu, 29 Dec 2022 22:09:52 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&cd25ff9d-2533-4162-8e26-8493528abdca"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 29-Nov-2023 22:09:52 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2379:u=1:x=1:i=1669759792:t=1669846192:v=2:sig=AQGjioAZfMx3UOfsE8vDoSrtKXSAsMhy"; Expires=Wed, 30 Nov 2022 22:09:52 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXuoz9RLwdtPz9mAEX7ow==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 44A63F0761784CBDA99B7A0DBCC36B60 Ref B: OSL30EDGE0109 Ref C: 2022-11-29T22:09:52Z
date: Tue, 29 Nov 2022 22:09:52 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7ffb55fbbcc6987d340b5aca12ac7491
452e27e1df48d31cceed65eacacbbaa4f695304c
2b9ad447b25387c1a80f21d443206e618f1b0717c60c5aa1aa6c731b99426b6e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dtlsync%26uuid2%3D%24UID%26callback%3Dtl_sync
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dtlsync%26uuid2%3D%24UID%26callback%3Dtl_sync
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dtlsync%26uuid2%3D%24UID%26callback%3Dtl_sync HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dtlsync%2526uuid2%253D%2524UID%2526callback%253Dtl_sync
AN-X-Request-Uuid: e01a9b6d-939e-43bb-aea3-49239d4fe0f9
Set-Cookie: uuid2=6347087278422280335; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.google.com/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991001%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991001%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D991001%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991001%2526t%253D2
AN-X-Request-Uuid: af8d61f7-e3a4-4ce4-af9a-84a902775654
Set-Cookie: uuid2=5483474108723979281; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion/852773421/?random=1669759792030&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
142.250.74.130200 OK 1.2 kB URL HTTP/2 www.googleadservices.com/pagead/conversion/852773421/?random=1669759792030&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1944), with no line terminators
Hash 5065fb7a5e13b479eb0671c4efd54902
a77767493eee7f1162ffb227f22b3596ee9cc33d
823215ab943dc3ac7e1fd0a46a5b6a61fabb78655e4fddd6ff34fa9cce6d1f40
GET /pagead/conversion/852773421/?random=1669759792030&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6927651.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1156
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&sscte=1&crd=
142.250.74.162302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&sscte=1&crd=
IP 142.250.74.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 22:24:53 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
its.tradelab.fr/?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
www.google.ci/pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.ci/pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/993136125/?random=1605906937161&cv=9&fst=1605906000000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.labanquepostale.fr%2F&ref=https%3A%2F%2Ftransverse.labanquepostale.fr%2F&tiba=La%20Banque%20Postale%20-%20Banque%20et%20Assurance%20en%20ligne%20%E2%80%93%20La%20Banque%20Postale&async=1&fmt=3&is_vtc=1&random=954080410&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.ci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://co20341.tw1.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dtlsync%2526uuid2%253D%2524UID%2526callback%253Dtl_sync
185.89.210.122302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dtlsync%2526uuid2%253D%2524UID%2526callback%253Dtl_sync
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dtlsync%2526uuid2%253D%2524UID%2526callback%253Dtl_sync HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: //its.tradelab.fr/?type=tlsync&uuid2=0&callback=tl_sync
AN-X-Request-Uuid: 5910e52b-0a38-45de-b1ab-465ec7425f9f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.google.com/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991002%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522c%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991002%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522c%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991002%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522c%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991002%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522c%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
AN-X-Request-Uuid: ff89f336-1c96-443c-8f71-b5b2478a7f6d
Set-Cookie: uuid2=3140852157110424063; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991000%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8178278%252C8178332%252C8217168%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991000%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8178278%252C8178332%252C8217168%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991000%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8178278%252C8178332%252C8217168%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991000%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8178278%25252C8178332%25252C8217168%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
AN-X-Request-Uuid: 2d69dd5f-cdd8-4a39-abad-87d8d4638ae0
Set-Cookie: uuid2=817033037995295847; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.google.com/pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO
142.250.74.132302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6927651.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=177323158&cv=9&fst=*&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=834&u_aw=1536&u_cd=24&u_his=12&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https://6927651.fls.doubleclick.net/activityi%3Bdc_pre%3DCJC3o8SFku0CFco14AodkgkIAQ%3Bsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D6695387850260%3Bgtm%3D2odb41%3Bauiddc%3D100092942.1605891102%3B~oref%3Dhttps%253A%252F%252Fwww.labanquepostale.fr%252F%3F&ref=https://www.labanquepostale.fr/&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=SDK4X6isGJeY-gaquZyoBw&random=1092497054&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991001%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991001%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fgetuid%3F%2F%2Fits.tradelab.fr%2F%3Ftype%3Dconvr%26x%3D1%26uuid2%3D%24UID%26cdata%3D%257B%2522a%2522%253A991001%252C%2522l%2522%253A%255B6129654%252C6129670%252C6129677%252C6129705%252C6140244%252C6140246%252C6140363%252C6141029%252C6205745%252C6205752%252C6205755%252C6205762%252C6220830%252C8124214%252C8124594%252C8124968%252C8124973%252C8125344%252C8141760%252C8141763%252C8141816%252C8141850%252C8141875%252C8141880%252C8141931%252C8141938%252C8176847%252C8176869%252C8176878%252C8239623%252C8245529%252C8245533%252C8245537%252C8245540%252C8260100%252C8445392%252C8505468%252C8505515%252C9271738%252C9271745%252C9271969%252C9272093%252C9272160%252C9272905%252C9408323%252C9408407%252C9408587%252C9408663%252C9408768%252C9511553%252C9611699%252C9611846%252C9683342%252C9683349%252C9719394%252C10005812%252C10226877%252C10226889%252C10226919%252C10244639%252C10381193%252C10480996%252C12967986%252C12968507%252C12968515%252C12968543%252C12968782%252C12968784%252C13104005%252C13259085%255D%252C%2522i%2522%253A1%252C%2522c%2522%253A7%252C%2522t%2522%253A%2522h%2522%252C%2522m%2522%253A%2522null%2522%252C%2522vi%2522%253A0%252C%2522vc%2522%253A0%252C%2522hf%2522%253A0%252C%2522x%2522%253A%257B%257D%257D%26advid%3D2602146%26xur%3Dco20341.tw1.ru%252F%26adata%3D%257B%2522c%2522%253A%257B%2522ref_url%2522%253A%2522%2522%252C%2522ref_ts%2522%253A0%252C%2522page_url%2522%253A%2522%2522%252C%2522dm%2522%253A%2522%2522%257D%252C%2522v%2522%253A%257B%2522vis_cnt%2522%253A0%252C%2522frst_vis_ts%2522%253A1669759791%252C%2522prev_vis_ts%2522%253A0%252C%2522curr_vis_ts%2522%253A1669759791%252C%2522total_page_cnt%2522%253A0%252C%2522prev_page_cnt%2522%253A0%252C%2522curr_page_cnt%2522%253A1%257D%257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991001%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
AN-X-Request-Uuid: 56eb0597-210b-41b0-9d86-b0d4021f1a25
Set-Cookie: uuid2=1102623834788547586; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.google.no/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=417273548&cv=9&fst=1669759791686&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=http%3A%2F%2Fco20341.tw1.ru%2F&ref=http%3A%2F%2Fco20341.tw1.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MIOGY5zpPLWQ78EP7qmlmAc&random=2118491059&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A09%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A09%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fseg%3Fadd%3D2491894%3A09%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A09%2526t%253D2
AN-X-Request-Uuid: 48e93bbc-2926-4e59-918d-20c28d51ed1c
Set-Cookie: uuid2=5958230112188716983; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
www.google.no/pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/852773421/?random=1714708928&cv=9&fst=1669759792030&num=1&label=Hio2CMbqvosBEK2U0ZYD&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F6927651.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D6927651%3Btype%3Dinvmedia%3Bcat%3Dlaban000%3Bord%3D9369902801637%3Bgtm%3D2odb41%3Bauiddc%3D121169973.1669759791%3B~oref%3Dhttp%253A%252F%252Fco20341.tw1.ru%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MYOGY9C-Aq6U78EP_7C3sAM&random=4095462746&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6927651.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991002%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991002%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D991002%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991002%2526t%253D2
AN-X-Request-Uuid: a68b7895-130b-4106-9f12-a01f8b06eca7
Set-Cookie: uuid2=467968129824595803; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991001%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
185.89.210.122302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991001%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991001%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: //its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={"a":991001,"l":[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],"i":1,"c":7,"t":"h","m":"null","vi":0,"vc":0,"hf":0,"x":{}}&advid=2602146&xur=co20341.tw1.ru/&adata={"c":{"ref_url":"","ref_ts":0,"page_url":"","dm":""},"v":{"vis_cnt":0,"frst_vis_ts":1669759791,"prev_vis_ts":0,"curr_vis_ts":1669759791,"total_page_cnt":0,"prev_page_cnt":0,"curr_page_cnt":1}}
AN-X-Request-Uuid: c1180c95-9d95-4b91-8167-55c2e88ff64a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/seg?add=12608265&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/seg?add=12608265&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=12608265&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608265%26t%3D2
AN-X-Request-Uuid: c6245576-c8ec-4a43-adbb-b00eccbeb6b7
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991000%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D991000%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D991000%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991000%2526t%253D2
AN-X-Request-Uuid: 480e0019-d243-4441-9c76-4cf861c1f161
Set-Cookie: uuid2=6356410272043901136; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1156839%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1156839%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D1156839%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1156839%2526t%253D2
AN-X-Request-Uuid: cd5ff750-b3d1-4501-8573-dcf9285aa503
Set-Cookie: uuid2=4431310598458983318; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D1365721%26conversionId%3D1259489%26fmt%3Dgif%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D1365721%26conversionId%3D1259489%26fmt%3Dgif%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D1365721%26conversionId%3D1259489%26fmt%3Dgif%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?pid=1365721&conversionId=1259489&fmt=gif&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&f478a970-6e78-47bf-8d98-350d6ec34fe6"; Domain=.linkedin.com; Expires=Wed, 29-Nov-2023 22:09:53 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20221129220953c356a8f8-cf55-4501-80c0-1b3811816189AQECstfKmm6xTaB1WNr_cJUOu-jqzVi5"; Domain=.www.linkedin.com; Expires=Wed, 29-Nov-2023 22:09:53 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2Njk3NTk3OTM7MjswMjH/gBJCFhysRaZRVu7bwKJgQHzWIVZQllBKGV+uG7HBOg==; Domain=.linkedin.com; Expires=Sun, 28 May 2023 22:09:53 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2423:u=1:x=1:i=1669759793:t=1669846193:v=2:sig=AQFXi8B4YkIKe9xpqYAa_JlHW6um97_1"; Expires=Wed, 30 Nov 2022 22:09:53 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXuoz9UgMbrVlLUXOsI3w==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: BA21E750680C4ED391AB41B587CE92D9 Ref B: OSL30EDGE0109 Ref C: 2022-11-29T22:09:53Z
date: Tue, 29 Nov 2022 22:09:52 GMT
content-length: 0
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D996576%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D996576%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D996576%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D996576%2526t%253D2
AN-X-Request-Uuid: bcfc4242-920b-4834-8099-af78b96bdcdc
Set-Cookie: uuid2=3950313650102923753; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1003722%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fpx%3Fid%3D1003722%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fpx%3Fid%3D1003722%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1003722%2526t%253D2
AN-X-Request-Uuid: 844e6f1e-c4ff-4e05-bcb3-9caf9d0aa3a9
Set-Cookie: uuid2=1350276559048956083; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ee42df19cb85a32274da55a436f6099c
f2efc95b28a170acce5d07080a1841a704490890
d227692b55435fe171db887ceecd17983ee29cc2ed2b8f1f11429fa9116474d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991001%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991001%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991001%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 6ccf92a8-c92d-4ae6-928d-c9d6670161dd
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f9d4524e58f8e18fd7cb060234b8b9f6
6a8eeabcd7c960dd981d5c7007443574d8a2dff3
4dfb12448d8716c0a4e46e8830d829ed78747564388d55cdc050ad4db5530027
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 22:09:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 20:16:33 GMT
Expires: Wed, 30 Nov 2022 20:16:33 GMT
ETag: "6a8eeabcd7c960dd981d5c7007443574d8a2dff3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991002%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522c%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
185.89.210.122302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991002%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522c%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991002%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522c%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: //its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={"a":991002,"l":[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],"i":1,"c":7,"t":"c","m":"null","vi":0,"vc":0,"hf":0,"x":{}}&advid=2602146&xur=co20341.tw1.ru/&adata={"c":{"ref_url":"","ref_ts":0,"page_url":"","dm":""},"v":{"vis_cnt":0,"frst_vis_ts":1669759791,"prev_vis_ts":0,"curr_vis_ts":1669759791,"total_page_cnt":0,"prev_page_cnt":0,"curr_page_cnt":1}}
AN-X-Request-Uuid: 6bf71798-6930-4846-a419-47105af64489
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991000%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8178278%25252C8178332%25252C8217168%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
185.89.210.122302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991000%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8178278%25252C8178332%25252C8217168%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fsbounce%3F%252Fgetuid%253F%252F%252Fits.tradelab.fr%252F%253Ftype%253Dconvr%2526x%253D1%2526uuid2%253D%2524UID%2526cdata%253D%25257B%252522a%252522%25253A991000%25252C%252522l%252522%25253A%25255B6129654%25252C6129670%25252C6129677%25252C6129705%25252C6140244%25252C6140246%25252C6140363%25252C6141029%25252C6205745%25252C6205752%25252C6205755%25252C6205762%25252C6220830%25252C8124214%25252C8124594%25252C8124968%25252C8124973%25252C8125344%25252C8141760%25252C8141763%25252C8141816%25252C8141850%25252C8141875%25252C8141880%25252C8141931%25252C8141938%25252C8176847%25252C8176869%25252C8176878%25252C8178278%25252C8178332%25252C8217168%25252C8239623%25252C8245529%25252C8245533%25252C8245537%25252C8245540%25252C8260100%25252C8445392%25252C8505468%25252C8505515%25252C9271738%25252C9271745%25252C9271969%25252C9272093%25252C9272160%25252C9272905%25252C9408323%25252C9408407%25252C9408587%25252C9408663%25252C9408768%25252C9511553%25252C9611699%25252C9611846%25252C9683342%25252C9683349%25252C9719394%25252C10005812%25252C10226877%25252C10226889%25252C10226919%25252C10244639%25252C10381193%25252C10480996%25252C12967986%25252C12968507%25252C12968515%25252C12968543%25252C12968782%25252C12968784%25252C13104005%25252C13259085%25255D%25252C%252522i%252522%25253A1%25252C%252522c%252522%25253A7%25252C%252522t%252522%25253A%252522h%252522%25252C%252522m%252522%25253A%252522null%252522%25252C%252522vi%252522%25253A0%25252C%252522vc%252522%25253A0%25252C%252522hf%252522%25253A0%25252C%252522x%252522%25253A%25257B%25257D%25257D%2526advid%253D2602146%2526xur%253Dco20341.tw1.ru%25252F%2526adata%253D%25257B%252522c%252522%25253A%25257B%252522ref_url%252522%25253A%252522%252522%25252C%252522ref_ts%252522%25253A0%25252C%252522page_url%252522%25253A%252522%252522%25252C%252522dm%252522%25253A%252522%252522%25257D%25252C%252522v%252522%25253A%25257B%252522vis_cnt%252522%25253A0%25252C%252522frst_vis_ts%252522%25253A1669759791%25252C%252522prev_vis_ts%252522%25253A0%25252C%252522curr_vis_ts%252522%25253A1669759791%25252C%252522total_page_cnt%252522%25253A0%25252C%252522prev_page_cnt%252522%25253A0%25252C%252522curr_page_cnt%252522%25253A1%25257D%25257D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: //its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={"a":991000,"l":[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8178278,8178332,8217168,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],"i":1,"c":7,"t":"h","m":"null","vi":0,"vc":0,"hf":0,"x":{}}&advid=2602146&xur=co20341.tw1.ru/&adata={"c":{"ref_url":"","ref_ts":0,"page_url":"","dm":""},"v":{"vis_cnt":0,"frst_vis_ts":1669759791,"prev_vis_ts":0,"curr_vis_ts":1669759791,"total_page_cnt":0,"prev_page_cnt":0,"curr_page_cnt":1}}
AN-X-Request-Uuid: 75d9de5c-66aa-4539-b9ac-9a27bf838b0a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7ffb55fbbcc6987d340b5aca12ac7491
452e27e1df48d31cceed65eacacbbaa4f695304c
2b9ad447b25387c1a80f21d443206e618f1b0717c60c5aa1aa6c731b99426b6e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:09:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=0&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=6566066589031317493; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node4.tradelab.fr
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&cdata=%7B%22a%22%3A1156839%2C%22l%22%3A%5B8176878%2C8245540%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=9967588189661195232; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node4.tradelab.fr
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&cdata=%7B%22a%22%3A996576%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=2185183149666524482; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node4.tradelab.fr
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f9d4524e58f8e18fd7cb060234b8b9f6
6a8eeabcd7c960dd981d5c7007443574d8a2dff3
4dfb12448d8716c0a4e46e8830d829ed78747564388d55cdc050ad4db5530027
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 22:09:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 20:16:33 GMT
Expires: Wed, 30 Nov 2022 20:16:33 GMT
ETag: "6a8eeabcd7c960dd981d5c7007443574d8a2dff3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A09%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A09%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A09%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: f42cf2bc-4d5f-46f1-b177-66bca7a36e5d
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2ImOFCPh.!@wnf-Te9(>wL5L!!'Ig$chYT; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106302 Found 0 B URL HTTP/1.1 its.tradelab.fr/?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?type=tp&advid=2602146&uuid=0&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=6893544056596211548; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
iev0=eJyrVjIyMzAyNDFTsqpWKiopVrIyNDOzNDe1NLc0NjEw01EqSs4rUbIyADJSSosgDKBIJoRVXACSq60FAH6UEyg=; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
X-Powered-By: Tradelab ITS / node2.tradelab.fr
Location: https://cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm
px.ads.linkedin.com/collect?pid=1365721&conversionId=1259489&fmt=gif&liSync=true
13.107.42.14200 OK 65 B URL HTTP/2 px.ads.linkedin.com/collect?pid=1365721&conversionId=1259489&fmt=gif&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 8b0d5b18476ae12e2476f3621d54c4a5
2ad669e9d207fbb37e84dda25766dbaeb66d792c
2d7244b6960d26ae56f048f162f02949ca7858be19d9349ec82906e56dfa3cfe
GET /collect?pid=1365721&conversionId=1259489&fmt=gif&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 65
content-type: image/gif
content-encoding: gzip
vary: Accept-Encoding
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&34bfbb92-2d02-4275-882b-418da6e61ded"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 29-Nov-2023 22:09:53 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2423:u=1:x=1:i=1669759793:t=1669846193:v=2:sig=AQFXi8B4YkIKe9xpqYAa_JlHW6um97_1"; Expires=Wed, 30 Nov 2022 22:09:53 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXuoz9XeUtJ0zGd6oPQWg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 58A85309FFEC4D7AB7CFEE194F322D6B Ref B: OSL30EDGE0109 Ref C: 2022-11-29T22:09:53Z
date: Tue, 29 Nov 2022 22:09:53 GMT
X-Firefox-Spdy: h2
its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&cdata=%7B%22a%22%3A1003722%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A0%2C%22page_url%22%3A%22%22%2C%22dm%22%3A%22%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A0%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A0%2C%22curr_vis_ts%22%3A1669759791%2C%22total_page_cnt%22%3A0%2C%22prev_page_cnt%22%3A0%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=2921139484320565291; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node5.tradelab.fr
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=0&cdata=%7B%22a%22%3A991000%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8178278%2C8178332%2C8217168%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=3948682316248775274; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node5.tradelab.fr
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991002%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991002%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991002%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 01398413-c1c9-4c23-888b-9d93fad05e34
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f9d4524e58f8e18fd7cb060234b8b9f6
6a8eeabcd7c960dd981d5c7007443574d8a2dff3
4dfb12448d8716c0a4e46e8830d829ed78747564388d55cdc050ad4db5530027
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 22:09:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 20:16:33 GMT
Expires: Wed, 30 Nov 2022 20:16:33 GMT
ETag: "6a8eeabcd7c960dd981d5c7007443574d8a2dff3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991001,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991001,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&uuid2=0&cdata={%22a%22:991001,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}} HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid2=0; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
uuid=3804269676618062736; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node4.tradelab.fr
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D996576%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D996576%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D996576%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 74f11bdd-6322-492d-929f-dc8e34f6f235
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991000,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8178278,8178332,8217168,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991000,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8178278,8178332,8217168,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&uuid2=0&cdata={%22a%22:991000,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8178278,8178332,8217168,8239623,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22h%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}} HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid2=0; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
uuid=5224314622003840999; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node4.tradelab.fr
its.tradelab.fr/?type=tlsync&uuid2=0&callback=tl_sync
85.17.192.106200 OK 35 B URL HTTP/1.1 its.tradelab.fr/?type=tlsync&uuid2=0&callback=tl_sync
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 4a357e7b6e128a2e8141d57647469e45
cd85144283318b259ddbf3b5003e5909b0d1148e
fb7b72d0014d8ad0f87a0ececd165015863a41fb379aaf72b61a97ae61391c63
GET /?type=tlsync&uuid2=0&callback=tl_sync HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid2=0; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
uuid=9789293619841560786; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Access-Control-Allow-Origin: *
P3p: CP="CAO PSA OUR"
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991000%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991000%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D991000%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 8b737982-826f-48c1-b080-8657b018caaa
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=fseg&uuid2=4801858766581308409&sid=12608265&val=undefined&fun=2135&step=1&siev=12608262&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid2=4801858766581308409; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
uuid=4801858766581308409; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
iev0=eJxlyzEShCAMheG7vNpCggbJVXaslHVoHEd0G4a7G7Sw2O7PlySDuCXTMSTje66QT0acISBjezRIYdHB6NVAfEMMv1eoyhG2KncmiGH2rvfO285ZtWk9IK3GfO5PqMSn0lZ3ZWyw/72WcgFPjSjT; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node5.tradelab.fr
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1156839%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1156839%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1156839%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: debe7b5e-a7a7-475f-a9f6-73b49f564a6f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm
216.58.207.226302 Found 285 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 99eacce2df6348525adbb66179b6a122
9ae2089704548b1c8545021a9de724f71fa8fb84
cd793d1e2bdcc66fa07e118627012f0d24684aa085f149eed09b86a06ade7384
GET /pixel?google_nid=tradelab_dmp&google_cm HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm=&google_tc=
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 285
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 29-Nov-2022 22:24:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991002,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22c%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=1&uuid2=0&cdata={%22a%22:991002,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22c%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}}
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=1&uuid2=0&cdata={%22a%22:991002,%22l%22:[6129654,6129670,6129677,6129705,6140244,6140246,6140363,6141029,6205745,6205752,6205755,6205762,6220830,8124214,8124594,8124968,8124973,8125344,8141760,8141763,8141816,8141850,8141875,8141880,8141931,8141938,8176847,8176869,8176878,8245529,8245533,8245537,8245540,8260100,8445392,8505468,8505515,9271738,9271745,9271969,9272093,9272160,9272905,9408323,9408407,9408587,9408663,9408768,9511553,9611699,9611846,9683342,9683349,9719394,10005812,10226877,10226889,10226919,10244639,10381193,10480996,12967986,12968507,12968515,12968543,12968782,12968784,13104005,13259085],%22i%22:1,%22c%22:7,%22t%22:%22c%22,%22m%22:%22null%22,%22vi%22:0,%22vc%22:0,%22hf%22:0,%22x%22:{}}&advid=2602146&xur=co20341.tw1.ru/&adata={%22c%22:{%22ref_url%22:%22%22,%22ref_ts%22:0,%22page_url%22:%22%22,%22dm%22:%22%22},%22v%22:{%22vis_cnt%22:0,%22frst_vis_ts%22:1669759791,%22prev_vis_ts%22:0,%22curr_vis_ts%22:1669759791,%22total_page_cnt%22:0,%22prev_page_cnt%22:0,%22curr_page_cnt%22:1}} HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid2=0; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
uuid=1595908501282654056; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node5.tradelab.fr
ib.adnxs.com/seg?add=2491894:0&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/seg?add=2491894:0&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=2491894:0&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A0%26t%3D2
AN-X-Request-Uuid: c82ed0e2-0a6f-4296-b09c-516f5eb7436a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm=&google_tc=
216.58.207.226302 Found 256 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=tradelab_dmp&google_cm=&google_tc=
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 71887a73cc8a27e417a04a9a689586c0
d3128cba3bfccf3eb54562cccc344d30ca175703
86083e6edab8fa44c3d8b0b5ff3a7292f6bdf16e2a3046f90a285f036b0ce96b
GET /pixel?google_nid=tradelab_dmp&google_cm=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://its.tradelab.fr/?type=tlsync_dbm&google_error=3
date: Tue, 29 Nov 2022 22:09:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A0%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D2491894%3A0%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fseg%3Fadd%3D2491894%3A0%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A0%2526t%253D2
AN-X-Request-Uuid: ce35d8ba-8d1c-4e1f-896d-66f19ba0c145
Set-Cookie: uuid2=194807446098996068; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=tlsync_dbm&google_error=3
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=tlsync_dbm&google_error=3
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=tlsync_dbm&google_error=3 HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=2787052714817998469; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:53 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node3.tradelab.fr
ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608265%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608265%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fseg%3Fadd%3D12608265%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608265%2526t%253D2
AN-X-Request-Uuid: 9403f23c-9a42-4632-8258-32351bcca6f7
Set-Cookie: uuid2=4563874695916236188; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A0%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A0%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D2491894%253A0%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 54a99105-f67e-4792-a264-f8d3bd994050
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2ImOFCPh.!@wnf-Te9(>wL5L!!'Ig$chYT; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608265%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608265%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608265%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: ea12e4d2-626c-493f-9622-4ea6f566107a
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2ImOFCPh.!@wnf-Te9(>wL5L!!'Ig$chYT; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:53 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1003722%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1003722%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fpx%253Fid%253D1003722%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:53 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: ee0d8d46-250d-4395-9fcd-1cf38f453bd4
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5299
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:09:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5299
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:09:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 67902
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 43221
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:01:55 GMT
age: 478
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 47297
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 62403
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:46:58 GMT
age: 1375
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f9d4524e58f8e18fd7cb060234b8b9f6
6a8eeabcd7c960dd981d5c7007443574d8a2dff3
4dfb12448d8716c0a4e46e8830d829ed78747564388d55cdc050ad4db5530027
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 29 Nov 2022 22:09:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 29 Nov 2022 20:16:33 GMT
Expires: Wed, 30 Nov 2022 20:16:33 GMT
ETag: "6a8eeabcd7c960dd981d5c7007443574d8a2dff3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.tradelab.fr/fseg/2135.js?add=12608266
152.195.132.24200 OK 2.6 kB URL HTTP/1.1 cdn.tradelab.fr/fseg/2135.js?add=12608266
IP 152.195.132.24:0
File type ASCII text, with very long lines (518)
Hash e8e2acc1934a78e938bb2f88981f126c
04e508ff2ef2b20c1edabb2861528cb353ee7775
c33fd65b0d81fa1bfb50c0e3ff4ac82c26aa752ea196874322466bed02496acd
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /fseg/2135.js?add=12608266 HTTP/1.1
Host: cdn.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Origin: *
Age: 220
Cache-Control: max-age=1800
Content-Type: application/javascript
Date: Tue, 29 Nov 2022 22:09:57 GMT
Etag: "1bbd-59ff7646fd68a-gzip"
Expires: Tue, 29 Nov 2022 22:39:57 GMT
Last-Modified: Tue, 03 Mar 2020 18:22:54 GMT
Server: ECAcc (ska/F73F)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 2594
cdn.tradelab.fr/conv/991001.js
152.195.132.24200 OK 2.0 kB URL HTTP/1.1 cdn.tradelab.fr/conv/991001.js
IP 152.195.132.24:0
File type ASCII text, with very long lines (808)
Hash 76ab9cb9225329cbb283ca854ec51436
0b6c85a3be3979ecb9c5464c793fad122794b9a9
e44c53266fbef09b992000993e8e46ed1ad51742ab33fb389b2eb934c66c0b5d
Analyzer Verdict Alert urlquery Phishing - La Banque postale
GET /conv/991001.js HTTP/1.1
Host: cdn.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Origin: *
Age: 80
Cache-Control: max-age=1800
Content-Type: application/javascript
Date: Tue, 29 Nov 2022 22:09:57 GMT
Etag: "158f-5c445be5b05ff-gzip"
Expires: Tue, 29 Nov 2022 22:39:57 GMT
Last-Modified: Tue, 08 Jun 2021 18:58:28 GMT
Server: ECAcc (ska/F730)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 2023
ib.adnxs.com/seg?add=12608266&t=2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/seg?add=12608266&t=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=12608266&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608266%26t%3D2
AN-X-Request-Uuid: 856dfbc8-0a4b-49ff-b7ca-d89dda6822f2
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
its.tradelab.fr/?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106301 Moved Permanently 169 B URL HTTP/1.1 its.tradelab.fr/?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://its.tradelab.fr/?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608266%26t%3D2
185.89.210.122307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/sbounce?%2Fseg%3Fadd%3D12608266%26t%3D2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sbounce?%2Fseg%3Fadd%3D12608266%26t%3D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608266%2526t%253D2
AN-X-Request-Uuid: 15efb03d-d51c-4535-a30e-db1523e88a73
Set-Cookie: uuid2=2668567891739391853; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:57 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=convr&x=0&cdata=%7B%22a%22%3A991001%2C%22l%22%3A%5B6129654%2C6129670%2C6129677%2C6129705%2C6140244%2C6140246%2C6140363%2C6141029%2C6205745%2C6205752%2C6205755%2C6205762%2C6220830%2C8124214%2C8124594%2C8124968%2C8124973%2C8125344%2C8141760%2C8141763%2C8141816%2C8141850%2C8141875%2C8141880%2C8141931%2C8141938%2C8176847%2C8176869%2C8176878%2C8239623%2C8245529%2C8245533%2C8245537%2C8245540%2C8260100%2C8445392%2C8505468%2C8505515%2C9271738%2C9271745%2C9271969%2C9272093%2C9272160%2C9272905%2C9408323%2C9408407%2C9408587%2C9408663%2C9408768%2C9511553%2C9611699%2C9611846%2C9683342%2C9683349%2C9719394%2C10005812%2C10226877%2C10226889%2C10226919%2C10244639%2C10381193%2C10480996%2C12967986%2C12968507%2C12968515%2C12968543%2C12968782%2C12968784%2C13104005%2C13259085%2C13477519%2C14058054%2C14058197%2C14058205%2C14058228%2C14069494%2C14069497%2C14069560%2C14069565%2C14069590%2C14069626%2C14074179%2C14112662%2C14130392%2C14212376%2C14212411%2C14212419%2C14212455%2C14212467%2C14212692%2C14212694%2C14570528%2C14570544%5D%2C%22i%22%3A1%2C%22c%22%3A7%2C%22t%22%3A%22h%22%2C%22m%22%3A%22null%22%2C%22vi%22%3A0%2C%22vc%22%3A0%2C%22hf%22%3A0%2C%22x%22%3A%7B%7D%7D&advid=2602146&xur=co20341.tw1.ru%2F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uuid=7475466828464090440; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:57 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
X-Powered-By: Tradelab ITS / node1.tradelab.fr
ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608266%2526t%253D2
185.89.210.122200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608266%2526t%253D2
IP 185.89.210.122:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsbounce%3F%252Fseg%253Fadd%253D12608266%2526t%253D2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 8d8a74bc-6533-447a-9b64-2baa2932c950
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2ImQFCPh.!@wnf-Te9(>wL5L!!'Lx$eNee; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 27-Feb-2023 22:09:57 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
its.tradelab.fr/?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
85.17.192.106200 OK 43 B URL HTTP/1.1 its.tradelab.fr/?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D
IP 85.17.192.106:0
ASN #60781 LeaseWeb Netherlands B.V.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 45cf913e5d9d3c9b2058033056d3dd23
30cb5d44e276505b1d4c053c8b25525da228db30
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
GET /?type=fseg&uuid2=0&sid=12608266&val=undefined&fun=2135&step=2&siev=12608263&fp=0&advid=2602146&isregen=0&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A105.0)%2520Gecko%252F20100101%2520Firefox%252F105.0&ur=http%253A%252F%252Fco20341.tw1.ru%252F&adata=%7B%22c%22%3A%7B%22ref_url%22%3A%22%22%2C%22ref_ts%22%3A1669759792%2C%22page_url%22%3A%22co20341.tw1.ru%2F%22%2C%22dm%22%3A%22www.labanquepostale.fr%22%7D%2C%22v%22%3A%7B%22vis_cnt%22%3A1%2C%22frst_vis_ts%22%3A1669759791%2C%22prev_vis_ts%22%3A1669759791%2C%22curr_vis_ts%22%3A1669759792%2C%22total_page_cnt%22%3A1%2C%22prev_page_cnt%22%3A1%2C%22curr_page_cnt%22%3A1%7D%7D HTTP/1.1
Host: its.tradelab.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://co20341.tw1.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 29 Nov 2022 22:09:57 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: uuid2=0; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:57 GMT; Secure; SameSite=None
uuid=9656897528663729912; Max-Age=7776000; Domain=.tradelab.fr; Path=/; Expires=Mon, 27 Feb 2023 22:09:57 GMT; Secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0,post-check=0,pre-check=0
Access-Control-Allow-Origin: *
P3p: CP="CAO PSA OUR"
co20341.tw1.ru/bin/inbenta-km-sdk.js
185.114.245.124200 OK 0 B URL HTTP/1.1 co20341.tw1.ru/bin/inbenta-km-sdk.js
IP 185.114.245.124:0
Analyzer Verdict Alert openphish La Banque postale
fortinet Phishing
GET /bin/inbenta-km-sdk.js HTTP/1.1
Host: co20341.tw1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://co20341.tw1.ru/
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 29 Nov 2022 22:09:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Nov 2022 01:02:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"638408c2-69840"
Expires: Fri, 30 Dec 2022 22:09:51 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip