coronaatticinsulation.com/
301 Moved Permanently 246 B URL User Request GET HTTP/1.1 coronaatticinsulation.com/
IP
Certificate IssuerLet's Encrypt
Subjectwww.coronaatticinsulation.com
Fingerprint5A:DC:E4:4F:A3:69:EC:DE:F9:A4:5D:E9:CF:1B:87:46:07:3B:BB:D4
ValiditySat, 07 Oct 2023 14:20:59 GMT - Fri, 05 Jan 2024 14:20:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 57a9b46980963a18cd979e0104007722
aebca7a5b30d80b4807df45dbed28cf191b8db2c
8330be7831548f25f84d6762f10f5bbf0c015ba3d2f13dfb0ee41b77d7362f23
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET / HTTP/1.1
Host: coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Dec 2023 04:02:45 GMT
Server: Apache
Location: https://www.coronaatticinsulation.com/
Content-Length: 246
Keep-Alive: timeout=10, max=18
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
coronaatticinsulation.com/
301 Moved Permanently 245 B URL User Request GET HTTP/1.1 coronaatticinsulation.com/
IP
Certificate IssuerLet's Encrypt
Subjectwww.coronaatticinsulation.com
Fingerprint5A:DC:E4:4F:A3:69:EC:DE:F9:A4:5D:E9:CF:1B:87:46:07:3B:BB:D4
ValiditySat, 07 Oct 2023 14:20:59 GMT - Fri, 05 Jan 2024 14:20:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash be6305d6511a19ef8bc243258c43cb1b
bd65e383290d86ed90cf75ee54ed1c098aac17fb
bb72f7fc831ec0fea0e2b04061d1998d8f53f49f52f80ca3794100dca43bb1e8
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET / HTTP/1.1
Host: coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Dec 2023 04:02:47 GMT
Server: Apache
Location: http://www.coronaatticinsulation.com/
Content-Length: 245
Keep-Alive: timeout=10, max=56
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.coronaatticinsulation.com/
301 Moved Permanently 394 B URL User Request GET HTTP/1.1 www.coronaatticinsulation.com/
IP
Certificate IssuerLet's Encrypt
Subjectwww.coronaatticinsulation.com
Fingerprint5A:DC:E4:4F:A3:69:EC:DE:F9:A4:5D:E9:CF:1B:87:46:07:3B:BB:D4
ValiditySat, 07 Oct 2023 14:20:59 GMT - Fri, 05 Jan 2024 14:20:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b10c223cd9f6473006cd7e45cb1410ba
5e2ffde6da82c88e806751973e3848ee36dd3f85
4415a75c7bcb5f5497e40ec90d595aa77d3d956995153a5ff1c6880cd3a56058
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET / HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Dec 2023 04:02:48 GMT
Server: Apache
Set-Cookie: is_mobile=0; path=/; domain=www.coronaatticinsulation.com
Vary: X-W-SSL,User-Agent
Location: http://www.coronaatticinsulation.com/
X-Host: grn147.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 394
Keep-Alive: timeout=10, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
www.coronaatticinsulation.com/
301 Moved Permanently 75 kB URL User Request GET HTTP/1.1 www.coronaatticinsulation.com/
IP
Certificate IssuerLet's Encrypt
Subjectwww.coronaatticinsulation.com
Fingerprint5A:DC:E4:4F:A3:69:EC:DE:F9:A4:5D:E9:CF:1B:87:46:07:3B:BB:D4
ValiditySat, 07 Oct 2023 14:20:59 GMT - Fri, 05 Jan 2024 14:20:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14237), with CRLF, LF line terminators
Hash 05c2d914ae739d088ea3cc41796f7ab8
c3f5d88dfd400999a250d606f882acdce5df7a01
a1bcf7b125b52ccd14b37bc5e76a0147f220cce369b78e721a953256d56d2131
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET / HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 04:02:48 GMT
Server: Apache
Vary: X-W-SSL,Accept-Encoding,User-Agent
Set-Cookie: is_mobile=0; path=/; domain=www.coronaatticinsulation.com
language=en; expires=Thu, 21-Dec-2023 04:02:48 GMT; Max-Age=1209600; path=/
Cache-Control: private
ETag: W/"05c2d914ae739d088ea3cc41796f7ab8-gzip"
Content-Encoding: gzip
X-Host: grn64.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Keep-Alive: timeout=10, max=1
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cdn2.editmysite.com/fonts/Raleway/font.css?2
200 OK 360 B URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Raleway/font.css?2
IP
Requested by http://www.coronaatticinsulation.com/
Hash 418811a280009065492fcad7569d9a9d
b0f8f8153bcf58c00ca2f6eca5117944cacc20e6
7e95fc140480ef50a60f97de91912908430f7199a662fb7d2e08132132ed2bb9
GET /fonts/Raleway/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 360
Server: nginx
Content-Type: text/css
Last-Modified: Wed, 22 Nov 2023 21:22:38 GMT
ETag: "655e711e-a10"
Expires: Tue, 12 Dec 2023 15:06:15 GMT
Cache-Control: max-age=1209600
X-Host: grn29.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 737794
X-Served-By: cache-sjc1000114-SJC, cache-bma1661-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 22, 6
X-Timer: S1701921769.052255,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/social-icons.css?buildtime=1701732118
200 OK 1.6 kB URL GET HTTP/1.1 cdn2.editmysite.com/css/social-icons.css?buildtime=1701732118
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (13080)
Hash 1e79056b2281b9a75076e47d66e597ef
e330d6cb9169ac4113ec8bea04e58f9dc497263b
9ff0f6039242b9c7796fdf4beb2090bf16b3c253e9c4a1fd3f7dda7472d62150
GET /css/social-icons.css?buildtime=1701732118 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1639
Server: nginx
Content-Type: text/css
Last-Modified: Mon, 04 Dec 2023 21:20:21 GMT
ETag: W/"656e4295-3319"
Expires: Mon, 18 Dec 2023 23:23:30 GMT
Cache-Control: max-age=1209600
X-Host: grn63.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 189559
X-Served-By: cache-sjc10042-SJC, cache-bma1682-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1168, 3
X-Timer: S1701921769.053799,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Lato/font.css?2
200 OK 365 B URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Lato/font.css?2
IP
Requested by http://www.coronaatticinsulation.com/
Hash 8748eec74f3e1353ff5d59c4fc793928
5c585058ebe43354156e0c7f1c40937128804fa7
cb2642e037c6e74eace100541b7e6776ecaf14371b49e4decf7831bfb0a7147b
GET /fonts/Lato/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 365
Server: nginx
Content-Type: text/css
Last-Modified: Wed, 22 Nov 2023 21:22:38 GMT
ETag: "655e711e-a0c"
Expires: Tue, 12 Dec 2023 11:01:00 GMT
Cache-Control: max-age=1209600
X-Host: blu87.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 752508
X-Served-By: cache-sjc1000096-SJC, cache-bma1666-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 26, 1385
X-Timer: S1701921769.054042,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Roboto/font.css?2
200 OK 366 B URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Roboto/font.css?2
IP
Requested by http://www.coronaatticinsulation.com/
Hash 05f181094c6a399a6a095b872fdd62a2
dcd242a26e18eaa525c20ae2bc6e32d2393664f6
926c730cd097087583d7b2eaf8cfa55fabcb061f576cfbf154be708dfe672c77
GET /fonts/Roboto/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 366
Server: nginx
Content-Type: text/css
Last-Modified: Wed, 22 Nov 2023 21:22:38 GMT
ETag: "655e711e-a18"
Expires: Tue, 12 Dec 2023 10:17:40 GMT
Cache-Control: max-age=1209600
X-Host: blu153.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 755108
X-Served-By: cache-sjc1000117-SJC, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 11, 111
X-Timer: S1701921769.054201,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/sites.css?buildTime=1701732118
200 OK 30 kB URL GET HTTP/1.1 cdn2.editmysite.com/css/sites.css?buildTime=1701732118
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (65536), with no line terminators
Hash 251fe9dd065a30efd11ccab9a9613cda
9c8bec2886368f245985ae92222349ba92ac07f7
5b6bd64c8f7d37dd7bd34e3760cfffa93a982937376e2c02708f63c35c645a07
GET /css/sites.css?buildTime=1701732118 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 29663
Server: nginx
Content-Type: text/css
Last-Modified: Mon, 04 Dec 2023 21:20:21 GMT
ETag: W/"656e4295-337f6"
Expires: Mon, 18 Dec 2023 23:23:28 GMT
Cache-Control: max-age=1209600
X-Host: grn153.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 189560
X-Served-By: cache-sjc1000103-SJC, cache-bma1674-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 71, 7
X-Timer: S1701921769.053782,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/old/fancybox.css?1701732118
200 OK 1.2 kB URL GET HTTP/1.1 cdn2.editmysite.com/css/old/fancybox.css?1701732118
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (3910)
Hash 1dcebbb5a1eb8b028310ceeb72a339b3
e254b7a35ac189fd1ce9cf8bd78593bebfe27d7d
865cb87de9fc4d6530edce21f0103107abae6abe45cabdff2ad9af067b3d8e0a
GET /css/old/fancybox.css?1701732118 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1218
Server: nginx
Content-Type: text/css
Last-Modified: Mon, 04 Dec 2023 21:20:27 GMT
ETag: "656e429b-f47"
Expires: Mon, 18 Dec 2023 23:23:34 GMT
Cache-Control: max-age=1209600
X-Host: blu64.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 189555
X-Served-By: cache-sjc10053-SJC, cache-bma1674-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1061, 6
X-Timer: S1701921769.053731,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Quicksand/font.css?2
200 OK 303 B URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Quicksand/font.css?2
IP
Requested by http://www.coronaatticinsulation.com/
Hash 0863fbd5586a036bb5e4a15c6970a9a7
fc9d60896b5ee157ac25e8dc8994ce760faa318e
bd6b11f4c31bd84949c3ec61aae5f4d93cf0354cd8f422506ff7ec7d1be728b3
GET /fonts/Quicksand/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 303
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 30 Nov 2023 14:56:41 GMT
ETag: "6568a2a9-4f9"
Expires: Thu, 14 Dec 2023 17:25:07 GMT
Cache-Control: max-age=1209600
X-Host: grn116.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 556661
X-Served-By: cache-sjc1000145-SJC, cache-bma1682-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 48, 4
X-Timer: S1701921769.085664,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Sapir/font.css?2
200 OK 129 B URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Sapir/font.css?2
IP
Requested by http://www.coronaatticinsulation.com/
Hash 236dc0127a6de2be80a44aca88d5f1e1
c25960509a8a079095117942adf7de3fa25382b6
2bb5e0a3272e63a097bf06099237e3997262f6ed6a3576fc049fd90f5b32fc45
GET /fonts/Sapir/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 129
Server: nginx
Content-Type: text/css
Last-Modified: Mon, 04 Dec 2023 18:03:39 GMT
ETag: "656e147b-a2"
Expires: Tue, 19 Dec 2023 16:51:16 GMT
Cache-Control: max-age=1209600
X-Host: blu24.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 126692
X-Served-By: cache-sjc1000105-SJC, cache-bma1661-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 180, 1
X-Timer: S1701921769.084251,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1701732118&
200 OK 33 kB URL GET HTTP/1.1 cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1701732118&
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (65024)
Hash 5925dea9d02b39d0e66e7ccc20371e80
79723f4fdf3c06cbc6a7b44fcc78cb1de7793be0
3b7805a3f0e4750ab90d4c40f0d1efdf11c5deb485ef9ed12b9c89b000f87f82
GET /js/lang/en/stl.js?buildTime=1701732118& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 33107
Server: nginx
Content-Type: application/javascript
Last-Modified: Tue, 05 Dec 2023 17:24:39 GMT
ETag: "656f5cd7-2c90e"
Expires: Tue, 19 Dec 2023 21:24:00 GMT
Cache-Control: max-age=1209600
X-Host: blu92.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 110329
X-Served-By: cache-sjc10082-SJC, cache-bma1666-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 32, 1
X-Timer: S1701921769.086224,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/js/jquery-1.8.3.min.js
200 OK 34 kB URL GET HTTP/2 cdn2.editmysite.com/js/jquery-1.8.3.min.js
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGlobalSign nv-sa
Subject*.editmysite.com
Fingerprint8D:09:E9:00:22:07:DC:77:D7:9F:B9:55:7D:0A:C1:8A:58:67:20:18
ValidityMon, 12 Jun 2023 23:15:31 GMT - Sat, 13 Jul 2024 23:15:30 GMT
File type ASCII text, with very long lines (65483)
Hash 3576a6e73c9dccdbbc4a2cf8ff544ad7
06e872300088b9ba8a08427d28ed0efcdf9c6ff5
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
GET /js/jquery-1.8.3.min.js HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Wed, 22 Nov 2023 22:54:01 GMT
etag: "655e8689-16dc4"
expires: Tue, 12 Dec 2023 23:08:15 GMT
cache-control: max-age=1209600
x-host: grn149.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 07 Dec 2023 04:02:49 GMT
age: 708873
x-served-by: cache-sjc10032-SJC, cache-bma1682-BMA
x-cache: HIT, HIT
x-cache-hits: 16, 5013
x-timer: S1701921769.100857,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 33467
X-Firefox-Spdy: h2
cdn2.editmysite.com/js/site/main.js?buildTime=1701732118
200 OK 146 kB URL GET HTTP/1.1 cdn2.editmysite.com/js/site/main.js?buildTime=1701732118
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (32147)
Size 146 kB (146401 bytes)
Hash 0de029f7ed3fd4cbfdcef31b834138e3
224512b5c840e885cd0732822af53301681ec799
593fec175b00a1f118f77bb8ed378e857e9f1225f0fc019fcea508b27da53cf0
GET /js/site/main.js?buildTime=1701732118 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 146401
Server: nginx
Content-Type: application/javascript
Last-Modified: Mon, 04 Dec 2023 21:20:46 GMT
ETag: "656e42ae-74804"
Expires: Mon, 18 Dec 2023 23:23:29 GMT
Cache-Control: max-age=1209600
X-Host: blu39.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 189560
X-Served-By: cache-sjc1000090-SJC, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 95, 54
X-Timer: S1701921769.086218,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
www.coronaatticinsulation.com/
301 Moved Permanently 75 kB URL User Request GET HTTP/1.1 www.coronaatticinsulation.com/
IP
Certificate IssuerLet's Encrypt
Subjectwww.coronaatticinsulation.com
Fingerprint5A:DC:E4:4F:A3:69:EC:DE:F9:A4:5D:E9:CF:1B:87:46:07:3B:BB:D4
ValiditySat, 07 Oct 2023 14:20:59 GMT - Fri, 05 Jan 2024 14:20:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14237), with CRLF, LF line terminators
Hash 05c2d914ae739d088ea3cc41796f7ab8
c3f5d88dfd400999a250d606f882acdce5df7a01
a1bcf7b125b52ccd14b37bc5e76a0147f220cce369b78e721a953256d56d2131
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET / HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: is_mobile=0
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 04:02:48 GMT
Server: Apache
Vary: X-W-SSL,Accept-Encoding,User-Agent
Set-Cookie: language=en; expires=Thu, 21-Dec-2023 04:02:48 GMT; Max-Age=1209600; path=/
Cache-Control: private
ETag: W/"05c2d914ae739d088ea3cc41796f7ab8-gzip"
Content-Encoding: gzip
X-Host: grn111.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Keep-Alive: timeout=10, max=44
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1701732118
200 OK 159 kB URL GET HTTP/1.1 cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1701732118
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (32029)
Size 159 kB (159104 bytes)
Hash 477945f3201c7b0c701a23b373cadb2a
ac7582e7ab946ce51cb94431cb026ebe6dbce9c2
207ec261a8530654204ada78a03b0cc6c129c09bac87013c3a8bb3bedfe84be6
GET /js/site/main-customer-accounts-site.js?buildTime=1701732118 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 159104
Server: nginx
Content-Type: application/javascript
Last-Modified: Mon, 04 Dec 2023 21:20:46 GMT
ETag: "656e42ae-826d7"
Expires: Mon, 18 Dec 2023 23:23:28 GMT
Cache-Control: max-age=1209600
X-Host: grn48.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 189560
X-Served-By: cache-sjc1000143-SJC, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 68, 1
X-Timer: S1701921769.357242,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
200 OK 30 kB URL GET HTTP/3 ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65447)
Hash 2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 02:31:34 GMT
expires: Wed, 04 Dec 2024 02:31:34 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 178275
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.coronaatticinsulation.com/files/main_style.css?1701781834
200 OK 6.0 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/files/main_style.css?1701781834
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (571)
Hash ec05509469046d26c91575e0fc22c7d4
87181c43c0297511f7239ba118297d861215138a
0ec22e0434fbfe9714ef65db7b5e82ec74095f90c7309a1f7126cbf0f2f654c2
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /files/main_style.css?1701781834 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
X-Host: blu34.sf2p.intern.weebly.net
Content-Encoding: gzip
www.coronaatticinsulation.com/files/templateArtifacts.js?1701781834
200 OK 1.6 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/files/templateArtifacts.js?1701781834
IP
Requested by http://www.coronaatticinsulation.com/
File type exported SGML document, ASCII text, with very long lines (1630)
Hash ae81ab7069097a055829fb9919258138
7dc529f16fb595bbbfc5937adfe1d0a5cf563f8a
5a630b41e7c3d34392bcb150a5731b6261bc6314d71d5db8407a646af15bf8af
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /files/templateArtifacts.js?1701781834 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Headers: Origin, Authorization, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
X-Host: blu14.sf2p.intern.weebly.net
Content-Encoding: gzip
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1701732118&
200 OK 33 kB URL GET HTTP/1.1 cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1701732118&
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (65024)
Hash 5925dea9d02b39d0e66e7ccc20371e80
79723f4fdf3c06cbc6a7b44fcc78cb1de7793be0
3b7805a3f0e4750ab90d4c40f0d1efdf11c5deb485ef9ed12b9c89b000f87f82
GET /js/lang/en/stl.js?buildTime=1701732118& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 33107
Server: nginx
Content-Type: application/javascript
Last-Modified: Tue, 05 Dec 2023 17:24:39 GMT
ETag: "656f5cd7-2c90e"
Expires: Tue, 19 Dec 2023 21:24:00 GMT
Cache-Control: max-age=1209600
X-Host: blu92.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 110330
X-Served-By: cache-sjc10082-SJC, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 32, 270
X-Timer: S1701921770.528837,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Sapir/regular.ttf
200 OK 25 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Sapir/regular.ttf
IP
Requested by http://www.coronaatticinsulation.com/
File type TrueType Font data, 16 tables, 1st "LTSH", 14 names, Macintosh, A font for Linguists, designed by Eric Schiller, 1991. SapirRegularAltsys Fontographer 3.3 Sapi\012- data
Hash fd1f635e3926f8b3192f1fc7551a19f8
e2cf03fb12f09618a4d708d2054a755519f6020a
bc3de540472a387ea9a1b6a0c4e4b304e7b67c8890fa26c23698271ed8e35f48
GET /fonts/Sapir/regular.ttf HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 25446
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Wed, 22 Nov 2023 21:22:39 GMT
ETag: "655e711f-a774"
Expires: Tue, 12 Dec 2023 15:35:13 GMT
Cache-Control: max-age=1209600
X-Host: blu86.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 736056
X-Served-By: cache-sjc1000106-SJC, cache-bma1630-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 836, 150
X-Timer: S1701921770.604191,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
www.coronaatticinsulation.com/files/theme/custom.js?1583952700
200 OK 1.9 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/files/theme/custom.js?1583952700
IP
Requested by http://www.coronaatticinsulation.com/
Hash 031afc1e38df9f7a75040672e5d7625c
b4393d10e75a500b9c3701cecd2e06d9ab8894f7
66ea3b4259912ad511fddc6e8edd1a8aa28d7f623d14fc65e746146ab568a039
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /files/theme/custom.js?1583952700 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 14 Sep 2021 16:03:38 GMT
x-rgw-object-type: Normal
ETag: W/"031afc1e38df9f7a75040672e5d7625c"
x-amz-request-id: tx000000000000001b7b080-0062847ae0-b9fbc29-sfo1
X-Storage-Bucket: z66ea
X-Storage-Object: 66ea3b4259912ad511fddc6e8edd1a8aa28d7f623d14fc65e746146ab568a039
X-Host: blu47.sf2p.intern.weebly.net
Content-Encoding: gzip
cdn2.editmysite.com/fonts/Roboto/bold.woff2
200 OK 16 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Roboto/bold.woff2
IP
Requested by http://www.coronaatticinsulation.com/
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /fonts/Roboto/bold.woff2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15860
Server: nginx
Content-Type: font/woff2
Last-Modified: Sun, 03 Dec 2023 22:22:43 GMT
ETag: "656cffb3-3df4"
Expires: Mon, 18 Dec 2023 11:45:24 GMT
Cache-Control: max-age=1209600
X-Host: blu41.sf2p.intern.weebly.net
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 231445
X-Served-By: cache-sjc1000119-SJC, cache-bma1630-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 20, 1
X-Timer: S1701921770.619160,VS0,VE6
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Lato/italic.woff2
200 OK 24 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Lato/italic.woff2
IP
Requested by http://www.coronaatticinsulation.com/
File type Web Open Font Format (Version 2), TrueType, length 24408, version 1.0\012- data
Hash efee2d080d7bebdd2e0aeb2e030813a0
f8d38f9f9584e48c2e469877ebd94232265585f1
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
GET /fonts/Lato/italic.woff2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 24408
Server: nginx
Content-Type: font/woff2
Last-Modified: Fri, 01 Dec 2023 18:22:00 GMT
ETag: "656a2448-5f58"
Expires: Fri, 15 Dec 2023 20:27:02 GMT
Cache-Control: max-age=1209600
X-Host: grn48.sf2p.intern.weebly.net
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 459347
X-Served-By: cache-sjc10083-SJC, cache-bma1674-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 213, 1
X-Timer: S1701921770.637274,VS0,VE1
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 23:17:47 GMT
expires: Wed, 04 Dec 2024 23:17:47 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 103502
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 601515
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2
200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 16348, version 1.0\012- data
Hash 8dc707b4818131fab44d482b1db5d458
8a0ff82b12fa25391ce17a6ae069d7fe5002f12d
9e64f128d5352d04ea5c87031e4cf1ad204b72a0afb003ece52eeb997d28a570
GET /s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16348
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:53:51 GMT
expires: Fri, 29 Nov 2024 04:53:51 GMT
cache-control: public, max-age=31536000
age: 601738
last-modified: Mon, 09 May 2022 18:31:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.coronaatticinsulation.com/files/theme/plugins.js?1583952700
200 OK 16 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/files/theme/plugins.js?1583952700
IP
Requested by http://www.coronaatticinsulation.com/
Hash 64497d2ab794cdb5e3c5c86cf7c5a611
34acd67927409d0795ee025f64f99757494affed
637b5d2a661d0201f239a7afcd1278bf55bec7ef7ada6cc6c0485c4e45d9b702
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /files/theme/plugins.js?1583952700 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 05 May 2022 18:26:31 GMT
x-rgw-object-type: Normal
ETag: W/"64497d2ab794cdb5e3c5c86cf7c5a611"
x-amz-request-id: tx000000000000001b49eab-0062848178-b9fbc77-sfo1
X-Storage-Bucket: z637b
X-Storage-Object: 637b5d2a661d0201f239a7afcd1278bf55bec7ef7ada6cc6c0485c4e45d9b702
X-Host: blu22.sf2p.intern.weebly.net
Content-Encoding: gzip
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/published/pavers-sanleanardo-1-orig_30.jpeg?1701068765
200 OK 18 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/published/pavers-sanleanardo-1-orig_30.jpeg?1701068765
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 680x227, components 3\012- data
Hash b2159d51ec52f91315603fe498cb9621
83dbb0b8bc42fb8d5c13f54af4b1e6f71292dc06
21d1397792adde75a23dca5da5acb95fc88c9c7b28b583a26e621786adcb7630
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/published/pavers-sanleanardo-1-orig_30.jpeg?1701068765 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: image/jpeg
Content-Length: 17839
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 07:06:05 GMT
x-rgw-object-type: Normal
ETag: "b2159d51ec52f91315603fe498cb9621"
x-amz-request-id: tx00000552bcc5d883e497c-00657143e9-e4e0628-sfo1
X-Storage-Bucket: z21d1
X-Storage-Object: 21d1397792adde75a23dca5da5acb95fc88c9c7b28b583a26e621786adcb7630
X-Host: blu33.sf2p.intern.weebly.net
Accept-Ranges: bytes
cdn2.editmysite.com/fonts/Roboto/italic.woff2
200 OK 17 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Roboto/italic.woff2
IP
Requested by http://www.coronaatticinsulation.com/
File type Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Hash abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
GET /fonts/Roboto/italic.woff2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17368
Server: nginx
Content-Type: font/woff2
Last-Modified: Mon, 04 Dec 2023 18:03:39 GMT
ETag: "656e147b-43d8"
Expires: Tue, 19 Dec 2023 13:51:36 GMT
Cache-Control: max-age=1209600
X-Host: blu10.sf2p.intern.weebly.net
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 137473
X-Served-By: cache-sjc10031-SJC, cache-bma1630-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 70, 2
X-Timer: S1701921770.871395,VS0,VE0
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/fonts/Roboto/bolditalic.woff2
200 OK 17 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Roboto/bolditalic.woff2
IP
Requested by http://www.coronaatticinsulation.com/
File type Web Open Font Format (Version 2), TrueType, length 17032, version 1.0\012- data
Hash 05a47f9e469d408c629f931cd33ff8b2
823f21f7b1d456db889c3afea393f0d2b9581c38
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
GET /fonts/Roboto/bolditalic.woff2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17032
Server: nginx
Content-Type: font/woff2
Last-Modified: Mon, 04 Dec 2023 18:03:39 GMT
ETag: "656e147b-4288"
Expires: Tue, 19 Dec 2023 13:04:23 GMT
Cache-Control: max-age=1209600
X-Host: grn157.sf2p.intern.weebly.net
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 140307
X-Served-By: cache-sjc10071-SJC, cache-bma1674-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 17, 1
X-Timer: S1701921770.871744,VS0,VE1
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
200 OK 22 kB URL GET HTTP/2 fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 22420, version 1.0\012- data
Hash 1157c949b5d3a24ed1bd538c058f19d8
e631e727d846d55763e447bda8dbdcbc4834ed9b
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
GET /s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22420
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 23:01:56 GMT
expires: Wed, 04 Dec 2024 23:01:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:56:44 GMT
content-type: font/woff2
age: 104453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn2.editmysite.com/fonts/Raleway/bold.woff2
200 OK 21 kB URL GET HTTP/1.1 cdn2.editmysite.com/fonts/Raleway/bold.woff2
IP
Requested by http://www.coronaatticinsulation.com/
File type Web Open Font Format (Version 2), TrueType, length 21440, version 1.0\012- data
Hash 94fafbcc94523bdae26461e70966bae3
2225772fffa5f225d427cbcf27348c5eed29dcd2
80f4e592fb822c98ea06e6553fbb20d8c6161644a39de94baaa9c448c6aba20a
GET /fonts/Raleway/bold.woff2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://cdn2.editmysite.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 21440
Server: nginx
Content-Type: font/woff2
Last-Modified: Mon, 04 Dec 2023 16:13:39 GMT
ETag: "656dfab3-53c0"
Expires: Mon, 18 Dec 2023 17:17:07 GMT
Cache-Control: max-age=1209600
X-Host: grn122.sf2p.intern.weebly.net
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 211542
X-Served-By: cache-sjc1000127-SJC, cache-bma1630-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1223, 5
X-Timer: S1701921770.895348,VS0,VE0
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/js/wsnbn/snowday262.js
200 OK 26 kB URL GET HTTP/1.1 cdn2.editmysite.com/js/wsnbn/snowday262.js
IP
Requested by http://www.coronaatticinsulation.com/
File type ASCII text, with very long lines (2512)
Hash 99bbe560926e583b8e99036251deb783
8d81b73ae06f664f9d9e53dd5829a799bf434491
648e766bf519673f9a90cc336cbecede80dcbe3419b43d36ecbb25d88f5584a3
GET /js/wsnbn/snowday262.js HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 25752
Server: nginx
Content-Type: application/javascript
Last-Modified: Wed, 22 Nov 2023 22:54:01 GMT
ETag: "655e8689-124fe"
Expires: Thu, 07 Dec 2023 08:49:33 GMT
Cache-Control: max-age=1209600
X-Host: blu145.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 07 Dec 2023 04:02:49 GMT
Age: 1192396
X-Served-By: cache-sjc10061-SJC, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 52, 744
X-Timer: S1701921770.997993,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
200 OK 30 kB URL GET HTTP/3 ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (65447)
Hash 2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30462
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 02:31:34 GMT
expires: Wed, 04 Dec 2024 02:31:34 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 178276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
200 OK 606 B URL GET HTTP/2 www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (383)
Hash 6f285cb50132b02f0ed9eaac2b3e5b70
d9b32f1a7dade8ea741ebeff2d83e91bf276e5ef
63e71a82648d607a808c3317dd08ebf1065a80d384ca973d3772cc042bd50ed1
GET /maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-XH1liL2mAPbERYwS7VuNkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 07 Dec 2023 04:02:50 GMT
server: scaffolding on HTTPServer2
content-length: 606
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad
200 OK 63 kB URL GET HTTP/3 maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (2568)
Hash bc051ac50334103632a3418043fb7907
79b35bb34bb574b4f1a3f0a2200d2e1f921b47eb
17b3ffeef8295f025dae700cffee8e6f8a2118694fdd7139506e4aad5654e11a
GET /maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en®ion=in&callback=onApiLoad HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 07 Dec 2023 04:02:50 GMT
server: scaffolding on HTTPServer2
content-length: 63108
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/651829801.jpg
200 OK 47 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/651829801.jpg
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1998x1500, components 1\012- data
Hash e0ee13467e23136b2f05005552683e55
32ae0ce573a17acf3a09c0cb38252161b0dae333
19259ec6b23752d87fd24ab6fc781ed8bcabdd1519a05d3af556d67cd8b1d425
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/background-images/651829801.jpg HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: image/jpeg; charset=binary
Content-Length: 47044
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 18:53:07 GMT
x-rgw-object-type: Normal
ETag: "e0ee13467e23136b2f05005552683e55"
x-amz-request-id: tx00000e9e86b948c3fd87d-006564d9cf-db1a051-sfo1
X-Storage-Bucket: z1925
X-Storage-Object: 19259ec6b23752d87fd24ab6fc781ed8bcabdd1519a05d3af556d67cd8b1d425
X-Host: grn68.sf2p.intern.weebly.net
Accept-Ranges: bytes
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
200 OK 23 B URL GET HTTP/3 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 07 Dec 2023 04:02:50 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js
200 OK 61 kB URL GET HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/55/4/init_embed.js
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (3246)
Hash e5f346e72fb065c353010d0d8076499e
53bbae9cada660daf922ca2010fcf65bb3a3bf76
91c517b650261a41b75a3dff1ba8d77ab069db61b32df2cd470bc3bfad5409ce
GET /maps-api-v3/embed/js/55/4/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 61041
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:36 GMT
expires: Thu, 05 Dec 2024 19:31:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:19 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 30674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maps.googleapis.com/maps-api-v3/api/js/55/4/common.js
200 OK 58 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/55/4/common.js
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (6638)
Hash 2f1f93a50ec0f20d9429cd4486075cd9
7e899396ac3541ac2ce40993a60cb3ef15ea4e6f
969dace001ef24f99f38bd00c5578b85ba9368e77a5667cfcaeaa29d2f57657b
GET /maps-api-v3/api/js/55/4/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 57512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:36 GMT
expires: Thu, 05 Dec 2024 19:31:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 30674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/55/4/util.js
200 OK 55 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/55/4/util.js
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (562)
Hash 3aecc4da8982cd3ee2c71448592b54bd
2af800db00e7fe620d1a3828420c8d866ebd579c
e759dc710ec6d9f9438d5a77f834b247254512fb90cf520764ab591db32cf5cb
GET /maps-api-v3/api/js/55/4/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 55175
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:36 GMT
expires: Thu, 05 Dec 2024 19:31:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 30674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/55/4/map.js
200 OK 24 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/55/4/map.js
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (2312)
Hash 86808d6e775e7ab077eadd3952b9769a
1c7d8a35e618e143952d5bfe8900788b1b95fe34
0cf6d91acfbd231daa3ccf96e67596a75ea04458209786b2814f13a7f14fbf6c
GET /maps-api-v3/api/js/55/4/map.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 23771
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:36 GMT
expires: Thu, 05 Dec 2024 19:31:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 30674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js
200 OK 1.3 kB URL GET HTTP/3 maps.googleapis.com/maps-api-v3/api/js/55/4/overlay.js
IP
Requested by https://www.google.com/maps/embed?pb=!1m13!1m8!1m3!1d13250.363241375302!2d-117.5604533!3d33.8744349!3m2!1i1024!2i768!4f13.1!3m2!1m1!2s!5e0!3m2!1sen!2sin!4v1700131919557!5m2!1sen!2sin
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (1152)
Hash d1290de5da8a835304b6f7206d907119
53960cc38980f6c3c96308c205713bf2a8afab41
88e2d34a2ecd255e7c30d9436d1f8f7156973f2badc72161da7f3c1901ae5bec
GET /maps-api-v3/api/js/55/4/overlay.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 1273
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Dec 2023 19:31:39 GMT
expires: Thu, 05 Dec 2024 19:31:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 04 Dec 2023 22:55:43 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 30671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.coronaatticinsulation.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
200 OK 348 B URL POST HTTP/1.1 www.coronaatticinsulation.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
IP
Requested by http://www.coronaatticinsulation.com/
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash a944dd688c99d2901d6719be713271c0
4f5454d5d434829baf46671638610791758725d9
adb97e1bc686c58b4286f1208d2bd969687c6cf3e2fc468697dfd956d260de49
NIDS Severity Alert suricata medium ET HUNTING Suspicious POST Request with Possible COVID-19 Domain M2
POST /ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails] HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 04:02:50 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu158.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 348
Keep-Alive: timeout=10, max=32
Connection: Keep-Alive
Content-Type: application/json
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/edited/spraying-cellulose-insulation-in-the-attic-of-a-house-insulation-of-the-attic-or-floor-in-the-house.jpeg?1698666535
200 OK 150 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/edited/spraying-cellulose-insulation-in-the-attic-of-a-house-insulation-of-the-attic-or-floor-in-the-house.jpeg?1698666535
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1100x733, components 3\012- data
Size 150 kB (150191 bytes)
Hash 5d18ead96bf84e78009e8fea172b3a4e
6f5da93c7435e9f302a82ffac00dbc7cf68cd2c8
ca21be86234451099b937796143000486052ce84296ec258abf655830da1b97c
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/edited/spraying-cellulose-insulation-in-the-attic-of-a-house-insulation-of-the-attic-or-floor-in-the-house.jpeg?1698666535 HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: image/jpeg
Content-Length: 150191
Connection: keep-alive
Last-Modified: Mon, 30 Oct 2023 11:48:55 GMT
x-rgw-object-type: Normal
ETag: "5d18ead96bf84e78009e8fea172b3a4e"
x-amz-request-id: tx00000ddc9f0eef2ad6612-00657143e9-e4e0628-sfo1
X-Storage-Bucket: zca21
X-Storage-Object: ca21be86234451099b937796143000486052ce84296ec258abf655830da1b97c
X-Host: grn141.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/1635133617.jpg
200 OK 126 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/1635133617.jpg
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x1417, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 12039--20701, spot sensor temperature 112362401038336.000000, unit celsius, color scheme 4, calibration: offset -76384614244025819102100661993472.000000, slope 8014393591188061533967562571776.000000\012- data
Size 126 kB (125640 bytes)
Hash c732e0c9fe17012f11f262a9cd9f4ae3
797f21b7058fe3e3bdd5e2db50e07aeda14ac82b
a350e65441ef6260acdc6238967678ceabba072b74250a47cfcacd1654b3441f
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/background-images/1635133617.jpg HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:50 GMT
Content-Type: image/jpeg; charset=binary
Content-Length: 125640
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 18:53:02 GMT
x-rgw-object-type: Normal
ETag: "c732e0c9fe17012f11f262a9cd9f4ae3"
x-amz-request-id: tx00000db75ada227e1ca12-006564ecd6-db1c67d-sfo1
X-Storage-Bucket: za350
X-Storage-Object: a350e65441ef6260acdc6238967678ceabba072b74250a47cfcacd1654b3441f
X-Host: grn73.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
200 OK 191 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (563)
Size 191 kB (190682 bytes)
Hash 23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.coronaatticinsulation.com
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 03:06:38 GMT
expires: Fri, 06 Dec 2024 03:06:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 3373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/2110755243.jpg
200 OK 111 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/2110755243.jpg
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x720, components 3\012- data
Size 111 kB (110921 bytes)
Hash f084f5c1342f7c5fc2409d7423953b03
260342ee00bfa040c1e173f77ff838640dddcc5f
842a95941957230f3fe887326e73462e023fa85a4bca295c84292fc7741c54cf
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/background-images/2110755243.jpg HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:50 GMT
Content-Type: image/jpeg
Content-Length: 110921
Connection: keep-alive
Last-Modified: Mon, 30 Oct 2023 11:50:12 GMT
x-rgw-object-type: Normal
ETag: "f084f5c1342f7c5fc2409d7423953b03"
x-amz-request-id: tx000005de3d59bba2bf9ff-00657143e9-db1c67d-sfo1
X-Storage-Bucket: z842a
X-Storage-Object: 842a95941957230f3fe887326e73462e023fa85a4bca295c84292fc7741c54cf
X-Host: grn126.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/air-ventilation-installer-working-in-attic_orig.jpeg
200 OK 124 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/air-ventilation-installer-working-in-attic_orig.jpeg
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1100x733, components 3\012- data
Size 124 kB (124456 bytes)
Hash 87ede11f384b35aa9b85689e89e383b8
b5ead8e292496de3a47c8d4fbab0d3ae74e29a00
94c2207967c9b51ae28039e88cca4e7da431acabe90302d638dee055d150cde2
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/air-ventilation-installer-working-in-attic_orig.jpeg HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:50 GMT
Content-Type: image/jpeg
Content-Length: 124456
Connection: keep-alive
Last-Modified: Wed, 24 Nov 2021 07:42:39 GMT
x-rgw-object-type: Normal
ETag: "87ede11f384b35aa9b85689e89e383b8"
x-amz-request-id: tx000008e858c21895203ea-00657143ea-db1eedd-sfo1
X-Storage-Bucket: z94c2
X-Storage-Object: 94c2207967c9b51ae28039e88cca4e7da431acabe90302d638dee055d150cde2
X-Host: grn140.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/the-worker-insulates-the-attic-of-the-house-with-a-hydrofilm-secures-the-insulation-with-the-help-of-a-stapler_orig.jpeg
200 OK 282 kB URL GET HTTP/1.1 www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/the-worker-insulates-the-attic-of-the-house-with-a-hydrofilm-secures-the-insulation-with-the-help-of-a-stapler_orig.jpeg
IP
Requested by http://www.coronaatticinsulation.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1100x733, components 3\012- data
Size 282 kB (281652 bytes)
Hash f318c93bcbace344d1da5c4654a42a72
823535b8266b47f1f97ae91d12264c054b94e00f
3a42abdd1c448fe7f269563b42b8ce2ef61c48a4bc0a3d96c60441b8d8598345
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/the-worker-insulates-the-attic-of-the-house-with-a-hydrofilm-secures-the-insulation-with-the-help-of-a-stapler_orig.jpeg HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:50 GMT
Content-Type: image/jpeg
Content-Length: 281652
Connection: keep-alive
Last-Modified: Mon, 30 Oct 2023 11:43:52 GMT
x-rgw-object-type: Normal
ETag: "f318c93bcbace344d1da5c4654a42a72"
x-amz-request-id: tx000008e3c4154f2dbbf02-00657143e9-db1c716-sfo1
X-Storage-Bucket: z3a42
X-Storage-Object: 3a42abdd1c448fe7f269563b42b8ce2ef61c48a4bc0a3d96c60441b8d8598345
X-Host: blu14.sf2p.intern.weebly.net
Accept-Ranges: bytes
www.weebly.com/uploads/reseller/assets/1221695318-favicon.ico
404 Not Found 0 B URL GET HTTP/1.1 www.weebly.com/uploads/reseller/assets/1221695318-favicon.ico
IP
Requested by http://www.coronaatticinsulation.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/reseller/assets/1221695318-favicon.ico HTTP/1.1
Host: www.weebly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Dec 2023 04:02:51 GMT
Content-Type: text/html
Content-Length: 3739
Connection: keep-alive
ETag: "646eaaa7-e9b"
X-Host: grn47.sf2p.intern.weebly.net
X-W-DC: SFO
www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/863282624.png
0 B URL GET www.coronaatticinsulation.com/uploads/1/4/7/5/147541427/background-images/863282624.png
IP
Requested by http://www.coronaatticinsulation.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M2
GET /uploads/1/4/7/5/147541427/background-images/863282624.png HTTP/1.1
Host: www.coronaatticinsulation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Cookie: is_mobile=0; language=en
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 04:02:49 GMT
Content-Type: image/png
Content-Length: 603628
Connection: keep-alive
Last-Modified: Mon, 30 Oct 2023 07:16:51 GMT
x-rgw-object-type: Normal
ETag: "95134e603b5226fa6f98d030eb93b8f3"
x-amz-request-id: tx000000f0e8d9bccac1430-00657143e9-db1c716-sfo1
X-Storage-Bucket: zd492
X-Storage-Object: d492ef56f3325cab4adc9501228ccb9b9719643881ddced5f9668f6bd2231118
X-Host: blu152.sf2p.intern.weebly.net
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Anton|Architects+Daughter|Cedarville+Cursive|Cherry+Cream+Soda|Chewy|Condiment|Crafty+Girls|Dancing+Script|Erica+One|Exo+2|Faster+One|Gloria+Hallelujah|IM+Fell+DW+Pica+SC|Indie+Flower|Josefin+Sans|Lato|Loved+by+the+King|Luckiest+Guy|Monofett|Montserrat|News+Cycle|Open+Sans|Oswald|Over+the+Rainbow|Oxygen|Patrick+Hand+SC|Paytone+One|Permanent+Marker|Playfair+Display|Questrial|Quicksand|Raleway|Reenie+Beanie|Roboto|Rock+Salt|Shadows+Into+Light|Syncopate:700|Titillium+Web|Yanone+Kaffeesatz|Zeyada
200 OK 36 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Anton|Architects+Daughter|Cedarville+Cursive|Cherry+Cream+Soda|Chewy|Condiment|Crafty+Girls|Dancing+Script|Erica+One|Exo+2|Faster+One|Gloria+Hallelujah|IM+Fell+DW+Pica+SC|Indie+Flower|Josefin+Sans|Lato|Loved+by+the+King|Luckiest+Guy|Monofett|Montserrat|News+Cycle|Open+Sans|Oswald|Over+the+Rainbow|Oxygen|Patrick+Hand+SC|Paytone+One|Permanent+Marker|Playfair+Display|Questrial|Quicksand|Raleway|Reenie+Beanie|Roboto|Rock+Salt|Shadows+Into+Light|Syncopate:700|Titillium+Web|Yanone+Kaffeesatz|Zeyada
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
Hash 82d99753f469442d7f5dd7db28ae7178
9fcc52ccc7414ddc7306064eb69628ece097cd5d
ea1958fc6f00a2823bd853d63e8fe076f7783d7c77e06d2672c533037ae17cb5
GET /css?family=Anton|Architects+Daughter|Cedarville+Cursive|Cherry+Cream+Soda|Chewy|Condiment|Crafty+Girls|Dancing+Script|Erica+One|Exo+2|Faster+One|Gloria+Hallelujah|IM+Fell+DW+Pica+SC|Indie+Flower|Josefin+Sans|Lato|Loved+by+the+King|Luckiest+Guy|Monofett|Montserrat|News+Cycle|Open+Sans|Oswald|Over+the+Rainbow|Oxygen|Patrick+Hand+SC|Paytone+One|Permanent+Marker|Playfair+Display|Questrial|Quicksand|Raleway|Reenie+Beanie|Roboto|Rock+Salt|Shadows+Into+Light|Syncopate:700|Titillium+Web|Yanone+Kaffeesatz|Zeyada HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 07 Dec 2023 04:02:49 GMT
date: Thu, 07 Dec 2023 04:02:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?_=1701921776445
200 OK 850 B URL GET HTTP/2 www.google.com/recaptcha/api.js?_=1701921776445
IP
Requested by http://www.coronaatticinsulation.com/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash 57e10dcd72dd2953878092014eae522b
95ba7e48825c26c5d9395ef2edb73e790bce6fa7
c7b54326365940d062bce26ed41579eebcb4946a86ba280790b603926692bd59
GET /recaptcha/api.js?_=1701921776445 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.coronaatticinsulation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 07 Dec 2023 04:02:50 GMT
date: Thu, 07 Dec 2023 04:02:50 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
199.34.228.159
0.0.0.0