orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://links.readsitquick.us/els/v2/3Z0-MRmDgAFR/c09vMnVGem4zNUJ2VytHVURnQThNL0xtcVZnLzVJTlB2bGxoN2tEMGVSUlF6YTE1SmVzK2wwMFBO...
Effective URL:
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Submission: On August 09 via api (August 9th 2021, 6:50:16 pm UTC) from US

Summary HTTP 225 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 49 IPs in 5 countries across 36 domains to perform 225 HTTP transactions. The main IP is 162.159.135.42, located in and belongs to CLOUDFLARENET, US. The main domain is orca.security.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2021. Valid for: a year.

This is the only time orca.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.142.0.45 18.142.0.45	16509 (AMAZON-02) (AMAZON-02)
85	162.159.135.42 162.159.135.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6811:b949	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
22	35.174.78.146 35.174.78.146	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:206... 2600:9000:206f:9400:8:8d2f:9e00:21	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.96.102 65.9.96.102	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:4470	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	54.226.239.18 54.226.239.18	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	13.227.222.25 13.227.222.25	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	65.9.96.128 65.9.96.128	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
6	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	99.86.4.14 99.86.4.14	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:2800:10:7994:d200:21	16509 (AMAZON-02) (AMAZON-02)
2	52.89.105.17 52.89.105.17	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.38 143.204.98.38	16509 (AMAZON-02) (AMAZON-02)
1	178.128.135.232 178.128.135.232	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:3::622 2a04:4e42:3::622	54113 (FASTLY) (FASTLY)
225	49

1 18.142.0.45 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-0-45.ap-southeast-1.compute.amazonaws.com

links.readsitquick.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

85 162.159.135.42 (None, )

ASN13335 (CLOUDFLARENET, US)

orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b949 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 35.174.78.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-5-ue1.aws.pardot.com

go.orca.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:9400:8:8d2f:9e00:21 (United States)

ASN16509 (AMAZON-02, US)

ddzuuyx7zj81k.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.96.102 (United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4470 (United States)

ASN13335 (CLOUDFLARENET, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.226.239.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-239-18.compute-1.amazonaws.com

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.227.222.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-222-25.ams54.r.cloudfront.net

services.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.96.128 (United States)

ASN16509 (AMAZON-02, US)

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-14.fra6.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:2800:10:7994:d200:21 (United States)

ASN16509 (AMAZON-02, US)

dss6ntp5q2r0o.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.105.17 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-105-17.us-west-2.compute.amazonaws.com

sp.infinigrow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-38.fra50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.128.135.232 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

z.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
99	orca.security orca.security go.orca.security	2 MB
13	google-analytics.com www.google-analytics.com	117 KB
12	gstatic.com fonts.gstatic.com	211 KB
11	qualified.com js.qualified.com app.qualified.com	716 KB
11	googleapis.com fonts.googleapis.com ajax.googleapis.com	194 KB
8	omappapi.com a.omappapi.com api.omappapi.com z.omappapi.com	131 KB
8	pardot.com pi.pardot.com	20 KB
7	zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com	122 KB
4	infinigrow.com services.infinigrow.com sp.infinigrow.com	1 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	googletagmanager.com www.googletagmanager.com	179 KB
3	google.de www.google.de	278 B
3	google.com www.google.com	234 B
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	hsforms.net js.hsforms.net	294 KB
2	hubspot.com track.hubspot.com	749 B
2	facebook.com www.facebook.com	165 B
2	facebook.net connect.facebook.net	97 KB
2	cloudfront.net ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net	28 KB
1	wistia.com fast.wistia.com Failed	104 KB
1	twitter.com analytics.twitter.com	658 B
1	hs-banner.com js.hs-banner.com	15 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	t.co t.co	454 B
1	hsforms.com forms.hsforms.com	3 KB
1	clickcease.com www.clickcease.com	24 KB
1	g2crowd.com tracking.g2crowd.com	431 B
1	googleadservices.com www.googleadservices.com	14 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	cloudflare.com cdnjs.cloudflare.com	29 KB
1	hs-scripts.com js.hs-scripts.com	631 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	21 KB
1	readsitquick.us 1 redirects links.readsitquick.us	262 B
0	insiderdata360online.com Failed insiderdata360online.com Failed
225	36

	Domain	Requested by
85	orca.security	orca.security
14	go.orca.security	orca.security go.orca.security js.qualified.com pi.pardot.com
13	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com go.orca.security orca.security
12	fonts.gstatic.com	fonts.googleapis.com
10	app.qualified.com	js.qualified.com app.qualified.com
9	fonts.googleapis.com	orca.security go.orca.security a.omappapi.com
8	pi.pardot.com	go.orca.security pi.pardot.com orca.security
6	a.omappapi.com	www.googletagmanager.com a.omappapi.com orca.security
4	ws.zoominfo.com	orca.security ws-assets.zoominfo.com
4	www.googletagmanager.com	orca.security go.orca.security
3	www.google.de	orca.security
3	www.google.com	orca.security
3	ws-assets.zoominfo.com	orca.security go.orca.security
3	js.hsforms.net	orca.security js.hsforms.net
2	track.hubspot.com
2	sp.infinigrow.com	dss6ntp5q2r0o.cloudfront.net
2	ajax.googleapis.com	go.orca.security
2	www.facebook.com	orca.security connect.facebook.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	services.infinigrow.com	ddzuuyx7zj81k.cloudfront.net
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	orca.security connect.facebook.net
1	z.omappapi.com	a.omappapi.com
1	fast.wistia.com	pi.pardot.com
1	api.omappapi.com	a.omappapi.com
1	dss6ntp5q2r0o.cloudfront.net	ddzuuyx7zj81k.cloudfront.net
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	script.hotjar.com	static.hotjar.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	t.co	orca.security
1	px4.ads.linkedin.com	orca.security
1	www.linkedin.com	1 redirects
1	forms.hsforms.com	js.hsforms.net
1	js.qualified.com	www.googletagmanager.com
1	www.clickcease.com	orca.security
1	static.hotjar.com	orca.security
1	tracking.g2crowd.com	orca.security
1	www.googleadservices.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	ddzuuyx7zj81k.cloudfront.net	orca.security
1	cdnjs.cloudflare.com	orca.security
1	js.hs-scripts.com	orca.security
1	maxcdn.bootstrapcdn.com	orca.security
1	links.readsitquick.us	1 redirects
0	insiderdata360online.com Failed	orca.security
225	49

This site contains links to these domains. Also see Links.

Domain
orcasecurity.zendesk.com
app.orcasecurity.io
www.datacenterknowledge.com
securityintelligence.com
aws.amazon.com
www.businessinsider.com
beta.darkreading.com
twitter.com
www.linkedin.com
www.youtube.com
www.g2.com
support.orca.security
www.facebook.com

Subject Issuer	Validity	Valid
orca.security Cloudflare Inc ECC CA-3	`2021-07-22` - `2022-07-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2021-06-04` - `2022-06-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
go.orca.security R3	`2021-06-11` - `2021-09-09`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
js.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
services.infinigrow.com Amazon	`2021-07-26` - `2022-08-24`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
a.omappapi.com R3	`2021-07-28` - `2021-10-26`	3 months	crt.sh
sp.infinigrow.com Amazon	`2021-03-25` - `2022-04-23`	a year	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
app.qualified.com R3	`2021-06-24` - `2021-09-22`	3 months	crt.sh
z.omappapi.com R3	`2021-07-12` - `2021-10-10`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Frame ID: 53C111390066A13D97EFB67CB40E290A
Requests: 167 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsl
Frame ID: 2C19C3838FC9F64F0CDB72B8A3E4D8F7
Requests: 13 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: 2AC7861F848A8A88882FD71B8652A0D9
Requests: 19 HTTP requests in this frame

Frame: https://go.orca.security/l/898611/2020-12-11/2vsj
Frame ID: BFEF31A6AA9EE9056030C5A8ED509C67
Requests: 17 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: 9254610BB675289646BD2460494BA6B3
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 5FFC2D07065435F89FBA12DE9BC16115
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Frame ID: F330BE4B1A817B02D9062A577196A32B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://links.readsitquick.us/els/v2/3Z0-MRmDgAFR/c09vMnVGem4zNUJ2VytHVURnQThNL0xtcVZnLzVJTlB2bGxoN2tEMGVS... HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

225
Requests

96 %
HTTPS

67 %
IPv6

36
Domains

49
Subdomains

49
IPs

5
Countries

4449 kB
Transfer

12401 kB
Size

5
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://orcasecurity.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.datacenterknowledge.com/security/report-cloud-security-breaches-surpass-prem-ones-first-time
Title: sharpening their efforts

Search URL Search Domain Scan URL

URL: https://securityintelligence.com/news/over-half-malware-delivered-via-cloud-applications/
Title: compromising cloud applications and assets

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/compliance/shared-responsibility-model/
Title: shared responsibility model

Search URL Search Domain Scan URL

URL: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
Title: SolarWinds customers were compromised

Search URL Search Domain Scan URL

URL: https://beta.darkreading.com/omdia/kaseya-hacked-via-authentication-bypass?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: customers of Kesaya

Search URL Search Domain Scan URL

URL: https://twitter.com/OrcaSec
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/orca-security/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/orcasecurity
Title:

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/orca-security/reviews
Title:

Search URL Search Domain Scan URL

URL: https://app.orcasecurity.io/
Title: Login

Search URL Search Domain Scan URL

URL: http://support.orca.security/resources/
Title: Support

Search URL Search Domain Scan URL

URL: http://www.facebook.com/Orca-Security-551725845231220
Title: Facebook-f

Search URL Search Domain Scan URL

URL: http://twitter.com/OrcaSec
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/35573984
Title: Linkedin-in

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCgCyH7xISzQGbpzfnIaWy_w
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://links.readsitquick.us/els/v2/3Z0-MRmDgAFR/c09vMnVGem4zNUJ2VytHVURnQThNL0xtcVZnLzVJTlB2bGxoN2tEMGVSUlF6YTE1SmVzK2wwMFBOQ3ZuZ2toN3JPbFBLdTlMU2RQMDI1QWQvSHJibTIvcWVTVlJmSXpHNXBURGE3N0FjaVE9S0/ HTTP 302
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628534983195%26url%3Dhttps%253A%252F%252Forca.security%252Fresources%252Fblog%252Fcloud-malware-challenges-best-practices%252F%253Fsiteid%253DRIQSITE%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQKEXs_HpRtibQAAAXssP8wjgADpqKJL-ZNVHUJtwR7fc9NDrck7rhNc7mPA7iUc656skcG8

225 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
orca.security/resources/blog/cloud-malware-challenges-best-practices/
Redirect Chain

http://links.readsitquick.us/els/v2/3Z0-MRmDgAFR/c09vMnVGem4zNUJ2VytHVURnQThNL0xtcVZnLzVJTlB2bGxoN2tEMGVSUlF6YTE1SmVzK2wwMFBOQ3ZuZ2toN3JPbFBLdTlMU2RQMDI1QWQvSHJibTIvcWVTVlJmSXpHNXBURGE3N0FjaVE9S0/
https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

634 KB
95 KB

1275ms
1172ms

Document
text/html

162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6727a7378d4e1b966fc6c85f5801eaccec27f573b1cbf788eed872b60839f39f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: orca.security
:scheme: https
:path: /resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:41 GMT
content-type: text/html; charset=UTF-8
cf-ray: 67c32a6bdd0a0b6b-AMS
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://orca.security/resources/wp-json/>; rel="https://api.w.org/", <https://orca.security/resources/wp-json/wp/v2/posts/4106>; rel="alternate"; type="application/json", <https://orca.security/resources/?p=4106>; rel=shortlink
set-cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094; path=/
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
ki-edge: v=16.1
pragma: no-cache
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS
x-pingback: https://orca.security/resources/xmlrpc.php
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

location: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
content-language: en-US
content-length: 0
date: Mon, 09 Aug 2021 18:49:40 GMT
x-envoy-upstream-service-time: 2
server: istio-envoy

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
21 KB 22ms
21ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://orca.security
Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 9361647
cdn-cachedat: 2021-04-23 12:06:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: aa8dfdbb3012b19901a804376c336a28
cf-ray: 67c32a731a344e2c-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
735 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:48:02 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:41 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-content/themes/astra/assets/css/minified/ 71 KB
12 KB 742ms
675ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/css/minified/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/css/minified/style.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-11b63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a73af4dfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
552 B 27ms
20ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C&display=fallback&ver=3.6.4

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:49:41 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:41 GMT

GET
H3-29 200 style.min.css
orca.security/resources/wp-includes/css/dist/block-library/ 57 KB
9 KB 791ms
786ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/css/dist/block-library/style.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743febfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/ 69 KB
10 KB 679ms
674ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-11413"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743fedfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
3 KB 705ms
696ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3e52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ff3fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.css
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 791ms
782ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-3a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ff4fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 elementor-icons.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/ 17 KB
4 KB 817ms
808ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:34 GMT
server: cloudflare
etag: W/"60f0ad6e-4350"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ff5fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animations.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 791ms
781ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/animations/animations.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:37 GMT
server: cloudflare
etag: W/"60f0ad35-4824"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ff7fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-legacy.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 4 KB
921 B 761ms
750ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:07 GMT
server: cloudflare
etag: W/"60f0acdb-f0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ffafa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor/assets/css/ 115 KB
17 KB 733ms
722ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:08 GMT
server: cloudflare
etag: W/"60f0acdc-1cc44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ffbfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1480.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 1 KB
770 B 810ms
799ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1480.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1480.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:54 GMT
server: cloudflare
etag: W/"60f18fea-467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a743ffcfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.css
orca.security/resources/wp-content/plugins/elementor-pro/assets/css/ 237 KB
27 KB 788ms
777ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/css/frontend.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:19 GMT
server: cloudflare
etag: W/"60f0aa17-3b299"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744ffffa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 all.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 58 KB
13 KB 810ms
799ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-e7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744800fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 26 KB
5 KB 733ms
722ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-684e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744803fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 global.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 36 KB
3 KB 810ms
799ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/global.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/global.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-9179"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744805fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-403.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 6 KB
1 KB 816ms
805ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-403.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-403.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:26:30 GMT
server: cloudflare
etag: W/"60f19716-190a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744806fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-22.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 8 KB
1 KB 816ms
805ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-22.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-22.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-1eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744807fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-1240.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
816 B 838ms
827ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-1240.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-1240.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 14:38:20 GMT
server: cloudflare
etag: W/"60f199dc-8ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744809fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-319.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 5 KB
1 KB 786ms
776ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-319.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-319.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:55:55 GMT
server: cloudflare
etag: W/"60f18feb-12e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74480cfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 post-76.css
orca.security/resources/wp-content/uploads/sites/2/elementor/css/ 2 KB
903 B 838ms
828ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/elementor/css/post-76.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/elementor/css/post-76.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 28 Jul 2021 19:17:25 GMT
server: cloudflare
etag: W/"6101ad45-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74480ffa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-public.css
orca.security/resources/wp-content/plugins/sassy-social-share/public/css/ 34 KB
10 KB 839ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-87d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744812fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 sassy-social-share-svg.css
orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/ 109 KB
35 KB 838ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:08 GMT
server: cloudflare
etag: W/"60f025a0-1b41d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744815fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
661 B 23ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

22cef597dc1807aa54025ee15d23c8f76c8fbcabbee0a1e8dfd4abcd282bc507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:48:21 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:41 GMT

GET
H3-29 200 slick.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 2 KB
946 B 730ms
721ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-6f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744816fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick-theme.css
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 3 KB
1 KB 753ms
744ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick-theme.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744818fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.css
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/ 141 KB
21 KB 838ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/css/bootstrap.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:38 GMT
server: cloudflare
etag: W/"60f02762-235ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744819fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 style.css
orca.security/resources/wp-content/themes/incubator-child/ 13 KB
3 KB 753ms
744ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/style.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/style.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:38:51 GMT
server: cloudflare
etag: W/"60f3781b-32df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74481bfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 main.css
orca.security/resources/wp-content/themes/incubator-child/ 118 KB
15 KB 756ms
747ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 18 Jul 2021 00:37:59 GMT
server: cloudflare
etag: W/"60f377e7-1d634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74481efa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 24 KB
1 KB 23ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 17:48:01 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:41 GMT

GET
H3-29 200 fontawesome.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 837ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:38 GMT
server: cloudflare
etag: W/"60f0ad72-e238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74481ffa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 solid.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
689 B 837ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:39 GMT
server: cloudflare
etag: W/"60f0ad73-29d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744822fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 brands.min.css
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
687 B 838ms
829ms Stylesheet
text/css 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:37 GMT
server: cloudflare
etag: W/"60f0ad71-2a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744823fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 87 KB
31 KB 838ms
829ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744824fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery-migrate.min.js Show response
orca.security/resources/wp-includes/js/jquery/ 11 KB
4 KB 838ms
829ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/jquery-migrate.min.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744826fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 flatpickr.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 47 KB
14 KB 700ms
692ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-bd86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744827fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 select2.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 909ms
902ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-114c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a744829fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 gtm4wp-form-move-tracker.js Show response
orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
724 B 910ms
903ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:06:30 GMT
server: cloudflare
etag: W/"60f024c6-5cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74482dfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 v4-shims.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/ 15 KB
5 KB 910ms
903ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js
pragma: no-cache
cookie: PHPSESSID=973d518a73c772a1dcfce6b7a1641094
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:49:43 GMT
server: cloudflare
etag: W/"60f0ad77-3acf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a74482efa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ 7 KB
543 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:49:41 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:41 GMT

GET
H3-29 200 logo-white.svg
orca.security/static-inc/images/ 6 KB
3 KB 719ms
714ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo-white.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo-white.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-179c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c597dfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.svg
orca.security/static-inc/images/ 6 KB
3 KB 660ms
659ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-17b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c0b470b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon-nav-side-scanning.svg
orca.security/static-inc/images/ 917 B
612 B 225ms
223ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-side-scanning.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-side-scanning.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:05 GMT
server: cloudflare
etag: W/"60f12119-395"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c0b4b0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon-nav-context-aware-security.svg
orca.security/static-inc/images/ 1 KB
615 B 665ms
663ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-context-aware-security.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-context-aware-security.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-5bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c0b4c0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon-nav-built-in-compliance.svg
orca.security/static-inc/images/ 985 B
600 B 661ms
660ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-built-in-compliance.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-built-in-compliance.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-3d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c0b4d0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon-nav-customization.svg
orca.security/static-inc/images/ 2 KB
636 B 655ms
654ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/icon-nav-customization.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/icon-nav-customization.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:03:04 GMT
server: cloudflare
etag: W/"60f12118-609"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c0b490b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 nav-join-the-program.jpg
orca.security/static-inc/images/ 93 KB
94 KB 661ms
660ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-the-program.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-the-program.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 95526
last-modified: Fri, 16 Jul 2021 15:27:41 GMT
server: cloudflare
etag: "60f1a56d-17526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c0b480b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 nav-join-our-team.jpg
orca.security/static-inc/images/ 147 KB
148 KB 665ms
663ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-join-our-team.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-join-our-team.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 150742
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-24cd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c0b500b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 nav-download-now.jpg
orca.security/static-inc/images/ 68 KB
68 KB 663ms
661ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/static-inc/images/nav-download-now.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/images/nav-download-now.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 69166
last-modified: Fri, 16 Jul 2021 15:27:36 GMT
server: cloudflare
etag: "60f1a568-10e2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c0b4f0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 authorphoto-150x150.jpeg
orca.security/resources/wp-content/uploads/sites/2/ 4 KB
4 KB 663ms
662ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/authorphoto-150x150.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4082
last-modified: Thu, 15 Jul 2021 12:16:52 GMT
server: cloudflare
etag: "60f02734-ff2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c0b4a0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_aws.svg
orca.security/wp-content/uploads/2021/08/ 45 KB
17 KB 269ms
265ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_aws.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_aws.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:27 GMT
server: cloudflare
etag: W/"6108ec1f-b499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c597ffa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_iso.svg
orca.security/wp-content/uploads/2021/08/ 33 KB
14 KB 262ms
258ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_iso.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_iso.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:25 GMT
server: cloudflare
etag: W/"6108ec1d-850c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5980fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 footer_badge_soc.svg
orca.security/wp-content/uploads/2021/08/ 50 KB
21 KB 270ms
266ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/08/footer_badge_soc.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/08/footer_badge_soc.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 07:11:24 GMT
server: cloudflare
etag: W/"6108ec1c-c80e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5984fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo.svg
orca.security/wp-content/uploads/2021/04/ 6 KB
3 KB 702ms
698ms Image
image/svg+xml 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/wp-content/uploads/2021/04/logo.svg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2021/04/logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 10:47:52 GMT
server: cloudflare
etag: W/"60f163d8-1709"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5985fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 569 KB
144 KB 397ms
397ms Script
application/javascript 2606:4700::6811:b949
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b949 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
via: 1.1 2af881fc3dba7aadc69b3ca00dd6e9e6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: W/"54f88eaced1496c532226765043c50e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQTFoCws5YDkhp3hFa0FlGWNSFxE6b52Js%2BprTuWn1AUraLV6m3lj%2FoVfwXkVFu2%2FrQclsfBJ10qgIcbs%2Fkz6S559yea5HWA9EO7Z37OQcbLghqgJpwbA1FPoLZ%2BQk8zHe%2B%2FyBrHWfHhT3wl"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
cf-ray: 67c32a79dabb05ed-FRA
x-amz-cf-id: W7an3oUJibPq6V0oI9j0q8rUKAn_-Uu7w1PE3--6-C2ONINP-e7Gtw==
x-hs-target-asset: FormsNext/static-5.349/bundles/project_with_deps.js

GET
H2 200 style.min.js Show response
orca.security/resources/wp-content/themes/astra/assets/js/minified/ 10 KB
3 KB 692ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/astra/assets/js/minified/style.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/astra/assets/js/minified/style.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 13:47:23 GMT
server: cloudflare
etag: W/"60f18deb-28d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7a99090b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
2 KB 227ms
218ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:01:05 GMT
server: cloudflare
etag: W/"60f11291-236e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7af9a60b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dynamic-conditions-public.js Show response
orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
798 B 675ms
666ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 05:00:00 GMT
server: cloudflare
etag: W/"60f11250-8f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7af9a80b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5544741.js Show response
js.hs-scripts.com/ 988 B
631 B 145ms
142ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcaa1637eb8735dcb20b81cd9bb3cba89818bafacd4fa1e258e504a85540e139

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-hubspot-correlation-id: 89af7e79-74fb-403f-a1ba-19d298c35feb
x-trace: 2B611A1D532409B3AC4416A3E5126527E40DF37970000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://orca.security
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 67c32a7ad8984ab6-FRA
expires: Mon, 09 Aug 2021 18:50:42 GMT

GET
H2 200 sassy-social-share-public.js Show response
orca.security/resources/wp-content/plugins/sassy-social-share/public/js/ 43 KB
11 KB 674ms
665ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:10:04 GMT
server: cloudflare
etag: W/"60f0259c-ab59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7af9aa0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 orca.js Show response
orca.security/resources/wp-content/themes/incubator-child/ 4 KB
1 KB 232ms
223ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/orca.js?version&ver=1.33
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:24 GMT
server: cloudflare
etag: W/"60f02754-10fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7af9ab0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/ 99 KB
29 KB 24ms
15ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.14.2/TweenMax.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4561362
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 29505
cf-request-id: 0abdf800e200004a9104a3b000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-18d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25J6vY%2FxbZAF6BgiiTiuEVRA4%2F9IR4YrQWYR2UPMNO0gczHUizTSBbk%2BE0hzzsGo1fBgbVb5VgqUSK8BbLYlA8jBgu97A%2Fv6cbZEacnhB5ZPzxn1P7yqNFG3WWTEOwvju2DWkYq4iHhB6Wki8t4gu9pF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67c32a7add094ea9-FRA
expires: Sat, 30 Jul 2022 18:49:42 GMT

GET
H2 200 ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ 17 KB
6 KB 675ms
666ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/ScrollMagic.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-4416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7af9ac0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.gsap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 249ms
247ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.gsap.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-508"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c594efa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 animation.velocity.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 1 KB
1 KB 681ms
678ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/animation.velocity.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5950fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 debug.addIndicators.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 7 KB
3 KB 704ms
701ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/debug.addIndicators.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:30 GMT
server: cloudflare
etag: W/"60f0275a-1bb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5954fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.ScrollMagic.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/ 495 B
690 B 685ms
682ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/scrollMagic/scrollMagic/minified/plugins/jquery.ScrollMagic.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:32 GMT
server: cloudflare
etag: W/"60f0275c-1ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5956fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 bootstrap.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/ 48 KB
13 KB 688ms
686ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/bootstrap-4.0.0/dist/js/bootstrap.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:36 GMT
server: cloudflare
etag: W/"60f02760-bf30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5957fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 iframeResizer.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 2 KB
2 KB 737ms
734ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/iframeResizer.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-881"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5959fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 match-height.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/ 3 KB
2 KB 687ms
684ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/match-height.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/match-height.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: W/"60f02756-d55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c595afa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.waypoints.min.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/ 9 KB
3 KB 680ms
677ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/waypoints/lib/jquery.waypoints.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:50 GMT
server: cloudflare
etag: W/"60f0276e-2344"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c595bfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 slick.js Show response
orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/ 87 KB
16 KB 693ms
690ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/lib/slick-1.8.1/slick/slick.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 12:17:48 GMT
server: cloudflare
etag: W/"60f0276c-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c595efa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 wp-embed.min.js Show response
orca.security/resources/wp-includes/js/ 1 KB
1 KB 711ms
708ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/wp-embed.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/wp-embed.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5960fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack-pro.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 696ms
693ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:44 GMT
server: cloudflare
etag: W/"60f0aa30-1556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5962fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 webpack.runtime.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 261ms
258ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:25 GMT
server: cloudflare
etag: W/"60f0aced-12a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5964fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 63 KB
22 KB 719ms
716ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-fd92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5965fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.sticky.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 708ms
704ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:36:28 GMT
server: cloudflare
etag: W/"60f0aa5c-19c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5968fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 58 KB
16 KB 701ms
698ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:36 GMT
server: cloudflare
etag: W/"60f0aa28-e60d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c596cfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 waypoints.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 692ms
689ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:53 GMT
server: cloudflare
etag: W/"60f0ad45-2fa6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c596dfa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 core.min.js Show response
orca.security/resources/wp-includes/js/jquery/ui/ 20 KB
7 KB 262ms
259ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-includes/js/jquery/ui/core.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 20:36:34 GMT
server: cloudflare
etag: W/"60f09c52-5133"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c596ffa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 swiper.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 701ms
698ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:51 GMT
server: cloudflare
etag: W/"60f0ad43-21f91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5971fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 share-link.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 695ms
692ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:49 GMT
server: cloudflare
etag: W/"60f0ad41-a12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5972fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 dialog.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 709ms
706ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:48:39 GMT
server: cloudflare
etag: W/"60f0ad37-2a6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5973fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 frontend.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 66 KB
20 KB 702ms
698ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/frontend.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:21 GMT
server: cloudflare
etag: W/"60f0ace9-1086a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5975fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-elements-handlers.min.js Show response
orca.security/resources/wp-content/plugins/elementor-pro/assets/js/ 160 KB
39 KB 713ms
710ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:35:41 GMT
server: cloudflare
etag: W/"60f0aa2d-27e8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5976fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 preloaded-modules.min.js Show response
orca.security/resources/wp-content/plugins/elementor/assets/js/ 57 KB
17 KB 718ms
714ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 21:47:23 GMT
server: cloudflare
etag: W/"60f0aceb-e2e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c5978fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scripts.min.js Show response
orca.security/static-inc/js/ 374 KB
100 KB 716ms
712ms Script
application/javascript 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/static-inc/js/scripts.min.js?ver=1.0

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /static-inc/js/scripts.min.js?ver=1.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:17:23 GMT
server: cloudflare
etag: W/"60f12473-5d9e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7c597afa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
60 KB 27ms
24ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23e1875b1155de8827ca3a77a6a95ed97c37fb26a7421a1c8dbeaf332df5e967

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61317
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Aug 2021 18:49:42 GMT

GET
H2 200 KoeEOMZRk0HPEBurl41R Show response
ws.zoominfo.com/pixel/ 0
203 B 167ms
166ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/KoeEOMZRk0HPEBurl41R

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 67c32a7afd4a4ea9-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 122 KB
41 KB 142ms
142ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 36
x-guploader-uploadid: ADPycdtfK0g7wAKk8gUiCyU84TXR7y0XfJLC9MdvuLiytYKtGf3Aaksk3Z7XQZNkYheMqaZXPNFY_CIs-DE97-zul20
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67c32a7afc194eb5-FRA
expires: Mon, 09 Aug 2021 19:49:06 GMT

GET
DATA 200
OK truncated
/ 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 682 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3-29 200 rings-small.png
orca.security/resources/wp-content/themes/incubator-child/images/ 13 KB
13 KB 717ms
713ms Image
image/png 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/themes/incubator-child/images/rings-small.png

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/themes/incubator-child/images/rings-small.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/wp-content/themes/incubator-child/main.css?version&ver=1.33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 13301
last-modified: Thu, 15 Jul 2021 12:17:26 GMT
server: cloudflare
etag: "60f02756-33f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c5988fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v17/ 20 KB
20 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v17/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Awght%40300%3B400%3B500%3B700&display=swap&ver=1.33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:08:54 GMT
x-content-type-options: nosniff
age: 268848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:51:09 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 16:08:54 GMT

GET
H2 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ 22 KB
22 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:26:03 GMT
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:26:03 GMT

GET
H2 200 orca.ttf
orca.security/fonts/ 2 KB
2 KB 667ms
666ms Font
application/x-font-ttf 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/fonts/orca.ttf?vhq0nq

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /fonts/orca.ttf?vhq0nq
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jul 2021 06:28:50 GMT
server: cloudflare
etag: W/"60f12722-940"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 67c32a7b3a2d0b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fa-solid-900.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 78 KB
79 KB 672ms
671ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 80300
last-modified: Thu, 15 Jul 2021 21:49:47 GMT
server: cloudflare
etag: "60f0ad7b-139ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7b3a310b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fa-brands-400.woff2
orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 77 KB
77 KB 655ms
654ms Font
application/font-woff2 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: orca.security
URL: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
pragma: no-cache
origin: https://orca.security
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: orca.security
referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://orca.security
Referer: https://orca.security/resources/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 78460
last-modified: Thu, 15 Jul 2021 21:49:45 GMT
server: cloudflare
etag: "60f0ad79-1327c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7b3a330b6b-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 1398
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:26:24 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.7.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 19:20:02 GMT
x-content-type-options: nosniff
age: 602980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Aug 2022 19:20:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 542981
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 12:00:01 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:12:52 GMT
x-content-type-options: nosniff
age: 581810
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:12:52 GMT

GET
H3-29 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 01:12:57 GMT
x-content-type-options: nosniff
age: 581806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 01:12:57 GMT

GET
H3-29 200 ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
orca.security/resources/wp-content/uploads/sites/2/ 419 KB
420 KB 706ms
701ms Image
image/jpeg 162.159.135.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://orca.security/resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

162.159.135.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /resources/wp-content/uploads/sites/2/ORC03296_Graphic-Request_Malware-Blog_1200x628_R3V2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: orca.security
referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
ki-edge: v=16.1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 429292
last-modified: Thu, 15 Jul 2021 12:15:52 GMT
server: cloudflare
etag: "60f026f8-68cec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 67c32a7c5989fa44-AMS
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.0 200
OK Cookie set 2vsl Show response
go.orca.security/l/898611/2020-12-11/ Frame 2C19 5 KB
3 KB 665ms
283ms Document
text/html 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 937c1830b0b7d490405e8534908597528dd8be51c3f3c2727e7379087b7dab00

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=591793998; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=ae3875d91bd8033c0838167f4a251304329ca3f7337a64263496da9f6cbe7de9c3b5eb8c0aabe6b0cf236dfe262526a77f40a460; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 17/1/89
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2101
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame 2AC7 28 KB
9 KB 676ms
292ms Document
text/html 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=591794000; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=da9fb7ac9d1e1d5227d513eef398a423d299a588a04a2ad8850f3761bcf6f2f4a705a4d08822279a96f12eae60dfc835d8beb63e; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 17/4/146
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7856
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Connection: keep-alive

GET
H/1.0 200
OK Cookie set 2vsj Show response
go.orca.security/l/898611/2020-12-11/ Frame BFEF 28 KB
9 KB 729ms
330ms Document
text/html 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f

Request headers

Host: go.orca.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id898611=591794002; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id898611-hash=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3; expires=Thu, 07-Aug-2031 18:49:43 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/27/55
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7856
Content-Type: text/html; charset=utf-8
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
Server: PardotServer
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Connection: keep-alive

GET
H2 200 attributionSnippet.js Show response
ddzuuyx7zj81k.cloudfront.net/1.0.0/ 6 KB
2 KB 13ms
12ms Script
application/javascript 2600:9000:206f:9400:8:8d2f:9e00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:9400:8:8d2f:9e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: byeHX812S_yqEUlWJThDSpvTDsdImXfO
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 13:24:02 GMT
server: AmazonS3
age: 63056
etag: W/"095ed9e012f89a607e757ca1e6ae6cec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f358cf5f46d10c349187abd5e20e06cf.cloudfront.net (CloudFront)
date: Mon, 09 Aug 2021 01:18:48 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: wQo7WyQcMmixYvmNFrTk59T-PimTU9L9QXwZCLg7-SCuW1YiV3ztmg==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=23857
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5762
date: Mon, 09 Aug 2021 17:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 09 Aug 2021 19:13:41 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 125ms
39ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 67349
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1628534983.214629,VS0,VE0
x-served-by: cache-fra19166-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 158ms
68ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 7ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: 3CHaH/e9RrrQJMbYAM2mrn0kbMnj2Qhy0hwAFqepKFoHw1PvWVV7iIupysF05zlvdZq+NuA2a7hJdB6Bp5vgPQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 09 Aug 2021 18:49:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3724.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
431 B 172ms
171ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3724.js?p=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&e=

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 3cb3d5bd-9d4e-4d4c-9b60-c879dbea1e33
x-runtime: 0.006239
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-ray: 67c32a7c7af8dfbb-FRA

GET
H2 200 hotjar-1785482.js Show response
static.hotjar.com/c/ 4 KB
2 KB 195ms
105ms Script
application/javascript 65.9.96.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.96.102 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4c52124837ad325476a1038054672a1d9c22000e36fb6ef4828d5f4fa5055f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: PRG50-C1
etag: W/fb6ac21dbb549008f8ba12940f77b079
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 2034
via: 1.1 4bc1976da553dde6dd59c4ea33001b73.cloudfront.net (CloudFront)
x-amz-cf-id: 5SNcIHH6WmblAwcMrcI2o2OY3Y4pQwe3z1M1L-joHiQKvtpKlD7cTQ==

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 68 KB
24 KB 18ms
17ms Script
application/javascript 2606:4700:20::ac43:4470
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4470 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 977408
access-control-allow-methods: GET,POST,OPTIONS,DELETE,PUT
strict-transport-security: max-age=31536000
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 14 Mar 2021 09:24:44 GMT
server: cloudflare
x-frame-options: sameorigin
etag: W/"10eb4-5bd7bb41f7cc3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I89U7ditxQOvkNvr1rnJklmEzI2ZW8UdF6RddhPJAO8SOu4HkgyYsMVHFY9oKlbkM7tcYW%2Fe%2FtpjCIg5IgvHkiciC0y1pvph0vsHZ8mFTGg8VqIxdtwpsL28%2FEKsgC6SpH5CL2oAiuS8Mze5j6eWQxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding,User-Agent
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 67c32a7c8bcc4a7f-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
expires: Sat, 28 Aug 2021 11:19:35 GMT

GET
H/1.1 200
OK qualified.js Show response
js.qualified.com/ 222 KB
66 KB 493ms
159ms Script
text/javascript 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-239-18.compute-1.amazonaws.com

Software

nginx /

Resource Hash

91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: ebb0c79a-ac89-65a9-876f-a3ced8eac657
X-Runtime: 0.011478
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
Etag: W/"91dbec0f4e07b605763f34157768eae0"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=0, private, must-revalidate

GET platform.js
insiderdata360online.com/service/ 0
0

GET
H2 403 getMapping Show response
ws.zoominfo.com/form-complete/ 26 B
106 B 153ms
153ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cf-ray: 67c32a7cb91e4ea9-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"1a-6NuuSjmV14w26uMjJ2AMk7q0aZk"

GET
H2 200 03772d1e-aef0-4e74-a117-9f4ee3b9e51c Show response
forms.hsforms.com/embed/v3/form/5544741/ 12 KB
3 KB 405ms
404ms Script
application/javascript 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5544741/03772d1e-aef0-4e74-a117-9f4ee3b9e51c?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9907e36c930c3f9433ccb0d783636ea0052cbf766c27c2539d8d0d86e8577e06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 1647ea4c-5b1c-4e4f-92b0-588663e968bb
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2B8EB4E37B7731302954DF085AB2FEEDDD47C78727000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 67c32a7d3d724aaa-FRA

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1286465%26time%3D1628534983195%26url%3Dhttps%253A%252F%252Forca.security%252Freso...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liS...

0
155 B

400ms
145ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQKEXs_HpRtibQAAAXssP8wjgADpqKJL-ZNVHUJtwR7fc9NDrck7rhNc7mPA7iUc656skcG8
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: 4eJPjvC3mRbwGYyc3ioAAA==

Redirect headers

date: Mon, 09 Aug 2021 18:49:43 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1286465&time=1628534983195&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&liSync=true&e_ipv6=AQKEXs_HpRtibQAAAXssP8wjgADpqKJL-ZNVHUJtwR7fc9NDrck7rhNc7mPA7iUc656skcG8
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: Zqm1d/C3mRbwVJOw7yoAAA==

POST
H2 200 setcookie2 Show response
services.infinigrow.com/ 15 B
599 B 575ms
481ms Fetch
application/json 13.227.222.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.222.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-222-25.ams54.r.cloudfront.net
Software: /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
via: 1.1 38f6d324a75dff585b0ce25920fd4bda.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amzn-requestid: 526aeb5c-8c88-44db-bb83-f87ae401ace7
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orca.security
x-amzn-trace-id: Root=1-611178c8-21f046a443f09b90003d7cf1;Sampled=0
access-control-allow-credentials: true
x-amz-apigw-id: Dz_PUGdbPHcFZmg=
content-length: 15
x-amz-cf-id: aZ1tHgI_-hYUxaT6ZOSBjl499OCc0sC1tRnygOB2D3oVOUH3VtbEiA==

OPTIONS
H2 204 setcookie2
services.infinigrow.com/ Frame 0
0 576ms
471ms Preflight 13.227.222.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://services.infinigrow.com/setcookie2
Protocol: H2
Server: 13.227.222.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-222-25.ams54.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
x-amzn-requestid: 96ffd67e-39d5-4f5a-9799-c3c84a5a6fae
access-control-allow-origin: https://orca.security
access-control-allow-headers: Origin,Content-Length,Content-Type
x-amz-apigw-id: Dz_POE6_vHcFjow=
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD
x-amzn-trace-id: Root=1-611178c7-667b98435e30f2ee21d78ef4;Sampled=0
access-control-max-age: 43200
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 630336d6cdf08cf266841fd503dc03d0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: bFMCo3KUNBtavyQZFwYxs_n-UL5WvyzLnKjKNtGMY9af-Nqjr3j9NA==

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 99 KB
39 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-PWBBWC3&t=gtm4&cid=1167296594.1628534983

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1083cfbdd8476cc39316b69b8ec170d50999edb8350e35a6e3fdb9d725f47d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40093
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H3-29 200 208134170283065 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 138ms
138ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/208134170283065?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: H+ploWO0ekDHE4ZEUbo1P8MYLLQEt/TS4nW5bBjygbCTrTVlsZa1IkyONd6zL2hhfrikkMw1gw8wqhR7hdCKnw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 09 Aug 2021 18:49:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 244ms
148ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 09 Aug 2021 18:49:43 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b55b87e71116b26a6cc4e3710362f6f3dcd194f978112d0ebfa12be53d708820
x-transaction: 8149f6558ffdfac1
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
24 B 16ms
16ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=592235680&t=pageview&_s=1&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=1581478624&gjid=717686603&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&_r=1&gtm=2wg840MFH8KTP&z=2108910040

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1581478624&gjid=717686603&_gid=922088814.1628534983&_u=aGDAAEACQAAAAC~&z=1722265123

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 Aug 2021 18:49:43 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1581478624&_u=aGDAAEACQAAAAC~&z=1395742270

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1581478624&_u=aGDAAEACQAAAAC~&z=1395742270

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/653025264/?random=1628534983297&cv=9&fst=1628534983297&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&ig=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

657a07ecea652e054fcf0eb9e7614708d1e5633e11e7cdc35ba2d166e9452603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1077
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 150ms
50ms Script
application/javascript 65.9.96.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.96.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 361898
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: f8_Cs64W-qvnVyAMkKnNid3QnuvjBqSaTRoS-nnUfM3jUaeLWr5KYw==

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/653025264/ 42 B
64 B 27ms
25ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/653025264/?random=1628534983297&cv=9&fst=1628532000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=624251556&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/653025264/ 42 B
64 B 28ms
26ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/653025264/?random=1628534983297&cv=9&fst=1628532000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg840&sendb=1&frm=0&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&tiba=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&async=1&fmt=3&is_vtc=1&random=624251556&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=208134170283065&ev=PageView&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&rl=&if=false&ts=1628534983506&sw=1600&sh=1200&v=2.9.44&r=stable&ec=0&o=30&fbp=fb.1.1628534983505.1583052650&it=1628534983227&coo=false&rqm=GET

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H2 200 5544741.js Show response
js.hs-analytics.net/analytics/1628534700000/ 62 KB
19 KB 19ms
18ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1628534700000/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6ce41aa5b6c062eeaf822aae94f23727248c17d2cd4b6b54fc54c085b58802d

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
cf-cache-status: HIT
age: 243
x-amz-server-side-encryption: AES256
x-amz-request-id: 8MFQ25371B6GQPZW
x-amz-id-2: aNqyvRyOO1vHMQgLmnMticc0WGXaejWSWsK6C6KsPhdsb4VCh7ZRd/otgWP8k/MWinwZOogqgfU=
last-modified: Mon, 09 Aug 2021 15:31:15 GMT
server: cloudflare
etag: W/"49e223d584d85c82f84625ba7d934d70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-ray: 67c32a7f0e334ee6-FRA
expires: Mon, 09 Aug 2021 18:50:40 GMT

GET
H2 200 5544741.js Show response
js.hs-banner.com/ 60 KB
15 KB 20ms
20ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5544741.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5544741.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33394c646382ba94e14dc6b22ab6880823a76357069c263886602255c118a21f

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
cf-cache-status: HIT
age: 89
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: 9935SNDZRAH92G6Z
x-amz-id-2: lSo+LbtKD90v4MGzX5at9yUkJu3Ebgv8uWA4agG475wyt9jq7KoXrKR1+62Flj4x6HcZ/6dOgTE=
timing-allow-origin: *
last-modified: Mon, 09 Aug 2021 15:31:13 GMT
server: cloudflare
etag: W/"ca0a4c7d462e3bbc21a7cf269d870342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: O9NXuCLAPdZgoBNy_IhB_nSd8_uWQdSC
access-control-allow-origin: https://orca.security
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 67c32a7f0fcd4e55-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 09 Aug 2021 18:53:14 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame 2C19 31 KB
8 KB 131ms
130ms Stylesheet
text/css 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Wed, 09 Aug 2023 18:49:43 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame 2C19 341 KB
99 KB 153ms
143ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
X-Pardot-Route: fb09abcaff05ac363535c455b453208a
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 09 Aug 2023 18:49:43 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 2C19 105 KB
40 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6cb780b4fbe35bfd23f71e591daf8344053f58df851113f5ec7cbfd51dc7dec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40703
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame 2AC7 94 KB
94 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:48:27 GMT
x-content-type-options: nosniff
age: 76
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96381
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:48:27 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame 2AC7 7 KB
543 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:45:36 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame 2AC7 31 KB
8 KB 241ms
137ms Stylesheet
text/css 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Wed, 09 Aug 2023 18:49:43 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame 2AC7 341 KB
99 KB 388ms
146ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 09 Aug 2023 18:49:44 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 2AC7 105 KB
40 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

48461fcdd1f67acffa92db5bcbf9a8d1e77ccb99dcea81f3829e3a3156fcbf5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40704
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame 2AC7 122 KB
40 KB 53ms
52ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 958
x-guploader-uploadid: ADPycduktpH5F-0WAd9JqeqKzzXWn7T8uhJIe2ymv4ygHP4ejeUYPBPbchs6Uvuz_1pToaiwoZ7XJ3X-BqH_W5uZ4yAl0XLazA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67c32a81eeeb4eb5-FRA
expires: Mon, 09 Aug 2021 19:33:46 GMT

GET
H3-29 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ Frame BFEF 94 KB
94 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:48:27 GMT
x-content-type-options: nosniff
age: 76
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96381
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:48:27 GMT

GET
H3-29 200 css2
fonts.googleapis.com/ Frame BFEF 7 KB
543 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:49:43 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H/1.1 200
OK form.css
go.orca.security/css/ Frame BFEF 31 KB
8 KB 142ms
132ms Stylesheet
text/css 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/css/form.css?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:43 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "7be2-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 7660
Expires: Wed, 09 Aug 2023 18:49:43 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.orca.security/js/ Frame BFEF 341 KB
99 KB 276ms
136ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/js/piUtils.js?ver=2020-10-19
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 09 Aug 2023 18:49:44 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame BFEF 105 KB
40 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

48461fcdd1f67acffa92db5bcbf9a8d1e77ccb99dcea81f3829e3a3156fcbf5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40704
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Aug 2021 18:49:43 GMT

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame BFEF 122 KB
40 KB 70ms
70ms Script
application/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 958
x-guploader-uploadid: ADPycduktpH5F-0WAd9JqeqKzzXWn7T8uhJIe2ymv4ygHP4ejeUYPBPbchs6Uvuz_1pToaiwoZ7XJ3X-BqH_W5uZ4yAl0XLazA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 10:39:08 GMT
server: cloudflare
etag: W/"1e1e37b752fd19a94113b3725ef35506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EP8N2g==, md5=Hh43t1L9GalBE7NyXvNVBg==
x-goog-generation: 1626259148350866
cache-control: public, max-age=3600
x-goog-stored-content-length: 124580
cf-ray: 67c32a81ff264eb5-FRA
expires: Mon, 09 Aug 2021 19:33:46 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 2C19 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4389
date: Mon, 09 Aug 2021 17:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 09 Aug 2021 19:36:34 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame 2C19 0
0

GET
H3-29 200 collect
www.google-analytics.com/ Frame 2C19 35 B
57 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2058266021&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1213x155&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=241476564

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79872
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame 2AC7 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4390
date: Mon, 09 Aug 2021 17:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 09 Aug 2021 19:36:34 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame 2AC7 0
0

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame BFEF 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTM87SL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 4390
date: Mon, 09 Aug 2021 17:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 09 Aug 2021 19:36:34 GMT

GET conversion_async.js
www.googleadservices.com/pagead/ Frame BFEF 0
0

POST
H3-29 200 /
www.facebook.com/tr/ 0
18 B 17ms
9ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQypiinEDMWpAH1PI

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 09 Aug 2021 18:49:44 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame 2AC7 814 B
596 B 150ms
150ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 67c32a825d5d4ea9-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 2C19 5 KB
2 KB 522ms
131ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsl
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Wed, 09 Aug 2023 18:49:44 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame 2AC7 35 B
57 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1984944341&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=248x94&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=393774511

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame 2C19 35 B
57 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2058266021&t=timing&_s=2&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1213x155&je=0&plt=1098&pdt=1&dns=2&rrt=0&srt=283&tcp=378&dit=1057&clt=1057&_gst=912&_gbt=941&_cst=672&_cbt=894&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=1733726732

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getMapping Show response
ws.zoominfo.com/form-complete/ Frame BFEF 814 B
573 B 156ms
156ms XHR
application/json 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/form-complete/getMapping?formId=wymcNktFMIhtz4zMJ4Cn

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
via: 1.1 google
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.orca.security
access-control-allow-credentials: true
cf-ray: 67c32a82eebd4ea9-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
etag: W/"32e-56y0x/xolG6sqdVLNPZOnEQpq9g"

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame 2C19 0
0

GET
H3-29 200 collect
www.google-analytics.com/ Frame BFEF 35 B
57 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2136709005&t=pageview&_s=1&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=766735323

Requested by

Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
658 B 247ms
160ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=o4qyy&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 09 Aug 2021 18:49:44 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 120fd0a6cec5d1c6a9bc53a10c822d573fca4a93b8ac794ac078b05b40463d6f
x-transaction: a13b8ef2ee0b60b6
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 v2.js Show response
js.hsforms.net/forms/ Frame 9254 569 KB
145 KB 30ms
23ms Script
application/javascript 2606:4700::6811:b949
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b949 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
via: 1.1 2af881fc3dba7aadc69b3ca00dd6e9e6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: W/"54f88eaced1496c532226765043c50e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gi6B7UcoSJ8fb1CL1dvFQJqE4huheSgDcflgRK4qTytWL2%2FdQV%2B1OiWon0TNgmL%2F%2BH4nHJ0RVRT2pp8J%2FADp1bc3Ge6tWo%2FL%2Bw27YwknGkIL9WyDGfO%2BO%2FhSodNscKSqdSSi9u8mZFvp1FF"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD66-C2
cf-ray: 67c32a83ab5c16ee-FRA
x-amz-cf-id: W7an3oUJibPq6V0oI9j0q8rUKAn_-Uu7w1PE3--6-C2ONINP-e7Gtw==
x-hs-target-asset: FormsNext/static-5.349/bundles/project_with_deps.js

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 205 KB
58 KB 146ms
46ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFH8KTP
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 17b07c005d132a71cd2aacab39ad1115d52648f983a647e6d300b4b3b325e2c9

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/08/2021 22:51:39
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 16:18:59 GMT
cdn-proxyver: 1.0
cdn-fileserver: 188
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 43dc284197f9c1fbc59c638b64b08f03
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 5FFC 2 KB
1 KB 123ms
40ms Document
text/html 99.86.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1785482.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-14.fra6.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://orca.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 18 Jul 2021 00:16:30 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 15 Jul 2021 14:16:09 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: dtdLaYBohoe1ffpnIccVVIQU9gOnNmDf21SFA8EPzaOMr9SjrEbjbA==
age: 1967594

GET
H3-29 200 xn7gYHE41ni1AdIRggexSg.woff2
fonts.gstatic.com/s/manrope/v4/ Frame 2AC7 22 KB
22 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/manrope/v4/xn7gYHE41ni1AdIRggexSg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://go.orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:31:24 GMT
x-content-type-options: nosniff
age: 1100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22788
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:57:26 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:31:24 GMT

GET
DATA 200
OK truncated
/ Frame 2AC7 268 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 2AC7 5 KB
2 KB 415ms
132ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Wed, 09 Aug 2023 18:49:44 GMT

GET
H2 200 infinigrow.js Show response
dss6ntp5q2r0o.cloudfront.net/2.9.0/ 74 KB
25 KB 14ms
14ms Script
application/javascript 2600:9000:206f:2800:10:7994:d200:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Requested by: Host: ddzuuyx7zj81k.cloudfront.net
URL: https://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2800:10:7994:d200:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 08 Aug 2021 21:13:43 GMT
content-encoding: gzip
last-modified: Sun, 24 Jun 2018 15:14:02 GMT
server: AmazonS3
age: 78997
etag: W/"2f70fa2239343e20deb5c199873fbed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: UfRj_O-WU4vYDXs_wUHq1ApQp85jBkSJF0HHHyFcY8FPwxSV1S9ZZw==

GET
H3-29 200 sproket.png
js.hsforms.net/ Frame 9254 3 KB
4 KB 18ms
17ms Image
image/png 2606:4700::6811:b949
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://js.hsforms.net/sproket.png

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b949 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cecf0475d5d2db81d7d1535a89f570b89e290f27b0867923f074b81155cf5da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
via: 1.1 a3cc6ada872dd8799739f0e62dddda7d.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 464
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
x-amz-replication-status: COMPLETED
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3462
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: "86101ad666d2280d01e62b9846d6db82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqgIsTA%2BkhJFmZ8gsDJG8%2FBt4QGMdx270ehJaZXrUb4hFA0DBPxto%2BB6Nq2NNBhNA1U0l%2Fx%2FYCVZyJRqMFhAMNX9Oph1ozUMYmTcAD6DPU3VZTGHeYi7%2ByZxml2eghcRBeuvOJPFXgBP3DEQ"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: kej7V1r4ksdFg4_NkjVN2da4DJh9ED6P
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD66-C2
accept-ranges: bytes
cf-ray: 67c32a849d4d16ee-FRA
x-amz-cf-id: NtPVuS946SVqeTkzwYgLEgughGojAJSbpI4oitwJ9qF4kRZAE_rdqA==
x-hs-target-asset: FormsNext/static-5.349/img/sproket.png

GET
H3-29 200 collect
www.google-analytics.com/ Frame 2AC7 35 B
57 B 6ms
5ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=1984944341&t=timing&_s=2&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=248x94&je=0&plt=1338&pdt=1&dns=2&rrt=1&srt=292&tcp=382&dit=1313&clt=1313&_gst=968&_gbt=1098&_cst=684&_cbt=960&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=652919661

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame 2AC7 0
0

GET attributionSnippet.js
ddzuuyx7zj81k.cloudfront.net/1.0.0/ Frame BFEF 0
0

POST
H/1.1 200
OK tp2 Show response
sp.infinigrow.com/com.snowplowanalytics.snowplow/ 2 B
460 B 1102ms
202ms XHR
text/plain 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: dss6ntp5q2r0o.cloudfront.net
URL: https://dss6ntp5q2r0o.cloudfront.net/2.9.0/infinigrow.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 09 Aug 2021 18:49:46 GMT
Server: akka-http/10.0.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin: https://orca.security
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Content-Length: 2

OPTIONS
H/1.1 200
OK tp2
sp.infinigrow.com/com.snowplowanalytics.snowplow/ Frame 0
0 1126ms
205ms Preflight 52.89.105.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.infinigrow.com/com.snowplowanalytics.snowplow/tp2
Protocol: HTTP/1.1
Server: 52.89.105.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-105-17.us-west-2.compute.amazonaws.com
Software: akka-http/10.0.9 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://orca.security
Date: Mon, 09 Aug 2021 18:49:45 GMT
Server: akka-http/10.0.9
Content-Length: 0
Connection: keep-alive

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame BFEF 5 KB
2 KB 436ms
132ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: go.orca.security
URL: https://go.orca.security/l/898611/2020-12-11/2vsj
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: b39cd42d381b722267ab9de7e8c10f5d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Wed, 09 Aug 2023 18:49:44 GMT

GET
H2 200 78657 Show response
api.omappapi.com/v2/embed/ 9 KB
3 KB 236ms
136ms XHR
application/json 143.204.98.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78657?d=orca.security
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-38.fra50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 94f9190bff270944affe1050bc67f4b0c98f7193e7022eb9e94ba03f075061ac

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: FRA50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 88433
x-user-agent: standard--
last-modified: Mon, 09 Aug 2021 11:35:50 GMT
server: Pagely Gateway/1.5.1
etag: W/"97786f3665c112592a40fc8acacdf702"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: Vbyb1YAZ6t0TBn6GhYsf-8wgycYsicIBJOPU63LR4_8pmK2_BEV_uQ==
expires: Mon, 09 Aug 2021 18:22:39 GMT

GET
H3-29 200 collect
www.google-analytics.com/ Frame BFEF 35 B
57 B 13ms
6ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j92&a=2136709005&t=timing&_s=2&dl=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&dr=https%3A%2F%2Forca.security%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&plt=1396&pdt=1&dns=0&rrt=0&srt=331&tcp=398&dit=1364&clt=1364&_gst=923&_gbt=1073&_cst=738&_cbt=920&_u=QACAAEAB~&jid=&gjid=&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&gtm=2wg840MTM87SL&z=1100099607

Requested by

Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Aug 2021 20:38:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 2C19 3 KB
3 KB 357ms
241ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

95f1a8ca09c538bc29691af48fc8e9561fd851d73f9969f7a1980162add3cf92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/84/131
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1446
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 43ms
42ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/09/2021 00:16:55
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:16 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 65d7ea2dd7a01830e76d59aaf45118b4
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 moment.min.js Show response
a.omappapi.com/app/js/moment.js/2.24.0/ 52 KB
19 KB 46ms
45ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment.js/2.24.0/moment.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/09/2021 14:13:32
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:19 GMT
cdn-proxyver: 1.0
cdn-fileserver: 89
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 47aca7b4eb32db197da9c9893efcfaf0
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
a.omappapi.com/users/16cbaba9fcb1/images/ 27 KB
28 KB 46ms
45ms Image
image/webp 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/16cbaba9fcb1/images/f705569335081612217557-0103-OrcaSecurity-WebsiteCard-1.png
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/09/2021 07:59:39
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length: 27446
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 18:29:20 GMT
cdn-proxyver: 1.0
cdn-fileserver: 78
content-type: image/webp
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestpullcode: 200
cdn-requestid: dba4903c45fd6db2b2e30024804376cf
accept-ranges: bytes
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 2AC7 3 KB
3 KB 337ms
259ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

091cea73e2851459d5a1d4ddd0ec4e53c0ab8a25e1bc58d1cfcf73d9e8b81948

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 17/13/76
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1445
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 moment-timezone-with-data-2012-2022.min.js Show response
a.omappapi.com/app/js/moment-timezone/0.5.23/ 32 KB
11 KB 45ms
45ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/moment-timezone/0.5.23/moment-timezone-with-data-2012-2022.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:44 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/08/2021 22:02:04
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 03:51:03 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: caadf00c845d49733825054b1a8aa505
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame F330 3 KB
2 KB 425ms
140ms Document
text/html 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-239-18.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e635f91800e17fbf3a0743f9883454dd1aa9095fe2ec8be8843e77db8ea9f5ed

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: app.qualified.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://orca.security/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://orca.security/

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Mon, 09 Aug 2021 18:49:45 GMT
Etag: W/"e635f91800e17fbf3a0743f9883454dd"
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (020d7643da32)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: cdeaa276-7da0-29b9-c500-5fa4e6ed0a1e
X-Runtime: 0.010602
X-Xss-Protection: 1; mode=block
Content-Length: 1110

GET
H/1.0 200
OK dc.js Show response
go.orca.security/dcjs/898611/14/ 46 B
639 B 200ms
199ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/dcjs/898611/14/dc.js
Requested by: Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:44 GMT
X-Pardot-Route: cb482e8713caadba289bc279c1db8a1d
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/113/55
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 46
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame BFEF 3 KB
3 KB 249ms
249ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

091cea73e2851459d5a1d4ddd0ec4e53c0ab8a25e1bc58d1cfcf73d9e8b81948

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://go.orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:44 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/34/23
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1445
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame 2C19 50 B
1 KB 234ms
233ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsl&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17085&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsl&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:45 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/34/3
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame 2C19 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame 2AC7 50 B
1 KB 209ms
208ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:45 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 17/10/223
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame 2AC7 0
0

GET
H/1.0 200
OK analytics Show response
go.orca.security/ Frame BFEF 50 B
1 KB 204ms
204ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https://go.orca.security/l/898611/2020-12-11/2vsj&referrer=https://orca.security/
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=591794002&visitor_id_sign=2c75610a76498099a20bb2c6ff656e816035992718e3dceb2bd0eb31f8a9218d86c03462f981a5000d550efcf221e8c6dcdf7ab3&pi_opt_in=&campaign_id=17083&account_id=899611&title=&url=https%3A%2F%2Fgo.orca.security%2Fl%2F898611%2F2020-12-11%2F2vsj&referrer=https%3A%2F%2Forca.security%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://go.orca.security/l/898611/2020-12-11/2vsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:45 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/74/65
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET embed_shepherd-v1.js
fast.wistia.com/static/ Frame BFEF 0
0

GET
H3-29 200 css
fonts.googleapis.com/ 7 KB
723 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cbf75dd8897736ba7ab7b6d8df2f9cb2ffdf4612e4c3701e8a6683917a446c57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:49:45 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:45 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v19/ 23 KB
23 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v19/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:05:06 GMT
x-content-type-options: nosniff
age: 269079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:48:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 16:05:06 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v22/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v22/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:03:56 GMT
x-content-type-options: nosniff
age: 269149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:53:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 16:03:56 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v22/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v22/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:03:56 GMT
x-content-type-options: nosniff
age: 269149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:53:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 16:03:56 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v22/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v22/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:600,500,400%7COpen+Sans:400,700,800

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://orca.security
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:08:59 GMT
x-content-type-options: nosniff
age: 268846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15188
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:54:00 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 16:08:59 GMT

GET
H/1.1 200
OK Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
app.qualified.com/packs/media/fonts/inter/ Frame F330 115 KB
115 KB 129ms
128ms Font
font/woff2 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Via: 1.1 spaces-router (020d7643da32)
Last-Modified: Fri, 06 Aug 2021 23:16:30 GMT
Server: nginx
Etag: "610dc2ce-1ca00"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 117248
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
app.qualified.com/packs/media/fonts/inter/ Frame F330 123 KB
123 KB 391ms
131ms Font
font/woff2 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/media/fonts/inter/Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150

Request headers

Origin: https://app.qualified.com
Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Via: 1.1 spaces-router (020d7643da32)
Last-Modified: Fri, 06 Aug 2021 23:16:30 GMT
Server: nginx
Etag: "610dc2ce-1eacc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Content-Length: 125644
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2-d29c8f89.chunk.css
app.qualified.com/packs/css/ Frame F330 20 KB
4 KB 377ms
124ms Stylesheet
text/css 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/2-d29c8f89.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Aug 2021 23:14:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 3894
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-d46acbed.chunk.css
app.qualified.com/packs/css/widget/sandboxed/ Frame F330 5 KB
1 KB 378ms
125ms Stylesheet
text/css 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/css/widget/sandboxed/messenger-d46acbed.chunk.css
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Aug 2021 23:14:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 1115
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger~runtime-dafe21483d2a4a7bd206.js Show response
app.qualified.com/packs/js/widget/sandboxed/ Frame F330 1 KB
1 KB 388ms
130ms Script
application/javascript 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget/sandboxed/messenger~runtime-dafe21483d2a4a7bd206.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Aug 2021 23:14:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 728
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2-75b6a4d557c1383b9aa9.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/ Frame F330 1 MB
314 KB 390ms
129ms Script
application/javascript 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/2-75b6a4d557c1383b9aa9.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Aug 2021 23:14:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 321665
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger-6a2972adcc660e5e18cb.chunk.js Show response
app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame F330 398 KB
88 KB 125ms
125ms Script
application/javascript 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-6a2972adcc660e5e18cb.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 34eaeb89e9803d8b0f753ee153b7b94f7addb4d6e970b98461d7d39c1b54acba

Request headers

Referer: https://app.qualified.com/w/1/gndr1NireXGRNRuC/messenger?uuid=fe476b5d-a863-4b68-8ce0-d897858a323a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Aug 2021 23:14:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 spaces-router (020d7643da32)
Cache-Control: max-age=315360000, public
Content-Length: 89498
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
737 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600,400

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b68978c9cb1e6bd79ef47484d91e679ba1fc2ef952d1a9e286fe71cf94589201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Aug 2021 18:02:00 GMT
server: ESF
date: Mon, 09 Aug 2021 18:49:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Aug 2021 18:49:47 GMT

GET
H2 200 9103dfdb6f346d677a39ad9f7923ba70-optin.json Show response
a.omappapi.com/app/campaign-views/16cbaba9fcb1/qu7bage6tqp3p9whggj1/ 27 KB
6 KB 133ms
47ms XHR
application/json 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/16cbaba9fcb1/qu7bage6tqp3p9whggj1/9103dfdb6f346d677a39ad9f7923ba70-optin.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c922c4dfc88f88c4658b497e757b0eaf0cb82a6892dc9dcc17f0da90711c608f

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:47 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/09/2021 14:46:33
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Mon, 09 Aug 2021 11:36:08 GMT
cdn-proxyver: 1.0
cdn-fileserver: 194
vary: Accept-Encoding
content-type: application/json
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 60f63885f0890206f8132af4405b111c
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 204
No Content i Show response
z.omappapi.com/v3/ 0
201 B 391ms
140ms XHR
text/plain 178.128.135.232
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://z.omappapi.com/v3/i?aid=78657&cid=qu7bage6tqp3p9whggj1&sid=5f178b57ef8a9&rt=false&dv=desktop&cty=floating&url=resources%2Fblog%2Fcloud-malware-challenges-best-practices&v=5
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.128.135.232 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: kong/0.14.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://orca.security
Date: Mon, 09 Aug 2021 18:49:48 GMT
Access-Control-Allow-Credentials: true
Server: kong/0.14.1
Connection: keep-alive

POST
H/1.1 204
No Content visitor_events Show response
app.qualified.com/w/1/gndr1NireXGRNRuC/ 0
639 B 144ms
144ms XHR
text/plain 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=gndr1NireXGRNRuC

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-239-18.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json; charset=UTF-8

Response headers

Date: Mon, 09 Aug 2021 18:49:50 GMT
Via: 1.1 spaces-router (020d7643da32)
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Access-Control-Max-Age: 7200
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Xss-Protection: 1; mode=block
X-Request-Id: 018db3c3-8e7c-7ccd-a28e-382d4229f5c4
X-Runtime: 0.004807
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Vary: Origin
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: no-cache

OPTIONS
H/1.1 200
OK visitor_events
app.qualified.com/w/1/gndr1NireXGRNRuC/ Frame 0
0 421ms
138ms Preflight 54.226.239.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/w/1/gndr1NireXGRNRuC/visitor_events
Protocol: HTTP/1.1
Server: 54.226.239.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-239-18.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://orca.security
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 7200
Date: Mon, 09 Aug 2021 18:49:50 GMT
Server: nginx
Via: 1.1 spaces-router (020d7643da32)
Content-Length: 0

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 133ms
133ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: orca.security
URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 18:49:53 GMT
Content-Encoding: gzip
X-Pardot-Route: 4587f66dff94d6e76a668284fbf3dba1
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 09 Aug 2021 05:17:58 GMT
Server: PardotServer
ETag: "14be-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1923
Expires: Wed, 09 Aug 2023 18:49:53 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
362 B 38ms
37ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628534993165&vi=5f06efd3eb8d743f7de65dfc34a413e2&nc=true&u=132551249.5f06efd3eb8d743f7de65dfc34a413e2.1628534993162.1628534993162.1628534993162.1&b=132551249.1.1628534993162&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:53 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: fe70f09b-f097-4511-8b7f-0022f07e2d35
cf-ray: 67c32abb5b8258f3-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slVnrggtwfEZ9DZjtLc%2BSkCd228%2FHgkchQFsgwumgzqNWJuAqKO4eQfXiVVM4Crl9Ok9dQOk8mqMRd9%2FW%2F7dEIAx2WKZbun%2BLlA1nlwdmRIc7hE25zqJDvF2NP%2FqoDYKhy4zm%2Fcz2JLGhO2H5maT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
387 B 37ms
37ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=03772d1e-aef0-4e74-a117-9f4ee3b9e51c&fci=55188075-48c7-4009-aa0f-5b04d0438a85&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5544741&ct=blog-post&rcu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F&pu=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&t=Malware+in+the+Cloud%3A+Challenges+and+Best+Practices+-+Orca+Security&cts=1628534993168&vi=5f06efd3eb8d743f7de65dfc34a413e2&nc=true&u=132551249.5f06efd3eb8d743f7de65dfc34a413e2.1628534993162.1628534993162.1628534993162.1&b=132551249.1.1628534993162&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:53 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 55a76d4e-cc49-484b-bf27-48bfa21c6b82
cf-ray: 67c32abb5b8358f3-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXhmnKORAFad1rW%2F3Ygmaea0Bh8YqD1B9oWRZXSti28o4kKKj3WnfYD7AaEp%2Fo9UcZ%2FY1IYn%2FC2dPygcD7r0oB5A%2Fh4dPxmt%2FWjWIhej%2BCObbqvNEJZe%2FLqaidVJbHaOIlC9%2F1xsbz3sFnGPNMqy"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
83 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=592235680&t=timing&_s=2&dl=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&ul=en-us&de=UTF-8&dt=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=13216&pdt=432&dns=7&rrt=401&srt=1172&tcp=95&dit=4313&clt=4313&_gst=3177&_gbt=3275&_cst=2877&_cbt=3158&_u=aHDAAEADQAAAAC~&jid=1067322399&gjid=442015268&cid=1167296594.1628534983&tid=UA-141329870-1&_gid=922088814.1628534983&_r=1&gtm=2wg840MFH8KTP&z=1290709661

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 3 KB
3 KB 313ms
313ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

pi0-lba1-5-ue1.aws.pardot.com

Software

PardotServer /

Resource Hash

e94383fa61c7eec59418c326cd4d11c086541bb438d058f055dc627a263684e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:53 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/34/23
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1442
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1067322399&gjid=442015268&_gid=922088814.1628534983&_u=aHDAAEADQAAAAC~&z=266669908

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 09 Aug 2021 18:49:53 GMT
content-type: text/plain
access-control-allow-origin: https://orca.security
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
17ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1067322399&_u=aHDAAEADQAAAAC~&z=1124765101

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-141329870-1&cid=1167296594.1628534983&jid=1067322399&_u=aHDAAEADQAAAAC~&z=1124765101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Aug 2021 18:49:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.0 200
OK analytics Show response
go.orca.security/ 50 B
1 KB 204ms
203ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.orca.security/analytics?conly=true&visitor_id=591794236&visitor_id_sign=f2e445c34942236370c63e4c001f85831974c1afd428f574b73abff9404ce0d98e66e2b707a585f212c110890145c306814a1bdd&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud:%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Aug 2021 18:49:53 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 17/2/175
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 572 KB
104 KB 6ms
6ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=9607&account_id=899611&title=Malware%20in%20the%20Cloud%3A%20Challenges%20and%20Best%20Practices%20-%20Orca%20Security&url=https%3A%2F%2Forca.security%2Fresources%2Fblog%2Fcloud-malware-challenges-best-practices%2F%3Fsiteid%3DRIQSITE&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3de33a4bb413ba282bcea7e0192900fd6597509cea5d623ea6bddd1836e4409a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://orca.security/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:49:53 GMT
content-encoding: br
vary: Accept-Encoding
age: 1241
x-cache: HIT, HIT
content-length: 106396
x-served-by: cache-dca17764-DCA, cache-fra19120-FRA
access-control-allow-origin: *
x-browser-version: 89
last-modified: Fri, 06 Aug 2021 14:43:27 GMT
x-timer: S1628534994.607079,VS0,VE0
etag: "610d4a8f-19f9c"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 16

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insiderdata360online.com
URL: https://insiderdata360online.com/service/platform.js?ran=0.16297437236200074

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: ddzuuyx7zj81k.cloudfront.net
URL: http://ddzuuyx7zj81k.cloudfront.net/1.0.0/attributionSnippet.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Domain: fast.wistia.com
URL: http://fast.wistia.com/static/embed_shepherd-v1.js

Verdicts & Comments Add Verdict or Comment

258 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.orca.security/	1970-01-19 20:22:15	Name: _gat_UA-141329870-1 Value: 1
.orca.security/	1970-01-19 20:22:16	Name: __hssc Value: 132551249.1.1628534993162
.orca.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.orca.security/	1970-01-20 05:43:50	Name: hubspotutk Value: 5f06efd3eb8d743f7de65dfc34a413e2
.orca.security/	1970-01-20 05:43:50	Name: __hstc Value: 132551249.5f06efd3eb8d743f7de65dfc34a413e2.1628534993162.1628534993162.1628534993162.1

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://orca.security/resources/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 100) Message: Anchor Ready
console-api	error	URL: https://ws-assets.zoominfo.com/formcomplete.js(Line 1) Message: [ZoomInfo FormComplete] - Form form[id='pardot-form'] was not found in the document. Make sure the form element is loaded before the FormComplete script and that it is mapped correctly at the FormComplete Management page.
console-api	log	URL: https://orca.security/resources/blog/cloud-malware-challenges-best-practices/?siteid=RIQSITE(Line 165) Message: [object Object]
console-api	warning	URL: https://orca.security/resources/wp-includes/js/jquery/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at _default.get (https://orca.security/resources/wp-content/plugins/elementor/assets/js/frontend.min.js:2:56236) at _default.setViewsAndSessions (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89347) at new _default (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js:2:89098) at Function.<anonymous> (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5491) at Function.each (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:3026) at ElementorProFrontend.initModules (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5456) at ElementorProFrontend.onElementorFrontendInit (https://orca.security/resources/wp-content/plugins/elementor-pro/assets/js/frontend.min.js:2:5712) at dispatch (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:43090) at v.handle (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:41074) at Object.trigger (https://orca.security/resources/wp-includes/js/jquery/jquery.min.js:2:71513) undefined
console-api	error	URL: https://ws-assets.zoominfo.com/formcomplete.js(Line 1) Message: [ZoomInfo FormComplete] - Form form[id='pardot-form'] was not found in the document. Make sure the form element is loaded before the FormComplete script and that it is mapped correctly at the FormComplete Management page.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
app.qualified.com
cdnjs.cloudflare.com
connect.facebook.net
ddzuuyx7zj81k.cloudfront.net
dss6ntp5q2r0o.cloudfront.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
go.orca.security
googleads.g.doubleclick.net
insiderdata360online.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.qualified.com
links.readsitquick.us
maxcdn.bootstrapcdn.com
orca.security
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
services.infinigrow.com
snap.licdn.com
sp.infinigrow.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
track.hubspot.com
tracking.g2crowd.com
vars.hotjar.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
z.omappapi.com
ddzuuyx7zj81k.cloudfront.net
fast.wistia.com
insiderdata360online.com
www.googleadservices.com
104.244.42.133
104.244.42.195
108.174.10.14
13.227.222.25
142.250.186.34
143.204.98.38
151.101.12.157
162.159.135.42
178.128.135.232
18.142.0.45
2600:9000:206f:2800:10:7994:d200:21
2600:9000:206f:9400:8:8d2f:9e00:21
2606:4700:20::ac43:4470
2606:4700::6810:125e
2606:4700::6810:5805
2606:4700::6810:650c
2606:4700::6810:a852
2606:4700::6811:45b0
2606:4700::6811:b949
2606:4700::6811:d5cc
2606:4700::6812:15bf
2606:4700::6812:1abe
2606:4700::6812:bcf
2606:4700::6813:9b53
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:800::2004
2a00:1450:4001:801::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2008
2a00:1450:4001:828::2003
2a00:1450:4001:828::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:831::200a
2a00:1450:400c:c0c::9b
2a02:26f0:6c00:2b0::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::622
35.174.78.146
52.89.105.17
54.226.239.18
65.9.96.102
65.9.96.128
89.187.169.47
99.86.4.14
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
05eee7dd84da8f541a1dfebd89d2a67e8b2322fced4845f991769c1df2d096ab
08dbb435439815752ce09bfc9581b9085db9c9a66095bf5062b1c5c8adc08031
091cea73e2851459d5a1d4ddd0ec4e53c0ab8a25e1bc58d1cfcf73d9e8b81948
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1083cfbdd8476cc39316b69b8ec170d50999edb8350e35a6e3fdb9d725f47d00
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
15cabbfbc427cf3a6e897a426fa4cfc26d7171ae72763fcccc3d066338f15bf7
17b07c005d132a71cd2aacab39ad1115d52648f983a647e6d300b4b3b325e2c9
17f076500dca787c42b1dd6238ce50a0752771eafd040e8512c713a7ec947c65
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
19450de42b740616a0ae81907248584c4129e7a46c32a0c735a56d1572b5b380
1a33b00a04c9fc9b04282a6ed5e20fdef28fcb08cbcd7712057cacf7c6edd669
1ada5259a5ac61a7d68315f7efa6b98d61d2d0478df0545869c880afeaa67dcd
1e5aeaa58ab4c2345953f77e07fbc20578326076a259ed702eea64e077fde675
1ef0899dadf11eccd489e8aca5ef79eaf9c1caa00f9f1d4d8ad45ff1ed375ccf
205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2
20ffeeb1b6274d88ea1a05f79a414e6bb12189c7516514c75067d081dcd47819
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22cef597dc1807aa54025ee15d23c8f76c8fbcabbee0a1e8dfd4abcd282bc507
23190e1539469cc8b5faccb038b260ccda2cc62672c70efa1900a51a8e3d1be5
23e1875b1155de8827ca3a77a6a95ed97c37fb26a7421a1c8dbeaf332df5e967
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
285c3c6ca39b53ee2e65d425a7b26d8d9415a8e15c323aa1d73f3b79496400fc
2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2cecf0475d5d2db81d7d1535a89f570b89e290f27b0867923f074b81155cf5da
33394c646382ba94e14dc6b22ab6880823a76357069c263886602255c118a21f
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
34b499c3bed76acb12665df0c8b65d14bac3ee6161e420a9403bd694be549e78
34eaeb89e9803d8b0f753ee153b7b94f7addb4d6e970b98461d7d39c1b54acba
368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c
3afe1773cbb9677bed9327f8f81058a02d8b593b22eb24a40658539bd8a5ead8
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3de33a4bb413ba282bcea7e0192900fd6597509cea5d623ea6bddd1836e4409a
3e0e5bde2976de971453ff399dd44a574f999ff6cca7c6dec94991b07e94d477
3f9c38934fc41ee2a85f1a6e1ad59e96f7f1e73b9b4e653394708715d5ab32c5
41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150
44da12b1630d2ef003f2375847617620d5f4f7fae60a473b801cf55f15e6f9d7
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
47300f73d115d5d1586ff7b01cc7319166b160bdad6e54a54ad02ac9312f6426
48461fcdd1f67acffa92db5bcbf9a8d1e77ccb99dcea81f3829e3a3156fcbf5a
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
4c52124837ad325476a1038054672a1d9c22000e36fb6ef4828d5f4fa5055f3b
50bbb02baec0ea54be304a070a2c6d815f65ee593c04f0fd81f81ee4dc0133e2
52adbaf8b7004e3e0ef2b06be5492748eeef0bdfbc2d91b4aa3aa7ddd7028703
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
598e0da49a0d44ca888818a794151e0be9e5a5801d78e53430f451a40d67e661
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5da80845be0b787ddf4abd8c116be05e185e3e928c2773d65abb55903e362175
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60aad8b6f919b3ac201f9441562712b6b4071e6e2928577910f31ca424ffa397
64380f313f85c6feb17b558f02b5b3d145bbf934a969e012302caac445a1922f
657a07ecea652e054fcf0eb9e7614708d1e5633e11e7cdc35ba2d166e9452603
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
6727a7378d4e1b966fc6c85f5801eaccec27f573b1cbf788eed872b60839f39f
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6cb780b4fbe35bfd23f71e591daf8344053f58df851113f5ec7cbfd51dc7dec6
6dbd1967a8963d2eead020be31031ed12df79148acfea8cb787fa1358d5b4559
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6f57f8ab879288c31393c0234a10d05b7b8955999a0192d4b17d4bf6c4769a18
71008cf308a9bb2a3a3ddaa973f816c0d3a11db5cc9e7bdd5498089423019b3e
71a920e8af6069911a728a6768baf9c58e8f2dcc99599985f36f2110466457a0
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
74706fc3a0764eb273029a2ca83422dd8663978130573095d48f7ed260f28671
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce
785c1179e9138a30fccbcd502d81ad2920049a12fd3d83fae433052e9be4c62f
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c
7fc2adee3e43f35ce8e32c26f8d8cc18c647e98f5d82106937a981db839897d5
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
8191aac24052007a5eb3dff74bbcde3d14bd1b9eac048a8b781c08e144089f25
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84053d1e000e4ec2e919fc747c16eb16856745bd7cdd0279ff6be2062f365650
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8725ca355115b2fd4651581ad44a4115ec562fc3ad951c72b7da7f9c8e73051f
889910bd602fe775e79f9b7e78d50040c61d9494b90ebc97800b3ae7976cbb49
897ebbdf379aeb2c751275f083d298f15b094902c6bd6a66405ffb0604c64124
8b1378138bba66a489a96aa319ed93174ae2e9740c4e0dc6846c5f06d2193fb4
9019bd99bb2b109f32b62d0439c01e6c9e828bfd160c1e254a5a0d1c7229a4fe
91dbec0f4e07b605763f34157768eae027d683004a5200638e1153600927c575
937c1830b0b7d490405e8534908597528dd8be51c3f3c2727e7379087b7dab00
94f9190bff270944affe1050bc67f4b0c98f7193e7022eb9e94ba03f075061ac
95f1a8ca09c538bc29691af48fc8e9561fd851d73f9969f7a1980162add3cf92
96456ea83a2a92121ff46321c0f0ca85237a5fbb1cc6391a7303057226b91529
97cf1307c16a437b77b5f7f5c9bc0b985d0745a14be5a279019aca5a3432e264
9907e36c930c3f9433ccb0d783636ea0052cbf766c27c2539d8d0d86e8577e06
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a41d60f8ac48aafcddd891ddebb318735c5684c4d8c8971f2a236233f89fc3be
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a6ce41aa5b6c062eeaf822aae94f23727248c17d2cd4b6b54fc54c085b58802d
a6d75aad5c009d0bdf36d4c1d68d90e2848460fce782adb137819228842eefe0
a9703acf1b9ace4e69669e5472063f067cfaf6eba3dff61ec47b95db163a3158
a9e4a21d7a0dd665ebfe69752a801f9034ee7f4d7e5930cb267b6c48aa3bee31
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca1d2291f4713182bc182e5ef93151df69b3e97a054d16d1da5a1967fe63f15
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
afea7d7933d3140b754902ec8d48c7cc0db26b22f5912655b2fb1c1b07429478
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b3da8d4d6ce548b08ca53762d9e5f7162a073b1f07756ba8aded1c9929f9b015
b5641645c15c48b3ff5ce52e718563e1d04d18492e552eb126862768327e2855
b68978c9cb1e6bd79ef47484d91e679ba1fc2ef952d1a9e286fe71cf94589201
b7939e67e521a72f9344e54fe85a3edff247ac537235f178a522ae836dbf6820
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bb0772532e523b486ea3419e8de8a9a40a0f632bf85ddf21f0d8753427972280
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
bcaa1637eb8735dcb20b81cd9bb3cba89818bafacd4fa1e258e504a85540e139
bcca65cc24a8fa93b8c1c9b3fdab3c155b5a6c5e6013d1b0aa4e4447c8eec77c
be29174d2fe6ed8aad6c27420ce60f754419d072bfb1603ffa20626463295a57
bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e
c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c3f972393cbaeb692394b14498f8f9526c5a75480fe6fed1a5d14e83109e0cf4
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c51831a289a042fb47236cc90db37a4d2cdd827d8ba95120de2cb55826e68664
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c76c6456972a640a9057ae6e6ce9099722910ac60e2f31e514a1bf0066d9d64d
c922c4dfc88f88c4658b497e757b0eaf0cb82a6892dc9dcc17f0da90711c608f
cbf75dd8897736ba7ab7b6d8df2f9cb2ffdf4612e4c3701e8a6683917a446c57
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
ceaa8c47e55f50794d42966a696f0f35149ffd1560c46eecbca911d6b48d9371
cfca36025004c1f9a54e8bca2961cd7c2c7d030b9f098b2f8d044e25944b1fdf
d39e13725b21bae85d8ec5a33e089d49b52ea78390dabf5e426751414499d0f1
d5e6f422bf9513df9dd847931b0783e78f2cc6d7a3f189450b9c932b40c584d7
d68519a3166f1d5cf914c9e2c228ce1415ecbe40c8630d7d5ce8675fdafb5902
d7c1382f2a55b9cfed948b2a888fe6169dd173219e33ef7ce057ccb002fa93cf
d882dbd828af87ed3434862bf608a2dee6d347817ae547421c9b2051ce29a905
d8e1bb6afaee4a9709470e6bc6712a4288aab63eff4a430e75935d0095648bb6
d9b993464d1fb9e951a4e9c76d4d560b208604c73fa87c0a61091b5af0ddecec
d9fd9e2d2293c369f4aa2abe2dcdee1ff7135ceb33f12cdfab98a348bf9ac455
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51cef74e27fe2fbf08417acdaeccb250743a28dc7b82d16ba26560981041e0d
e56319a09d53a96a7b2864aa096022c41028595632a92a8bebec4febf331ba9f
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e635f91800e17fbf3a0743f9883454dd1aa9095fe2ec8be8843e77db8ea9f5ed
e6d2282d33ef8f732e4ce7a60a05fce149fb0017fae964eb3543ec849d95f2e9
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e94383fa61c7eec59418c326cd4d11c086541bb438d058f055dc627a263684e0
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2b6a048828ba900123bc05b019ded3252e9b21260d7402fc9d11a321fb3dc1
f07ba5ad1ac0a01ef6b948f1a2223b2eff4e40f40da24614151b98939b6a5ef1
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
f9335a3578fbb78eba8922527950b8773e21ebc2d28e6f72ce9d223094bfdbdc
fbd60db88b56b91e2c6ea79a36224ec46d01be9b58cf87db5176c86681f9270a
fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a
fda3035030d3843c2751dc0da65fb802230ec00a4008aeed83ddddc7b97cbc93
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

orca.security Open in urlscan Pro 162.159.135.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

225 Requests

96 %HTTPS

67 %IPv6

36 Domains

49 Subdomains

49 IPs

5 Countries

4449 kBTransfer

12401 kBSize

5 Cookies

17 Outgoing links

Page URL History

Redirected requests

225 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

orca.security Open in urlscan Pro
162.159.135.42 Public Scan

Screenshot
Live screenshot

Full Image

225
Requests

96 %
HTTPS

67 %
IPv6

36
Domains

49
Subdomains

49
IPs

5
Countries

4449 kB
Transfer

12401 kB
Size

5
Cookies

225 HTTP transactions
5 data transactions